[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Email provider for privacy-minded folk

On 2/13/2013 3:58 AM, bvvq wrote:
On 12/02/2013 3:15 PM, Joe Btfsplk wrote:
Here's an article someone pointed out on email providers & privacy; if
allow signing up w/ Tor, etc.: the_simple_computer
They all have + & -, depending on needs.  For many, if read TOS &
Privacy Policy closely, they may be better than gmail, but not as
private as their hype says.

Great link. Interesting site.
(It's amazing that the web is so vast that after 15 years online, there are still websites tucked away that I haven't seen.)

I took the info from The Simple Computer article & made a chart, plus
current data (some not in the article) from several providers' sites. If
anyone was interested & if I knew how to (easily) get it uploaded -
somewhere - I could do that.  It's not the be all & end all, but has
current info on several providers, including how long they retain data.
It's now in pdf and / or .ODT format.  I don't know if it's possible to
attach small files to tor-talk emails.

I would be interested in your data. Do you have any problems uploading it to mainstream file sharing sites? You could encrypt it and send tor-talk the passphrase. Or perhaps upload it to a .onion (I don't know any off-hand).

tor-talk mailing list

Sure - there's nothing private about it. Most data I took right off the provider's TOS & Privacy Policy (or verified The Simple Computer site's data). I didn't fill in all "items" on all the providers. Some policy specs weren't mentioned by some providers. You can ask CS if they don't have some "privacy" issue in writing, but a verbal / email reply probably doesn't mean much (legally, at least), if it's not in their official TOS / Privacy Policy.

One item is how long providers retain mail, after you delete it. Some don't store at all; - to hrs / days / months / indefinitely. VFEmail's storage falls into indefinitely category (though not on my chart).

I've never had a need to u/l a file to a free server, so if someone could give suggestion of a simple, free one (file's only 100 KB). I see no need to encrypt it - unless I'm overlooking a reason. Nothing private, sensitive.

Had an interesting response from VFEmail CS. Though I've researched "more privacy conscious" email providers a while, I'd over looked one thing. Unless you encrypt the email - yourself - BEFORE it hits their server, ANY provider can & does read (scan) the email, *at least for spam checking* - at minimum. Many of you know this & probably many don't.

What else they say they do / don't do with scanning results (or anything to do w/ privacy), like any other agreement / contract, is only as good as the company that wrote it. And if they violate an agreement, only recourse is to ask them to stop or sue them.

I asked about this one sentence, out of VFEmail's - ONE - paragraph privacy policy:

7. VFEmail.net PRIVACY POLICY VFEmail.net will not monitor, edit or disclose the contents of a User's email or any other communication based on VFEmail.net, except that User agrees VFEmail.net may do so: (a) as part of the TECHNICAL PROCESSING of the VFEmail.net communication;
Joe: That's fairly vague. Monitor could mean anything or nothing. Do you scan or look at email contents - ESPECIALLY the message body or attachment contents, in any manner, except for data in the header needed to send & receive mail, to scan for viruses or when legally compelled to monitor email? I suggest that vfemail clarify & expand this part of the privacy policy.
VFEmail responded:

Of course the message body is viewed. If you send out 200 emails and cause the free outgoing queue to stop with your 'flood', would you prefer if we verified you were just sending an address change, or should we just block your account for spamming?

You're welcome, and encouraged, to use PGP from your local PC to ensure no middle man can read your emails. Any provider who claims they can not and will not read your mail are full of it.

As I said, wrote that before thinking, all providers scan unencrypted mail for spam, at minimum. That may not violate privacy, if that's ALL they do. If you really want privacy, use encryption. BUT... you have to convince a lot of people to do the same. Not easy, in my experience - outside of a crowd like this list.

I suppose even providers offering encryption of files while on their server (like Lavabit), could read the mail just before it was encrypted / decrypted, since they are doing the encrypting. I believe one or 2 offer "end to end" encryption.
tor-talk mailing list