|
Home > Archive > Anonymous Servers > September 2007 > PGP webmail
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Anonymous 2007-09-13, 7:11 am |
| Hi, I am a total beginner on the web who was wondering about secure webmail. I have done a little digging, and was wondering if anybody had any opinions regarding the free PGP webmail services at www.hushmail.com, www.mailvault.com, www.fedxmail.com, www
.secureix.com, www.mailsaurus.com, www.stealthmessage.com, or any of the other free webmail services. I am looking for something easy-to-use and accessible for the newbie on the computer, that is reasonably secure. I'd appreciate any knowledgeable opini
ons, thanks!
| |
| Anonymous Sender 2007-09-13, 7:11 am |
| Hi,
I use Firefox or Iceweasel with the plug-in "FireGPG" together with any
webmail account. You write your message, select all of the message box
<Ctrl-A> and choose "FireGPG -> encrypt" in the context menu of the box.
Same way for decrypt: Mark the hole encrypted message and choose
"FireGPG -> decrypt" in the context menu of the box.
Anonymous schrieb:
> Hi, I am a total beginner on the web who was wondering about secure webmail.
>
>
| |
| Nomen Nescio 2007-09-13, 7:11 am |
| Anonymous wrote:
> Hi, I am a total beginner on the web who was wondering about secure
> webmail. I have done a little digging, and was wondering if anybody
> had any opinions regarding the free PGP webmail services at
> www.hushmail.com, www.mailvault.com, www.fedxmail.com,
> www.secureix.com, www.mailsaurus.com, www.stealthmessage.com, or any
> of the other free webmail services. I am looking for something
> easy-to-use and accessible for the newbie on the computer, that is
> reasonably secure. I'd appreciate any knowledgeable opinions, thanks!
Web mail is inherently insecure, and using something that holds your
keys in escrow for you like most "secure" web mail serviced do only
means that you're lulled into a false sense of security. It's like
putting the very best locks you can buy on your doors, then giving the
keys to someone you just met in a bar.
Your best bet is to learn to use PGP the right way. It's not that hard
at all. Most real email clients have plugins that pretty much handle
things automatically once everything is installed and configured. And
there's all sorts of help files and howto's out there to help with the
initial setup if you need them.
>
>
| |
| Mary Jane Middleton 2007-09-13, 1:12 pm |
| On Sep 13, 3:00 am, Nomen Nescio <nob...@dizum.com> wrote:
> Anonymous wrote:
>
> Your best bet is to learn to use PGP the right way.> - Hide quoted text -
How to post to Usenet using e-mail and Cypherpunk remailer Tutorial
http://www.anonymous.to/anonymous_email/cypherpunk.html
Use a Cyberpunk you can post from any e-mail account like yahoo, from
anywhere.
Seurity is not very good as the posters in the thread are telling you,
but some people like me do not care about security we just want to
hide that IP number in the newsgroups. Learn the Cyberpunk Remailers
from the apas stats list. There are not many mail2gateways at this
time. Only dizum and he blocks out newsgroups he does not like or get
complaints from so find another gateway and use that. There is one in
Isreal opening soon. Forget about PGP it costs you money and with
Echalon if they see a stream of encyiption from you they put a sniffer
on and try to read your traffic destination. Terrorists and Pedo's
they are looking for. End of rant.
| |
| Charlie Kroeger 2007-09-13, 7:14 pm |
| I use safe-mail.net a Jerusalem based server don't know what you might
think of that but they have 3MB free service with lots of features and no
ads. They will sell you more storage with more levels of security, their
raison d'etre.
--
CK
| |
| StealthMonger 2007-09-14, 7:13 am |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Anonymous <nobody@mixmin.net> writes:
> Hi, I am a total beginner on the web who was wondering about secure
> webmail. I have done a little digging, and was wondering if anybody
> had any opinions regarding the free PGP webmail services at
> www.hushmail.com.... I'd appreciate any knowledgeable opinions,
> thanks!
Critique of hushmail
Quick Review of Public Key Cryptography (Simplified)
===== ====== == ====== === ============ ============
Each user creates a random public-private key pair. The user keeps
the private key secret, never revealing it to anyone, and makes the
public key available to correspondents. A message encrypted to the
public key can be decrypted with the private key. The nature of the
technology is that it is computationally infeasible to decrypt the
message except by using the private key.
