Thanks for the reply, I was just dropping by to see if anyone had commented. I’m not privy to riseup’s issues, but I can tell by the headline it doesn’t sound good. I’ll read up on this and see what I want to do moving forward. Thanks!
So having caught up on all of that, I don’t know whether or not riseup is compromised, but that’s almost beside the point to me. With consideration for their wishy-washy sort of interfacing with users, I think I’ll pass on using them. I know no solution is perfect or bulletproof, but I don’t think consistent reliability is too much to ask for, in this context.
So I checked out Whonix’s email wiki, detailing alternative options, threats, and so forth.
The Threats chapter above states “e-mail is always a single point of failure”. It doesn’t really matter, apart from privacy by policy, no e-mail provider can significantly improve privacy by design. The most important thing about e-mail providers you should ask about e-mail providers is: Will they tolerate me signing up by Tor and exclusively using the e-mail service over Tor?
With that in mind, I considered following the instructions outlined in the same wiki for establishing a Gmail account over Tor, being sure to use PGP for all correspondences. But then there’s this:
Recommended against. Not Tor friendly. It would be very difficult to sign up using Tor and to exclusively use it over Tor. They most likely ask for phone verification and this is almost impossible to do without jeopardizing anonymity.
While prepaid devices are an option for SMS verification, privacy concerns still linger. Plus, just because Google claims I’d be able to reliably login over Tor upon initial sign-up doesn’t necessary make it so. We know theory doesn’t always translate to practice.
So, I will continue exploring my options. In the meantime, if you have any specific recommendations, especially for hosts, please do advise. And thank you again for your input.
The qualification for membership at Riseup is/was to be “fighting the good fight”- In exchange for that I’ll get email, VPN and hosting on secured servers, without much pressure even to donate? Sign me up!
Most of that is solved by connecting to Tor before VPN. I use gmail, yandex, outlook, yahoo and others - all work smoothly when used exclusively in this setup.
And no, Google and other services do not treat VPNs in the same way they treat Tor (in case someone wants to jump with this knee jerk reaction). Not even close. No captchas and no issues. No “your IP has changed, please login again” (typical for CPanel systems), nothing is blocked in my experience. Not even financial sites. If it happens to you with a VPN you’re using a crappy one.
Regarding phone verification being “almost impossible to do without jeopardizing anonymity”, I beg to disagree. There are online services used exactly for that, that do work with most providers, including gmail (speaking from experience), with payment done by bitcoin. Not “almost impossible”, it takes a few minutes to set up. Still tricky if you want to use craigslist for example. Some numbers will work, some won’t.
And how to get your bitcoins anonymously is another issue that perhaps isn’t trivial but isn’t “almost impossible” either.
That hasn’t changed. However, people were giving out riseup invite codes like candy without even knowing anything about the person they were giving it to. This policy encourages people to be more accountable.