background preloader

_eMail

Facebook Twitter

ISPs Removing Their Customers' Email Encryption. Recently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie.

ISPs Removing Their Customers' Email Encryption

Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers' data to strip a security flag—called STARTTLS—from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client. By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco's PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Several Standards for Email Encryption There are several weak points in the STARTTLS protocol, however.

Privacy-Conscious Email Services. On this page, you will find a listing of various email service providers with specific information around security and privacy.

Privacy-Conscious Email Services

We recommend NOT USING Gmail, Outlook, GMX, Yandex or Hushmail Be wary of services with servers hosted in: Tutanota has been removed from this list because of this blog post (cached) We included establishment year for a reason: service longevity is very important (you don't want a service suddenly calling it quits on you) SSL testing provided by Qualys SSL Labs Click on the column heading to sort the table Our data isn't 100% accurate and we encourage you to still look and research into a certain service before using it Last Updated: Saturday, February 18, 2017 2:12:24 pm (Eastern) Legend: NSA-proof your e-mail in 2 hours. You may be concerned that the NSA is reading your e-mail.

NSA-proof your e-mail in 2 hours

Is there really anything you can do about it though? After all, you don’t really want to move off of GMail / Google Apps. And no place you would host is any better. Email Self-Defense - a guide to fighting surveillance with GnuPG encryption. Thunderbird with Enigmail and GPG - Secure Email Client. Privacy-Conscious Email Services. Email and Groupware Hosting with Privacy in Mind. Email Encryption - StartMail. RiseUp. Austistoci / Inventati. Enigmabox - Projects. RetroShare. Bitmessage. Email Encryption - GNU/Linux. Email Clients - GNU/Linux.

Switching from a proprietary service like Gmail to one of the more transparently-run email services on PRISM Break is the first step to a secure email account.

Email Clients - GNU/Linux

The second step is getting you and your contacts to encrypt your plain text messages with PGP encryption. This section contains free email clients that support PGP. Read the Email Self-Defense guide by the Free Software Foundation to learn how to encrypt your email messages. Here is a guide by Security In A Box to encrypting your email with Mozilla Thunderbird, GNU Privacy Guard (GPG), and Enigmail. Find out more about the differences between Mozilla Thunderbird and Icedove. Hushmail - ver compromisos de privacidad. Hushmail is a web-based email service offering PGP-encrypted e-mail, file storage and vanity domain service.

Hushmail - ver compromisos de privacidad.

Hushmail offers "free" and "paid" versions of service. Hushmail uses OpenPGP standards and the source is available for download. If public encryption keys are available to both recipient and sender (either both are Hushmail users or have uploaded PGP keys to the Hush keyserver), Hushmail can convey authenticated, encrypted messages in both directions. For recipients for whom no public key is available, Hushmail will allow a message to be encrypted by a password (with a password hint) and stored for pickup by the recipient, or the message can be sent in cleartext.

Accounts[edit] Servicios gratuitos de correo electrónico temporal. e-mail desechable. The Ultimate Disposable Email Provider List 2012 - Back in 2007 I re-published a list of 20 temporary email services which proved to be useful to a lot of people.

The Ultimate Disposable Email Provider List 2012 -

As time passed by, some of the services mentioned in the list stopped working, either because they have been pulled by their developers, or changed their business model. I was reminded of this by some readers who commented on the recently published article on how to use disposable email services like a professional. Today, I'm publishing an updated list of disposable email providers and programs that you can use for that purpose.

Keep in mind though that availability may change at any point in time after the guide has been posted, and that I have not included any commercial services. Lavabit .. Lavabit. Lavabit. Lavabit is an encrypted email service, founded in 2004, that suspended operations on August 8, 2013 after it was ordered to turn over its Secure Sockets Layer (SSL) private key to the US government.

