EmailDiscussions.com

EmailDiscussions.com (http://www.emaildiscussions.com/index.php)
-   Email Comments, Questions and Miscellaneous (http://www.emaildiscussions.com/forumdisplay.php?f=8)
-   -   Why use Protonmail? (http://www.emaildiscussions.com/showthread.php?t=78670)

dantheman 26 May 2021 02:45 AM

Why use Protonmail?
 
If i use a Protonmail account to send emails to people who only use Gmail or Outlook (whose services keep tabs on the data they receive), why bother using this secure email service? Only to send to someone who already has a Proton account?

TenFour 26 May 2021 04:47 AM

That's one big reason why I tried ProtonMail and gave it up. Exactly zero of my regular contacts were willing to give encrypted email a try, and I have never received a request to communicate via encrypted email. I suppose there is some additional security in the way they handle your email storage, but in reality I think the most likely way to have your emails read is to fall victim to a phishing attack--be tricked into giving up your password. I don't think ProtonMail can protect you against that any more than other services.

pjroutledge 26 May 2021 06:37 AM

Quote:

Originally Posted by dantheman (Post 621367)
If i use a Protonmail account to send emails to people who only use Gmail or Outlook (whose services keep tabs on the data they receive), why bother using this secure email service? Only to send to someone who already has a Proton account?

When you send a Protonmail encrypted email to a non-Protonmail account, like Gmail, the receiver receives a link to the secure message and needs a password (that you set and provide) to view it.
Encrypted emails aren't sent to Gmail or Outlook so they can't be read/analysed by those services, although those services would have a record of the "You have received a secure message ..." email and the link.

dantheman 26 May 2021 08:49 AM

@TenFour - and how is this secret code to open the link delivered to the receiver?

TenFour 27 May 2021 12:03 AM

Quote:

@TenFour - and how is this secret code to open the link delivered to the receiver?
It wasn't me that described the process above, but you could deliver the link to the person via various methods like text, iMessage, etc. But, it is too awkward for most normal people to do this. Unless you have a crying need for more security than most people do I suspect using something like iMessage or Telegram would be plenty secure. Most people aren't sharing secrets that often.

dantheman 27 May 2021 12:45 AM

My apologies to jproutledge!

@TenFour - you are right on that secret messages stuff.

Besides that, if you're on any "most wanted" list, sending secure message links will likely attract even more attention right?

pjroutledge 27 May 2021 08:22 AM

I agree with the sentiment that secure mail such as Protonmail is overkill for most everyday stuff.

I have an account, though, that I use when I do want an extra layer of security. For example, when purchasing property in some parts of Australia it's necessary to provide proof of identity, such as drivers license, passport, etc. I realise that the real estate agents will probably save the scans I send them on a system that could be hacked, but I think it's worth my while to clearly annotate the scans (eg with 'Provided to xxx for the sole purpose of yyy') and then send them using an encrypted service like Protonmail. At least the scans are not sitting in somebody's inbox.

But for >99% of email I just use Fastmail.

hadaso 31 May 2021 05:42 AM

If the security is achieved by sending a link to the content that is then sent over https when the recipient requests the content of the message, then one can just put the content on any web server, such as Fastmail's files storage, and send a link (that can be protected with a password).
Of course this kind of privacy protection protects the sender's privacy at the expense of the recipient's privacy, as the sender can know that the recipient has accessed the message, when the recipient accesses the message, from what IP address, and usually other stuff such as what browser etc.

pjroutledge 31 May 2021 12:45 PM

Quote:

Originally Posted by hadaso (Post 621460)
If the security is achieved by sending a link to the content that is then sent over https when the recipient requests the content of the message, then one can just put the content on any web server, such as Fastmail's files storage, and send a link (that can be protected with a password).

True, the difference being whether you want to send email or a document/file/attachment. With Protonmail you're sending a link to an encrypted email, rather than a link to [an encrypted] document/file such as would be the case with a document/file on a server. (I used the example of sending scanned documents, but you could use Protonmail to send a simple private email.)

Also note that Protonmail encrypted email links only work for a specified time (I think the default is 28 days), whereas content on a server would persist until removed.

I'm not saying that either is better, just that both may be valid use cases.

