[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Email provider for privacy-minded folk
On 2/14/2013 4:42 AM, adrelanos wrote:
That concept of "feds" forcing Hushmail send targeted users a modified
Java applet, (that does the encrypting on client side), so their pass
phrase could be captured, is discussed here:
On 13.02.2013 22:47, Joe Btfsplk wrote:
I suppose even providers offering encryption of files while on their
server (like Lavabit), could read the mail just before it was encrypted
/ decrypted, since they are doing the encrypting.
Even if they encrypt maildirs on their servers and unlock only while you
are logged in, they can sniff your login/encryption password and poof.
That's what Hushmail was forced to do on request by law enforcement.
What if Hushmail (or any other mail provider) had recommended the user
to install a browser add-on to do encryption locally?
Could they get forced to convince the user to install a malicious
browser add on, on request by law enforcement?
But can the feds force Hushmail to modify the Java applet sent to a
I don't know if Hushmail still offers a method to encrypt email locally,
before sent to Hushmail servers. But for any that do offer such a
feature, it's possible w/ a court order, or something such as a National
Security Letter - NSL
https://en.wikipedia.org/wiki/National_security_letter - they could be
forced / coerced into doing something like that. That wouldn't affect
majority of users, who aren't direct targets of investigation.
That said, BEFORE the Patriot Act in U.S. (& now similar acts / laws in
other countries), no one would've dreamed it would be so easy for LEAs
to get "private" email - even encrypted ones. So what's next?
Interesting fact: I've read documented correspondence (issued by an
ISP) that ISPs & probably email providers, get paid QUITE a bit, to
gather & turn over data requested in NSLs & maybe ? for other LEA
requests. We're not just talking chump change. Big providers get LOTS
of requests to turn over data each yr.
tor-talk mailing list