Switch to something like https://protonmail.com/, it's based in Switzerland, open source and with a focus on privacy/security. Plus it works very well. There are other good alternatives too.
For things like encrypted VOIP/chat software, file sync software, etc..., https://www.privacytools.io/ has a very good list.
This is a good question. Essentially, unless you are located on a ship 100 km offshore, you will have to fall under the jurisdiction of some country and must follow the laws of that country. Almost all countries require companies to assist in some manner in criminal investigations, and Switzerland is no exception.
This is the reason why the choice of Switzerland matters. In Switzerland, we have intentionally picked a jurisdiction where we believe there is a strong cultural and institutional respect for privacy, which extends both to the laws and the behavior of the courts and law enforcement. This means that in the example that you bring up with a journalists or activist, it is rather difficult to get a Swiss court to consider such a person to be a criminal.
In all cases, our legal team also reviews all requests and will also fight certain requests that we believe may be improper. In the event that a court order does get approved, we are also quite limited in what we can provide given our policy of collecting as little user information as possible, and using zero access encryption for all emails stored on our servers. Full details about what we can provide can be found in our privacy policy: https://protonmail.com/privacy-policy
Worse. This;
https://tutanota.com/blog/posts/australia-surveillance-bill/
Data Disruption Warrants, which allow the AFP and the ACIC (or another person on the law enforcement officer’s behalf) the ability to “add, copy, delete or alter” files on a computer or device, so as to “frustrate the commission of crime”4 where a law enforcement officer “reasonably suspects” that one or more “relevant offences” are “being, are about to be, or are likely to be” committed.5
Network Activity Warrants, which “allow agencies to collect intelligence on serious criminal activity being conducted by criminal networks”6 by intercepting communications and using surveillance devices on computer networks. The AFP and the ACIC are permitted to do “any thing reasonably necessary to conceal”7 their access and modification to computers, allowing the warrant to be conducted covertly. This is available where there is a “reasonable suspicion” that monitoring the network activity of a “criminal network of individuals” is “relevant to the prevention, detection or frustration of one or more kinds of ‘relevant offences.’”8
Account Takeover Warrants, which provide agencies with the ability to take control of a person’s online account “through the modification of data” for the purposes of “gathering evidence to further a criminal investigation.”9 This is available where there is a “reasonable suspicion” that one or more “relevant offences” are “being, are about to be, or are likely to be” committed; an investigation is either imminent or in progress, and taking control of the “target accounts” is “necessary for enabling evidence to be obtained.”10
Slightly misleading title. Not provided by CERN, ProtonMail was founded by a group of ex-CERN scientists, now running on their own money, an Indiegogo campaign plus venture capital from CRV and Fongit Seed Invest (a startup/innovation funding tank for the canton of Geneva). The MIT venture people advise them.
Source: https://protonmail.com/about
I'd like to take this chance to say fuck Protonmail. They claimed "we have been strong proponents of open source software" back in 2015. Their mobile app and bridge are still proprietary, so you can't actually check your protonmail account outside of a browser without proprietary tools. I suspect they always will be while Protonmail claims the code is moving too fast to open source. If Protonmail was honest, and simply said "Some of our shit is open, some is proprietary. We will make efforts to open more code in the future." I'd not have an issue with them. But, they outright claim to be an open source company when they're not - they're just vultures using our buzzwords as their dinner bell.
Actually, we have been exempted from the new law, you can find details here: https://protonmail.com/blog/swiss-surveillance-law/
To answer your question, let's say you live in the US. Our traffic would first pass through Swiss networks, then German networks, before going through US networks, and to your home. The German and US networks are being tapped and monitored by the NSA (which is why we encrypt everything before it hits the network). Now, Switzerland's tiny surveillance agency is possibly tapping the traffic between Switzerland and Germany. Is this concerning? Yes, definitely. But in the grand scheme of things, the NSA tapping is the more problematic one, which is why, from this perspective, we are not too concerned about what the Swiss government may be doing.
Something similar exists. Go to the Labs config page and search for "Mail Goggles". You'll have to solve some math before being able to send those drunk-mails.
You shouldn't pay anymore as you can't contact the owner.
It has a flaw tho
> If it can runs as admin, it willl encrypt mbr, but not the files on disk.
So a simple FIXMBR should get you back in.
A few ideas:
-Generate and give her a Google app password. I'm not entirely sure if it will work but it would be a great solution if it does.
-Setup a forwarder, so that all of your incoming emails are sent to another account. Perhaps your boss can create an email address specifically to receive these emails
-Link your Google account to her's. This would probably be the best solution. You can find this in the settings here under "grant access to your account".
Overall however, your boss needs to be educated on company security. This idea is terrible for more than one reason: it gives your entire company a single point of failure if that password list is hacked (as well as discouraging good password habits), it prevents the company from using two-factor authentication like you mentioned, it sure as hell hurts the trust relationship between her and her employees, and not to mention it's a horribly inefficient way of doing things.