Conventional peer-to-peer encrypted email
============ ==== == ==== ========= =====
The user's private key need never leave the machine on which it is
created, providing physical security against its becoming known. In
addition, the private key is typically itself encrypted and protected
by a strong pass phrase known only to its user. This may in turn be
kept in an encrypted file system ("safe") which can only be opened by
the user.
Each user maintains a "keyring" containing the public keys of
correspondents. This keyring is consulted when a mail to a
correspondent is to be encrypted. Received encrypted mails are
decrypted using the private key.
Hush encrypted email
==== ========= =====
To relieve the user of the responsibility of keeping a private key and
a ring of public keys, Hush keeps all of these keys on its centralized
server. A private key is protected only by the user's pass phrase.
To send encrypted mail to a correspondent, the user contacts Hush to
obtain the public key of that correspondent, encrypts the mail to that
key, and sends the result via Hush. For received mail, Hush sends
both the encrypted mail and the user's private key, so that the
decryption can be performed on the user's machine.
Consequences of using Hush instead of conventional peer-to-peer
============ == ===== ==== ======= == ============ ==== == ====
o It practically compels the user to interactively communicate over
the Internet (https) in order to receive and send mail. Instead
of the unhurried exchange for which email correspondence is so
well suited, the user has to operate under time pressure while
connection costs mount and remaining session time dwindles.
o It sacrifices physical security of the private key because keys
dwell at Hush rather than on user's machine.
o It sacrifices privacy because record of when, with whom, and the
size of each communication is available to Hush, even though the
content is concealed.
o In default usage, received mail does not come to be filed on the
user's machine, but at Hush. Thus, even reviewing previously
read mail would normally require connecting to Hush. Copy-Paste
operations or premium IMAP access are needed to get around this.
o It sacrifices reliability because there are more failure points.
o It requires reliance on a unique centralized third party.
o It imposes a hierarchical client-server architecture where a
simple peer-to-peer connection is what's wanted.
o In addition to the short list of mathematical premises on which
the security of ordinary encrypted email depends, its security
relies on third party certification authorities.
o It is practically unavailable to untraceable pseudonyms because
of the required interactive setup.
o It requires complex, ponderous software (a browser) on the user's
machine (the documentation is in terms of browser displays).
o It is embedded in a business model that depends on the user not
knowing, so Hush have an incentive to pander to that ignorance.
o It treats the user as an irresponsible rube.
Some of these points could be amplified and provided with citations.
If you are interested, speak up.
[This is a work-in-progress. Some valuable contributions by others
have not yet been folded in. It may eventually be published on
comp.security.pgp.discuss, with a special invitation to Hush for
comment.]
-- StealthMonger
<StealthMonger@hod.aarg.net>
<StealthMonger@nym.panta-rhei.eu.org> (if it comes back)
<StealthMonger@nym.alias.net> (if it comes back)
--
stealthmail: Scripts to hide whether you're doing email, or when,
or with whom. http://stealthsuite.afflictions.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
iD8DBQFG6ks2DkU5rhlDCl4RAukwAKDHWNKB5sqA
jTEgnZ/aSy8xDc6nWQCgka4J
xP1jQ1WgIRuxolpYIV3FQeA=
=pgtj
-----END PGP SIGNATURE-----
| |
| Anonymous Sender 2007-09-14, 7:13 am |
| Mary Jane Middleton <middleton@mail.org> wrote:
> Use a Cyberpunk you can post from any e-mail account like yahoo, from
> anywhere.
Not unless you have access to PGP from those web based services...
cyberpunk remailers require pgp these days.
> Seurity is not very good as the posters in the thread are telling you,
> but some people like me do not care about security we just want to
> hide that IP number in the newsgroups.
If you only want to hide your IP address, then just send your post
directly to a mail2news server. You'll get the same result.
> There are not many mail2gateways at this time. Only dizum
There's several. bananasplit, demon, dizum, gradwell, mixmin, panta...
> and he blocks out newsgroups he does not like
No, dizum doesn't block out any newsgroups because he doesn't like
them.
> There is one in Isreal opening soon.
And where did you hear that?
