Slashdot Mirror
Ask Slashdot: Recommendations For Non-US Based Email Providers?
First time accepted submitter jlnance writes "I don't particularly like the NSA looking over my shoulder. As the scope of its various data gathering programs comes to light, it is apparent to me that the only way to avoid being watched is to use servers based in countries which are unlikely to respond to US requests for information. I realize I am trading surveillance by the NSA for surveillance by the KGB or equivalent, but I'm less troubled by that. I searched briefly for services similar to ymail or gmail which are not hosted in the US. I didn't come up with much. Surely they exist? What are your experiences with this?"
Actual communication security implies point-to-point security. In such a setting, a third-party service doesn't make any sense. Hence either what you're look for can't exist, or you won't know if it's secure.
I am using www.runbox.com myself: it's a service based in Norway, it's pretty cheap considering, they do not have any NSA-ties or the likes. I dunno what else to say about it, really, so I'll just copypaste this from their site:
Email Privacy in Norway
Some countries, especially in Europe, have a constitutional guarantee of secrecy of correspondence, wherein email is equated with letters and therefore protected from all types of screening and surveillance. In electronic communication, this principle protects not only the message contents but also the logs of when and from/to whom messages have been sent.
In Norway, freedom of expression and privacy of correspondence is governed by Article 100 and 102 of the Constitution and the implementation of the European Convention on Human Rights in the Norwegian Human Rights Act, especially Article 8: Right to respect for private and family life.
Additionally, the Personal Data Act as set forth by the Norwegian Data Inspectorate regulates collection, storage, and processing of personal data.
The Data Inspectorate was established January 1, 1980 and was among the first agencies in the world to facilitate the protection of individuals from violation of their right to privacy through processing of their personal data.
Central principles of the Norwegian data privacy regulations are:
Personal data must only be collected by private entities when consent from the user has been obtained.
Personal data must not be used for purposes inconsistent with the initial purpose of collection except with consent from the user.
Personal data must not be stored longer than required by the purpose of collection.
Personal data must be kept confidential unless required by law or court order.
Finally, the coming Data Retention Directive will soon be implemented in Norway but will only regulate electronic infrastructure providers, which Runbox is not.
You'd really rather have the KGB looking over your shoulder rather than NSA? Surely you are joking.
Since the NSA programs are designed primarily to intercept communications between US and non-US folks, if you are in the US and store your mail somewhere else you are asking the NSA to collect all of it. Today, if you are in the US and have your hosting in the US the NSA only gets the parts that go between you and someone in another country (or where you said some "interesting" thing like "that new pressure cooker that fits in my backpack for camping is the bomb". If you move your mail to another country, the NSA will be collecting it all (assuming your communications end point is still in the US). Yes, encryption, VPN, yada, yada. You really don't gain much by moving it.
it is in canada. the americans could still get to it, but at least they would need a proper canadian warrant, not just a nsa search button. i wouldn't suggest it if you plan to do crime, but if you just want basic civili liberties it is a worthwhile option.
My email server is sitting in my laundry room. I also host some message forums and picture galleries for just my family and friends. It is how I communicate with them.
Only about 1/3 of my family and friends use my server for email.... So any over seas email service is going to have the same limitation as mine. If I email my sister from my server, that email goes to gmail. So now the NSA knows what I sent to my sister.
So unless everyone you communicate with is outside of the US or on a server outside of NSA's reach, it won;t do any good.
Sorry to break it to you, but in the war against terror, the American people have lost.
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
"First things first -- but not necessarily in that order"
-- The Doctor, "Doctor
http://en.wikipedia.org/wiki/Kremvax
Tuffmail was a service I chose because it was the best but it also happens to be a Canadian company.
http://www.tuffmail.com/
I believe the best solution would be a home email server with features such as calendar, IMAP access and maybe a dedicate mobile app
Domain names are relatively cheap, and hosting is relatively cheap. I go that route myself. The only people that have access to my server is the hosting company (which is no worse than Google to be honest)
if you have the means, the very best solution is to run an email server out of your home or place of business.