Hi there, the TutanotaTeam here. We noticed this discussion and wanted to jump in: In regards to data protection laws Germany and Switzerland aren't so much different. One difference, however, is that Switzerland has data retention laws for email, which Germany does not have. Anyhow, any company in these two countries must hand out data if requested to by a court. Nevertheless, as all data is encrypted in Tutanota, we can only hand out encrypted data. If you're interested in details, best check the transparency report: https://tutanota.com/blog/posts/transparency-report/
Google is definitely in bed with the U.S. government.
ProtonMail is an easy-to-use encrypted email service that the U.S. government couldn't hack into.
Read the story below of how ProtonMail was nearly put out of business when they suddenly dropped from Google's search results.
If you are inside Google, and you know of other shameful schemes, LEAK it! Your info. could go from the inside of Google to worldwide news in 24 HOURS!
SecureDrop, ProtonMail and Wikileaks are safe and easy to use.
that's what temp email accounts are for. I don't even think they send an email after you respond to the survey, but I also don't want to be apart of some mailing list down the line.
Getting real tired of seeing Per shy away from a ball coming at him. edit: Image of what Per needs to stop fucking doing.
And this is why Ox shouldn't play in the middle yet.
I don’t ever sign any petition knowing that it won’t mean anything. But this time all I want to send a message that “we are watching you”.
Btw you can sign the petition using temporary email from here https://temp-mail.org/en/
>I’m tempted to make a FastMail Electron app just to demonstrate that Electron/HTML/CSS/JS doesn’t need to mean slow and heavy (it just normally does).
>Later: OK, so on Windows a trivial Electron “just load https://www.fastmail.com/login(and then log in)” app uses ~230MB of RAM.
This was a good article to read through. Pretty poor form this snuck through parliament. Read what specific powers they have. It is crazy
https://tutanota.com/blog/posts/australia-surveillance-bill/
"What makes this legislation even worse is that there is no judicial oversight. A data disruption or network activity warrant could be issued by a member of the Administrative Appeals Tribunal, a judge's warrant is not needed."
and police have power to:
Data disruption warrant: gives the police the ability to "disrupt data" by modifying, copying, adding, or deleting it.
Just like politicians trying to deny strong encryption to people while using it themselves all the time. (Not a good comparison, but just makes me as mad as this.)
There are so many reasons to use Signal for chat, Tor browser, and Tutanota for encrypted emails.
ProtonMail is safe against the efail PGP vulnerability. The real vulnerability is implementation errors in various PGP clients. PGP (and OpenPGP) is fine. Any service that uses our @openpgpjs library is also safe as long the default settings aren't changed.
The correct response to the efail vulnerability is not to stop encrypting, but to use clients that are using secure implementations of PGP.
It is not correct to call Efail a new vulnerability in PGP and S/MIME. The root issue has been known since 2001. The real issue is that some clients that support PGP were not aware for 17 years and did not perform the appropriate mitigation.
Werner Koch (GNUPG author) has a good write up about the efail issue. https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html … We agree that the @EFF warning is overblown and disproportionate, and likely issued without fully understanding the issue. It was irresponsible for the researchers to not correct that.
Efail is a prime example of irresponsible disclosure. There is no responsibility in hyping the story to @EFF and mainstream media and getting an irresponsible recommendation published (disable PGP), ignoring the fact that many (Enigmail, etc) are already patched.
While we think that stories claiming "PGP is vulnerable" are inaccurate (since the issue was reported in 2001 and is a client side problem), we do take the Efail bug seriously. The researchers have said ProtonMail is not impacted. We are performing independent confirmation also.
Edit: Blog post with full technical explanation: https://protonmail.com/blog/pgp-vulnerability-efail/
This has been coming up more and more lately. For Facebook, too. But for some reason people dub these stories as "conspiracy theories."
Really? You don't think Google or Facebook would be capable of doing this without really telling us about it or disguising it as some "user experience" feature? The technology is certainly there already.
Anyways, op, I recommend you go to Google My Activity, then "Delete activity by", go back 10 years or so and delete everything Google has on you, until all it shows an empty page there. Then "pause" all of Google's tracking for various services. This is what you should have paused:
Web & App Activity
Voice & Audio Activity
Device Information
YouTube Watch History
YouTube Search History
I also recommend you stop signing in to Chrome. You can still install extensions from the store without being signed-in. For password syncing you can use LastPass (free on mobile, too, now), and maybe find an alternative for bookmark syncing, too, if you need it.
You can also use the "ublock origin" extension to block tracking such as Google Analytics or Facebook Like (on the web). If you want to move away from Gmail, too, ProtonMail is a great alternative, and much more secure/private.
Yep, that would be great for newbies. Actually there are lots of posts about how to stop using Google out there: one example and another example.
