[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Any riseup users willing to share an invite code?


#1

Hi guys. First and most importantly, thanks to everyone here who makes Whonix possible. :grin:

I want to sign up for a riseup red account to use for email, XMPP, and VPN purposes. Are there any current users willing to share an invite code?

Thank you in advance!


#2

Just curious if you’ve read through the Whonix Docs regarding email, esp. Hula Hoops final comments on riseup issues ??

if you still want one and show me you read the full comments , I have plenty


#3

Thanks for the reply, I was just dropping by to see if anyone had commented. I’m not privy to riseup’s issues, but I can tell by the headline it doesn’t sound good. I’ll read up on this and see what I want to do moving forward. Thanks!


#4

Okay, so … hm. :confused:

So having caught up on all of that, I don’t know whether or not riseup is compromised, but that’s almost beside the point to me. With consideration for their wishy-washy sort of interfacing with users, I think I’ll pass on using them. I know no solution is perfect or bulletproof, but I don’t think consistent reliability is too much to ask for, in this context.

So I checked out Whonix’s email wiki, detailing alternative options, threats, and so forth.

The Threats chapter above states “e-mail is always a single point of failure”. It doesn’t really matter, apart from privacy by policy, no e-mail provider can significantly improve privacy by design. The most important thing about e-mail providers you should ask about e-mail providers is: Will they tolerate me signing up by Tor and exclusively using the e-mail service over Tor?

With that in mind, I considered following the instructions outlined in the same wiki for establishing a Gmail account over Tor, being sure to use PGP for all correspondences. But then there’s this:

Recommended against. Not Tor friendly. It would be very difficult to sign up using Tor and to exclusively use it over Tor. They most likely ask for phone verification and this is almost impossible to do without jeopardizing anonymity.

While prepaid devices are an option for SMS verification, privacy concerns still linger. Plus, just because Google claims I’d be able to reliably login over Tor upon initial sign-up doesn’t necessary make it so. We know theory doesn’t always translate to practice.

So, I will continue exploring my options. In the meantime, if you have any specific recommendations, especially for hosts, please do advise. And thank you again for your input.