If you use a non USA one then they most likely monitor it even more then they do USA hosted ones. If you use a foreign host expect them to get all your shit not just the metadata.
Who cares? The NSA killed email. What good is it if you are secure but none of the recipients are? What we really need is end to end encryption. It probably won't happen.
that if s/he lives in the US then their net traffic will be routed via a US ISP, which presumably is within the reach of US law enforcement?
Apologizes if this is "well, duh, thanks for nothing". But TFS forgot to mention some pertinent details.
By posting this as a slashdot front page submission, you've basically told them that you have something to hide.
Hope you enjoy the investigation of your wrongdoing.
Indian privacy laws are something I know nothing about, but if the kgb wouldn't bother you I doubt you would do worse in India.
What you should be asking is "How do I get everyone to sign and encrypt their emails as a matter of course?"
Ultimately there are two reasons why - apart from the yuck factor, which is legitimate - why you don't want the NSA reading your email 1) If you say or do something which generates a shadow of suspicion, the probability that the Russians will act on it, to the extent of a SWAT team beating your door down and shooting your dog, is lower 2) If you are politically active, it's going to be less likely that the Russians will provide data to the FBI about your dubious activities Sure - avoiding either is a better ideal - but perversely I would prefer the KGB, unless I am resident in Russia, in which case they would be a very bad idea.
From all reports, most or all of the countries where spying occurs, despite their very vocal public outcry against what the U.S. is doing, are in fact sharing information with the U.S. government. And even if they don't, the U.S. can simply grab the data on its way out of the country to that server.
The only way to make email secure is to abandon email in favor of a protocol that supports end-to-end encryption, such as iMessage, XMPP, etc. and to tweak your centralized server and/or clients to require that end-to-end encryption be used. And even then, the metadata (who sent mail to whom) is at risk. The only way to prevent metadata from being trackable is to either develop a new system in which locating a user does not require credentials and use Tor to connect to the centralized server (e.g. use wide-area Bonjour to advertise your current IP address) or design a whole new messaging system built in a darknet.
Either way, email is and has always been just as secure as sending a postcard (which is to say, completely insecure), and cannot readily be improved upon significantly in this regard without starting over from scratch.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Many E-mail providers overseas require you to give personal information to sign up, often due to legal requirements in those countries; sometimes they verify that with a credit card number or simply by comparing your address data with government databases. Many countries (including much of Europe) also have data retention requirements and give their own police and intelligence service nearly free reign, and they may well exchange data with the US anyway, so it's not clear you're better off. And some providers of anonymous services may simply be fronts for intelligence agencies. And, of course, if the other parties to your E-mail use a US provider, your data is already available to US intelligence agencies, and your foreign E-mail account will stick out.
As an American, if you want to communicate privately, you have to use encryption, and preferably steganography. Getting an E-mail account in another country really doesn't help very much.
If you are emailing people who use GMail, Live, Yahoo, or a US ISP for their email provisioning, your emails to/from them are still tracked. So unless you're planning to drop all your US contacts as well, you're not helping yourself much.
Here in Canada we have a bigger issue -- all of our network pipes connect to the bigger pipes in the US. So even though we might be emailing a fellow Canadian from one Canadian ISP to another, the traffic still gets routed and sniffed through US servers.
The same is a problem for people in the EU -- the emails get routed through the pipes that are monitored by the UK's spy agency.
The NSA doesn't have to install backdoors on email servers to monitor you at all. And they *don't* typically make requests when they're spying on someone in particular -- they just sniff the traffic on the big data pipes directly.
And seeing as all those pipes run through the major partner countries like the UK, Australia, and the US itself, we're *all* fucked.
I do not fail; I succeed at finding out what does not work.
Try https://prism-break.org/ for some recommendations of OS, email, IM and more.
Witty signature omitted for brevity.