But having it here would be awesome!
Use an email provider that actually cares about your privacy and is not based in the USA. Even if you have to pay for it. I personally use Posteo which is based in Germany, it costs 1€ ($1.11) per month. Dirt cheap considering what you get for it - fully encrypted mail, calendar, address book. No ads. You don't have to give them any personal info about you. And you can literally pay them by sending cash by mail. Doesn't get much more anonymous than that. But PayPal works too. ;)
Also, use end-to-end encryption. PGP is a good start. It works like this: you generate a pair of keys, a private and a public key. The public key is then uploaded to several key databases. Other people can encrypt emails they send to you with your public key, which they can get from a database server, and only your private key can decrypt the text. And you can use other people's public keys to send them encrypted mails. It's basically impervious to any man-in-the-middle attacks because your email will just contain a mess of random letters and numbers that would take ages to decrypt without the key.
Look up how to set up Thunderbird with Enigmail, it makes the whole thing very simple.
Also, don't use Windows if possible. Ubuntu is easier to use than Windows (seriously) and doesn't send your data to the NSA. A six y/o kid could install it. If you need certain software that only works on Windows (that includes games), dual booting is easy enough. Don't do online banking and other sensitive stuff on Windows, ever. Hell, even an Android phone is safer for that. If you absolutely don't want to use Linux then get a Mac, it's expensive but it's still safe (as far as I know). Of course then you have to deal with the walled garden of Apple, while you would have a lot more freedom on Linux, but at least Apple still care a bit about their customers' privacy.
Please update events to include death of the warrant canary at Julian's email provider, riseup.net:
Aug 16th: Last update of warrant canary at https://riseup.net/en/canary, Julian's e-mail provider. (Canary is now dead.)
Ich kapere mal deinen Kommentar (sorry!) um auf deren Spendenseiten aufmerksam zu machen: sich juristisch zu wehren kostet leider Geld. Macht euch bewusst, dass falls ihr über IBAN und co spendet, eure Daten spätestens bei der nächsten Razzia in die Hände der Polizei fallen werdet. Lest euch die Spendenseite durch.
Zwiebelfreunde: https://www.torservers.net/donate.html
RiseUp: https://riseup.net/donate
We actually object pretty strongly to this characterization. Like all small companies, we have limited resources, and open sourcing code requires a lot of work, such as proper documentation, code organization, and making it ready to accept pull requests. This is not easy on a code base that is rapidly evolving and changing.
Where have our resources gone you might ask? Well, the answer is to other open source projects. For example, OpenPGPjs, the world's most widely used OpenPGP library which powers dozens of other projects: https://protonmail.com/blog/openpgpjs-3-release/
If this doesn't show a strong commitment to open source, we're not sure what does. As we have always said, building secure encryption libraries and protocols (for example, OpenPGPjs was one of the only PGP implementations not impacted by Efail and already with AEAD support) is extremely important for making privacy ubiquitous.
Our support of these initiatives comes at the cost of the resources we could have used otherwise to prepare some of our applications for open sourcing, but we prioritized in this way because developing secure, open source encryption libraries delivers more benefit to the world.
This does not mean that we are not going to open source our mobile apps or the ProtonMail Bridge, it is just going to take longer as it will have to wait until we shift our limited development resources from core crypto libraries back to clients.
We don't think this means we aren't committed to open source. Quite the contrary actually - we are so committed to open source that we've put community projects ahead of our own projects. And this commitment has allowed us to support a community of users that is well in excess of the millions of people who use ProtonMail and amplify our impact.
Zu deinem konkreten Beispiel: Wenn du deinen Mail-Account unbedingt bei web.de oder GMX anlegen willst und dafür deine Daten hergibst ist das aktuell wirklich deine Entscheidung und kein EU-Versagen. Es gibt ja auch Provider, bei denen du außer Benutzernamen und Passwort gar nix angeben musst. Auch aus Deutschland, wenn dir das wichtig ist (posteo.de oder mailbox.org).
Auch darüber hinaus klingt dein Rant eher, als gefällt dir die Parteipolitik in Europa nicht. Das geht mir ähnlich, ist allerdings ist kein EU-Problem. Auch ohne die EU als Organ würden CDU und SPD die gleiche Scheißpolitik machen.
Microsoft Office 365 / Outlook email are actually getting really nice and competitively priced with GSuite for many more features. Sure the people that run the company are democrats, but they aren't blood thirsty and they do their best to keep quiet about it.
https://protonmail.com/ also has some pure email paid options that are very secure and high quality.
That is so stupid; as if people couldn't use it via Tor/vpn? And while they do, they should also consider getting a secure mail provider like Tutanota so THEY can block their conversation from the government's eyes.
Upvote this post so that everyone will see this and will sign the petition.
We know Signing the petition means nothing, but this time we want to send a strong msg.
