[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Which e-mail provider is more adviseable, protonmail or lavabit reloaded?


#11

Well, the trade-off by using protonmail / lavabit… If most of the user’s contacts don’t use the same provider, which is very reasonable to assume, their mails are still sent in cleartext around the world.

I easily grant them this to be true, yet that doesn’t give one what they are implying with it. How much worth is your super secure SSL engine, if the communication between the web server and the SSL engine on their server is still easily compromised by an adversary that can force local hardware access.[quote=“HulaHoop, post:4, topic:3459”]
@Patrick will sdwdate work with an https address?
[/quote]

No.
url_to_unxtime https support
https://phabricator.whonix.org/T133


https://www.wired.com/2015/10/mr-robot-uses-protonmail-still-isnt-fully-secure/ nailed it perfectly,

Of course, this doesn’t mean ProtonMail couldn’t give the government plaintext messages—just that it would require ProtonMail to actively attack you and steal the required password.

A way around that would be the browser add-on. Then they would have to ship the backdored add-on to everyone and then there would be evidence that there is a backdoor.

I don’t think an add-on will find widespread adaption either. It would be another nice geeky nice-to-have but that’s about it.

What could help with widespread implementation and strong security would be implementing DIME inside Firefox and Chrome browsers. Then if a backdoor was demanded to be added, it would affect the whole user base of these browsers. With public source control systems (git…) and reproducible builds this would have a very good chance of detection. (Much more people involved than just a few people using some unpopular browser add-on.)

Someone feeling awesome to check if that was suggested / can suggest that to them?


While that is really awful, doing that was not doing that is only security by policy (a promise), not security by design.

That is hard since meta data hiding is currently provider specific and very far from widespread adaption.

Yes, that would be great!

On the other hand, e-mail even with enigmail, I am not sure usability is so broken beyond repair, unencrypted subjects and meta data, that at the current state the most sensible thing would be to discourage using e-mail for private communications.

I haven’t looked enough into replacements like bitmessage, freemail, pretty Easy privacy (p≡p) and whatnot.

As per https://www.whonix.org/wiki/PQCrypto it does not seem too sensible to me to start recommending a replacement that gets broken in ~ 10 years anyhow. So PQCrypto safe seems like a sensible criteria.


#12

Depressing stuff. Email really is horse & buggy insecure shit to be honest. That’s why I prefer to rarely use it.

When you add the future busting of most encrypted content via quantum computers, one can only really state to the very high-risk individual:

  1. Don’t communicate electronically if possible; or

  2. Use one-time pad software that is informational theoretically secure (& hope and pray your computer isn’t already backdoored or the RNG isn’t backdoored or non-functional); or

  3. Resort to OTPs where IN/OUT pads are generated by hand using dice and obscure your message with steganography that is plausibly deniable e.g. WPS method (otherwise your encrypted message will attract attention like flies to shit). Meanwhile, also hope the ciphertext hasn’t changed in transit, since there is no message integrity available in your implementation; or

  4. Forget email altogether, and instead shift to instant messaging e.g. Ricochet as a hopeful alternative - that is, peer-peer, meta-data free, server-free, and run via Tor hidden services. Again pray that Tor hidden services don’t have a host of chronic undiscovered bugs (unlikely), nor the experimental Ricochet software itself.

Yeah - sad state of affairs indeed, particularly the fact that we even need to have this discussion on the extreme lengths one has to go to in order to guard our personal affairs from supposedly ‘democratic’ governments.

Has anybody tested that AnnealMail (quantum-resistant) implementation of Enigmail? That might be worth writing up alongside a basic outline for secure PGP key generation and Enigmail with Icedove when/if I get around to it. I might test it for laughs.

The others programs referenced e.g. Codecrypt looks horribly user-unfriendly from the references I’ve glanced at, and the OneTime program (and paradigm at large) basically has zero usability, for obvious reasons like having to exchange pads in person or via trusted peers.

PS What is DIME? Couldn’t find an easy reference.


#13

Dark Internet Mail Environment (DIME) as per https://lavabit.com/


#14

Codecrypt is really a PQ gpg drop-in replacement - a crypto engine/backend not meant for end users. Thats where AnnealMail comes in. I got it successfully building but without Codecrypt in Jessie I couldn’t test further. I would be happy to work with you on a step by step guide when Whonix Stretch releases.


#15

Last I saw DIME support is in Thunderbird is worked on a fork called Volcano behind closed doors.

Nonetheless if you think this belongs better in the browser I’ll see what I can do.


#16

Email is a pile of shit however its going nowhere. The best thing is to point people to use modern secure alternatives with backwards compatibility so they can interoperate. For those who know people who are smart enough the messages will never exit the secure network between them.


#17

HulaHoop:

Last I saw DIME support is in Thunderbird is worked on a fork called Volcano behind closed doors.

https://en.wikipedia.org/wiki/Dark_Mail_Alliance#Client-side

Nonetheless if you think this belongs better in the browser I’ll see what I can do.

Yes, please do (if you think DIME is worthy or promising).

DIME support in Thunderbird is great. DIME support in browser would be
even greater.

It’s not so much about good/better. For widespread adaption, it needs to
be included everywhere. And users using webmail in browsers are a large
group.


#18

Good day,

Well, the thing is, historically, E-Mail’s were never designed to be used in the way we are using them now. Just like a lot of other standards today used as a basis for network based communication, the idea and implementation used today was created by scientists which didn’t really see what they had developed as being used in such a major way as it is today.