Quote:

Of course this kind of privacy protection protects the sender's privacy at the expense of the recipient's privacy, as the sender can know that the recipient has accessed the message, when the recipient accesses the message, from what IP address, and usually other stuff such as what browser etc.
Not sure about that. I expect that Protonmail would or could have a record of encrypted email being accessed, but as a sender I haven't been able to find anything to confirm that an encrypted email has been accessed by the recipient, nor IP addresses, etc.

truemagic 4 Jun 2021 11:01 AM

My suggestion is to avoid at all cost.

Personally I have bad experience dealing with the support especially Billing. My paid account was inactive for a year and they forced me to pay prorated bill (which is not cheap) before I can view my inbox again, the only option left is to close the account. So beware if you accidentally left it unused.

I regret upgrading it because I was one of the first to register with a FREE account and even got a free upgrade to 40gb and then what I did was upgrade to paid account during black friday sales and now I lose everything.

chickadee 5 Jun 2021 04:32 AM

How did you get a "free upgrade to 40gb"?

emoore 5 Jun 2021 07:43 AM

If you have occasional need to send encrypted messages you could install the “Mailvelope” extension in your browser. Its interoperable with OpenPGP.

truemagic 5 Jun 2021 12:21 PM

Quote:

Originally Posted by chickadee (Post 621521)
How did you get a "free upgrade to 40gb"?

Done nothing, it was automatically updated back then when i had a free account.

ioneja 6 Jun 2021 11:11 PM

Quote:

Originally Posted by dantheman (Post 621367)
If i use a Protonmail account to send emails to people who only use Gmail or Outlook (whose services keep tabs on the data they receive), why bother using this secure email service? Only to send to someone who already has a Proton account?

Because if YOU don't start the process of transitioning over to a more private/secure email workflow, who will? It takes time to make an impact on your circle of associates, but it can happen. Case in point just about my own family -- 100% of them were using GMail and Outlook (and some even Yahoo) and step 1 was simple and slow, but very worth it: many years ago I got them to start to understand if you are not paying for the product, you ARE the product. And also a variety of other privacy issues. So over time, I got about 1/2 of them to switch to paid services like FastMail. And in fact almost *ALL* the of the family members that I actually have frequent email contact with are using paid services now. So for me, I'm currently at about 90% of my family-related email never touches Google, etc... That took a while, but is a pretty good result from the effort. I even got my parents, who are not exactly technically savvy, to switch. So that's step 1.

Then, step 2 is that after they are acclimated with actually paying for email services, then the next step is educating them about encryption and other security matters, and what their options are. That includes social media issues, texting, file sharing/syncing, more private means of communications, etc. For those that care and ask me for more info in my family/circle, I give them a quick "risk assessment" discussion and they can make better decisions for their own unique situations and preferences. It empowers them to make their own choices with more info at hand. So right now the transition for some of them will be to something like Signal for messaging and Tutanota or ProtonMail or one of several other providers that provide encrypted email. It will take time of course.

All of them understand, as I have explained to them, that email is inherently insecure due to many factors. BUT the simple equation of explaining levels of privacy such as ProtonMail > FastMail > GMail helps. And they also understand that with more privacy (and in some regards security too) comes more inconvenience. So the "convenience" equation would be reversed from the privacy equation: GMail > FastMail > ProtonMail. That's grossly simplifying things, of course.

And some just don't care or won't bother, so the discussion doesn't go far. That's fine, that's their choice. I just don't share certain kinds of email with them, definitely nothing sensitive. I've still got a couple of family members holding out with irresponsible online patterns that post way too personal photos and personal info into free cloud services. They just don't care or don't bother to take the time to understand the ramifications and risk factors. Ironically and sadly, they are also the ones who have had identity theft issues or had their accounts hacked. But they still don't care and keep to the same patterns unfortunately.

But with the others, all that effort pays off. And that's just with family. I've personally migrated some friends and clients off of free services too. So while I don't have 100% of my primary contacts that are using more secure services, or at least NOT the free services, each year the number grows who have moved to better patterns, and that means fewer and fewer email exchanges get sucked into the giant processing machines of Microsoft, Google, for example.

The main point I'm trying to make is really just to pose the questions: at what point do you want to get started? Do you feel like you have to wait until more people in your circle are doing it? At what point are there *enough* people that you feel ready to make the leap yourself? Why not be the person in your circle that begins the process of educating your friends/family/colleagues?