You can use temporary email from here link if u r concerned about privacy.
You should already have a couple of fake Twitter accounts for the upcoming Meme War 2018! Stop lagging behind pede!
Tools you’ll need (and should always use normally anyway):
> Please note that once your account is deleted, there is no way to recover or recreate it. We do not recycle usernames, which means the same username will be not available in the future.
Source: https://protonmail.com/support/knowledge-base/delete-account/
There are a couple things that we have heard people mention.
First, we're a bigger company, more reliable, more likely to be around long term.
Secondly, our webapp and mobile apps are more polished and much easier to use.
Third, we are standards compliant. For example, we are the core developers behind OpenPGPjs and play a big role in driving the future of the OpenPGP standard.
Fourth, Swiss jurisdiction is generally better for privacy
Fifth, we have a strong scientific/research background, and we focus a lot on research, which allows us to do security on the cutting edge. For example, our authentication system and how we improved upon SRP: https://protonmail.com/blog/encrypted_email_authentication/
I highly recommend using temp-mail.org; this allows you to create a disposable, temporary email address for free. Couple it with Brave in Incognito, over a VPN (if you're feeling really paranoid), and you're going to be reasonably anonymous(ish).
As a criminal defense lawyer, this is MA ...the most liberal state. Imagine Alabama.
Thank you Jaylen. As an extremely young man, you are wise beyond your years. I expect great things from you (on and off the court).
FYI, ProtonMail is quite nifty for reasons I won't bore you with. Painless, feature-rich and privacy-centric.
What I've done is to create an account there, starting to use it with just close friends, then family, then looser friends, then colleagues, then work. Gradually transitioning isn't as painful or as much work.
You can always go back and see any stragglers of your old address, since they'll be the only ones showing up there.
I did this when I transitioned from Yahoo! mail to Google, then from Google to ProtonMail.
We have full support for the OpenPGP standard, so we are fully interoperable with any email service that supports PGP. We feel strongly that encryption shouldn't be a walled garden, but should instead be part of a federated system. You can actually read more about our thoughts on this here: https://protonmail.com/blog/address-verification-pgp-support/
A gag order is not possible in Germany, and the above posting is nonsense.
Please check our Warrant Canary, which is unchanged since we first published it years ago: https://tutanota.com/blog/posts/transparency-report
Just like your password, the revovery code can only be accessed by yourself. Our code is fully open source and you are very welcome to check this: https://github.com/tutao/tutanota
The recovery code was not only demanded by the community, it is also a basic necessity to most users who want to make sure that they never lose access to their encrypted mailbox. The new web client allows you to set up 2FA, which will only increase the number of people losing their password or their second factor. Hence, the recovery code is a must.
Yes, you are still good with Tutanota. We at Tutanota cooperate with the authorities when we get a valid German court order. You can read details on this in our Transparency Report: https://tutanota.com/blog/posts/transparency-report Therefore, an illegal seizure of our servers will not take place. On top of that, all data on our servers is end-to-end encrypted and can't be accessed - not even by our developers.
This action by the German police is already heavily criticized as being out of their legal limitations. We're sure an investigation on this will follow and there will be consequences.
That's false, their CEO is Andy Yen: https://protonmail.com/about. They're also not Lithuanian ("...registration data of Lithuania"), they're Swiss. They have an excellent reputation with ProtonMail.
I was once a protonmail but they've recently turned to the cuck side of the force. blog posts like this and another on "hate speech" made me drop it. I don't want SJW's anywhere near any of the tools I use.
Australia has no freedom of speech, no online privacy and no freedom of movement. It seems like gun control is working as intended there.
The problem with PGP email is that it requires your recipient to have and use PGP software to decrypt the message. 99% of humanity doesn't want to learn how to use another layer of software.
There are "encrypted email" services out there, such as Hushmail. When one user sends email to another on the same service, the email can be encrypted and decrypted without any special action by either user. Sending mail to a recipient outside the service, say to Yahoo Mail, means the mail can not be encrypted by Hushmail.
Protonmail has a work around for this. When you send mail to someone outside Protonmail it is encrypted and stored in a web page. A one time only link is generated and mailed in plain text to the recipient. When the recipient clicks the link the page is delivered and decrypted in client side javascript.
tl;dr There is no universal solution to web based encrypted email. I'd be thrilled to learn that I'm wrong.
EDIT because my poorly composed comment is not very accurate:
Or how Google accidentally suppressed search results from a privacy-focused gmail competitor for a year
https://protonmail.com/blog/search-risk-google/
The parent comment in this chain says that Google obviously isn't doing anything funny with photo ads because there'd be a shitstorm about it, but Google has learned that they can survive "mistakes" like this pretty much unscathed.