The NSA and all its foreign counterparts own the world, Okay, they work for the owners... But it should be clear that privacy is an illusion... Your service provider is taking up any remaining slack.
“He’s not deformed, he’s just drunk!”
http://www.eclipso.eu
It support encryption as well.
NSA and GCHQ are also siphoning off data from the telcos (BT and others) at the telecoms servers, at which point who your email provider is becomes irrelevant. [You can assume that anything GCHQ knows, the NSA also knows]. It has also come out that BT has allowed GCHQ to tap the Transatlantic cables at the shore station in Bude, Cornwall without the knowledge or consent of several telcos that are not otherwise co-operating. So AFAIK you need either (1) a non-US non-UK telco and ISP with a routing that does not go through UK, or (2) encrypt everything.
"Cock Up Your Beaver" does not mean what you think. This sig is intended to clog filters and annoy do-gooders
You should probably take into account that the few, and obviously mainly ignored, privacy protections you do have evaporate the nanosecond your communication leaves U.S. borders. Supposedly within the U.S. the NSA is limited to email metadata collection (look up the older term 'pen register' for the legal history of law enforcement access to this kind of information), but when you interact with a 'foreign agent' the sky's the limit. Ellison may have known more than we thought when he said, "You have no privacy. Get over it."
www.startmail.com -- currently in closed Beta -- and based in the Netherlands.
Securing your local data is easy, because you have end-to-end control. Securing email is complicated because you'll never be able to maintain complete control. It requires coordination and mutual understanding between you and everyone you email, and that's just not going to happen unless you're in a tightly-controlled organization and all of your communication is internal. I'm assuming you're an end-user at home, not an IT manager in a large corporate environment.
If your ISP allows it (and that's a big if in today's spam wars), you could run your own email server to host email service for yourself, your family and your friends and require SSL/TLS connections for all communication. Don't forget TrueCrypt or luks/dm-crypt for disk encryption on the server itself. But this only protects against eavesdropping and snooping for email users on your hosted service. There's basically nothing you can do about emails sent or received from outside of your own service. And then there's the assumption that email recipients inside of your hosted service will adequately secure their own devices (good luck getting grandma to use TrueCrypt).
If you can actually accomplish this, well, you have better powers of persuasion than I (my boss is a smart and tech savvy guy and I can't even convince him). Your best bet is: don't use email for anything you wouldn't want publicized.
To all the people suggesting to host your own servers in the basement: do you have the resources to challenge a FISC order? Hardly!
The second your email recipients are not on the same network, i.e. work off the same router, your communication is accessible to the spying agencies. Sure you could use PGP to encrypt your mails, but the metadata is still available. TOR is not really an option anymore.
Hosting on some provider's infrastructure is just replacing google, yahoo, with that provider. Who do you trust, and how much?
The only real solution to the issue MUST be a political solution. But good luck on that one!
If you are in the US I guess its tough luck, because if you have your email leave the US for foreign soil then it will be captured.
If you use encryption anywhere , it will be stored indefinitely until a time comes and there is sufficient computing horsepower to decode it.
I would suspect at this time that having your email sent anywhere outside your own country would trigger some scrutiny no matter where you live.
Its not always the ISP where the scavenging occurs (ie under sea cables) , satellite links.
I suppose we wont hear anymore of twitter empowering democracy articles. Nor the web as a great equalizer.
In the US this puts a whole new light on the ongoing effort to bring broadband to everyone. Not as a great educational or empowering tool for the rural on nontechnical population , but maybe more for the monitoring ability,
A coworker of mine who had terribly slow internet speeds was offered free 3 times the speed upgrade. I half joked with him that NSA techs were falling asleep monitoring him with his slow slow internet connection.
Years ago now... the first consumer device to not have an on/off switch was/is the household portable phone. That should have been a portent of things to come.
I do not feel that the this can be undone. Like Bears to honey , you cant just say stop. We sll become constant suspects of some future crime or some past minor crime that we didnt know we committed. We all become Russian in mindset where all electrical devices are suspect and monitoring is assumed the norm.
