dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
154862
share rss forum feed

Bashy

join:2009-05-20
Arlington, VA
reply to Frydays

Re: top 5 safest and most secure email providers ?

Frydays, as caffeinator said, try hushmail www.hushmail.com. Been using Hushmail for years. As to your points, here is what my experience with them has been:

1)I have never gotten a piece of spam. Ever.
2)You can block anyone, (never had to because no-one ever spammed me).
3)$39.99/yr for a 1 gigabyte email box, (I have never gotten past 1 half of a gigabyte, I just erase stuff I don't want to keep).

But the best thing in my opinion is this simple feature: if someone hacks into your account, they will get absolutely nothing. Your emails will look like a bunch of random numbers and letters. That is what encryption does. Hushmail encrypts your stuff on their servers so no one can get any of your emails. When you log into your account and supply the correct user name and password, it 'decrypts' your emails back into English. So you can keep your receipts right in your email box without any worry. If you never give your password to anyone, your emails stay private and un-hackable, simple as that.

Hushmail does have one more 'spy' feature that I have never used, but it's worth mentioning. You can encrypt individual emails. That means that you can call someone or communicate with them in some way other than email and give them a password that will allow that person, and only that person with the password, to open that email. If anyone else tries to open it, the email will look like random letters and numbers. The only reason I mention it at all is because Hushmail asks you every damn time you send an email if you want to encrypt it.

I got Hushmail for the same reasons as you mentioned in your post. I don't care about all the super spy stuff they offer, I just want to know that the hackers can't get my emails with my receipts in it. Yahoo, Gmail, they get hacked sometimes and the people that get compromised, well, their emails can be read, not a good thing. They can't get ever get your emails if you use Hushmail. All of this is only works if you never give your email password to anyone, but you knew that already, right. ;D

The best thing is you can try Hushmail for free. Go there and sign up for a free email account and you can see if you like it or not, (the free email box is like 25 MB, quite teeny). When I decided to join, I wanted to make my password kind of secure, so I used a long password. You should use a long password too. Just combine 2 or 3 passwords you know and make a 16, 17, 24-character password, whatever, you'll get used to it fast.

Last thing. Hushmail is no good if your PC has a virus or a rootkit on it. Me, I have Deep Freeze on my PC to prevent that, but that is another story

»www.faronics.com/en/Products/Dee···ate.aspx


Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4
said by Bashy:

Last thing. Hushmail is no good if your PC has a virus or a rootkit on it.
+ no good when you need POP and/or IMAP. Free hushmail customers are excluded from POP/IMAP.
--
Smokey's Security Forums »www.smokey-services.eu/forums/
~ Treat other people the way you would have them treat you; be honest and ethical ~
*Member AQMRB - Alliance of Qualified Malware Removal Boards*


anon8990

@shawcable.net
reply to Bashy
You forgot to mention that they also have a backdoor built-in


chrisretusn
Retired
Premium
join:2007-08-13
Philippines
kudos:1
said by anon8990 :

You forgot to mention that they also have a backdoor built-in
Can you back that up with references?
--
Chris
Living in Paradise!!


rcdailey
Dragoonfly
Premium
join:2005-03-29
Rialto, CA

1 edit
said by chrisretusn:

said by anon8990 :

You forgot to mention that they also have a backdoor built-in
Can you back that up with references?
Here's a story from three years ago:

»www.wired.com/threatlevel/2007/1···iouspost

Whole lot of hyphens in that link, I see.

Another story from a couple of years ago:

»www.theregister.co.uk/2008/08/04···rumours/

I don't know that it's fair to say this is a back door. It's more like saying that the concierge will cooperate with the cops.

--
Human nature abhors an empty closet.


Anon users

@anonymouse.org
reply to Frydays
Use openssl to sign your certiticates & use SMIME with OUTLOOK, Thunderbird whatsoever...

Here are the scripts:

1) setting up your own root CA (elliptic curve 521p (strongest possible )

"
openssl ecparam -rand random_seed -name secp521r1 -genkey -out ca_ec521_key.raw
openssl ec -aes256 -in ca_ec521_key.raw -out ca_ec521.key
openssl req -sha512 -new -x509 -days 9999 -key ca_ec521.key -out ca_ec521.crt
"

random_seed is just a file of random hex to 'seed' the random number generator

Now you have 'ca_ec521.crt' the CA you have to install as a ROOT CERTIFICATE

Remember to 'erase' ca_ec521_key.raw!!!