Several. I think someone more crypto-elite will give a better answer, so I'll be brief and check back later:
Your email account is much more difficult for an outside agent to access. They're not going through your email (like Gmail is with keyword searches and hash comparisons), they're not responding to subpoenas (like Yahoo did when China wanted to read the accounts of dissidents), and they're not creating a profile of you based on other behavior and login habits (like everything Google, everything Facebook, and many other websites.
If they wanted to, they couldn't read the email in your account because it's encrypted and they don't have the key.
Despite this, they've got a warrant canary. https://protonmail.com/blog/transparency-report/
That's all pretty good by itself.
Also, if you know you're sending a specific contact using non-Protonmail an email you want specially encrypted, you have that option at the bottom of your screen. You'll just have to tell them the password somehow. If they have PGP capability, that makes it possible to do things remotely, but at this point we exceed my knowledge.
There are a couple other benefits.
First, your entire inbox is stored with end-to-end encryption, so even emails you get from non-ProtonMail contacts are encrypted before the are saved into our database, and we have no way to decrypt those messages.
Furthermore, since we are outside of the US and the EU, we aren't subject to mass surveillance programs like the NSA, GCHQ, etc. We don't have much we can turn over anyways, but we also avoid issues such as what happened with Yahoo: https://protonmail.com/blog/yahoo-us-intelligence/
https://riseup.net/en/about-us/press/canary-statement
"After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization). The first concerned the public contact address for an international DDoS extortion ring. The second concerned an account using ransomware to extort money from people."
"We have taken action to ensure that Riseup never again has access to a user’s stored email in plaintext. Starting today, all new Riseup email accounts will feature personally encrypted storage on our servers, only accessible by you. In the near future, we will begin to migrate all existing accounts to use this new system"
Looks like the dead canary didn't have anything to do with Wikileaks.
By default, we do not log IPs. If we get a warrant from a German judge in a criminal investigation we log IPs for individual accounts. We explain details here for transparency: https://tutanota.com/faq/#anonymous-email
This is a good question. We wrote up a not too complicated explanation of Gmail vs ProtonMail from a security and privacy standpoint. It also addresses the other benefits of ProtonMail even if you don't have end-to-end encryption with non-ProtonMail users.
It's offshore and encrypts the e-mail, so even if they were lawfully willed into giving up data, it'd just be encrypted blobs.
Edit, also check out Signal messaging app if you haven't already. Signal was founded by an outspoken anarchist, Moxie Marlinspike
Good. They needed something to recoup their progressive bona fides after the Cuomo disaster.
Looks like the WFP got some input from people all over, this infographic was in their email to folks who voted, each dot represents a zipcode where at least one vote came from.
looks like they hit all 50 states
EDIT: deleted duplicate comment
What a shithole Tutanota put themselves in for an extra 1.2 €... was it worth it being disemboweled in public like this? I swear I'm serously asking. do you know how angry someone would have to be just to take the time to write all of this on reddit? Someone who's already paying you, no less. Paying you to spend time commenting on the EARN IT act to a clientèle that obviously understands the importance of encryption or the achievement that is removing the term blacklist from your FAQ instead of clarifying who gets access to calendar invites or that you can remove any feature at any time regardless of your ToS. Notice how people aren't even answering each others' questions here as often? How much in support/marketing costs was having a passionate user base saving you?
Visionary member here: import/export feature was released to all visionary members for testing so I can confirm this feature is coming soon.
https://protonmail.com/support/knowledge-base/how-to-export-emails-from-your-protonmail-account/
No, they did reserve them the right to eventually do that, but they don't practice it right now.
So they may close free accounts if they are inactive. But currently they don't do that at all.
Here's the line from their ToS:
> Although it is not the current practice now, we reserve the right to suspend or delete accounts that are inactive for over three months. This does not apply to paid accounts. Paid accounts are never subject to deletion as long as their paid status is active.
Google doesnt do the "Zero Access to user data" AFAIK
EDIT: Another thing they advertise is the Legal environment is an advantage
I like this new trend. Hundreds also protested in Switzerland and now the Swiss are having a nationwide referendum. Photos of the Swiss protest here: https://protonmail.com/blog/swiss-surveillance-law-referendum/
I am also not a lawyer, but as a software developer who uses FLOSS software as a regular part of their job I do have a pretty good working knowledge of free software licenses, and I can say that these claims don't make any sense. Inherent to FLOSS licenses is the ability to copy, modify, and redistribute changes to code so licensed, so having contributed code to a GPL project you've inherently given everyone else the right to use your code subject to the license. It wouldn't be a violation of the license to incorporate that code back into Linux even if he did somehow remove his code from the project. While it's perfectly fine for a GPL licensed project to remove code, they cannot retroactively deny people use of previous revisions of code.
The only exception that I can think of in this case would be if the code contributed was not legally contributed (e.g. breaking an employment agreement or containing unlicensed proprietary code), but that's essentially an entirely different case, as the legal issues would likely invalidate the contribution. Though, of course, I don't know if that case has ever actually occurred in any real project.