So in my mind it's worth the effort to switch to a service like ProtonMail, Tutanota, Mailfence, Startmail, Posteo, Mailbox.org, etc.... YMMV of course. And there's really nothing major lost -- except for the convenience of some of the fancy features that you are used to... all the more secure providers have feature limitations in one way or another compared to the highly-polished GMail, for example... that's a small price to pay IMO, but you may feel differently.

BTW almost all of the good encrypted email services have a feature that allows you to send an encrypted email to an external non-encrypted email user by using a shared password/passphrase. So even just by sending an encrypted email from ProtonMail or Tutanota to someone at GMail with the shared password method, you'll be able to start the larger discussion of encryption and privacy in general, and you'll raise awareness with them about some of the issues. It may not result in an ideal exchange since they can (and sometimes do) just copy and paste the secure email contents into an insecure cloud service, but at least it starts the conversation.

Again, it will take a while, but eventually some people in your circle will catch on and you'll start to regain some ground in reclaiming some of your privacy.

And who knows where this will lead you? You might surprise yourself and learn about all sorts of fascinating other security and privacy issues that might change the way you use computers, devices, social media, communications in general. No one throws the switch and they are instantly better off by switching to a service like ProtonMail or Tutanota, but it's more like a gradual process of learning what is going on with your personal data, becoming more aware, and reclaiming a bit of your digital life, one bit at a time.

ioneja 7 Jun 2021 12:05 AM

Quote:

Originally Posted by truemagic (Post 621514)
Personally I have bad experience dealing with the support especially Billing.

ProtonMail support is not exactly the best, I will agree there. For me, it's been very slow sometimes, but at least competent. For the most part, the service works well and so most people will never deal with support.

I actually like Tutanota a little more, even though they had a very rough time with DDOS attacks. They have come out of it doing much better now, and their price is still good. They're still going through growing pains, IMO, so they are not quite running perfectly smoothly yet, but I have come to like them again after their DDOS mess.

There are other good alternatives to ProtonMail too that are worth looking at besides Tutanota, including Mailfence, Startmail, Mailbox.org, Posteo, Countermail, CTemplar, and yes, I'll even mention Hushmail, although Hushmail still gets a bad rap due to some of their issues/controversies in the past, and they obviously have the worst jurisdiction of that group. But Hushmail might be a good option for someone who needs/wants HIPAA compliant email and doesn't mind the jurisdiction. It depends on your needs.

Runbox is also a possibility if you use the Mailvelope plugin, as well as FastMail, although Runbox has a better jurisdiction by far. And technically any provider will work with PGP if you know how to set it up. But I'd suggest that list above as a starting point.

But again, ProtonMail is a decent option. Frankly, those kinds of privacy services that are at least trying to fight for our privacy are worth support. If you can, sign up for more than one of them! Give one as a gift! Tutanota even has an easy gift option for your friends and family! :cool:

TenFour 7 Jun 2021 12:38 AM

Quote:

...and you'll start to regain some ground in reclaiming some of your privacy.
Nope, not unless you stop using credit cards, an Internet Service Provider, banks, telephones, airplanes, cars, etc. Then eliminate your drivers license, your social security registration, your street address, your postal box, your newspaper and magazine subscriptions. Of course, stop using social media, never order anything online, don't sign up for gas or electric service, and never mail a check to anyone. My point is email is only a small sliver of your digital footprint and even if you stop using it entirely you will be tracked digitally with almost every interaction with the modern world. Waste of time, but have at it if you don't mind wasting money for no benefit!

ioneja 7 Jun 2021 01:44 AM

Quote:

Originally Posted by TenFour (Post 621537)
Nope, not unless you stop using credit cards, an Internet Service Provider, banks, telephones, airplanes, cars, etc. Then eliminate your drivers license, your social security registration, your street address, your postal box, your newspaper and magazine subscriptions. Of course, stop using social media, never order anything online, don't sign up for gas or electric service, and never mail a check to anyone. My point is email is only a small sliver of your digital footprint and even if you stop using it entirely you will be tracked digitally with almost every interaction with the modern world. Waste of time, but have at it if you don't mind wasting money for no benefit!

