GhostMail Closes in September, Leaves Users Searching For Secure Email Alternatives

On September 1, "GhostMail will no longer provide secure email services unless you are an enterprise client," reports ZDNet. "According to the company, it is 'simply not worth the risk.'" GhostMail provided a free and anonymous "military encrypted" e-mail service based in Switzerland, and collected "as little metadata" as possible. But this week on its home page, GhostMail told its users "Since we started our project, the world has changed for the worse and we do not want to take the risk of supplying our extremely secure service to the wrong people... In general, we believe strongly in the right to privacy, but we have taken a strategic decision to only supply our platform and services to the enterprise segment."

GhostMail is referring their users to other free services like Protonmail as an alternative, but an anonymous Slashdot reader asks: What options does an average person have for non-NSA-spied-on email? I am sure there are still some Ghostmail competitors out there but I'm wondering if it's better to coax friends and family to use encryption within their given client (Gmail, Yahoo, Outlook, whatever...) And are there any options for hosting a "private" email service: inviting friends and family to use it and have it kind of hosted locally. Ghostmail-in-a-box or some such?

FastMail

I use FastMail, it doesn't scan your emails for advertisement purposes and it doesn't send all your data to Google, Microsoft or NSA.

Doesn't feature encryption by default however, but a traditional GPG setup will fix that if it is needed.

But even so, still a lot more private/secure than Gmail or Hotmail...

Re:FastMail

[ebonum]

I think the servers are in NY.

Re:FastMail

[JustAnotherOldGuy]

I use FastMail, it doesn't scan your emails for advertisement purposes and it doesn't send all your data to Google, Microsoft or NSA.

That you know of. Or maybe that they know of, or believe, but I wouldn't bet my life on the notion that using FastMail (or any other email service) is safe from prying eyes. If they really want to spy on you, they will. And if they want to read your email or SMS or Skype messages, they'll do that too.

-

But even so, still a lot more private/secure than Gmail or Hotmail...

Maybe, but like I said, if they really want to read your stuff, they will.

Re:FastMail

Yeah, but governed by Australian Law, not US Law:
https://www.fastmail.com/about/privacy.html

(They do a pretty good job at explaining their privacy policy in clear and simple terms unlike some companies..)

Re:FastMail

Australia law don't mean squat. Mega was New Zealand, with servers in Canada, and they still got busted. Anything hosted in the US should be considered hostile due to PRISM.

Re:FastMail

Perhaps, but that is also why I suggested using GPG if you require additional security.

It's good to have a good starting point such as FM (or other paid equivalent) than say Gmail who you know will be the first ones to scan your email so they can spam ads at you and build a profile about who you are, who you talk to, what you want to do in life etc.

(This is before it even gets to government spying level)

Then you can use GPG to fully encrypt your sensitive mails further if you fear you may be at risk of being targeted by a government.

Re:FastMail

In addition to my previous message, see the limitations section here (at bottom):
https://www.fastmail.com/help/ourservice/security.html

Even they recommend using GPG or the like for "secure" mail.

Re:FastMail

[ebonum]

Replying to myself... I've recommend Fastmail to several small business owners. They are happy. Fastmail is a great service.

Re:FastMail

[davester666]

anything in Canada that anybody in the RCMP and/or CSIS even thinks someone in US law enforcement might like to look at gets fedexed there by 9am the next day.

Re:FastMail

Yeah, just like when the NSA was caught tapping into Google's/Yahoo's and others data pipes

2001 https://yro.slashdot.org/story...

20103 https://tech.slashdot.org/stor...

Re:FastMail

[jellomizer]

So...
Where would a a secure place to place the servers?
Is any country a gold model for Internet privacy and will be willing to stand up to governments who will demand that the release information?

Re:FastMail

protonmail.com
tutanota.de

Re:FastMail

NY, LA, Amsterdam right now - there's at least some user data in all three datacentres. All encrypted-at-rest. We've blogged a fair bit about our layout - the main difference is that most backups are in LA rather than NY these days to avoid a datacentre loss leaving us with copies in only one location.

Re:FastMail

[Bronster]

Oops, that was me - I managed to get logged out through not posting here for so long.

