Jump to content
Not connected, Your IP: 35.171.146.16
S.O.A.

Encrypted Email Opinion

Recommended Posts

Hello all,

 

I would like your opinion on a question a friend of mine asked the other day about encrypted email. I personally use an encrypted email provider as my main email contact.

 

The question was, why use an encrypted email service when most people do not, and your emails, therefore are not encrypted and are logged and stored on the recipients email service anyway?

 

As I would assume most of us here care about our privacy, I thought I would gather some of your opinions.

Share this post


Link to post

There are many reasons I suppose, for me personally on the very very low chance someone got access to my e-mail, they couldn't read it(I use pgp and decrypt locally) so they can't get anything of mine.

Share this post


Link to post

Define encrypted email.

An encrypted email [conversation] can be only considered as such when both parties

use PGP or any other type of end-to-end encryption.

All those services that advertise an encrypted email [box] as a single user solution simply

misguide their users to get potential customers.

When your senders/receivers use the classic email protocols, the email provider can

still read all your incoming and outgoing mails.

A few exceptions are services like Protonmail assuming again that both parties use the

built-in PGP keys between them, where there is a possibility that they don't store it on

their servers when the session ends, something nobody can assure except the provider.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

PGP for being totally secure, but I use Tutanota for  most of my less sensitive encrypted communications.   You can send an encrypted email to another without them being on Tutanota, just with a password(Proton has the same thing, and with them you can set it to self destruct. Tutanota will be adding self destruct soon). Both of these services are tolerable, especially when sending between people with both on the same email service.  Something like Riseup, while I appreciate them and use them too, I do not trust it to keep anything I send thru it secure. Mostly because they've been visited and had servers confiscated and didn't update their warrant canary for quite awhile. Now they've said they have instituted more secure protocols, that included end to end(my problem though is it was to supposed to be end to end before this)encryption but I keep having the thought pop up in my mind that some or all of these changes are window dressing for the back doors that were forced upon them to install. I have no proof but with all of the revelations since 2013, it's not hard to see that happening. 

 

If you want security, learn to use PGP.  This one for me is the easiest:  https://www.gpg4usb.org/download.html

Share this post


Link to post

make a directory...

# mkdir ~/emailstuff
# cd emailstuff

make a file...

# touch email2bob.md
# nano email2bob.md

write your email to bob then...

# ctrl+o, ctrl+x, enter

backup out of the directory
then compress it...

# cd ..
# tar -zcvf emailstuff.tar.gz emailstuff

gen yer sha...

# sha256sum emailstuff.tar.gz

copy sha numbers then sign the email...

# gpg --armor --detach-sign emailstuff.tar.gz

now to encrypt the email then
give that password and sha numbers to bob...

# gpg -o emailstuff.tar.gz.gpg --symmetric --cipher-algo aes256 emailstuff.tar.gz

bob now decrypts your email and enters the password...

# gpg -o emailstuff.tar.gz -d emailstuff.tar.gz.gpg

bob imports your public key...

# gpg --import yourkey.asc

then checks if signature good...

# gpg --verify emailstuff.tar.gz.asc emailstuff.tar.gz

bob might get a 'warning not verified'
important part is 'good signature'

bob verifies the sha
make sure the numbers match...

# sha256sum emailstuff.tar.gz

bob then uncompresses the email...

# tar -zxvf emailstuff.tar.gz

Share this post


Link to post

People ask me a similar question when I say I mainly use Linux. Why use Linux if everyone else is using Windows?

 

Anyway, I share the opinion of Mrs. Embers. In case a scriptkiddie manages to intercept a mail my client pulls from Posteo's inbox he's going to have a difficult time reading what it's all about.

 

Sent via Tapatalk. Means, I don't have a computer available now.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...