Email security: Difference between revisions

From BoyWiki
m (Tutanota URL updated to the new .com)
m (references list formatting change, there was a typo)
(18 intermediate revisions by the same user not shown)
Line 1: Line 1:
When communicating with other people by email boylovers who care about privacy should be concerned about [[encryption]], to avoid email content being intercepted, and anonymity, to avoid transmitting your home IP in the email headers or leaving logs in the email server that you are using. Main email providers like Yahoo, Gmail and Outlook are the worst choices of email services for a boylover, not only those services have a backdoor for the NSA to read your email in real time, as proven by Snowden papers, but they also contain filtering.  
When communicating with other people by email, if you care about privacy you should be concerned about email content being intercepted and anonymity. The main email providers like Yahoo, Gmail and Outlook are the worst choices of email services for a boylover, these services have a backdoor for the NSA to read your email in real time, as proven by Snowden papers <ref>N.S.A. email mass surveillance: https://www.nytimes.com/2013/08/08/us/broader-sifting-of-data-abroad-is-seen-by-nsa.html</ref>, and they also scan your files.  


When you upload an image to Gmail, Yahoo or Outlook the attachment will be automatically scanned to detect if it is child pornography <ref>http://bits.blogs.nytimes.com/2014/08/04/google-gives-child-pornography-email-evidence-to-police/</ref>. The scanning of your messages, besides being a privacy violation, do not guarantee that any of your images will be flagged by mistake as child pornography by Gmail, if this were to happen, a report is automatically submitted to the CyberTipline working with the FBI or Interpol, by the time the error has been fixed, your social life would have already been ruined.
Everytime you upload an image to Gmail, Yahoo or Outlook the attachment will be automatically scanned to detect if it is child pornography <ref>Gmail scans messages to detect child porn: http://bits.blogs.nytimes.com/2014/08/04/google-gives-child-pornography-email-evidence-to-police/</ref>. The scanning of your messages, is a privacy violation treating everybody as criminals without being one and they do not guarantee that any of your images will not be flagged by mistake as child pornography, if this were to happen, a report is automatically submitted to the CyberTipline working with the FBI or Interpol, by the time the misunderstanding has been solved your social life would have already been ruined.


Boylovers should also have into account that email services offering [[encryption]] of your messages, only work if the receiver has an account with the same email provider as you. While this is very accommodating and easy, the chances of everybody using the same email provider are slim.  
Boylovers should have into account that email services offering email [[encryption]] only work if the receiver has an account with the same email provider as you or if they are using a compatible OpenPGP service.


Those who are paranoid about security should learn how PGP works and [https://www.boywiki.org/en/Encryption encrypt] their email with PGP before sending it. The downside, is that the person receiving your message will have to know how PGP works too and have the software installed, if you are not ready to do this, then convince your friend to switch his email account to one of the secure services below so that you both can have end to end [[encryption]] without having to do anything.
=== Free secure email ===


===Free secure email===
*[https://tutanota.com Tutanota.com]: Company in Germany offering free email with [[encryption]] and minimal logs.


[https://tutanota.com Tutanota.com]: Company in Germany offering free email with [[encryption]] and minimal logs.
*[https://protonmail.com ProtonMail.com]: Company in Switzerland offering free email with encrypted inbox and minimal logs.


[https://unseen.is Unseen.is]: Company in Iceland offering free email and chat services with [[encryption]] and minimal logs.
*[https://ctemplar.com/ CTemplar]: Company in Iceland with servers in the same country, it offers OpenPGP encrypted email in between users of the same service and they claim do not log IP.


[https://www.vfemail.net/ VFEmail.net]: Company in the USA, PGP [https://www.boywiki.org/en/Encryption encrypted] email with anonymous sign up and accessible using Tor.
*[https://www.vfemail.net/ VFEmail.net]: Company in the USA, PGP email with anonymous sign up and accessible using Tor.