Re:FastMail

[Bronster]

We run encrypted channels between our datacentres - we're not trusting telco pipes to be private.

Re:FastMail

[Bronster]

Thanks for the plug. We definitely recommend that users who are concerned about security use GPG with our servers via the standard IMAP/SMTP protocols. We have very good standards support, and as others have pointed out in this thread - if we ran GPG server-side, you'd be delegating the security to us anyway, because we would see plaintext versions of your communication.

For the best security, you should definitely be running the encryption on equipment under your control (and not 0wned under you... which is your own lookout in that scenario)

Re:FastMail

[ObscureCoder]

Second for tutanota.de as I have been very happy with their services.

Re:FastMail

[JustAnotherOldGuy]

We run encrypted channels between our datacentres - we're not trusting telco pipes to be private.

And maybe your datacenters have been compromised. How would you know? You wouldn't, basically.

The only way you'd know is if they fucked up and you noticed, but I'd bet that they're pretty good at what they do. After all, if they can install backdoors in the firmware of Cisco devices, how do you know they haven't done that to whatever brand you're using?

Maybe they have, maybe they haven't....but these days it's damn near impossible to know, even with deep audits and best security practices.

Re:FastMail

[FrozenGeek]

Fedexed? I hope y'all're attempting to be funny. Haven't you heard of this newfangled thing called "fax"?

Re:FastMail

[BradMajors]

Web based email is not secure.

Re:FastMail

[Bronster]

Well, yes. Obviously. If "they" compromise at a level below what we are capable of seeing - for example baseband controllers on every brand of motherboard that we own, then there's nothing we can do about it. There's nothing anyone can do about that, including the theoretical "run my own email server from home".

So I don't waste much sleep worrying about that case, because there's nothing I could about it. We do everything we can to ensure security - for example airgapped internal networks with physically separate switching hardware rather than VLANs to avoid the risk of compromised switch firmware.

If that's still too much risk for you, the choice is to get offline entirely. We're not in that business, we're in the business of providing a really usable email service with the best security protections that we can provide without compromising the usability to the point that people won't use it.

Re:FastMail

[JustAnotherOldGuy]

We do everything we can to ensure security - for example airgapped internal networks with physically separate switching hardware rather than VLANs to avoid the risk of compromised switch firmware.

Exactly. We do the best we can, but we can never really know for certain if it's sufficient. That's basically the situation we're in today.

So while I don't think my communications are being monitored or intercepted, I have to accept the fact that it's certainly possible, and that if I was a "person of interest" then there's really nothing I could do that would ensure the privacy of my communications.

Re:FastMail

Anything hosted by Five eyes should be considered hostile. Anything NOT hosted by them should be considered under attack.

Re:FastMail

lol, yeah right. my out of country email and sms are fully encrypted and I wouldn't touch skype or anything M$ with a 10 foot pole.

good luck to the nsa if they want to try, but they will fail.

DoJ Official Tells Hundred Fed Judges to Use Tor

Department of Justice Official Tells Hundred Federal Judges to Use Tor

"In a recent hearing related to the FBI's mass hacking campaign, a judge revealed that a Department of Justice official had recommended Tor":

https://motherboard.vice.com/r...

Privacy is dead

[JustAnotherOldGuy]

I'm at the point where I have to say that real privacy is truly dead.

Between the NSA, FBI, CIA, DHS, and the other untold number of government and non-government snoops and spies, I don't believe there is any real expectation of privacy left, period. If they want to read your stuff, they will.

Re:Privacy is dead

[Dunbal]

No, real privacy is so private you will never hear about it.

Re:Privacy is dead

[mentil]

To be fair, that's what the TLA's WANT you to think: that you have nowhere to hide, therefore you might as well give up trying. Computer security is hard, but some significant progress has been made recently. Compare the security of the latest iPhones to Windows XP, for example.

Re:Privacy is dead

[gweihir]

It is not. It takes a little effort though. But if you encrypt email with PGP/GnuPG, use TOR or TAILS for sensitive browsing, don't post your life's story on social media and make sure your PC has reasonable security, then unless you are a priority to be spied on, you will not be.