Everyone is entitled to their opinion of course, and I obviously don't share this view. I don't believe it's so binary, it's not so black or white, there are many shades of privacy, as I mentioned. And you can decide how far you want to go. I think I was pretty clear in what I said -- especially the part you quoted -- "...and you'll START to regain SOME ground in reclaiming SOME of your privacy." That's pretty realistic vs a pretty binary take, which is all in or nothing. But you can absolutely start to make a difference with very small steps. I'm not suggesting that people have to live off the grid and disavow any modern conveniences to improve their privacy situation.

I also said, "That includes social media issues, texting, file sharing/syncing, more private means of communications, etc. For those that care and ask me for more info in my family/circle, I give them a quick "risk assessment" discussion and they can make better decisions for their own unique situations and preferences. It empowers them to make their own choices with more info at hand."

I can't say it better than that. I think people need to have more information and make their own decisions based on their own needs and comfort level. But you CAN start to take back some of your privacy bit by bit -- "one bit at a time."

So start with email, move to texting, get rid of certain social media, yes, and so on and on, making conscious/aware choices of what you do... and there are plenty of things you can do to reduce your footprint and exposure while still living in this society. If someone thinks that ProtonMail is some magic wand that you wave and you're suddenly completely private in your life, then of course that person is mistaken. I think I included enough caveats about the grayness of the situation. But something like ProtonMail a great step.

And I ask of anyone who thinks it's not worth it at all, do you feel fine with the situation? Are you fine with this as the status quo? Does this feel like giving up, or are you just resigned to nothing changing? Does it have to be all-in or nothing? Do you think there's nothing that can be gained by educating your friends and family about these topics and hopefully they might make some changes? How much needs to change in society (and in government and in business) before there's any value to services like ProtonMail and anything related to trying to regain privacy? And again, why not be the person in your circle that begins the process of educating your friends/family/colleagues? Is there anything that can be done as a citizen of your country or consumer of a product/service where you can demand better? If so, why not do it?

I think everyone might answer those questions differently, and like I mentioned I still have some family that don't care at all, or don't think it matters, and that's fine, that's their choice. But there are plenty of family and friends that have made changes already and it's some pretty great progress IMO. Some have shut down all of their social media, some have taken deeper steps, etc. Some haven't done anything and probably never will. As for email itself, it's always great to know what I share with some of them has a much lower likelihood of being part of some giant profile, subject to some targeting algorithm, database, leak, ad campaign, etc., etc. Again, nothing online is 100% secure, but security is a different discussion.

In any case, each person has different needs/preferences/threshold, but I've found most people I know are generally ignorant about what's really going on, and that's not a criticism. Some might have a vague understanding but haven't really spent time on it. But in general there's a lot of ignorance and indifference. And those people will continue to feed the beast. However, if someone understands the situation, then at least they can consciously choose. And that's fine too.

On a related note, I think by suggesting that there's nothing that can be done, it's also surrendering IMO to the larger issues, political and otherwise, that set the background and framework of why the situation is the way that it is. The more ignorant the public is, the deeper of a hole we're all in. However, if people are educated about the situation, realize that they have options, understand the issues, etc., they can also (hopefully) demand better from their governments and service providers (and banks and social media and stores and all the other things we use and buy).

somdcomputerguy 7 Jun 2021 03:29 AM

Quote:

Originally Posted by ioneja (Post 621536)
And technically any provider will work with PGP if you know how to set it up.

https://www.gpg4win.org/

- Bruce

TenFour 7 Jun 2021 03:42 AM

Quote:

...it's also surrendering IMO to the larger issues, political and otherwise, that set the background and framework of why the situation is the way that it is.
It has nothing to do with politics. Google and the others want to target ads to you and they do so by gathering information about your online activity. That's how they make billions of dollars and one reason we have free Gmail and a lot of other free stuff. We made a bargain that in exchange for this great free stuff, that in many cases is far superior to stuff people pay for, we have ads targeted at us. I am not some sheeple that just buys stuff based on ads. I use ad blockers, I have Gmail set up so I don't see ads in my inbox, and I make informed purchase decisions based on lots of other information. Here's one good article on what this is really about if people would take off the tinfoil hats for a moment: https://www.computerworld.com/articl...questions.html