There was one differences though, between E-Mail’s (or MAILBOX, as it was called at MIT) and other standards used to this date like HTML. Whereas the latter was designed as somewhat of a standard which could be expanded, E-Mail (or what we call E-Mail today) wasn’t really made with that in mind. Part of this, at least as far as I can tell, was likely the fact that while HTML was first made public in the 80s, MAILBOX came out almost two decades before it. Because of this, mailing is a lot older then the Usenet, the Internet, or even ARPANet. A lot of things we know about how to make a standard futureproof and adaptable for new requirements thus was learned via the evolution (or rather lack there off) of E-Mail’s. And while it was in the 70s somewhat introduced into ARPANET and latter the Internet, with SMTP, most of the basic design stayed the same. The format we use for mail addresses (nameofsystem/user@server/systemused) as well as the simple nature of the whole process thus has been kept the same ever since the days in which it was only used by scientists to communicate with eachother.

That’s why the standard doesn’t include encryption. That’s why the standard can’t verify who was the real author of a message. That’s why you may impersonate anyones mail address with ease. It just didn’t evolve or improve like HTML or other standards have.

The only changes we’ve seen were SMTPS (which is the implementation of SSL on top of SMTP) and Extended SMTP, which as far as I’m aware mainly introduced a few new commandos.

Thus, looking at it, there appears to be no genuine effort in improving what we currently call E-Mail. Maybe SMTP just isn’t flexible enough to make any significant improvement in regards to verification and encryption.

Though it seems to be getting replaced for better or for worse anyways. Love them or hate them, but modern Instant-Messaging-Services have a better encryption and user verification standard than mail ever will. And for as much distaste as we might have for the practices employed by Whatsapp, Telegram or Signal the fact of the matter is that when it comes to giving the average user a rudimentary surface level protection from surveillance, they can only be rivaled by SSL.

So, long story short, it seems that the issues found in E-Mail will be somewhat solved not by improvements to the standard, but by replacing them all together.

Have a nice day,

Ego


#19

Done. Asked the TBB/Mozilla uplift team and Google’s Adam Langley.


#20

That’s great. Let’s see if they pick that up. If not, please create a pubic feature request ticket on their tracker.


#21

A post was split to a new topic: pretty Easy privacy (p≡p)


#22

Actually, why write the guide for PGP key generation with Enigmail and integration into Icedove (with safe Icedove settings), when it has already been written :slight_smile:

This is exactly the hands on, step-by-step guide that is required for usability. It needs to be referenced in the email section of the wiki.

Now re: usability of providers, Rise-Up and invites to the service is never going to work, plus they are located in Trump-Land, home of the dictator-in-chief. No sale.

This is why ProtonMail apparently working on a plug-in or otherwise compatibility with Thunderbird is the answer.

We are working on a solution that will allow you to use ProtonMail with other email clients in the future.

&

ProtonMail Support
4 months ago

We are working on this, but we do not have an exact date when it will be available. 

The issue was first raised two years ago though (don’t hold your breath).


#23

I see that Tutanota was mentioned here, I wouldn’t trust them with my privacy after this joke: https://tutanota.com/blog/posts/trump-family-encryption

I use it myself only because ProtonMail requires identifiable information to register from Tor, and only for things like public mailing lists.

If anyone wants an alternative approach to mails I suggest looking into I2P Bote:

I2P-Bote is a plugin for I2P that allows users to send and receive emails while preserving privacy. It does not need a mail server because emails are stored in a distributed hash table. They are automatically encrypted and digitally signed, which ensures no one but the intended recipient can read the email, and third parties cannot forge them.

Some of its cool features are:

  • One-click creation of email accounts (called email identities)
  • Emails can be sent under a sender identity, or anonymously
  • Encryption and signing is transparent, without the need to know about PGP
  • Sending via relays for stronger anonymity guarantees
  • ElGamal, Elliptic Curve, and NTRU Encryption
  • Delivery confirmation
  • Basic support for short recipient names
  • IMAP and SMTP support

#24

You might be interested:


#25

FTR Lavabit is not a free service and therefore not anonymous either.


#26

Why is something not anonymous if you have to pay for it ?
You could use offline bought bitcoin…
I would rather trust a company with a service i pay for to do what they promise then some free service to keep their word.
Obviously a Setup like I2P Bote or Bitmessage would be best but that’s another Topic.


#27

You will be part of a very small anonymity set. Paying for anything already keeps many potential users away and the number of them smart enough to do it anonymously is less.

I would not trust anything that is not technically secure. Lavabit was liable last time because their encryption system was still under the server admin’s control. He behaved honestly but how many people are willing to risk their business and freedom to do that?

Also DIME is a good start but nothing beats timing and traffic obfuscation at the network layer.


#28

That’s true but this could be said to a lot of privacy related stuff, i wouldn’t want to lower my security standard just because some people are to “stupid”/unwilling to do the same…

Sure i wouldn’t trust a non technical secure service either.
I think the Incentive to behave honestly and not screw up (like Riseup) is much higher if you’re getting paid from your Users , then some freebee service like Riseup who just lies and bows down once their own Freedom is threatened.

Thats why I2P Bote exists :wink:


#29

Related:

//cc @TNT_BOM_BOM


#30

since we already noted that these services are not trustable just use them for registration then adding lavabit as well will not be a problem.

Edit:- lavabit doesnt contain “free signup” , all their services user need to pay in order to have an account, so its not recommended to put it as suggestion for the new users who want to have an email in order to communicate with us.