Sure, they will still know who you did send email to, but that is about it. As far as I remember, the NSA TAO (the "hackers") has capacity for 100-1000 targets, but not much more. The rest is all mass-surveillance and that can be made much, much harder for them. And it should. Mass-surveillance has zero value to make society safer (remember all those spectacular recent failures ?) and a lot of potential to make everybody less safe and to reduce quality-of-life by eroding freedoms.

Re:Privacy is dead

[gweihir]

Indeed. In fact, every person that gives up on privacy makes the TLA's jobs easier and increases their power. So please do not give up. These people are not who you want to rule the world.

Re:Privacy is dead

Last I heard Apple refused to fulfill a legal warrant asking them to provide access to the phone for the FBI. They said that providing access would burden the company with an expensive and time consuming project.

Someone else evidently had no trouble getting access to the phone and making Apple look like a bunch of liars who were more interested in a free advertising campaign showing them to be privacy advocates which is just pure bullshit.

Re:Privacy is dead

[Antique+Geekmeister]

> But if you encrypt email with PGP/GnuPG

Stealing PGP keys is its own interesting security problem. It's quite intriguing how many people sill store them on unprotected media, especially on NFS shares without NFSv4 based Kerberized access, because "we trust the people we work with". Stealing them off of build servers for software packages is a particularly enlightening penetration test, or subverting the build servers themselves to publish false packages in a vendor's name.

The penetration of the RHEL and Fedora servers is a very good example of the risk, and of how a security aware vendor deals with it. It was quite interesting at t he time.

                        https://www.redhat.com/archive...

Re: Privacy is dead

no it's not. Just stop living in the cyberworld.

Re:Privacy is dead

[gweihir]

If they are used right, it does take a bit more than just stealing the keyfile though as they will be protected by a good passphrase. Build-servers that sign by themselves (and hence the server either has the passphrase or the key is unprotected) are simply insecure on architecture-level. The way to do his right is to sign manually.

Re: Privacy is dead

What makes you think you have any say in the matter?

Re:Privacy is dead

"[Apple] said that providing access would burden the company with an expensive and time consuming project."

The company that DID hack the 5C undertook the burden of an expensive and time consuming project so they could sell the hack to a government agency.

The world's biggest corporation chose NOT to ... showing them to be privacy advocates.

FTFY.

Re:Privacy is dead

Bullshit!

I will have to say that "privacy", is not a phenomenon, nor is it a commodity.

Privacy is foremost a conceptual thing, and should best be thought of as being he act of invoked a right of sorts. To disallow people 'privacy' by either pretending "privacy" to not exist because it is convenient for you or those that you represent, or, to disallow privacy because you want to deny people this, won't make the needs for privacy to go away.

Imagine if someone hit your face hard, and you yelled "You can't do this!". Obviously, someone just did, so your point would be moot if you thought you made an impression on your attacker. Discussing things at some dumb level in which you believed death of 'privacy' to be a foregone conclusion is to deny the abuse that happens regarding privacy related issues.

Re:Privacy is dead

[skegg]

I've taken a different approach to email. (See a previous post where I tried to explain my rationale.)
However when so many people / organisations use Gmail ... it almost defeats the purpose!

I don't disagree with what you wrote above. I can envisage a model similar to the way TextSecure / Signal handle text messaging:
where if one's contacts have a PGP key, then the client will obtain those keys and opportunistically encrypt emails to those contacts.

But can users be trusted to not lose their keys / forget their passwords? (And therefore lose access to old emails.)
Perhaps encryption could only be used for email in transit. (?)

Re:Privacy is dead

Anyone who believes there's true privacy in public, including the internet,has no common sense.

Re:Privacy is dead

The problem with the PGP/GnuPG approach is that both parties in the communication need to use it. And I've tried getting friends and family to use it, but they simply refuse and when I try to ask for an explanation, they simply get angry without giving any reason. I don't know why people don't want to use it, but they don't want to use it and they seem to feel *very* strongly about it.

Re:Privacy is dead

[JustAnotherOldGuy]

"then unless you are a priority to be spied on, you will not be"

This is the only thing that matters. As I've said elsewhere, if they want to read your stuff, they will.

