Comments

You must log in or register to comment.

Rambler OP wrote

What are your thoughts?

1

diriel wrote

Thank you for this. Do you know of any actually good Email providers? I have both a Protonmail account and a Tutanota account. Ok, I also have a Gmail as well, I think world plus dog does right?

2

smooth_jazz wrote

Actually, any email provider+PGP is good, but incoming mail may not always be encrypted, and trusting the provider with your keys is a REALLY bad idea. Paranoid does this without storing your private keys like protonmail. They have a no-webmail policy (you'll need a mail client) and encrypt all incoming mail (if unencrypted) with your public key which is the only key they store.

3

RichardButte wrote

E-mail is outdated, the steps required to get truly safe e-mailing is beyond regular users reach and trusting third parties to handle the technical security isn't the right way forward. Look at Tutanota and the recent forced backdooring.

The next step is rather to have personal end-to-end, peer-to-peer communication systems.

3

Rambler OP wrote

This article reads like an NSA operation to convince you to move away from a Swiss based provider (where they can't intercept) to a provider that is based in Germany (a 14-eyes country) or similar jurisdiction where US intel has easy access.

It very well could be, and it's hard telling in this day and age. I just stumbled across the article and thought it was worth sharing and discussing.

For what it's worth, I use protonmail myself.

2

Rambler OP wrote

The next step is rather to have personal end-to-end, peer-to-peer communication systems.

Which some platforms have, it seems, but then you're stuck communicating to only those within that platform. I believe ZeroNet has something similar, where you could technically email me at nxm9c2wjbjlhjsrc@zeroid.bit but I never check it because no one ever uses it. You can also mail me on I2P's network as well, at (I forget) @mail.i2p, but once again, it's network specific.

Whoever can get the major networks and up-and-comers to agree upon some sort of standardized P2P E2E encrypted mail system that can be accessed from anywhere, then you'd have a winner.

But I doubt that's possible with all the various networks working hard to implement their own vision.

3

Rambler OP wrote

I also have a paranoid.mail address, but it's unclear to me if they're still "around". Although I was able to get the clearnet mailservers working fine, and I love the pop3 access, I wanted to use it over TOR and no matter what, with the information provided, I couldn't get Thunderbird to accept the TOR mailservers.

1

smooth_jazz wrote

That's odd. I use it via thunderbird on tails everyday, via their onion servers. Maybe it's because thunderbird on tails comes pre-configured to use Tor? Also I think they use imap and not pop3.

2

Rambler OP wrote

Possibly. I'm just using it on my Debian desktop. Let me take a look at the settings again. If you don't mind testing it out with me (sending me an email, me sending one back) then shoot me a PM. If not, no worries.

2

smooth_jazz wrote

Although some points are worded a bit... extreme, they make sense.
Protonmail DOES redirect you to their clearnet site for signing up, but this doesn't mean they are compromised.
And as far as E2EE is concerned, this depends on your threat level. You could use a different email provider (or self-host) and manually encrypt your messages. Or you could trust somebody to do this for you. And as far as a normal user is concerned, protonmail is a good start. Other claims in the article do seem far-fetched.

3

solstice wrote

Look at Tutanota and the recent forced backdooring.

Do you have a source for this? The only news I've found is Tutanota being forced to hand over new outgoing and incoming emails of one user who was a suspected criminal, not a backdoor for the whole service.

2