We did it to ourselves. Can you even expect the average congress critter to understand the technical aspects of the how modern communications work?
The term metadata is waved around as if it is something trivial. If you have my phone number you know who I am. If you have my MAC address you know what machine I am using and IP address. If you have my IME I number you know what cell phone I am using. This is all metadata.
Welcome my son to the machine...
They just send teams to democratic countries like the UK to hunt down traitors to Putin and use radiation to take them out. Much preferable to the drones the US uses which are utilized only in war zones.
The best I have found so far are Yandex from Russia and Netease 163.com from China. 163 is extremely fast if you are in China, but it has some advertising and the interface is all Chinese, so I would suggest the English version of Yandex mail instead at mail.yandex.com.
I'm planning to get a dedicated server with the state telco in Venezuela for precisely this reason. That and also run a Tinyproxy/OpenVPN and figure out WebDAV to have my own Google Drive/SkyDrive, etc. If anybody is interested just write to aclsid at 163.com.
Hushmail is one of the oldest 'secure' mail systems, and they moved out of the US specifically to avoid problems like the NSA. They're worth looking at, I guess.
"First they came for the slanderers and i said nothing."
I understand the desire to your email off-shore, but since the NSA claims to be looking at all foreign traffic, doesn't this mean you will be placing yourself directly in their sights? As much as I hate it, the solution to this is going to have to be a political one rather than a technical one.
There is likely no expectation of privacy in foreign e-mail networks, so no 4th Amendment protections...
This Ask Slashdot probably has something to do with lavabit shutting down http://news.cnet.com/8301-1009_3-57597954-83/lavabit-chief-predicts-long-fight-with-feds-q-a/
And they can't even talk about what exactly happened. That is just evil.
I have tried to convince others that I regularly corespond with to use encryption but the reactioni get is either
1 I don't have anything to hide I m not interesting enough to bother. and encryption is hard
or
2 they have all of the encryption broken because I heard it from my brother who heard it from a reliable source and your explanation is to technical of why they haven't really broken it.
I have given up on trying so now I just cryptographicly sign my email so at the very least it can't be forged.
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
You're really advocating open source software as a way to avoid the NSA? LOL.
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
The only way is to host your own email server, and use strong encryption on all of your data.
There are a number of very good e-mail/collaboration on-line services based in Europe that have operated for many years with excellent reputations and results. I would recommend one in Germany as opposed to UK or France where it has been reported in the NSA Prism documents that these two and other European countries have quite willingly turned over all customer communications to US authorities even without any pressure or from a subpoena.
Search carefully for good reference.
I haven't tried it myself, but the people who sell this are well-known old school Portuguese geeks: http://www.fullmailserver.com/
As long as a single node exists within the U.S. there is nothing one can do. Assume that all transport media to be compromised by surveillance agencies under the Patriot Act. One should also consider all European servers to be compromised as well. MI6, KGB, and other such agencies all share information with one another. That's why Obama was so upset over Wiki-leaks, most foreign governments already know our dirt, the idea is to keep that dirt out of the public eye. The U.S. government considers its citizens to be its greatest enemy.
I use luukku.com when i need throwaway or semi-throwaway email addresses.
Do not use email. Back to writing letters and dropping it if at the postal service. No snooping as the NSA can't employ millions opening up every letter sent. It's slow but 'secure?'
Actually, NSA by law is allowed to intercept communications outside the United States. In fact, that's its mandate. So they don't have to be sneaky and underhanded to try and sneak around the law like the bull shit currently going on with US providers. Now using a non-US provider does mean that the intercepts have to be "on the fly", but that isn't a major problem for the NSA given the number of intercept facilities they have. To be perfectly honest, given the current state of technology, the only real protection the common citizen has is the shear volume of data involved and the fact that most people are of no interest to the government.
it is more likely that the nsa would suck up your traffic going overseas than staying within our borders... though it is very possible they could still be sucking up anything that shows up at major internet backbone routers.