2) Sign a hybrid 4096 bit RSA certificate with this ec521p CA (why hybrid, it seems thunderbird cannot sign with an elliptic curve certificate..............)

"
openssl genrsa -aes256 -rand random_seed -out client_hybrid.key 4096
openssl req -new -key client_hybrid.key -out client_hybrid.csr
openssl x509 -sha512 -req -days 9999 -in client_hybrid.csr -CA ca_ec521.crt -CAkey ca_ec521.key -set_serial 01 -out client_hybrid.crt
openssl pkcs12 -export -out dump.pfx -inkey client_hybrid.key -in client_hybrid.crt
"

Use a different random_seed, Now 'dump.pfx' is your Personal Certificate

'HOW TO SET IT UP WITH YOUR EMAIL PROGRAM is another story'
'USE IT TO COMMUNICATE WITH ASSOCIATES IN YOUR OFFSHORE BANK '


chrisretusn
Retired
Premium
join:2007-08-13
Philippines
kudos:1
Reviews:
·PLDT
·Comcast
reply to rcdailey
said by rcdailey:

I don't know that it's fair to say this is a back door. It's more like saying that the concierge will cooperate with the cops.
Agree, a court order is not exactly a back door. Any service can be subject to court orders.

Thanks for the links.
--
Chris
Living in Paradise!!


anon8990

@shawcable.net
that's not the point. The point is that your info is not "secure" with hushmail like they say it is! If it is secure, there's no info to give to the cops!


chrisretusn
Retired
Premium
join:2007-08-13
Philippines
kudos:1
Reviews:
·PLDT
·Comcast

1 edit
said by anon8990 :

that's not the point. The point is that your info is not "secure" with hushmail like they say it is! If it is secure, there's no info to give to the cops!
You did not make that point in your post.

said by anon8990 :

You forgot to mention that they also have a backdoor built-in
You stated they have a back door, I asked for some verification of that. You provided nothing to backup that statement.

Hushmail does not promise to keep you from the cops. It does not promise that your data is 100% secure. Perhaps they did so in the past as implied in the articles referenced in rcdailey See Profile's post: »Re: top 5 safest and most secure email providers ? but I see no similar promises today.
quote:
The Limitations of Hushmail

Hushmail is the most secure webmail service on the Internet, but it is not a 100% solution for all of your security needs. There are some things that Hushmail cannot do.

Hushmail does not put you above the law

We are committed to the privacy of our users, and will absolutely not release user data without an order that is legally enforceable under the laws of British Columbia, Canada, which is the jurisdiction where our servers are located. In addition, we require that any such order refer specifically to the account for which data is required. However, if we do receive such an order, we are required to do everything in our power to comply with the law. Hushmail will not accept an order from any authority or investigative agency that is not enforceable under the laws of British Columbia, Canada. Other authorities must apply to the Canadian government through an appropriate Mutual Legal Assistance Treaty and request that the Canadian government obtain an order that is legally enforceable in British Columbia, Canada.

But I thought the data was always encrypted

When one Hushmail user sends an email to another Hushmail user, the body and attachments of that email are kept on our server in encrypted form, and under normal circumstances, we would have no access to that data. We can’t just pick an arbitrary encrypted email message off the server and read it. However, since Hushmail is a web-based service, the software that performs the encryption either resides on or is delivered by our servers. That means that there is no guarantee that we will not be compelled, under an order enforceable under the laws of British Columbia, Canada, to treat a user named in an order differently, and compromise that user’s privacy.
Source: »www.hushmail.com/about/technology/security/

Bottom line if you want secure email, encrypt it your self using PGP or GnuPG. Even that is not 100% secure under a court order.

--
Chris
Living in Paradise!!


DownTheShore
RIP tmpchaos
Premium
join:2003-12-02
Beautiful NJ
kudos:14

1 edit
reply to Frydays
Bank in person.

Shop in person and pay with cash.

Don't agree to any electronic notices.

Get a throwaway email address.

Email is not safe no matter what the program.