No amount of PGP or encrypted messaging will prevent them from reading or listening to everything you send or say if they decide they need/want to.

Re:Privacy is dead

[JustAnotherOldGuy]

Stealing PGP keys is its own interesting security problem.

Why bother with stealing the keys when they can install malware on all your devices and get everything fresh from the keyboard?

Routers, phones, keyboards, NICs, etc etc....everything is susceptible and exploitable. They're probably giggling at the idea of people carefully protecting their PGP keys when they can capture every keystroke at the source.

Re:Privacy is dead

[JustAnotherOldGuy]

No, real privacy is so private you will never hear about it.

Maybe I won't hear about, but then I don't have the resources available to me that the US government does. Maybe you think your privacy is really, truly private, but honestly, how would you know? The only way you'd know is if you somehow found out they were snooping, tapping, MITMing, source-capturing, etc etc etc.

By definition, you can't know that they've not managed to invade your privacy as long as they've done a good enough job of it.

Re:Privacy is dead

[yuvcifjt]

Well said; Apple appears to be the only major company interested in privacy of their users, and dare I say, even fighting for their users' privacy. Each iteration of iOS hardens their system further from gov surveillance. Case in point.

Although iOS and iPhones are fairly well protected against gov surveillance, I'm not sure what Apple is doing against commercial spying apps and advertisers, particularly the most evil of all: Google.

Re: Privacy is dead

Bah .... I don't care if the NSA does read my email. A guy can only use so much "male-enhancement" anyway. I just wish they'd have the decency to delete all the sh*t afterwards.

Re: Privacy is dead

[gweihir]

You are wondering whether I have a choice in giving up? Are you retarded?

Re:Privacy is dead

[gweihir]

It is not as simple as that. Every time they install such malware, they risk losing the vulnerability used. It just takes one person uploading something suspicious to https://www.virustotal.com/ and their $100'000 zero-day exploit may be gone. And the cost is not even the worst. There are at one time always only a small number of zero-day exploits. Hence in order to keep their capabilities intact, they can only ever use these against high-value targets. And they will try conventional hacking (which good security practices prevent) first, which again is expensive.

So, no, they are not "giggling", they are very careful to use the limited resources they have only against targets that are high-priority. The mere amount of things they do _not_ discover before something bad happens should be a clue.

Re:Privacy is dead

[gweihir]

But can users be trusted to not lose their keys / forget their passwords? (And therefore lose access to old emails.)

Those that want security can. The others are defenseless against attacks anyways.

Re:Privacy is dead

[gweihir]

They fail to understand the problem. That is the root-cause for most human problems these days. "Stupid" is prevalent and cannot be fixed.

Re:Privacy is dead

[gweihir]

And, fail. Mass-surveillance still counts as "they want to read your stuff" and encryption used right will reliably prevent that.

Re: Privacy is dead

Just fucking give up then. You sound like you already have. Go crawl in a cave instead of posting the same scare tactic shit over and over. "I can't guarantee my own security so I won't even try" that is exactly what you are saying. It's fucking disgraceful. As I've seen you post before you are a very intelligent and well informed person. But on this matter you are wrong.
Stop laying down like a fucking dog and try to fix the problems we have.

Re:Privacy is dead

[JustAnotherOldGuy]

Mass-surveillance still counts as "they want to read your stuff" and encryption used right will reliably prevent that.

Do you really believe that the NSA, FBI, or CIA couldn't read or monitor your communications if they wanted to?

Re:Privacy is dead

By that same argument, you can't possible know that they have gained access. My email is secured behind two passwords, one for logging in and another to decrypt my mailbox, all of which is located in Switzerland.

Re:Privacy is dead

[BradMajors]

On any day, there are many known "zero day" exploits that are usable on most computers because the user has not updated their software.

Re:Privacy is dead

[gweihir]

They cannot if they want to do the same for 1'000'000 other people at the same time. And that is not a "belief".

Re:Privacy is dead

[gweihir]

And if you start ignoring the definition of even more terms, you can make even more nonsensical statements! Try it!

Re:Privacy is dead

[Antique+Geekmeister]

> So, no, they are not "giggling", they are very careful to use the limited resources they have only against targets that are high-priority.

I'm afraid this is a common but misleading belief in security circles. The idea that "we are not an important enough target for anyone to hack us" is widespread in industry, software development, and personal computing. Unfortunately, most attackers are not so elite and there are thousands of them active at any time. The script kiddies are _always_ attacking anywhere they can find exposed, and they are publishing botnets. And the wide range of skills and difficulty of prosecution. leaves many clumsy attackers still active, even if they are discovered or exposed.

The result is that many institutions and people, feeling free from targeted and skillful attacks, fail to apply even the most basic security steps. The result is that many if not most PGP or GPG keys can be stolen with a minimum of targeted effort. They can be, and probably are, swept up wholesale much like , SSH private keys, and stored MySQL, Postgresql, and other database passphrases are recorded wholesale by even clumsy malware.

Re:Privacy is dead

[JustAnotherOldGuy]

They cannot if they want to do the same for 1'000'000 other people at the same time.

But what if for some odd reason they want to read your email and not the email of the other 999,9999 people?

Again, Do you really think that the NSA, FBI, or CIA couldn't read or monitor your communications if they wanted to?

Of course they could, but you're probably not on their radar. If by some odd circumstance* you do pop up on their radar, they'll read and listen to whatever they want of yours.

-

*Someone mis-enters a number, or you "appear" to be linked to someone else by some simple (yet innocent) circumstance, you misdial a number that they happen to have an elevated interest in, etc etc etc.

Re: Privacy is dead

[JustAnotherOldGuy]

You sound like you already have. Go crawl in a cave instead of posting the same scare tactic shit over and over. "I can't guarantee my own security so I won't even try" that is exactly what you are saying.

Nope, if it sounds that way to you, you're mistaken. I do what I can to preserve my privacy within what I feel are reasonable boundaries.

If you read what I wrote, nowhere do I say I've "given up" or whatever. What I said (in one instance) was, "Do you really think that the NSA, FBI, or CIA couldn't read or monitor your communications if they wanted to?"

As far as privacy being "dead", yes, in most of the ways that matter it is, for all intents and purposes. It's not hard to keep stuff private from a casual observer or snoop, but the people that are snooping are government sanctioned or serious operators, then they'll read your stuff.

Encryption is like most door locks- they'll only keep the honest people and the laziest criminals out. Those that really want will get in.

-

"As I've seen you post before you are a very intelligent and well informed person."

Thank you, I don't think I'm all that smart and I'm probably not all that well-informed either. But I know that the basic nature of keeping secrets hasn't changed in 10,000 years. :)

Lavabit

[mentil]

It's ok just sign up with Lavabit.

Oh...

Re:Lavabit

[JustAnotherOldGuy]

I suspect that using any encrypted or "high security" email service will probably get you noticed, or at least earn you a checkmark by your name in some database somewhere.

If I was the government and wanted to know who might be of interest to spy on, that's what I'd do. Or I'd provide some "high security" email service and watch who uses it.

Re:Lavabit

[mentil]

Wouldn't work. Paranoid people who fear the government will find out that they know the TRUTH about their extra-terrestrial conspiracy, or that they're hoarding distilled water so that the mind-control chemicals aren't affecting their family, or that they're melting down pennies, outnumber people to ACTUALLY be concerned about by 100 to 1, if not 100,000 to 1. There isn't enough manpower to check up on all of these people, and when the govt. tries, they are usually dismissed as "not a credible threat" even if they later go on killing sprees.

Re:Lavabit

[TheGratefulNet]

you don't think that, like the farm of foreign workers that work for pennies a day, that the bad guys in our government do not hire them for their human abilities?

I can easily imagine a distributed HUMAN system done in india, say, that harvests the power of people to do the evil work of the nsa, etc.

AI can do a lot. pattern matching in pure hardware (like DPI is in hardware these days) and occasional 'human assist' can get the job done.

I refuse to accept the BULLSHIT plea of 'too much data; you can just disappear in the noise'. pure bs. they would have solved this while they were designing the database to hold it all. they have more money (and power) than god himself. they can get anything like this done and we won't know a word about it until the next snowden leak.

indians have been working against the US's best interest for years, now. I know many who work in silicon valley for 'black hat' companies and they have no allegiance to the US and they could care less about our lifestyle or freedom. they get paid, they get a lifestyle bump over what they had in india and they all buy the BS that they are 'helping' secure the US or the world, when in fact, its exactly the opposite. they mostly don't even know the real ID of who they are working for; they are given 'fake' jobs and have no idea what their real long goal is. even first line managers don't know.

sounds like james bond movie, but truth is stranger than fiction.

'lack of manpower' does not apply anymore. there are hoards of working humans that will do what they are told for chicken feed.

don't believe you can get lost in the noise. not in today's 'hire a human for pennies' world.

Similar happened with anon.penet.fi

[Antique+Geekmeister]

Those of us old enough to remember when Usenet was a critical online resource will remember when anon.penet.fi provided a helpful, pseudonymous email and NNTP service. It was invaluable for people discussing issues that were not work safe, ranging from dating services to gender identity to cancer fears to AIDS help to thoughts of suicide. Some typical coverage was done by Wired, quoting the Observer newspaper, at:

        http://www.wired.com/1996/11/a...

What was amazing about most of the press reports at the time was how they failed to identify the incident that caused Julf Helsingius to shut down anon.penet.fi. The incident is better described at:

      http://articles.latimes.com/19...

Simply put, someone kept using anon.penet.fi to post court documents revealing Scientology's inner secrets. The documents are infamous and broadly available online, but 20 years ago they were not so broadly avaialble.

Why do I mention this? Partly because it points out that anonymous, and pseudonymous services, are always at risk from court ordered revelations about their clients. And I mention it partly because it's vital to see press coverage about the events as possibly skewed by fears of retaliation by powerful groups. 20 years ago, man reporters were justifiably _frightened_ of covering Scientology stories. They remembered what had happened to Paulette Cooper, who wrote about them and had bomb threats faked in her name by the cult. Today, press coverage that risks the ire of Fox News or of the Department of Homeland Security or run afoul of the so-called Patriot Act are at similar risks of abusive, extra-judicial censorship with little safe recourse.,

I'm afraid the desire to censor communications is always around. I do look forward to better details about what triggered the closing of GhostMail's free services. I hope it wasn't a similar abuse of authority, but see real reasons to be concerned that it _is_ about Patriot Act or other government enforced tracking of users.

Re:Similar happened with anon.penet.fi

[Kohath]

...Today, press coverage that risks the ire of Fox News or ... are at similar risks of abusive, extra-judicial censorship with little safe recourse.

Citation needed. Fox News is just somewhat silly partisan news, like NBC News. When/how did they ever commit "extra-judicial censorship"? Or are they merely guilty by association?

Re:Similar happened with anon.penet.fi

[mhotchin]

I think you misunderstand his concern. Fox News gets bent out of shape about something, and a Fox News watcher (perhaps several!) decides to "Do Something About It! (TM)". Fox News here is merely an example of the pulpit, it's the parishioners that you have to watch out for.
 

Re:Similar happened with anon.penet.fi

[mentil]

we do not want to take the risk of supplying our extremely secure service to the wrong people

Taking GhostMail at their word, that would mean that they think their service is TOO secure, and are deathly afraid that the evil terrists will do evil things with it, but are unwilling to compromise their own security. Therefore, only for-profit businesses and other organizations which are never corrupt and put society's welfare at the forefront (pshaw!) will be allowed to use it.

Re: Similar happened with anon.penet.fi

Ahh yes i remember that. I used it to spread the decss code back in the day. Yes im the originally leaker. The dude had an exe on his site and i replaced .exe with .c and nearly shat myself when i realized what i snagged. Discussed it internally on the livid mailing list and decided to go the anon route. Fuck the mpaa!!!!!

Re:Similar happened with anon.penet.fi

I think you misunderstand his concern. Fox News gets bent out of shape about something, and a Fox News watcher (perhaps several!) decides to "Do Something About It! (TM)". Fox News here is merely an example of the pulpit, it's the parishioners that you have to watch out for.