From what I've read, their powers to intercept your email on its way to and from the server (foreign or domestic) is the more direct threat to your privacy. Your host is almost irrelevant unless its well encrypted going both ways.
Governments are MORE likely to be monitoring external access than internal.
All EXTERNAL access is monitored in our country, to and from it electronically.
You are INCREASING your monitoring by going offshore.
....people didn't use the internet for secure communication because it didn't exist.
Now that the internet useless for secure communication, it would be wise to stop using it for anything other than a smokescreen.
OTOH, tiny storage is cheap and there are plenty of places one could conceal say a MicroSD card on the PC board of ordinary consumer products. You could tuck one under the heatsink of a notebook or other location where it would pass visual inspection.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
If you know everyone that you are communicating with, use AAMDirect. It encrypts everything and uses the alt.anonymous.messages news group as the mailbox. It doesn't handle files or attachments, but obscures (encrypts) the text and keeps the snoops from knowing who you are communicating with.
http://wjlanders.users.sourceforge.net/
AAMDirect - http://aamdirect.sourceforge.net/
There is also AAMhSub - http://hsubinterpreter.sourceforge.net/
AAMhSub mail checker - http://wjlanders.users.sourceforge.net/mailcheck.html
If what you are really after is absolute anonymity in your communications or internet activities, you will never find it. Absolute anonymity can be used as a weapon of mass destruction, and governments will not allow it.
Tormail! Oh wait...
The only completely secure network communication is no network communication.
I don't think you can reasonably expect all your contacts to have non-US based email. So, if you use something like gpg, you can render what it sent a garbled mess to everyone except who the messages are intended for.
Of course, that's assuming they're willing to do that... A lot of people deem it to be too much work, unfortunately.
1and1.com is a US-based company, or has management staff in the United States, so that won't work.
This is what I understand:
1) The U.S. government can force any company to do anything it wants.
2) The U.S. government can demand that the company keep that secret.
3) The U.S. government can put a U.S. employee in prison if 1 and 2 are not followed.
Seems to me to be a vicious, anti-democratic government.
I've been looking around and the best I have found Neomailbox.
https://www.neomailbox.com
What is needed is Non-US based internet.
It is useless to listen to President Obama or US senators or representatives about that. Whoever controls the U.S. government certainly does not tell government officials when they do something illegal.
Encrypted, p2p "e-mail" which only the intended Recipient can read as long as public key cryptography works.
But i think the only real solution is to boycott any information services from a company with an american presence. since it doesn't fucking matter what you do if you host something off shore, all the data crossing borders is monitored and exchange between smtp servers is unencrypted. Which means there is no possibility of privacy unless EVERYONE you communicate with has mail hosted outside the USA as well and the routes don't pass through either.
The actual problem is not a technical one, its a political one, and the only ways to force change are with your wallets or with weapons, personally i'll play either game agains the USA
publicly seeking a way to avoid NSA spying is precisely the kind of activity that should cause them to take notice of you.
http://www.theinquirer.net/inquirer/news/2287932/kim-dotcom-s-prism-busting-encrypted-email-service-will-be-out-in-2014
Not only that but you still need to secure your message otherwise you'll have a problem with pigeon droppings.
XMail.net in Vancouver, Canada provides a nice service with 4096 bit encryption keys, storage, web pages, calendars, scheduled email sends, spam detection that works pretty good, and more. A nice email service.
The geek world is nothing but subhuman animal filth these days.
The NSA doesn't give a shit about you, you fucking useless afterbirth.
I have only recently heard about this project and haven't investigated too closely yet, but they seem to be trying to solve similar issues, and have an indiegogo campaign active:
http://www.mailpile.is/
Complexity Happens
Trust me, you don't want to have KGB looking over your shoulder.