Lavabit

Lavabit is owned and operated by Ladar Levison.[1][3][4] History[edit] Lavabit was founded by Texas-based programmers who formed Nerdshack LLC, renamed Lavabit LLC the next year, allegedly prompted by privacy concerns about Gmail, Google's free, widely used email service, and their use of the content of users' email to generate advertisements and marketing data.[5] Lavabit offered significant privacy protection for their users' email, including asymmetric encryption. The strength of the cryptographic methods used was of a level that is presumed impossible for even intelligence agencies to crack. Before the Snowden incident, Lavabit had complied with previous search warrants.

Connection to Edward Snowden[edit] Court documents as described Suspension and gag order[edit] References[edit] Fundador de Lavabit: "Si supieran lo que yo sé, dejarían de usar correo electrónico" En una entrevista concedida a la revista 'Forbes', Levison respondió a preguntas sobre el repentino cierre de Lavabit, servicio que presuntamente empleaba el excolaborador de la CIA Edward Snowden.

Fundador de Lavabit: "Si supieran lo que yo sé, dejarían de usar correo electrónico"

El fundador de Lavabit dio a entender que está siendo acosado por las autoridades estadounidenses, en particular por la NSA, para que entregue información que probablemente ha circulado en la Red a través de dicho servicio. Lavabit security was a facade says crypto expert. When the Feds first got on to Edward Snowden they went after his e-mail account.

Lavabit security was a facade says crypto expert

Had the account been at Google or Microsoft, they probably would have had access in short order, but Snowden was using Lavabit, an email service that billed itself as highly secure. The company's claims now seem to have been greatly exaggerated. The Feds demanded Snowden's emails from Ladar Levison, Owner, Operator and developer of Lavabit. Levison told them that the design of his system was such that he couldn't comply. The Feds then asked for the private SSL keys for lavabit.com; Levison refused and (to make a long story short) shuttered the service rather than comply. Moxie Marlinspike is well-known in the world of computer security and of cryptography in particular. Marlinspike has published on his personal blog a critique of Lavabit's architecture, and he makes the case that the site overstated the security of their email.

Dark Mail: el protocolo de correo electrónico seguro de Lavabit. Una de las cosas que hemos aprendido del espionaje de la NSA en Internet es que ningún servidor es seguro si éste está alojado en Estados Unidos; de hecho, parece que ninguna comunicación que atraviese Estados Unidos o Reino Unido es segura y las presiones que ejercen estos gobiernos sobre proveedores de servicios y operadores acaban sirviendo a la NSA o el GCHQ un gran "buffet libre" de metadatos e información privada.

Dark Mail: el protocolo de correo electrónico seguro de Lavabit

Lavabit y Silent Circle se unen para crear un correo eleсtrónico antivigilancia. Silent Circle and Lavabit launch “DarkMail Alliance” to thwart e-mail spying. MOUNTAIN VIEW, CA—At Wednesday's Inbox Love conference held at Microsoft’s Silicon Valley campus, the founders of Lavabit and Silent Circle announced that they want to change the world of e-mail completely by putting privacy and security at its core.

The two companies collaborated to create the DarkMail Alliance, a soon-to-be-formed non-profit organization that would be in charge of maintaining and organizing the open-source code for its new e-mail protocol. The new protocol will be based on Extensible Messaging and Presence Protocol, or XMPP, and it's set to be released in mid-2014. The group will ditch the old protocol, SMTP (Simple Mail Transfer Protocol), which is used for almost every bit of e-mail on the Internet.

Dark Mail Technical Alliance. Security Tips to Prevent Email Hijack Attacks. Not all accounts are created equal. It’s only natural that you would care less about an ESPN Fantasy Football account than you would care about your online banking or PayPal account. Anyone who spends even a little time thinking about security is careful to use a strong password and proceed with caution when accessing a service related to personal finance.

However, a lot of users are also relatively careless about their primary webmail account, which often serves as a master key to all other accounts. Think about it: whenever you set up nearly any online account, you’re prompted to enter a primary webmail account. There are a number of reasons for this. Much more importantly for us, this primary email account is also the place where you can recover online accounts if they become hijacked or if you forget your password. Your hacked accounts affect the lives of all of your contacts. Lnternet_Securlty_Prlvacy.