> Forget about PGP it costs you money and with Echalon if they see a
> stream of encyiption from you
Not only does it *not* cost you money, but you can't even use the
cyberpunk remailers you seem so excited about without it. They're
pretty much all pgponly these days. That means that messages to them
*have* to be pgp encrypted or they get immediately discarded.
| |
| Cyberiade.it Anonymous Remailer 2007-09-14, 7:13 am |
| > How to post to Usenet using e-mail and Cypherpunk remailer Tutorial
>
> http://www.anonymous.to/anonymous_email/cypherpunk.html
>
>
> Use a Cyberpunk you can post from any e-mail account like yahoo, from
> anywhere.
> Seurity is not very good as the posters in the thread are telling you,
> but some people like me do not care about security we just want to
> hide that IP number in the newsgroups. Learn the Cyberpunk Remailers
> from the apas stats list. There are not many mail2gateways at this
> time. Only dizum and he blocks out newsgroups he does not like or get
> complaints from so find another gateway and use that. There is one in
> Isreal opening soon. Forget about PGP it costs you money and with
> Echalon if they see a stream of encyiption from you they put a sniffer
> on and try to read your traffic destination. Terrorists and Pedo's
> they are looking for. End of rant.
Your posts are generally a good example of "A little knowledge can be
a bad thing". You make big incorrect assumptions about things you don't
understand and then state them as fact.
I guess Google Groupers really are the new AOLers.
| |
| Mary Ellen Hall McIntire 2007-09-20, 7:13 am |
| On Thu, 13 Sep 2007 13:02:55 -0000, in
alt.security.pgp,alt.privacy,alt.privacy.anon-server you wrote:
> On Sep 13, 3:00 am, Nomen Nescio <nob...@dizum.com> wrote:
>
> How to post to Usenet using e-mail and Cypherpunk remailer Tutorial
>
> http://www.anonymous.to/anonymous_email/cypherpunk.html
>
> Use a Cyberpunk you can post from any e-mail account like yahoo, from
> anywhere.
> Seurity is not very good as the posters in the thread are telling you,
> but some people like me do not care about security we just want to
> hide that IP number in the newsgroups. Learn the Cyberpunk Remailers
> from the apas stats list. There are not many mail2gateways at this
> time. Only dizum and he blocks out newsgroups he does not like or get
> complaints from so find another gateway and use that. There is one in
> Isreal opening soon. Forget about PGP it costs you money and with
> Echalon if they see a stream of encyiption from you they put a sniffer
> on and try to read your traffic destination. Terrorists and Pedo's
> they are looking for. End of rant.
Nice rant!
--
I found the right man; I married the one who I thought would best suit
my own, personal goals. Don't make my mistake, when you find the man who
takes your heart, don't ever let him go.
| |
| Anonymous 2007-09-20, 7:13 am |
| In article <tjkb7qz7aod7.143q8rn34byda.dlg@40tude.net>
Mary Ellen Hall McIntire <melhall@bartletthighschool.com> wrote:
>
> Nice rant!
If by "Nice rant" you mean, "Hey, well done for spewing a bunch of
mindless uninformed drivel after drinking too much alcohol, XXXXwit",
then I'd have to agree.
| |
| Mary Ellen Hall McIntire 2007-09-22, 7:14 am |
| On Thu, 20 Sep 2007 13:05:23 +0100 (BST), Anonymous wrote:
> In article <tjkb7qz7aod7.143q8rn34byda.dlg@40tude.net>
> Mary Ellen Hall McIntire <melhall@bartletthighschool.com> wrote:
>
> If by "Nice rant" you mean, "Hey, well done for spewing a bunch of
> mindless uninformed drivel after drinking too much alcohol, XXXXwit",
> then I'd have to agree.
Why don't you go XXXX yourself.
--
I found the right man; I married the one who I thought would best suit
my own, personal goals. Don't make my mistake, when you find the man who
takes your heart, don't ever let him go.
| |
| George Orwell 2007-09-22, 7:14 am |
| Anonymous wrote:
> In article <tjkb7qz7aod7.143q8rn34byda.dlg@40tude.net>
> Mary Ellen Hall McIntire <melhall@bartletthighschool.com> wrote:
>
> If by "Nice rant" you mean, "Hey, well done for spewing a bunch of
> mindless uninformed drivel after drinking too much alcohol, XXXXwit",
> then I'd have to agree.
>
Sad.
Is there a forum about anon servers where the signal to noise ratio is
higher than it is here?
Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it
|
|
|
|
|