1. All the guys here are correct, you'll need to do it yourself to be absolutely shure.
2. Nevertheless, setting up a webmail- and IMAP-server might be a bit excessive just to be a bit more secure.
Look at posteo.de:
1GB for 1 EUR per month, up to 20 GB.
They claim that they can not relate your payment to the anonymously set up account. They are allowed to throw away any data not needed for doing the billing by German law, so they do that
Your ip in the emails is replaced by the generic ip of posteo, making it harder to trace you
They claim that they do not store any access-data
You could use calendar and contacts and opt in to encrypt that data on their server
The SSL-certificates are created via open source products and signed by a rather paranoid signing-center
As of now, they seem to be trustworthy and the situation in Germany is NOT yet as bad as it is in the US. Personally, I trust them.
As an off topic sidenote:
Disadvantage for you US guys: They are using only green energy, the bastards! Actually avoiding the good and beloved fossile and nuclear energy! Impossible! Germany is doomed, our economy is doomed, we are all going to die!
SCNR, but some comments on /. about alternative energies are... amusing, at least in my book as a German...
Do you think that by opening an account outside the US will stop the NSA ? If the traffic originates from the US the NSA will capture it. Very likely they are in cahoots with serveral other governments ensuring that international traffic is captured as well...*cough* Australia, *cough* GB
errr....umm...*whooosh* *whoosh* Is this thing on ?
www.countermail.com is a Swedish company and they seem to take privacy seriously. Is anyone using it?
Sure, you may run a mail server next to the dryer, but who knows where your mail is, or how it got there.
The internet is not about point-to-point communication. It's a *publishing* technology. The reason I can see this Slashdot page is because it was published on some servers, not sent over some secure wire to me. I click on a URL and somewhere a server sends the data comprising that page out into the net, broken up in itty-bit packets with my IP address embedded in them, and eventually they all get to me, where they are reconstructed and displayed in my browser.
Email is no different. Sure, you can use encryption. But, that's self-limiting unless the entire world knows everyone else's key, and then what good would encryption be?
Just as criminals rely on "social engineering" to get access to data, it's been used for centuries by governments and others to get access to data other people do not want them to see. No matter how anyone uses technology to secure their internet "privacy" (quotes because it's an oxymoron), you are really just depending that the folks who create the technology have not been "socially engineered".
So... if you don't want someone to find out something, don't publish it, on the net or elsewhere.
-- Slashdot: When Public Access TV Says "No"
I hear that http://www.goatse.cx/ is offering webmail now...
This useless space for sale, inquire at front desk.
No one has really talked about the fact that the so-called Five Eyes share data with each other. You would need a service that doesn't have any servers in any of those countries AND where data from the service to you doesn't pass through one of those countries. The internet shouldn't be considered secure. That doesn't mean its useless, but don't ever think that email is private. At best, email can be made uninteresting, no more.
Makes sure you are using a foreign mail carrier as well. US postal service has been carrying your mail since you were born. And drive your car on foreign motorways, the US has cameras all over the roads they built. Put all those together and you are sucking off the US gov and mad as hell that they are watching.
All you need is money, you can buy a server at http://cyberbunker.com/web/index.php
Then setup your own email and web server. Most secure datacenter in the world =)
No email provider is "safe".
Whether your email provider is US or Asian or European or anywhere else based, your email will be searched at either your local ISP or at one of the primary level ISPs.
Any international digital communication will travel through at least one of several trans oceanic hubs. It will be intercepted there.
Please read "The Shadow Factory", which detailed a lot of this, and was copyrighted 2008 - several years before Snowden.
Actual communication security implies point-to-point security. In such a setting, a third-party service doesn't make any sense. Hence either what you're look for can't exist, or you won't know if it's secure.
You are correct but ONLY if you are guarding nuclear secrets or something. For joe non-terrorist, that's not an issue.
Any off shore mail server that allows secure connections, either by ssl or tls, and which stores its mail
off shore falls out of reach of that nonsense in US law that allows the government to access any mail
on a server for more than 6 months, because its "abandoned"
Further, those operators are not likely to handle ssl keys over to NSA demands, as has happened already in the US.