By the way, I wouldn't be surprised if using ProtonMail makes you more vulnerable in some ways to snooping. It certainly paints a red marker on you that you are someone who is worried about your privacy and I suspect major governments have ways of getting at your emails if they want to. Since I doubt you are doing anything nefarious it is not a big worry, but I do wonder how good security really is at some of these small, supposed privacy-oriented email providers. Companies like Google spend a lot of money and have lots of people protecting you from the things you really need to worry about--someone simply breaking in and stealing all your stuff due to some security error or a mistake you make yourself like responding to a phishing attack.

dantheman 7 Jun 2021 09:00 AM

Remember vaguely reading somewhere, that those who use a VPN (such as in an airport, for example) are more susceptible of getting unwanted "attention". Could something like this not be equally said to those who use encrypted email services?

- - - - -

(suppose Vivaldi mail doesn't fit in anywhere here).

JeremyNicoll 7 Jun 2021 06:58 PM

Quote:

Originally Posted by dantheman (Post 621543)
Remember vaguely reading somewhere, that those who use a VPN (such as in an airport, for example) are more susceptible of getting unwanted "attention". ).

In all the lists of best VPN providers I've never seen an answer to the most important question (apart from "does it work reliably"), which is: how do you find one you can trust absolutely? They're going to see traffic that - as you've decided to use a VPN - you obviously want to disguise.

People seem to think that using a VPN is the solution to all their security concerns, whereas I think it just adds another one.

pjroutledge 7 Jun 2021 07:17 PM

Quote:

Originally Posted by JeremyNicoll (Post 621545)
People seem to think that using a VPN is the solution to all their security concerns ...

Hear, hear.

Having tried VPNs a few times, usually after reading articles about how 'if you don't do anything else, you must use a VPN', I've always found that they have added no apparent (or real) value. If anything they just seem to get in the way.
I have noticed, though, that VPN service providers always mention that you can use them to get around geographic/regional restrictions on streaming services' content. Sometimes I suspect that this might be a bigger market than security. (Although I'm yet to be convinced there is any value in that for me personally.)

TenFour 7 Jun 2021 07:22 PM

Yep, the Colonial Pipeline hackers apparently got in via a VPN : https://www.newsweek.com/colonial-pi...report-1597842

TenFour 7 Jun 2021 08:47 PM

Here's an article titled "Stop using encrypted email" https://latacora.micro.blog/2020/02/...encrypted.html

ioneja 7 Jun 2021 10:53 PM

Quote:

Originally Posted by TenFour (Post 621541)
It has nothing to do with politics.

It is directly related to politics in so many ways, this forum is not big enough to cover the issues and history of it. If you're interested, use your favorite search engine to read about the origins and controversies, lobbying groups and proposed revisions to the GDPR, HIPAA, US Privacy Act, GLBA, FISMA, NIST 800-171, CCPA, EU-US Privacy Shield Framework, etc. Also look up basic info about Five Eyes, Nine Eyes, Fourteen Eyes and other similar alliances around the globe along with how those countries execute warrants, gag orders, and how their court systems work re: privacy issues. While you're at it, spend some time looking into the potential upcoming encryption legislation in the US, Australia, and Germany, and the history and reasons behind the banning of certain services and protocols in various countries like China and Russia. That's a good start. Then when you get a chance, take a look at the technical/maths behind how encryption works, from TLS to OpenPGP, symmetric and asymmetric approaches, the standards, algorithms, vulnerabilities, and history of how those work and have been improved and validated and tested and retested and improved over the years, along with open source software and how auditing works.

Quote:

Originally Posted by TenFour (Post 621541)
Google and the others want to target ads to you and they do so by gathering information about your online activity.

Of course, this isn't in question. This is one side of the story, and if you look into lobbying groups above, and the authors behind some of the proposed legislation around the globe, you'll also see that it is also profoundly related to politics.

But even if it were JUST about Google's business model, why choose to continue to use their services if you know they are building and using and researching and selling a profile about you? An ad blocker will block only the tiniest fraction of the profiles that Google, Microsoft, Facebook, etc., are all building on you. But yes, an ad blocker is a perfectly good small step.

Quote:

Originally Posted by TenFour (Post 621541)
By the way, I wouldn't be surprised if using ProtonMail makes you more vulnerable in some ways to snooping. It certainly paints a red marker on you that you are someone who is worried about your privacy and I suspect major governments have ways of getting at your emails if they want to.