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11
reply to Frydays
said by Frydays:

so secure not even the fbi can read my stuff
What??
What on earth do you have need for such an account for?
My guess would be since you don't want the FBI to be able to gain access to it... something illegal.
Some form of terrorist activity perhaps?

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
Why would you think that only someone doing something illegal would want privacy? I don't want the FBI reading my mail and I'm not doing anything illegal.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

OZO
Premium
join:2003-01-17
kudos:2
reply to Dustyn
said by Dustyn:

said by Frydays:

so secure not even the fbi can read my stuff
What??
What on earth do you have need for such an account for?
My guess would be since you don't want the FBI to be able to gain access to it... something illegal.
Some form of terrorist activity perhaps?
What??
You mean - if you don't want FBI to read your correspondence - you're a terrorist?

Nice try...

Dustyn See Profile, if you want to be a part of sheeple - please be it, but don't force others to follow. Not everyone wants to live in totalitarian regime, where, so called, authorities have full control over what you do and what you think...
--
Keep it simple, it'll become complex by itself...


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2

1 edit
reply to DownTheShore
said by DownTheShore:

Email is not safe no matter what the program.
It's safe if you encrypt it.

said by chrisretusn:

Bottom line if you want secure email, encrypt it your self using PGP or GnuPG. Even that is not 100% secure under a court order.
How do you figure that PGP/GPG is not safe under a court order? Who are the courts going to order?

OZO
Premium
join:2003-01-17
kudos:2
said by KodiacZiller:

said by DownTheShore:

Email is not safe no matter what the program.
It's safe if you encrypt it.
Concur with you.

It's like saying - mail is not safe. Yeah, is you send it in postcards, opened to everyone. But people, for some strange reason, use envelopes (and I guess, by hiding letters in envelopes they don't think that it could mean - they're terrorists). Banks send their mail in envelopes and don't complain that the mail is not safe.

If you want it to be safe - make a small effort - put your mail into envelope (encode it). Isn't that simple?

And with regards to the "Bottom line" note - some want us to believe that there is nothing could be secure / safe with regards to authorities. While they really want us to believe that - it's far from the truth. It all depends on your personal stand on what is right, who serves whom and what world you want to live in...
--
Keep it simple, it'll become complex by itself...


chrisretusn
Retired
Premium
join:2007-08-13
Philippines
kudos:1
Reviews:
·PLDT
·Comcast

1 edit
reply to KodiacZiller
said by KodiacZiller:

How do you figure that PGP/GPG is not safe under a court order? Who are the courts going to order?
A court order can require that you provide your private key. Comply or go to jail. Take your pick.
--
Chris
Living in Paradise!!


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

3 edits
reply to OZO
said by OZO:

said by Dustyn:

said by Frydays:

so secure not even the fbi can read my stuff
What??
What on earth do you have need for such an account for?
My guess would be since you don't want the FBI to be able to gain access to it... something illegal.
Some form of terrorist activity perhaps?
What??
You mean - if you don't want FBI to read your correspondence - you're a terrorist?

Nice try...

Dustyn See Profile, if you want to be a part of sheeple - please be it, but don't force others to follow. Not everyone wants to live in totalitarian regime, where, so called, authorities have full control over what you do and what you think...
Woah talk about a clear OVER reaction to a joke.... *phff* americans... Thanks for including a rather useless Wiki link which I won't be clicking on. The OP has not indicated what he/she is needing 100% secure protection from even the FBI being able to read these e-mails. If the user is needing such protection they'd be better of not using e-mail at all.


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2

1 edit
reply to chrisretusn
said by chrisretusn:

said by KodiacZiller:

How do you figure that PGP/GPG is not safe under a court order? Who are the courts going to order?
A court order can require that you provide your private key. Comply or go to jail. Take your pick.
Not in the USA. There was at least one court case where the judge said encryption keys are protected under the 5th. However, the legality of forcing encryption keys out of people is still murky and it will likely end up in the Supreme Court before all is said and done.

Now the UK is a different story. Citizens have almost no rights there as far as privacy from the government is concerned.