So people may send me mail to some ISP in Mozambique or some place pretty much out of the NSA reach, and it it far more likely to be safe sitting there on their server and accessed over ssl than having it right down the street at Google.
You don't have to make everything out to be someone keeping major corporate secrets or moving tons of drug money.
Sometimes its just a desire to be anonymous to your government. Since you posted AC, I can't understand why that point is lost on you.
Sig Battery depleted. Reverting to safe mode.
I don't know if anyone else in the thread has pointed this out yet, but if you're worried about the NSA, going outside the U.S. is NOT the answer. Their mission (before the Patriot Act anyway) was to monitor ALL foreign communications, not domestic ones.
Shouldn't that be Hawk for Falcon in the middle? In any case, it just causes packet loss.
Neomailbox.net is my favorite. It's located in Switzerland, that has very strict privacy laws. It was an interesting co-incidence, that Neomailbox had part of its accounts hosted in US earlier, but in March 2013 decided to move them to Europe, because of the bad privacy atmosphere in USA. http://www.neomailbox.net/
It's so simple.
Someone needs to write a smartphone app.
First, you use your generated-at-time-of-installation master key file password to unlock the master key file (and perhaps decrypt the application itself).
Second, the now-enabled app is used to generate randomness, and keys. Like any key generation, you do random stuff - in this case, shake your smartphone - while a bar graph grows, until the process of generating a new private and public key pair is done.
Third, you bump your smartphone against another smartphone which manufacturer follows the same protocol. Your phone employs near-field sensing technology to securely exchange public keys with the other phone over a range of a few centimeters.
Fourth, your phone secures your new key, associating that key pair, with that number, associated with that name, in your address book - and using the master key to encrypt the newly generated private and public keys you will use to communicate with that person in the future.
Everything sensitive is kept on the SIM card - address book, keys, maybe executables too - and that SIM card, of course, can always be removed, secured, and replaced by a less controversial SIM.
An interesting option would be for the proposed smartphone application to require another password also be generated at time-of-installation - but this would be the password used to NUKE the password file, rather than the password used to unlock the password file - for use in cases where duress was being applied.
(Not responsible for any duress applied AFTER this is done, that is a separate topic.)
There. Is that so hard?
Get it done. Free source it. Quit dickin' around.
~childo
...or a an US citizen the whole case doesn't matter for you.
1. You can be spied on already on the line between you and the mail server
2. You are protected by the Constitution of the US of A
Germany has laws protecting citizens from being spied on but I don't know if it is only for German citizens.
You could try mail.ru -- a good old Russian e-mail provider. POP3 / IMAP are supported:
help.mail.ru/mail-help/mailer/popsmtp
As long as you do not send or receive top secret U.S. documents, I do not see why you should bother.
I'm surprised that no one has suggested the most obvious solution - good old physical mail (the envelope and stamp thingee). Sure the USPS photographs each envelope, but if you don't add a return address, the only information they obtain is that Joe Schmoo received a letter. Hardly the stuff of relationship networks. Under U.S. law, I believe that warrant requirements for actually opening USPS correspondence are significantly more involved and that blanket warrants (let's open the mail for everyone in Cincinnati) are not obtainable ... not to mention not practicable given the time and labor involved in opening, reading, and logging. True, you don't get the immediate gratification of firing off that snappy e-mail. But, if security if your primary concern, that $.46 stamp may just be the ticket. Besides, the USPS could really use the business.
Hey, a liberal European writing here --- but i have to say the Anti-American hysteria goes on my nerves.
People, look back in history. It is pretty obvious to me that in the 70 years we were living in peace (in Western Europe) thanks to the the American influence in the world. hate this fact as much as you want, it's true nevertheless. Yes, one can say we are living in a Pax Americana. Who has an interest in destroying this?
Why do all people believe the NSA are after them when it's pretty obvious that 1.) the anti terror spionage is just a MUST HAVE nowadays (i don't want to wake up to a nuclar bomb in the hands of Al Caida, really!) and 2.) the economic espionage game is played by all others as well, and it's an ongoing competition since decades.
So, why the hysteria? Why do people think that the world would be a better place if the Americans can't have the intelligence they need to base their policy on?? I just don't get it. Rather, what comes to my mind is what happened to the world when the last really great power, Rome, fell in 475AD. We got the dark ages, So be careful what you wish for when you attack the only power that can provide stability to this chaotic world
a. the fact that its encrypted flags it b. forget about searching your email for much of anything (they're working on that, but it's a hard problem...) c. you will only be able to communicate with people who can decrypt your messages
So. basically, there is little purpose in trying to go around the NSA on this. The only way to beat them is to wrangle them in legally with policy and legislation, or, (my preferred alternative) simply disband the NSA and abandon the Empire....
Shoes for Industry. Shoes for the Dead.
There is a great deal of talk in this thread on possible "foreign e-mail services" about whether Russia/KGB is more sinister and dangerous than the US NSA intelligence servics in regard breaching privacy of ordinary citizens' email.
Why is it that very many Americans only use analogy of Russia, Cuba, Iran or some other country unfriendly to USA/former Communist regime in stupid comparisons and excuses for proven wrong doings here in the "Land of the Free". This "Misery Loves Company" syndrome is ridiculous, in that equating anything bad here is only analagous to the most (US) hated other societies, and never in comparisons to any similarly economically well developed, democratic based government (sic) or (supposedly) well educated polulace country?
There is no doubt that US government controls access to the main Internet primary domain registers and can intercept any and all data traffic into/out of this nation. Therefore those residing in this US of A need to understand and accept that their government's actions in regard to PRISM are 'real', and that the US is not the "Greatest Nation in the world", or the most "Free state" - whatever that means outside idiotic patriotic slogans and chants.
If you want more Freedom fom telephone call and e-mail intrusion, go elsewhere, or suck it up and stop bitchin about your beloved "Home of the Brave".
Ok, this may not be a comment that you will like, but from a different viewpoint, what you are asking could be interpreted as "How can I go infest and contaminate an erstwhile quiet place, bringing all my paranoia, war mentality and trash with me just do I don't have to live with the mess that me and my society created? I would hate to stay right where I am and peacefully, stubbornly work at changing things I don't like. That sounds like hard work." You think that the NSA doesn't have the capability to trace you to Mars if they wanted to? And the problem when they do that is that they will infiltrate and pollute yet another foreign site that could have done with that undue intrusion, thank you very much.
I sent the NSA an email asking to opt out. What list am I on now?
Depends on where you are at. Get familiar with your local Sheriff, and make sure his office will stand up and defend the constitution. A federal officer, acting outside of his authority may be arrested by the Sheriff. They do NOT have absolute supremacy over the states. In fact, they have a VERY limited supremacy which is strictly bound by the bill of rights. All power not specifically granted to the federal government belongs to the states. As long as your Sheriff understands his own authority and respects it -- he is your protection from an overreaching federal government.
The US Gov't CANNOT force any company to do anything it wants.
The US Gov't CAN demant that the company keep that secret, but that company is not bound by an unconstitutional demand.
The US Gov't CANNOT put a US employee in prison if 1 and 2 are not followed -- IF your local law enforcement understand their responsibility, and are willing to carry it out.
Be careful who you vote into a Sheriff's office.
After reading the comments on this topic I have to ask: Does just about everyone who comments on slashdot have a huge collection of tin foil hats?
I am sick of this shit, damn you Osama... DAMN YOU!!!!
It would help to speak, or at least read, Russian while signing up. I don't recall there having been an English-language option during the set up, though there may be this-decade.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
What about these? Would they help any?
https://ixquick.com/eng/
https://www.torproject.org/