If any government wants to get a valid court order to get their hands on my emails with my sibling about my travel plans this summer, or what gifts my nieces and nephews might want for their birthdays, those governments can waste the time and resources to do so. At least those plans won't be sitting in a Google profile.

And on a related note, every security expert that I've read has acknowledged that the real bad guys have easy access to far more private communication channels, not to mention tools on the dark web, to carry out their plans. ProtonMail is a "consumer" encryption product that doesn't tolerate illegal activity and they cooperate with valid court orders, just like all the other legit encryption email services (just read their TOS!), so they are not infested and crawling with criminals and evil-doers, and it's just FUD to paint a picture that using such services marks you or makes you a government target. Of course there will always be bad guys using any service, including ProtonMail and GMail and Facebook and FastMail and Yahoo Mail and Tutanota and everything in between. The vast majority of ProtonMail users are normal human beings who want more privacy, and ProtonMail helps them achieve a degree of that. Used wisely with your circle of contacts, so can FastMail and Runbox and any of many paid email providers, using PGP or no PGP. Even just FastMail to FastMail is vastly better than using GMail. Various governments already CAN and WILL get access to what they legally want on those platforms, so the real red flag are people using the dark web and other tools.

And the argument that all email is insecure and therefore all this effort doesn't matter is immaterial to this discussion, because that's a security question, not a privacy question. But if we want to talk security, I'll still take ProtonMail over Google any day. The idea that you need a vast army of private developers versus a small company like ProtonMail is silly -- ProtonMail and similar services benefit from the vast number of developers in the open source community and didn't build their platforms by themselves.

The use of ProtonMail is not a magic wand as I've said, but it can absolutely reduce your footprint, rather than just handing over your content to the processors and peddlers of profiles. Used intelligently with several other approaches like limiting or eliminating social media, using a VPN, etc., etc., you can manage your digital footprints much better and minimize your profiles. No one ever said you could *eliminate* your profile. ProtonMail obviously doesn't suddenly make you go off the grid, no one has suggested that. It's all gradations of privacy. If you're informed about what's going on, you can make better choices about what suits your preferences and needs.

Somehow some people have gained the incorrect impression that ProtonMail is some panacea that solves all their problems. It doesn't. In that I agree with you. It's just one tool, one step. My whole first response in this thread was very much about the shades of privacy. But definitive proclamations that encryption services like ProtonMail are useless and a waste of money are missing what ProtonMail CAN successfully be used for. If you are trying to escape the notice of nation states going after you, then ProtonMail is not the solution. But if you are trying to limit your exposure to the giant profile processing machines, it is a great tool in your arsenal, one among other tools. My first post was quite a bit about gradually expanding your circle of contacts into more private communications as one step in a longer process. And my first point was, if no one uses these kinds of privacy services in your circle, why not be the first person in your circle that tries to make a difference?

Quote:

Originally Posted by TenFour (Post 621541)
I do wonder how good security really is at some of these small, supposed privacy-oriented email providers.

Again, security is a different discussion, but I'll take an open source audited platform (depending on what encryption service we are referring to, each has different aspects of open source they use and/or have audited), over a closed-source proprietary system that has a long history of data breaches, leaks, "research" in profile algorithms that wind up used in political campaigns, and blanket government surveillance, any day of the week.

Anyway, it's clear we disagree and you are of course more than welcome to keep using services like GMail with all the ad blockers in the world. GMail has tons of features and is a mature, convenient platform, that's why so many people use it. Go for it. That works for you, and demonstrates that people can and do differ on their approaches and reach different conclusions about what really matters. Cheers!

hadaso 8 Jun 2021 06:43 PM

Quote:

Originally Posted by TenFour (Post 621548)
Yep, the Colonial Pipeline hackers apparently got in via a VPN : https://www.newsweek.com/colonial-pi...report-1597842

This is not the kind of VPN service that people that want to avoid surveillance use. It's an access point into the internal network of a company. My employer, a university, has such a VPN service. We use it to access the LAN from home, for services such as access to the students' database, or to files on a network volume' or some other services that are only available on internal network of the organization.