[https://protonmail.com ProtonMail.com]: Company in Switzerland offering free email with [[encryption]] and minimal logs.
==== About Hushmail ====


[https://safe-mail.net Safe-mail.net]: Company in Israel, server in Japan, offers free email (limit 3MB storage -- paid account gives more storage), can function with javascript disabled and while using the Tor browser bundle] Read these instructions first: [[E-mail, no javascript, use with Tor browser]] NOTE: Their policies may have changed as they were harassed by the U.S. government. Please check their site for latest information.
According to Hushmail privacy policy<ref>Hushmail Privacy Policy: https://www.hushmail.com/privacy/</ref> deleting your account will not delete records of your activities, the company textually says: ''3. The records we keep of your activities are permanently deleted after approximately 18 months.''


====About Hushmail====
Any email company keeping logs for as long as Hushmail does should never be used, the company being based in Canada can be a problem too as the country is known to take part in mass surveillance. The only way to trust a company not to hand over your data to others is when they make it impossible for their own staff to read the data, this is not the case with Hushmail.
 
According to Hushmail privacy policy<ref>https://www.hushmail.com/privacy/</ref> deleting your account will not delete records of your activities, the company textually says: ''3. The records we keep of your activities are permanently deleted after approximately 18 months.''
 
Any email company keeping logs for as long as Hushmail does should never be used and them being based in Canada can be a problem too. The only way to trust a company not to hand over your data is when they make it impossible for their own staff to read the data, this is not the case with Hushmail.


===Disposable Email===
===Disposable Email===
Line 33: Line 29:
These addresses are best used for forums set to automatic registration. Disposable email provides no privacy and they can be read by everybody, make sure to pick a random username.
These addresses are best used for forums set to automatic registration. Disposable email provides no privacy and they can be read by everybody, make sure to pick a random username.


[http://discard.email/en/ Discard]: No registration needed, disposable email address that can be read in desktop and mobile devices. Emails deleted after 30 days.
*[https://tempr.email/en/ Tempr Email]: No registration needed, disposable email address that can be read in desktop and mobile devices. Emails deleted after 30 days.
 
*[https://www.guerrillamail.com/ GuerrillaMail]: Disposable address without registration needed, it can also be used reply to messages.
 
*[https://trashmail.com/ TrashMail]: Forwarding address, you create an email address that can be used to forward messages to a different email.
 
=== Paid email services ===
 
*[https://posteo.de/en Posteo]: Company in Germany, servers encrypted, minimum logs and payments not connected to email accounts.


[https://www.guerrillamail.com/ GuerrillaMail]: Disposable address without registration needed, it can also be used reply to messages.
*[https://torguard.net/ Torguard]: Their email service is free if you pay for a VPN account, or you can buy it separately, they claim they do not keep logs.


[https://trashmail.com/ TrashMail]: Forwarding address, you create an email address that can be used to forward messages to a different email.
*[https://www.countermail.com Countermail]: Company in Sweden that can be paid in Bitcoins, they offer encrypted email, Jabber messenger and no logs.


===Paid email services===
==Email encryption==


[https://www.countermail.com Countermail]: Company in Sweden that can be paid in Bitcoins, they offer [https://www.boywiki.org/en/Encryption encrypted] email, Jabber messenger and no logs.
If you are advanced in computers and understand how OpenPGP works you will want to encrypt emails yourself instead of relaying on a company to do that for you. Privacy email services are convenient because you don´t need to do anything to secure the email and they will save you lots of time, but the risk exists that their security could be sloppy or worse, if security is really important for you, learn how OpenPGP works and use your own private key to encrypt emails this way nobody will be able to read anything without the key that only you have in your power.


[https://posteo.de/en Posteo]: Company in Germany, servers https://www.boywiki.org/en/Encryption encrypted], minimum logs and payments not connected to email accounts.
Remember that the person receiving your encrypted OpenPGP message will have to know how OpenPGP works too and have the software installed to be able to decrypt it.


[https://torguard.tg Torguard]: Company in Panama, their email service is free if you pay for a VPN account, or you can buy it separately.
* [https://www.mailvelope.com/ MailVelope] - Available as a Chrome extension and Firefox addon, this extension can be used to encrypt and decrypt any webmail, it allows you to create or import your own OpenPGP keys and manage them to encrypt and decrypt messages.


