[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Email provider for privacy-minded folk

On 13.02.2013 22:47, Joe Btfsplk wrote:
> I suppose even providers offering encryption of files while on their
> server (like Lavabit), could read the mail just before it was encrypted
> / decrypted, since they are doing the encrypting.

Even if they encrypt maildirs on their servers and unlock only while you
are logged in, they can sniff your login/encryption password and poof.
That's what Hushmail was forced to do on request by law enforcement.

The only way to do this properly is to encrypt all incoming mails using
your public key. That way, existing mails are protected. New incoming
mails can still be intercepted when they are coming in, of course,
that's why the provider should offer an option to drop non-PGP mail
directly at MTA level for selective aliases/accounts. [1] Webmail will
become mostly useless for these accounts. To be able to do fulltext
search etc. one could add a local (!) imapproxy that decrypts all mails
before putting them into the mail application's inbox. Is there anything
like that?

Similar thoughts for outgoing mails.

>  I believe one or 2 offer "end to end" encryption.

Every provider supports this, just use PGP for everything. No provider
can "offer" it, that is impossible.

[1] https://github.com/moba/pgpmilter
Moritz Bartl
tor-talk mailing list