TenFour 8 Jun 2021 07:05 PM

Quote:

This is not the kind of VPN service that people that want to avoid surveillance use.
Sure, but basically the same idea. This VPN provider describes many of the possible ways VPN's can be attacked: https://blog.orchid.com/what-happens...n-gets-hacked/

dantheman 8 Jun 2021 11:34 PM

Spotted this on TechSupportAlert - pretty handy i'd say! ;)

https://privnote.com

somdcomputerguy 9 Jun 2021 03:49 AM

Quote:

Originally Posted by dantheman (Post 621567)
Spotted this on TechSupportAlert - pretty handy i'd say! ;)

Similar to this service. - https://dead-drop.me/

- Bruce

hadaso 9 Jun 2021 06:10 AM

You can only trust these services if you check the code of the webpage every time you use them, unless you know the website owner and trust them not to cheat. Sending you to check the code on Github means nothing if that code is not the code your browser downloaded. It's like those websites that tell you that your credit card data is safe with them because the webpage displays a gif of a lock.

TenFour 9 Jun 2021 07:44 PM

The reveal that the FBI tricked a bunch of gangsters into using a fake encrypted app called ANOM makes you wonder what other fake services are out there to entice criminals to share their secrets while thinking they are hiding them. https://www.reuters.com/breakingview...ue-2021-06-09/

dantheman 9 Jun 2021 10:08 PM

Heard about that FBI stunt.

Will they ever release the GrauciFauci emails to the public?

Protonmail has done some major changes:
https://protonmail.com

Was glad to see Vivaldi recommend Fastmail with their recent version 4:

"The eagerly-awaited beta release of Vivaldi Mail, Vivaldi Feed Reader and Vivaldi Calendar are now here on your desktop. While you can choose to use Vivaldi Mail Beta with your existing mail and calendar services, you can also set up an account on vivaldi.net or add a trusted third-party service, such as Fastmail.

Truly, with the new Vivaldi, we’re making it easier for you to break away from the locked ecosystems of the huge corporations and creepy, surveillance-driven practices.

Vivaldi 4.0 is available on Windows, Mac and Linux computers, mobiles and tablets running Android 5 or higher, and on up-to-date Chromebooks. Get it now."

https://vivaldi.com/blog/vivaldi-4-0/

Vivaldi Mail may not be anywhere near ProtonMail, but must be 99.9% better than GMail or Outlook! ;)

alexu2007 10 Jul 2021 08:02 AM

Protonmail is silently discarding emails. Someone sent me an email with some important documents and it never arrived at protonmail. I moved my domain from protonmail to google workspace and the email arrived in a few hours, the server retried until my domain resoved on google MXes.

It happened before, first time I thought that it was just a server glitch. But now I cannot use the protonmail service anymore, silently discarding emails is not a good thing. That particular email was not spam and google does not marked it as spam, so I don't know why protonmail did not accept it.

JeremyNicoll 11 Jul 2021 03:00 AM

Quote:

Originally Posted by alexu2007 (Post 621815)
Protonmail is silently discarding emails. Someone sent me an email with some important documents and it never arrived at protonmail.

If it "never arrived" then they didn't discard it.

They might have rejected it at an SMTP level (ie when the sending server offered it to their server), but you'll only know that if you can get the sender to ask their mail provider for the outgoing logs showing it being rejected.

You should ask the sender to do that because they should be concerned if their service is not configured properly (eg not doing sufficent retries). Some mail services don't do any retries, or in some circumstances won't do them.

Quote:

Originally Posted by alexu2007 (Post 621815)
I moved my domain from protonmail to google workspace and the email arrived in a few hours, the server retried until my domain resoved on google MXes.

Good!


Quote:

Originally Posted by alexu2007 (Post 621815)
It happened before ... so I don't know why protonmail did not accept it.

The sender has to ask the sending system for its logs. If the sender isn't using a decent provider with tech support willing to dig out the logs then you'll never know.

This is the sort of thing that makes me willing to pay for email services; I /expect/ a provider to be willing to find out why things have not worked.

dantheman 6 Sep 2021 09:48 PM

So much for top notch security Protonmail!
 
