[tor-talk] Which reputable webmail providers function well with Tor?
ng0
ng0 at n0.is
Wed Jun 8 08:59:10 UTC 2016
On 2016-06-08(06:54:36+0000), df. wrote:
>
> carlo von lynX:
> > One thing is the dragnet mass surveillance that feeds into
> > XKEYSCORE for free. Hosting your mail at riseup or gmail means the
> > contents or the fact you've been using crypto with somebody will
> > get indexed for later use anytime in your life.
>
> Well yeah assuming I am careless about how I do things and for that
> they can identify who I am.
>
> >
> > The other thing is targeted interception of GSM traffic near the
> > chancellor's office from the top of the US embassy building. We
> > know that the 5 eyes can probably work themselves into most of the
> > e-mail systems on earth, but at least it is an active act of
> > intrusion - not provided by free by a regional law.
>
> I do not think I need to say that there are a myriad of ways to
> monitor and spy on someone especially when the desire exists to do it.
>
> >
> > If two people have their accounts with a well chosen provider
> > outside the US, there is a vague possibility they can exchange
> > messages that do not end up in XKEYSCORE. Even if they end up in
> > somebody else's dragnet, then at least they're distributed better.
>
> Does it matter where the accounts are located? You still have to
> trust the provider. Anyway XKEYSCORE should not be a problem when the
> information you decide to send out in to the wild is handled properly.
Assume that any information can be used against you, as laws have been
changed to what LEA want to work on, so what is harmless now can be
very dangerous in n years.
I don't fully follow that myself, but it's a possibility to consider.
> > My general rule is we should all stop using SMTP, so I don't make
> > recommendations on any specific offerings. I have my own server
> > with my little collective, and that is a pain as well, because in
> > this unfree Internet running your own server means getting bullied
> > by the cloud servers for being a potential spammer or malware
> > host.
>
> Looks like your "general rule" is a hard one to obey am I right?
Well actually not that hard.
For bridging the gap until there's something better, there's
bitmessage now, which can either be used through PyBitmessage
or bitmessage-daemon + bitmessage-client or other applications.
If anything positive to mention about it, its network is distributed
unlike the federation of email servers.
I once recommended A/I, runbox, and others for a good number of
years but I have seen the assumptions people make when they
switch to them ("now all my communication is safer than the
one I use on my gmx account and encrypted by default" - yep,
this really happens..) and the problems which occur with
providers where you have to put your trust in them.
I still have to see the transparency report I talked about
with someone from/connected to A/I 3 years ago when they
were working on it.
And you have to trust that they know what's best for their
systems. They have this Orangenbook out, but it is outdated
as the way they operate changed a bit.
--
♥Ⓐ ng0
For non-prism friendly talk find me on
psyced.org / loupsycedyglgamf.onion
More information about the tor-talk
mailing list