==Blocked servers==
== References ==
*It is believed that both Fastmail and Hushmail have blocked Free Spirits domains.


==References==
{{Reflist}}
<References />


[[Category:Technology]]
[[Category:Technology]]

Revision as of 02:23, 1 June 2019

When communicating with other people by email, if you care about privacy you should be concerned about email content being intercepted and anonymity. The main email providers like Yahoo, Gmail and Outlook are the worst choices of email services for a boylover, these services have a backdoor for the NSA to read your email in real time, as proven by Snowden papers [1], and they also scan your files.

Everytime you upload an image to Gmail, Yahoo or Outlook the attachment will be automatically scanned to detect if it is child pornography [2]. The scanning of your messages, is a privacy violation treating everybody as criminals without being one and they do not guarantee that any of your images will not be flagged by mistake as child pornography, if this were to happen, a report is automatically submitted to the CyberTipline working with the FBI or Interpol, by the time the misunderstanding has been solved your social life would have already been ruined.

Boylovers should have into account that email services offering email encryption only work if the receiver has an account with the same email provider as you or if they are using a compatible OpenPGP service.

Free secure email

  • ProtonMail.com: Company in Switzerland offering free email with encrypted inbox and minimal logs.
  • CTemplar: Company in Iceland with servers in the same country, it offers OpenPGP encrypted email in between users of the same service and they claim do not log IP.
  • VFEmail.net: Company in the USA, PGP email with anonymous sign up and accessible using Tor.

About Hushmail

According to Hushmail privacy policy[3] deleting your account will not delete records of your activities, the company textually says: 3. The records we keep of your activities are permanently deleted after approximately 18 months.

Any email company keeping logs for as long as Hushmail does should never be used, the company being based in Canada can be a problem too as the country is known to take part in mass surveillance. The only way to trust a company not to hand over your data to others is when they make it impossible for their own staff to read the data, this is not the case with Hushmail.

Disposable Email

The following email addresses come in handy for when you want to register in a forum and all you need is to receive the welcome email where a link has to be clicked on. These email addresses are not secure but they do not need registration and if combined with a Proxy and VPN can provide low or medium level privacy.

You should bear in mind that if forum accounts are approved manually, it can take days for you to receive a welcome email, by then, the disposable address you have created will no longer exist and many times the domain name of the address gives away that it is a disposable email.

These addresses are best used for forums set to automatic registration. Disposable email provides no privacy and they can be read by everybody, make sure to pick a random username.

  • Tempr Email: No registration needed, disposable email address that can be read in desktop and mobile devices. Emails deleted after 30 days.
  • GuerrillaMail: Disposable address without registration needed, it can also be used reply to messages.
  • TrashMail: Forwarding address, you create an email address that can be used to forward messages to a different email.

  • Posteo: Company in Germany, servers encrypted, minimum logs and payments not connected to email accounts.
  • Torguard: Their email service is free if you pay for a VPN account, or you can buy it separately, they claim they do not keep logs.
  • Countermail: Company in Sweden that can be paid in Bitcoins, they offer encrypted email, Jabber messenger and no logs.

Email encryption

If you are advanced in computers and understand how OpenPGP works you will want to encrypt emails yourself instead of relaying on a company to do that for you. Privacy email services are convenient because you don´t need to do anything to secure the email and they will save you lots of time, but the risk exists that their security could be sloppy or worse, if security is really important for you, learn how OpenPGP works and use your own private key to encrypt emails this way nobody will be able to read anything without the key that only you have in your power.

Remember that the person receiving your encrypted OpenPGP message will have to know how OpenPGP works too and have the software installed to be able to decrypt it.

  • MailVelope - Available as a Chrome extension and Firefox addon, this extension can be used to encrypt and decrypt any webmail, it allows you to create or import your own OpenPGP keys and manage them to encrypt and decrypt messages.

References