As for "", they claim to be a lawyer but have provided no proof, and most lawyers don't give out unsolicited (and almost certainly wrong) legal advice like this guy. Also, check out their email host. Dude's posting from redchan.it (referencing a site from a Law and Order episode), a domain from [HELLA NSFW] cock.li which also hosts such prestigious email domains as dicksinhisan.us getbackinthe.kitchen, rape.lol, and n****.rs, underneath a banner ad for the "Date Rape Appreciation Station.. So, you know, maybe anon Channers aren't great sources of legal advice.
I think ProtonMail is the obvious answer and I don't see anything to worry much about wrt their logging policy. They say in your link that your IP address will only ever be retained if you're involved in attacking their infrastructure. Obviously you have to trust them on that, but you do with any webmail provider.
That said, you might find Posteo interesting. They have very respectable policies around data security and privacy.
tutanota. It's German based, with Germany probably having the best privacy laws of any country at this time. The mail client is very limited, but it works and I believe it's secure.
One of the nice things about tutanota is that you can send people outside of tutanota secure emails. They would just get a (password protected) link to the tutanota web front end where they can read and reply to your mail securely.
That's a valid concern, but it holds true to all online services and there is only one universal solution for this problem: Get a custom domain and use only your custom domain exclusively.
If you'd use ProtonMail with a custom domain and they would be gone tomorrow, just switch your DNS-Records to another Email provider and you will receive all your Emails there. Also makes it super easy to switch provider because you don't have to edit a thousand accounts and switch the Email address if you'd dislike ProtonMail in the future.
> what do you think about GMail and why would you NOT reccoment Gmail ?
Gmail is a great service but I personally don't consider the cost in privacy even close to worth it. Maybe ProtonMail is overkill for some people, both in price and in sacrifices, but I would rather recommend to go with something like https://mailbox.org if that's the case.
The UN can't help here. We need to encrypt everything.
>Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting.
> premium prices
This is why I'm considering possibly not renewing.
I really like ProtonMail, I've been a paying member for 3 years. I also donated bitcoin in the past.
But I'm paying $50 a year for a privacy-enhanced service where I still can't import PGP keys.
I feel like that should be a main priority.
Meanwhile the last big release focused on snooze notifications.
Like I'm sure it's nice to have snooze notifications, but why not focus on PGP first? The whole reason people use protonmail is for privacy.
I get that emails are encrypted at rest, and that's nice, but 90% of my outgoing mail is still in plaintext because I can't import anyone's PGP keys.
The only option is to send an encrypted link, which expires. Seriously, at least make it so that there's no message expiration until you have PGP fixed.
Sorry to rant, I really think they are doing great work, I'm very proud to have been a paying member, just a bit frustrated with the direction it's going.
https://riseup.net was apparently the email host for the account that administrated @WikiLeaks Twitter.
Every 3 months(ish), riseup posts a new announcement to the public that they haven't been asked by any feds to hand over private user data. They do this so that when they are compromised, and possibly under gag order not to tell, they can signal to the public that they are in trouble by simply not updating their canary.
Their canary is now 5(?) days overdue, and has been requested repeatedly on their twitter and contact pages. These concerns haven't even been addressed, which points to gag order. If that's the case, there's no way they can directly show the public they have been compromised. They just don't update their canary, as they can't be legally forced to.
Combine that with riseup's tweet here that references both birds and deception, and I think AT LEAST @WikiLeaks Twitter is in the hands of somebody else.
I'm just a little confused as to why someone with that laundry list of fucking diplomas from Ivy League schools can't understand that you can't paste the url of a private reddit message for other people to see it.
Check out this funny email I got, guys https://mail.google.com/mail/u/0/#inbox
Tutanota is a more and more compelling alternative to ProtonMail. Between their more transparent development, completely open-source clients and significantly lower cost, I am more and more tempted to make the switch.
> We're talking about a company that is not fully open source, logs your mail, and refuses to allow you to use Thunderbird
You can stop spreading fake news.
> The final nail in the coffin for me is this page right here: https://protonmail.com/blog/transparency-report/ Can I draw your attention to this sentence: "After reviewing the relevant evidence forwarded by US authorities, criminal intent was apparent, so Proton Technologies AG decided to comply with the data request"
WTF. Didn't they claim to be a service standing up for activists and journalists around the world? Do these imbeciles think trying to subvert state power is legal anywhere? Or that countries like Turkey or the US will actually tell the truth about a user when they requests that user's data? This is outrageous.
> The primary risk is domain name seizure which can occur if the US government bypasses the Swiss court system and directly seizes protonmail.com by serving a court order directly to VeriSign. In this case, ProtonMail could lose control of protonmail.com and the US could gain access to emails sent to protonmail.com after the seizure through directing all email sent to protonmail.com to a different server.