--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999


chrisretusn
Retired
Premium
join:2007-08-13
Philippines
kudos:1
Reviews:
·PLDT
·Comcast
said by KodiacZiller:

said by chrisretusn:

said by KodiacZiller:

How do you figure that PGP/GPG is not safe under a court order? Who are the courts going to order?
A court order can require that you provide your private key. Comply or go to jail. Take your pick.
Not in the USA. There was at least one court case where the judge said encryption keys are protected under the 5th.
Some interesting links.

The Sebastien Boucher case (2007):
Judge: Man can't be forced to divulge encryption passphrase | Politics and Law - CNET News

The Sebastien Boucher case (2009):
Judge orders defendant to decrypt PGP-protected laptop | Politics and Law - CNET News

CYB3RCRIM3: Passwords and the 5th Amendment Privilege

I agree that this issue will eventually end up before the Supreme Court.
--
Chris
Living in Paradise!!

md500

join:2010-09-22
New York, NY
I wonder, even if court requires you to provide the passwords / encryption keys, you say something like "i got really wasted last night, after a bottle of scotch and some quality weed, changed my password/s and unfortunately i forgot them? i want to provide them, but now i really can't" ?
It is plausible, and i know it had happened before (not in court, but people forgetting passwords after a long and busy night) ...


chrisretusn
Retired
Premium
join:2007-08-13
Philippines
kudos:1
I suppose they could water board ya. LOL
--
Chris
Living in Paradise!!

md500

join:2010-09-22
New York, NY
Yea. I guess they could. Sometimes the best attack vector is the rubber hose attack Don't need huge computer farms or million dollar clusters when you got the good old inquisition style "code breaking" tools, invented way before computers ...
Expand your moderator at work


PrivacyExprt

@biquityservers.com
reply to Frydays

Re: top 5 safest and most secure email providers ?

Hushmail is rubbish, they lied and said not even the employees have access to the encrypted user files and emails. But the very second the NSA tossed them a letter, Hushmail folded up like a house of cards and spilled their information to the spooks.

»www.wired.com/threatlevel/2007/1···d-e-mai/
Encrypted E-Mail Company Hushmail Spills to Feds

For private and secure email, you generally want a few conditions to be met. (and I require them all for any service I use)

1) They use SSL/TLS encryption.
2) They encrypt your database on their servers, and it wipes when you download/delete all of your mail.
3) They scrub headers, so basically all your 'stuff' is removed from the headers before the email ships off.
4) Strong privacy policy, that basically says they can't share anything because they can't read anything!

I do recommend offshore email hosting providers for obvious reasons. Unfortunately, not a whole lot of companies meet all of the above criteria. You can find some obscure, high quality ones if you search using a lot of different search terms.

Some good ones...
»mutemail.com/
»neomailbox.com/services/secure-email
»keptprivate.com/

Do some searches, plenty more out there. Again, I recommend 'Offshore' hosting/email services. There are small Indonesian Islands loaded with incredible servers that do this as well. If the spooks send them a letter, they tell them to kiss off. Just the way it should be.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
Those are all expensive! Plus, one is webmail only. I hate webmail. I just basically no longer use email for anything except receiving newsletters, Microsoft Bulletins, etc.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
reply to PrivacyExprt
said by PrivacyExprt:

For private and secure email, you generally want a few conditions to be met. (and I require them all for any service I use)
I wouldn't trust any third party to do my encrypting for me, even if they're offshore. Do it yourself. It's not difficult and is much more secure.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999

md500

join:2010-09-22
New York, NY
reply to Frydays
The top ? Best of the best ? let me think .... well ... NONE.
Want privacy ? Build your own system. Read, learn .... If you can't build it yourself, then, you are out of luck.


LeeBee
It's Dark Out There

join:2003-06-18
Swissieland
There is only one secure email....that is not sending any email.

After all, no matter how secure the path, transmission and storage may be, there's someone somewhere who can open the content and view it.

So whilst you shore-up your side of things, your recipient may not do so. Print, print to PDF, copy/paste, etc

If it's secure and needs to be transmitted, you need something like an eDiscovery portal - but then you're vulnerable because the reader can read, remember, photograph, etc.....

TNO and your problems are solved.


ZZZZZZZ
Premium
join:2001-05-27
PARADISE
kudos:1
reply to Frydays
Mailwasher in combination with Thunderbird.
--
~~Get our troops home...now!!~~