Let's talk about Secure email providers !

30 risposte [Ultimo contenuto]
Gnu-Bro
Offline
Iscritto: 12/12/2020

Hello, everyone.

I wanted to discuss the subject of secy mail and your personal experience. Which services do you like and which do not and why?. I understand that this is a specific topic, but I think it is necessary to discuss Webmail Systems periodically respecting the user's freedom, as these services will be constantly pursued by government agencies, as it was with Lavabit . And we all need to be informed!
As we know FSF recommends using these services Free Software Webmail Systems. For the sake of experiment I chose this Swiss Kolab Now recommended service, I went no further than one step forward, as the service requests a valid e-mail))) I think this is wrong and compromises the user! Why is it in the recommended list?

I liked it Jxself it's a smart guy))) If you're reading this message, I wanted to say thank you more for your work!

Question from SuperTramp83
Which free e-mail service do you reckon is the best (security and privacy wise) ?? Which one do you use?
Jxself
My answer to both questions is: My own. The machine that is sitting on the corner of my desk right now serving email and HTTP and XMPP and so forth and so on.

But the problem for a lot of people is to set up this system correctly! An normal user will never do it.

I will try to formulate wishes for a webmail service today. If you have anything to add, let me know.)

  • Completely Open Source (fully compliant with LibreJS's standards )
  • Anonymous payment options
  • Anonymous registartion
  • Spam filter
  • 20+ supported languages
  • CSV/POP/IMAP/SMTP import
  • SMTP, POP, and IMAP support
  • PGP Encryption support
  • End-to-end encryption
  • Stay out of the union Fourteen Eyes country
  • Apps for mobile devices
  • Short domain addresses and Custom Domain supported
  • Decentralized
lutes
Offline
Iscritto: 09/04/2020

This should be moved to General Free Software Talk.

andyprough
Offline
Iscritto: 02/12/2015

Protonmail has a lot of these points, especially staying out of the 14 eyes countries. But it's not decentralized and I don't think there's an anonymous registration and payment option (although I'm not certain about the anonymous options for it).

Gnu-Bro
Offline
Iscritto: 12/12/2020

Thanks for the replies, guys.

lutes about the topic, please give me a link to it.

Andyprough, yes you are right Protonmail has no anonymous registration , no decentralisation , no anonymous payment , e.g. Monero ( xmr ) Bitcoin is not anonymous ) https://protonmail.com/blog/bitcoin-secure-email/

lutes
Offline
Iscritto: 09/04/2020

This thread fits better in the General Free Software Talk forum:

https://trisquel.info/en/forum/general-free-software-talk - "a place to discuss free software, free culture, online privacy and related topics."

The Trisquel Users forum and mailing list is supposed to be for more specific help and discussions about Trisquel, as the name suggests.

andyprough
Offline
Iscritto: 02/12/2015

It's off-topic to discuss which thread an off-topic discussion fits into better.

lutes
Offline
Iscritto: 09/04/2020

What do you mean by 'decentralized'?

Email is a server-based federated technology, so a fully decentralized email system would mean that each and every user runs their own server.

Using Protonmail is obviously way more 'decentralized' than using Google services.

andyprough
Offline
Iscritto: 02/12/2015

I think that if I created a separate email server for each individual email I send out, that would be kind of decentralized.

lutes
Offline
Iscritto: 09/04/2020

Agreed. I was also considering using disposable email servers, and throwing away the host machine altogether after use.

I do not need incoming emails, I never read them anyway.

andyprough
Offline
Iscritto: 02/12/2015

You could invent an entirely new computing device for each email you send. And an entirely new form of networking to send it over. That could be decentralized.

kerdadit
Offline
Iscritto: 06/06/2018

I'm currently using an old gmail account. My reasoning is that even if I use something else, around half of my email ends up un-encrypted in a gmail inbox, anyway. The other half goes un-encrypted into a Microsoft or Yahoo one. At the time I made this decision, I was considering protonmail. But due to the fact that the Protonmail mail bridge was proprietary (at that time), I was actually exposed to less proprietary software by using my gmail account in Emacs. And encryption is always an option for anyone who wants to (no one I communicate with does). It was a one-time setup that does require running non-free Google JS. It was also quite a hassle to pay for Protonmail, because it required opening my bank account for overseas transactions, which are blocked by default. The only downside I see to this line of reasoning is that by using gmail you could argue that I am endorsing their service. But I am not a person of influence. I do believe self-hosting is preferable and intend to switch to that at some point when I have time to learn how to set it up correctly and understand what sort of maintenance is involved.

loldier
Offline
Iscritto: 02/17/2016

https://mako.cc/copyrighteous/google-has-most-of-my-email-because-it-has-all-of-yours

"The numbers are higher than I imagined and reflect somewhat depressing news. They show how it’s complicated to think about privacy and autonomy for communication between parties. I’m not sure what to do except encourage others to consider, in the wake of the Snowden revelations and everything else, whether you really want Google to have all your email. And half of mine."

lutes
Offline
Iscritto: 09/04/2020

Not sure how the numbers went since 2014, but surely this can only be a slow process away from the oligopolies.