Even if I don’t expect this to happen, I prefer to use .ch
I don't use them myself, but I've heard good things about FastMail. They don't data-mine your email, and you can set up aliases and/or a catch-all at no extra cost.
Das Riseup-Kollektiv ist eine autonome Körperschaft in Seattle mit Mitgliedern auf der ganzen Welt. Unser Ziele sind, beim Aufbau einer freien Gesellschaft zu helfen, eine Welt ohne Gier und mit Meinungsfreiheit, eine Welt ohne Unterdrückung oder Hierarchie, in der Macht gleichmäßig verteilt ist. Um dazu beizutragen, übernehmen wir Verantwortung für Kommunikations- und Computerresourcen für Alliierte in Kämpfen gegen Kapitalismus und andere Unterdrückungsformen.
Thanks for pinging us /u/PaskanMarjat
I've just registered via Tor myself: I got the clock captcha and the 48-hour wait. Believe us when we say it is hard to offer an email service with anonymous sign-up, and keep spammers out at the same time. Despite that, we stand firm to never ask for phone numbers or any personally identifiable information when you sign up.
Unfortunately, spammers heavily abuse VPNs and Tor so there will always be temporary blocks on certain VPN servers or Tor circuits. There's nothing we can do about this as otherwise we'd open the gate for spammers. Nevertheless, we focus on private, secure and anonymous emails. This hasn't changed. Please check again, you will be able to register via Tor.
I recommend ProtonMail, I switched over 100% from Gmail to ProtonMail and I love it. Encrypted mailbox, end-to-end encryption to other ProtonMail users and encryption to non-PM users by setting a password (just tell them the password by some other means). It's based in Switzerland so it's secure against NSA requests and just about every other government. They comply with Swiss government orders but those are notoriously few and far in between. But just in case here's their transparency report about what they've received and complied with https://protonmail.com/blog/transparency-report/. IMAP support is in beta right now (ProtonBridge for anyone who hasn't heard) so you'll soon be able to use it with any client
The team also frequents /r/ProtonMail and they (and we) are really helpful there
https://protonmail.com (on mobile otherwise I'd link properly)
Artykuł niedostępny bez rejestracji - jak mnie takie podejście wkurza... Na szczęście jest https://temp-mail.org ale żebractwo o maila ssie.
A sam artykuł? Włos się jeży na głowie, na zadku i w każdym innym miejscu. "Mentalność antykoncepcyjna", jego mać...
"Somewhere" seems to be a stupid place full of bs. Would love to see that source.
Protonmail is extremely well respected and on the forefront of the battle against spam, fraud, and other kinds of abuse. They are extremely cooperative towards law enforcement, even going so far as to help foreign law enforcement to use the right Swiss channels so that they can comply with the requests legally. Last year they received 338 requests from law enforcement, contested only 4, ultimately complying with 336 requests (from their transparency report
If anything criticism usually comes from the other side, that Protonmail is too friendly to law enforcement or that it's getting harder and harder to register anonymously due to their anti abuse measures.
When some sites block Protonmail it says more about the incompetence or laziness of those sites than about Protonmail, in my opinion.
This exact situation is what you, Proton warn users about. When digging into the backings of a VPN company, if the user find things that are "shadowy" and don't add up, then the user should not trust that VPN provider. https://protonmail.com/blog/trusted-vpn/
ALSO: In that exact same blog post, you (Proton) smear PIA by linking them in a blog posting by saying they go through great length to hide where they are located. They have never hidden the fact they are based in the US, and they have postings about them being in the US on their site. FURTHER more, on another blog posting, you say you have proof that some other VPN provider is working with an intelligence agency, but REFUSE to say who it is! On the onset that spread FUD about your competitors, and if you have proof and refuse to present it, you are willing and allowing users to be harmed. As a company that talks so much about privacy, I would think it would be your position to protect as many peoples' privacy as much as possible.
I have tested Autocrypt on both K-9 Mail and Enigmail, and the implementations work, but still need polishing around the edges.
Regarding providers, at least Posteo has implemented Autocrypt. I hope Protonmail and Tutanota will follow.
Last time I asked on /r/ProtonMail, they didn't have concrete plans. Perhaps time to put it on the roadmap, /u/protonmail? :)
ProtonMail datacenters are entirely in Switzerland. If you do a traceroute, sometimes in the route you will find a IP belonging to Radware.
Radware is our DDoS protection provider, you can find more details here: https://protonmail.com/support/knowledge-base/protonmail-israel-radware/
DDoS protection is on now because we got hit hard this past weekend.
Don't use Gmail/Google Search. And if you need to use YouTube, do it without an account and regularly clear your youtube cookies!
For mail you could use https://protonmail.com/security-details For search, use duckduckgo.
I've had a good experience with FastMail. It's been really reliable at a decent price.
