Thanks for the reply, I was just dropping by to see if anyone had commented. Iâm not privy to riseupâs issues, but I can tell by the headline it doesnât sound good. Iâll read up on this and see what I want to do moving forward. Thanks!
So having caught up on all of that, I donât know whether or not riseup is compromised, but thatâs almost beside the point to me. With consideration for their wishy-washy sort of interfacing with users, I think Iâll pass on using them. I know no solution is perfect or bulletproof, but I donât think consistent reliability is too much to ask for, in this context.
So I checked out Whonixâs email wiki, detailing alternative options, threats, and so forth.
The Threats chapter above states âe-mail is always a single point of failureâ. It doesnât really matter, apart from privacy by policy, no e-mail provider can significantly improve privacy by design. The most important thing about e-mail providers you should ask about e-mail providers is: Will they tolerate me signing up by Tor and exclusively using the e-mail service over Tor?
With that in mind, I considered following the instructions outlined in the same wiki for establishing a Gmail account over Tor, being sure to use PGP for all correspondences. But then thereâs this:
Recommended against. Not Tor friendly. It would be very difficult to sign up using Tor and to exclusively use it over Tor. They most likely ask for phone verification and this is almost impossible to do without jeopardizing anonymity.
While prepaid devices are an option for SMS verification, privacy concerns still linger. Plus, just because Google claims Iâd be able to reliably login over Tor upon initial sign-up doesnât necessary make it so. We know theory doesnât always translate to practice.
So, I will continue exploring my options. In the meantime, if you have any specific recommendations, especially for hosts, please do advise. And thank you again for your input.
The qualification for membership at Riseup is/was to be âfighting the good fightâ- In exchange for that Iâll get email, VPN and hosting on secured servers, without much pressure even to donate? Sign me up!
Most of that is solved by connecting to Tor before VPN. I use gmail, yandex, outlook, yahoo and others - all work smoothly when used exclusively in this setup.
And no, Google and other services do not treat VPNs in the same way they treat Tor (in case someone wants to jump with this knee jerk reaction). Not even close. No captchas and no issues. No âyour IP has changed, please login againâ (typical for CPanel systems), nothing is blocked in my experience. Not even financial sites. If it happens to you with a VPN youâre using a crappy one.
Regarding phone verification being âalmost impossible to do without jeopardizing anonymityâ, I beg to disagree. There are online services used exactly for that, that do work with most providers, including gmail (speaking from experience), with payment done by bitcoin. Not âalmost impossibleâ, it takes a few minutes to set up. Still tricky if you want to use craigslist for example. Some numbers will work, some wonât.
And how to get your bitcoins anonymously is another issue that perhaps isnât trivial but isnât âalmost impossibleâ either.
That hasnât changed. However, people were giving out riseup invite codes like candy without even knowing anything about the person they were giving it to. This policy encourages people to be more accountable.