It does not make sense to wait for other people to change their habits, or even expect them to if we do not do so ourselves, it would be self-defeating. Each and every email which does not end up unencrypted in a privacy siphon is one more step in the right direction.

I historically used email addresses provided by my ISP through SMTP/POP3. Browsing through this forum (some users fail to notice the "search" box on the top right corner of every page) will surely bring lots of threads about email providers. I guess this is what people do: they search, explore and find out what is best for them.

panties
Offline
Iscritto: 02/02/2021

These are the providers I have used.

https://posteo.de/

https://disroot.org/en/services/email

Protonmail does not seem to be any different to using gmail as the GPG keys are generated and held on the Protonmail servers.
Posteo does not offer free account like Protonmail, but you can create an account for €1/month and an alias for €0.5/month. They accept payment in cash by post.
Disroot offers a free account, but you have to turn on JS and it takes a few days to open an account.

I also can't do self-hosting because it's too difficult for me, but in the end, if I don't self-host, I feel that using these clean email providers is only about the difference between king and king' ball from gmail or icloud.

However, if you're a woman and you're stuck with a troublesome man, you might be able to avoid the hassle for a while by first requiring your private correspondence to be encrypted with GPG as a condition. I studied English hard to seduce European online English teacher. If a woman asks for GPG encryption, we men are all stupid so will learn it quite quickly.
It took me nearly two years to learn basic GPG encryption after I started using GNU/Linux, because math is my weak subject, but I could have learned it in two days if the woman required encrypted correspondence.

The best thing about starting to use Trisquel was that the creepy feeling of "someone might be watching my communications", which I had always had but could never deal with, has largely disappeared. That creepy feeling is something that most people have but can't deal with or get rid of, and we are used to live with it like everyone else does. I don't have that creepy feeling anymore when using GPG. But in my case, I don't have any problems with people seeing any of plain emails of mine. It's just refreshing not to have that vague creepy feeling.
And again and again, especially if you are a woman, you would know there are a lot of creepy men who try to peep all about you through your devices. Maybe including some creepy unpopular Google/government employees. It would be very easy for them to peep your bedroom. Good luck!

andyprough
Offline
Iscritto: 02/12/2015

> It took me nearly two years to learn basic GPG encryption after I started using GNU/Linux, because math is my weak subject

Are you encrypting your emails by hand? Doing all the maths yourself with a pencil and paper? If so, I'm impressed! If not, what did you do during those two years of learning all that math?

panties
Offline
Iscritto: 02/02/2021

No, what I was learning were such as how to make encryption keys, how to send emails, how to sign, and other basic functions.
Is that too long? Is it too longer than other people, or rather other Japs?

How do I encrypt an email with my hand, pencil and paper? I don't understand.

Gnu-Bro
Offline
Iscritto: 12/12/2020

Lutes tell me please, do you think that I or someone else will be able to find more in the <<search>> field than on the FSF website in the Free Software Webmail Systems ?

Panties Thank you so much for your experience and your opinion . I have seen these providers you mentioned, but as I wrote you, they all do not fit, so there is no anonymous registration or other parameters that I mentioned.

Here is what I write about the web provider for example :
from https://restoreprivacy.com/email/secure/

Rich

March 15, 2021

Tutanota is NOTa safe or reliable alternative. It’s alos technically flawed. Any ‘safe’ email providers residing in Germany is not really safe: Germany is one of the worst dictatorship on earth since chancellor for life merkel transformed the country into the DDR number 2.0.

Tutanota records logs, blocks emails (did it to me everytime I wnated to send ‘sensitive’ emails0 and most likely sensitive information is intercepted. Avoid them.

C-templar looked good on paper. They pretend to defend privacy and anonymity… This isn’t true:

1/ as soon as you pay for a service, you’re not anonymous, unless you would send cash in an enveloppe and use a fake name!

2/ their so-called ‘free’ version is not working because, you need to receive an invitation from an existing member or send them an email to get this invitation: MEANING YOU ARE NOT ANONYMOUS ANYMORE!

3/ protonmail doesn’t only receive fundings from US dubious corporations, they are also linked with some israeli ones. Besides, I know shareholders of the company and they are corrupt and not the kind of fighting for human rights, privacy and anonymity.

Do you know Vivaldi? An icelandic email provider, that comes closer to all criteria for privacy, safety and anonymity. Quite good and free.

lutes
Offline
Iscritto: 09/04/2020

> do you think that I or someone else will be able to find more in the <> field than on the FSF website in the Free Software Webmail Systems?

Try, and tell us.

If you think not, why did you open this thread?

Gnu-Bro
Offline
Iscritto: 12/12/2020

Lutes If you don't understand why I opened this topic, you need to read everything that is written here again >> Free Software Webmail Systems ! After that ask yourself why the recommended services are listed services, registering in which you can not be anonymous! Can we consider these services as respecting your freedom?