--ProtonMail Shares Activist's IP Address With Authorities Despite Its "No Log" Policy
--https://thehackernews.com/2021/09/protonmail-shares-activists-ip-address.html
--Mon Sep 06 2021 07:47:59 GMT-0500 (Central Daylight Time)

jarland 7 Sep 2021 12:58 PM

Quote:

Originally Posted by dantheman (Post 622355)
--ProtonMail Shares Activist's IP Address With Authorities Despite Its "No Log" Policy
--https://thehackernews.com/2021/09/protonmail-shares-activists-ip-address.html
--Mon Sep 06 2021 07:47:59 GMT-0500 (Central Daylight Time)

This continues to reinforce my opinion that if you want anonymity and unprecedented privacy, you have to make it yourself and trust no one to do it for you. I'd do the same if legally required and I make no secret about it. There's a difference in standing behind your customers and being willing to take the fall for them. We all saw what happened with Lavabit, Ladar and all of his customers paid the price for protecting Snowden. You'd have to have nothing to lose to risk everything you have for one customer. But even that ignores how many other customers had to pay the price, so it's hard for even customers to trust that their data is safe with someone who would take the fall for them.

Luckily the only time law enforcement has reached out to me, I had nothing of value for them. I hope that by making it known that I won't risk everything and everyone, no one who would ask me to would be on my servers.

pjroutledge 7 Sep 2021 03:15 PM

Quote:

Originally Posted by jarland (Post 622369)
This continues to reinforce my opinion that if you want anonymity and unprecedented privacy, you have to make it yourself and trust no one to do it for you.

But how could you '... make it yourself and trust no one ...' and be on the Internet (ie have an IP address - which I understand is all that ProtonMail claims it provided authorities) at the same time. (I don't think using TOR should be considered making it yourself.)

Even if you host your own mail server, by virtue of using email and being on the Internet you would need an IP address and presumably any determined authorities could trace you? Or am I missing something?

Unless you're referring to a completely private and closed network, with no connection to the Internet?

jarland 7 Sep 2021 03:46 PM

Quote:

Originally Posted by pjroutledge (Post 622370)
But how could you '... make it yourself and trust no one ...' and be on the Internet (ie have an IP address - which I understand is all that ProtonMail claims it provided authorities) at the same time. (I don't think using TOR should be considered making it yourself.)

Even if you host your own mail server, by virtue of using email and being on the Internet you would need an IP address and presumably any determined authorities could trace you? Or am I missing something?

Unless you're referring to a completely private and closed network, with no connection to the Internet?

I don't know, because at some point you have to trust someone to get connected. Even if you roll your own VPN, your hosting provider can see who connects through their network.

Maybe you break out a custom encryption algorithm and an old favorite RFC: https://datatracker.ietf.org/doc/html/rfc1149

TOR has a pretty good method though. It's a good place to start but not the only consideration. Laziness or missing knowledge tends to be what gets people there.

TenFour 7 Sep 2021 07:58 PM

Quote:

if you want anonymity and unprecedented privacy, you have to make it yourself and trust no one to do it for you.
I don't think you can have "anonymity and unprecedented privacy" on the Internet. Sure, you can make yourself less visible and more secure, but forget hiding from the government or even local law enforcement. They even found Osama bin Laden who communicated by hand written notes passed by subordinates. There are just too many connections made every day to the Internet to make disconnecting either feasible or desirable for most of us. In exchange we must put up with the knowledge that a bit of our privacy is at risk. Luckily, for most of us we are not direct targets of anyone and have nothing to hide from law enforcement. Sure, there are rogue cops, phishing expeditions, various scams and hacks, etc., but as I stated most of us are not being targeted directly. You simply can't participate in the modern world without using the Internet and therefore we must take some risk or else live on a mountaintop in a log cabin.

Let's just say you figure out how to create your own totally anonymous email server and then only connect to the Internet via some totally anonymous connection. But, how do you prevent your name, address, and phone number from being published in public databases? Never get a driver's license? Don't drive a car? Don't rent an apartment or buy a house? Don't vote? Here in the USA all of these things are totally public records that are easily accessible and have to be accurate or they don't work. Many cities how have license plate scanning cameras all over the place and even on police cars that can track every movement of your car, and now lots of places have facial recognition too. The list of ways you can be tracked go on and on.

somdcomputerguy 7 Sep 2021 08:23 PM

Quote:

Originally Posted by pjroutledge (Post 622370)
'... make it yourself and trust no one ...'

Note this has nothing to do with IP address or web browser anonymity, only communication content. GnuPG.

- Bruce


All times are GMT +9. The time now is 12:03 AM.


Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy