Guest Chaf Posted ... Hi ;-) The objective here is to gather AIRVPN like services who fight net neutrality and that are reliable and renowned. Let me begin with a few I actually use: E-Mail ProviderAvoiding Gmail, Yahoo and all seems obvious but who then ? Encryption toolTruecrypt ? doesn't seem to be maintained anymore and there is a backdoor rumor ... DNS ProviderOpenNic seems to keep no logs for some of their servers and fights for privacy. Search EngineIxquick & Startpage (same company) claim to be the most confidential search engine in the world... Any known other user friendly services / softwares you know of ? Quote Share this post Link to post
Guest Posted ... https://duckduckgo.com/ is supposedly an annommous search engine Quote Share this post Link to post
Guest Chaf Posted ... I had the opportunity to try it but compared to startpage it doesn't fetch results from the google database... Quote Share this post Link to post
Baraka 32 Posted ... For e-mail, you can open up a Yahoo account over Tor. You just have to ALWAYS login there via Tor or you defeat the entire purpose of having an anonymous account. Using this VPN is a must too, but you'll want Tor over VPN for maximum protection. You can also open up an account over the Tormail hidden service. That's the gold standard for anonymity. You just have to be prepared for outages due to others not liking that service too much As for everyone else, they require identifying info to open up each account. Some disallow Tor for account registration as well. Lavabit has been a long exception to this, but the last time I checked they had suspended registrations due to "abuse". Whatever that means. For whole disk encryption, TrueCrypt remains the standard. The only problem is that it's not totally open source anymore, which makes some people paranoid. An alternative is DiskCryptor, which is completely open source. Ooops.... just forgot to tell you to use PGP every time you want to communicate completely securely with someone else over the inherently insecure method of e-mail. A new alternative to this is Bitmessage, which is supposed to supplant e-mail for secure communications. Usage has increased dramatically over the past couple of months, so it's actually possible that it'll be adopted for this purpose in the future by many more people. Quote Share this post Link to post
hashtag 151 Posted ... DuckDuckGo is a meta search engine. If you want only Google results use StartPage. Ixquick gives only non-Google results.Lavabit servers are in the USA and all the privacy features they advertise are only for paid accounts. They also don't like Tor users.Tor Mail is the account of choice for those who use hidden services. One of the advantages is that you can never make the mistake of logging in with your real IP. Don't assume that Gmail is more reliable. I once had a Gmail account that got shut down for ToS violation without warning or explanation.Vmail is based in France. I have never used them so I would be interested in opinions.https://www.vmail.me/en/StartMail is by the creators of StartPage and Ixquick. Still in beta. Based in Netherlands like all their services.https://startmail.com/An old article comparing DiskCryptor and Truecrypt.http://www.hacker10.com/encryption-software-2/diskcryptor-vs-truecrypt-comparison/If you use AirVPN you won't need these...German Privacy Foundation DNShttp://www.privacyfoundation.de/service/serveruebersicht/Swiss Privacy Foundation DNShttp://www.privacyfoundation.ch/de/service/server.html 1 Baraka reacted to this Quote Share this post Link to post
Guest Chaf Posted ... Very interesting feedback...I'm looking into that right away Quote Share this post Link to post
trekkie.forever 6 Posted ... Some secure alternates are highlighted at http://prism-break.org/ 4 zeep, Baraka, michigan82 and 1 other reacted to this Quote Share this post Link to post
Guest Chaf Posted ... Some secure alternates are highlighted at http://prism-break.org/ Excellent share !! Exactly the kind of information I wanted to gather with this topic ;-) Quote Share this post Link to post
buffal0 0 Posted ... E-Mail ProviderCountermail - uses java for webmail but you can use Thunderbird+Enigmail after initial setup. All mail is PGP encrypted. Encryption toolTruecrypt - released slowly when it's as stable as possible (it is used for whole disc encryption after all). It's open source so check the code for a back door. DNS ProviderOpenDNS Search EngineDuckDuckGo Quote Share this post Link to post
Guest Chaf Posted ... I don't know countermail...A lot talk about PGP or GPG encryption but I hardly come across people using an SSL mail certificate which also works great and is free to have through Comodo...I personnally use an SSL mail certificate - easier and compatbile out of the box by email client software Truecrypt isn't completely opensource and hasn't been updated for a long time...not sure it has been reviewed by a cryptographer eitherDiskCryptor seems to be a more reliable solution from what I see here and there...One thing is sure about encryption - it is a good way to prevent thefts accessing personal data but is for sure unreliable whatever the program is used to prevent higher authoroties accessing sensible data. Opendns keeps logs and is a fake DNS http://en.kioskea.net/faq/5269-myths-opendns-is-a-fake-dnsPrefer Opennic DNS (Be aware not all opennic servers are anonymous - see this list http://wiki.opennicproject.org/Tier2 ) +1 for duckduckgo or startpage or ixquick Quote Share this post Link to post