If you have something useful to inform, please do it.

lanun
Offline
Iscritto: 04/01/2021

What useful info do you have to share with us, may I ask?

delaforce
Offline
Iscritto: 05/18/2014

I ha ve 2 issues with posteo in fact and posibly for every webmail.

Fist... using one credit card payment method to share account with other users to get more between users... posteo doesnt allow , Just "for your security"

Second spam killer cant be disconected , probably in any email service. Just "for your security".

Spam killer are "real censors".

Malsasa
Offline
Iscritto: 12/01/2016

FSF has a valuable information about email providers here
https://www.fsf.org/resources/webmail-systems. Personally, I refer to
this to get my Mailo.

Abhiseck Paira
Offline
Iscritto: 05/16/2021

> FSF has a valuable information about email providers here
> https://www.fsf.org/resources/webmail-systems. Personally, I refer to
> this to get my Mailo.

I'd also like to add Migadu[1] as an option. Personally I haven't used
it yet but I'd love to give it a try later.

[1] https://www.migadu.com/
--
Abhisek Paira
E34E 825B 979E EB9F 8505 F80E E93D 353B 7740 0709
"There is no system but GNU, and Linux is one of its kernels."

lanun
Offline
Iscritto: 04/01/2021

I would like to reference the FSF page on this topic, in case someone missed it:

https://www.fsf.org/resources/webmail-systems

I like the Guerrilla Mail especially.

About Mailto, it says: "Site is no longer explicit about running on free software."

Mr. P
Offline
Iscritto: 03/25/2020

Hi to all!
Gnu-Bro what you wanna say whit "anonymous"??
If you ask a service, also at one really decentralized organization, they always need a mail adress. E.g.: for sending a confirm of account activation, or similar things. If is it your main problem, need only re-read all the page of the link you post, to solve it.

When we speach about "laws problems" in this or there country, to first we don't realy know the real site (Nation/City/adress) where is the server, on plus the National laws are many many different from country to country and always on evolution (look last's laws in France...). So I believe speaching about this in a "large" way, is almost time lost.

Personally, I can't considerate ProtonMail at same level of Disroot, only because use java. There are a lot of big differences between they, like GPG key issues, IMHO much more dangerous than java at personal privacy level.
There are a list of server services in RiseUp site, maybe you can find some thing, but check WELL the info about every one!

About App for mobile there are FairMail and more.

panties
Offline
Iscritto: 02/02/2021

Speaking of clients for mobile, does anyone know what the default email client is for Replicant? I can't seem to find any information on it.

Malsasa
Offline
Iscritto: 12/01/2016

On 5/22/21, name at domain <name at domain> wrote:
> Speaking of clients for mobile, does anyone know what the default email
> client is for Replicant? I can't seem to find any information on it.

If Replicant can run F-Droid, you can try K-9 Mail out.

Malsasa
Offline
Iscritto: 12/01/2016

> I'd also like to add Migadu[1] as an option. Personally I haven't used
> it yet but I'd love to give it a try later.

> [1] https://www.migadu.com/

Migadu is recommended by many friends at Mastodon up to today. They
said it is good. Thanks Abisheck for mentioning it.

Gnu-Bro
Offline
Iscritto: 12/12/2020

Thank you all for the helpful information.

Mr. P I'm sorry, but I don't agree with you. I tested different services, for example TUTANOTA does not ask any mail adress for confirmation ! You can refuse ! Otherwise, you're right.
There is also a one time webmail-systems service (just for information) here https://www.fsf.org/resources/webmail-systems (in case anyone did not know)

There is also a service that blocks unwanted mail, which is very convenient.( paid service 1 euro per month)

The worst and I think the worst thing is that almost all webmail-systems 's ask to pay credit card or Pay Pal for their services.

If those who read this post have experience or useful links how to make your server ethical webmail-systems , it will be useful to all who will read this topic in the future.

alimiracle
Offline
Iscritto: 01/18/2014

I use Riseup
https://riseup.net/

Mr. P
Offline
Iscritto: 03/25/2020

I have no experience whit Tutanota. Many services use FB/TW/WA/etc. account to confirm your new mail(or other) account, but I don't know if Tutanota work in this way. However, if don't do it, it isn't good for what your need??

>«The worst and I think..»: services like these are expensive, for time and money. Personally I prefer who ask for donations, because in many case (not ever) are decentralized organization provided by volunteers.

>«...or useful links..»: do you have checked the server services list on rise-up site??

Excuse me, but I can't understood your target.
For instance, you want «Anonymous payment options», without use PayPal or credit card. Don't know in your, but in my country all payment method's are always linked at one ID card or similar document, also pre-payed cards. (Maybe you wanna use some type of cryptoshit, IMHO "very bad think", and not really anonymous at last.)
Probably I'm wrong, are your really sure that you problem is the mail service??