In case you're considering self-hosting, be sure to read up on things like mail server reputation and deliverability. I'm not saying not to self-host, but you should know what you're getting yourself into.
I use: https://mailbox.org/en/ You can get an e-mail ending with @mailbox.org but I have bought a domain some where else which I am pointing at Mailbox. I really like the way the calendar, mail, text editor and tasks work. I use this mail for personal communications. I also have a free Outlook mail which I use for subscriptions and stuff like that.
No and Nothing. Because nothing resides on Apple's servers. They'd have to serve YOU the warrant and have YOU unlock the phone. In fact, it's safer to use the app than a browser.
Here's PM's description of their iOS security: https://protonmail.com/blog/ios-security-model/
I think they're talking about it not being a Judge decreed warrant?
Here's an article from earlier in the thread.
>What makes this legislation even worse is that there is no judicial oversight. A data disruption or network activity warrant could be issued by a member of the Administrative Appeals Tribunal, a warrant from a judge of a superior court is not needed.
So while there are warrants, it doesn't need to be approved by a judge which looks to be the change OP referenced?
Either way, I'll be over here with /u/XenosMind for confirmation.
https://tutanota.com/blog/posts/australia-surveillance-bill/
This is absolutely insane. The govt can hack into social media or just takeover social media accounts in Australia now. All of this without even a warrant.
You are being watched if you have a online presence, have any type of banking, or have a phone. Things like this is not uncommon and honestly the least of your worries. You ought to be more worried about the US trying to ban encryption and increasing surveillance just like Australia did.
Learn how to reduce your online presence, avoid cloud products, secure your home-network, use 2FA, use password managers, and fight against social engineering.
>Australia: Unprecedented surveillance bill rushed through parliament in 24 hours. Australian police can now hack your device, collect or delete your data, take over your social media accounts - all without a judge's warrant.
https://tutanota.com/blog/posts/australia-surveillance-bill/
sign up another person in your household with a disposable email address.
i always hate "new customer" deals too, does nothing for the people who shop there on a regular basis.
> VDS ist ja verpflichtend ab einer bestimmten Nutzeranzahl.
>>Posteo ist von der Vorratsdatenspeicherung nicht betroffen. E-Mail-Anbieter wie Posteo (Dienste der elektronischen Post) sind von der Pflicht zur Vorratsdatenspeicherung explizit ausgenommen.
Here you go mate:
> You further agree to not use ProtonMail to send Spam, junk mail, bulk emails or mailing list emails that contain persons that have not specifically agreed to be included on that list. Any account found to be sending the aforementioned type of emails will be immediately suspended.
Generally because of privacy. Privacy is extremely important for a functioning democracy. https://whyprivacymatters.org/
And here are also some reasons: https://protonmail.com/blog/protonmail-vs-gmail-security/
Proton mail ( https://protonmail.com/ ) does not require any personal information to create, and its storage is encrypted. You can create and access an account from tor too if you need to hide your ip.
In /r/privacytoolIO, before the move, I saw Posteo & mailbox.org recommended all of the time actually. I don't know about "no love".
That being said, Tutunota and ProtonMail gets recommended more often because they have free accounts, making it easier for people to transition from another free account.
Yeah, they already say in their privacy policy that while they do not permanently store your IP address, they may temporarily store it to combat fraud and abuse, which is what you're trying to do. You should instead be asking them how long IP addresses are stored...
Yes.
The thrust of his argument is that a web app isn't tamper-evident enough. A compromised or coerced employee at ProtonMail could deliver malicious code to specific users, and no one would be the wiser.
Now there's ProtonMail Bridge, and ProtonMail apps.
ProtonMail Bridge ~~is~~ will be Open Source. It handles all the encryption completely on your desktop and creates a local IMAP server so your desktop mail client can connect. Since it's a regular desktop application, it would be more difficult for a coerced ProtonMail employee to deliver a compromised version to you.
ProtonMail's apps for iOS and Android are similar in that respect. They're distributed via iTunes and Google Play, so again, a compromised client would probably be noticed by someone, because everyone has the same client they download and install.
>In August 2017, we received a request for assistance from the government of Turkey that was passed to us through the Swiss Federal Police. We rejected the request on account of the Turkish government’s human rights record and will take the case to Swiss courts if the Turkish government files for an international proceeding.
So it seems you have done something their terms of service to the extent that law enforcement has been involved. Given all of these things are explicitly covered in their ToS, what is surprising to you?
Use temp mail there are a ton of services like this but I prefer this one.
It creates a disposable inbox. You use the email address to sign up. Verify the email. Then delete it.
I have about 20 bogus accounts on geoguessr so I dont have to buy premium to play more than once a day.
I use it for signing up to websites and comparing insurance quotes etc
People are saying you get to use it ten times or so. Go to https://temp-mail.org/en/ get an email address, sign up to bigger pockets, use calculator ten times rinse and repeat.
Actually, I ran 6.2