hashtag 151 Posted ... The only way authorities can access encrypted data is by having physical access to your machine, remotely installing a keylogger, exploiting a weak password, installing a hidden camera in your home to watch the monitor, etc., in which case using DiskCryptor will make no difference. I have seen several cases in the US, UK and in my country where TrueCrypt stopped law enforcement dead in their tracks. I have never seen any evidence that TrueCrypt encryption can be broken. 1 Baraka reacted to this Quote Share this post Link to post
michigan82 4 Posted ... Hello,I have just read your postings and feel the need to clarify a point. Neither DiskCryptor nor TrueCrypt use own encryption methods. They use industry standard methods like AES (which implements Rijndael), Twofish or Serpent. So this means that if these encryption methods will be broken then any application that implements them will be broken, regardsless of your application. So it's not about breaking an application, it's about breaking encyrption algorithms. So far noone really knows if they are already broken as nobody claims to have broken them. So we assume they're still save. Speculations will make no sense. The best thing you can do is to avoid the loss of your password. And this password should be long enough to prevent bruteforce attacks from being successful. Quote Share this post Link to post
Staff 9972 Posted ... TrueCrypt has been tested in real life powerful attacks and has never been defeated according to available information, remember Operation Satyagraha. http://www.theregister.co.uk/2010/06/28/brazil_banker_crypto_lock_out/ About some comments on the thread... the source code of TrueCrypt is available. You can't say it's free, given its license, but the source code is regularly available. Of course obtaining an executable file bit-by-bit identical to the distributed packages is practically impossible, but that's a different problem. Also, it is false that TrueCrypt is not currently developed. Wikipedia has an article which provides a balanced overview on TrueCrypt and includes several, important reference notes:http://en.wikipedia.org/wiki/Truecrypt#Licensing_and_Open_Source_status Kind regards 2 Baraka and buffal0 reacted to this Quote Share this post Link to post
Guest Chaf Posted ... For the end user non specialist, in the end it's all about the trust one has in the program he uses... Quote Share this post Link to post
Staff 9972 Posted ... For the end user non specialist, in the end it's all about the trust one has in the program he uses... Yes... and here the importance of different, independent from each other peer-reviews by specialists comes into play. Such reviews are sometimes very hard or even impossible to be performed when the source code is not available. Source code of TrueCrypt is available, unfortunately latest versions of TrueCrypt are at the moment missing these reviews, as far as we know. Kind regards Quote Share this post Link to post
JamesDean 10 Posted ... I don't know countermail... Check them out. You don't *have* to use PGP with everyone, but all your mail is still stored encrypted. They are resistant to PRISM type server compromises. They are a great combo with Air. Not free, but you get what you pay for. I'm just a customer. I use Thunderbird and Enigmail with them. Quote Share this post Link to post
Baraka 32 Posted ... Countermail only allows for payment in 3 ways: credit card, Paypal and wire transfer. No bitcoin. So it's far from anonymous. Too bad Liberty Reserve went under. Countermail used to accept LR payments until they were shut down. They still list LR as a payment option on the site. Damn shame. I don't know countermail... Check them out. You don't *have* to use PGP with everyone, but all your mail is still stored encrypted. They are resistant to PRISM type server compromises. They are a great combo with Air. Not free, but you get what you pay for. I'm just a customer. I use Thunderbird and Enigmail with them. JD Quote Share this post Link to post
hashtag 151 Posted ... CounterMail is hosted in Sweden so if you are sending unencrypted mail you should be aware of this.https://en.wikipedia.org/wiki/FRA_law Quote Share this post Link to post
Baraka 32 Posted ... CounterMail is hosted in Sweden so if you are sending unencrypted mail you should be aware of this. https://en.wikipedia.org/wiki/FRA_law *facepalm* Quote Share this post Link to post
Royee 10 Posted ... thanks really love that prism break website, considering the way things are going and amount of hysteria going up in the air Its better to protect yourself and always. Keep the tools and suggestions coming ! this threads top! Quote Share this post Link to post
Guest Chaf Posted ... I recently came accross a post on a forum of someone travelling to Canada who was asked by customs to start his computer in order for them to check if there was illegal content in it. Failing to cooperate if his OS session was password protected or encrypted would of apparently brought him quite some trouble...And as a reminder some countries have laws in which you HAVE TO reveal your password for encrypted data or might face jail time failing to do so...- I can't find the link of the original thread...sorry - My goal here is not to say/ask if it really happended or debate on it, as it can happen. A few messages back I doubted on the efficiency of Truecrypt compared to Diskcryptor. No doubt anymore..Truecrypt has a feature for creating hidden containers that can greatly circumvent the above mentionned situation.http://www.truecrypt.org/docs/hidden-volume#Y0 Quote Share this post Link to post