I wonder if it would be a good idea if say watchers of major news services were regularly surveyed with simple factual questions about current events. If your viewers consistently answered questions incorrectly, then maybe you should loose accreditation, and no longer be able to call yourself a "news" source for that particular year. Nothing would take them off the air, but calling a channel with that much bias news seems an incorrect usage of the English language...

Re:Similar happened with anon.penet.fi

[Kohath]

So just like anyone who ever voiced an opinion then? Let's not proclaim guilt by association. Innocent people are not guilty by association, even when they express an opinion you don't like.

Re:Similar happened with anon.penet.fi

[wvmarle]

More likely: they are afraid that they will be suspected of helping suspected people that may be suspected terrorists that may in the future blow the whistle about secret invasive government programmes. Because just that tiny air of suspicion is nowadays more than enough to get the whole world against you (just being called "suspected terrorist" or "suspected terrorist associate" is in certain countries enough to take away any legal rights a normal suspect has, and put people in jail for months without even a formal charge against them).

By targeting corporate clients only, they can even brush away that risk of suspicion.

Re:Similar happened with anon.penet.fi

Fox News already went to court over this. They successfully argued that they are an entertainment channel and therefor are allowed to lie and make up stories.

Re:Similar happened with anon.penet.fi

[Antique+Geekmeister]

> Fox News gets bent out of shape about something,

Getting "bent out of shape" is not the problem. It's the fraudulent crusades against political, ethical, or ideological opponents. that are the problem.

Fox News repeatedly, and sadly effectively, misreports basic news to anger and mislead their viewers for ideological reasons. There were numerous examples during the conservative furor that led to the Iraq War. Such deceit was present during the "Black Lives Matter" protests, the "Occupy Wall Street" protests, and the Fox reporting on the fraudulent "abortion harvesting" videos about Planned Parenthood.

> Fox News here is merely an example of the pulpit,

The danger is that they represent themselves as a news organization, not a political pulpit. This means that their fraudulent attacks are taken more seriously than those from a more openly political spokesperson.

Re:Similar happened with anon.penet.fi

[johanw]

Ghostmail is based in Swiss so I doubt very much that the patriot act was involved.

Re: Similar happened with anon.penet.fi

Yes! That would be the perfect way to ensure the state sponsored or politically correct story line was maintained! Great idea!

Re:Similar happened with anon.penet.fi

[fuzznutz]

Fox News repeatedly, and sadly effectively, misreports basic news to anger and mislead their viewers for ideological reasons.

That sounds like Nancy Grace on CNN. Are you certain you have your facts correct?

Re: Similar happened with anon.penet.fi

^^Sounds like MOST major new sources.

FTFY.

Re:Similar happened with anon.penet.fi

> Ghostmail is based in Swiss so I doubt very much that the patriot act was involved.

Don't doubt it too much, since the Swiss government and various companies like banks and so on have taken extraordinary pains to bend over backwards, when The Americans(TM) came knocking for anything they wanted!

Re:Similar happened with anon.penet.fi

[Antique+Geekmeister]

I'm sad to say, yes, I'm personally convinced by having watched it. They consistently rate the worst for truthfulness of any national news publisher.

If it's worth your time, check any level of Fox news reporting about _anything_ where you personally know anyone involved or know the subject matter. It's true even for scientifically verifiable subjects. See http://mediamatters.org/blog/2... as a good example of the problem.

Re:Similar happened with anon.penet.fi

[Antique+Geekmeister]

May I assume you mean they are "based in Switzerland"? I don't wish to mock your spelling, I just don't wish to echo that typo.

That is why I mentioned "other government enforced tracking of users". Every hosted service is vulnerable to local government orders. And like anon.penet.fi, they're vulnerable even if the orders are based on fraudulent claims from a criminal or political entity in another nation. Even the Swiss are vulnerable to exposure: their infamous privacy for banking records has been profoundly reduced in recent decades by EU legislation.

Re:Similar happened with anon.penet.fi

[julf]

Thanks - happy to see a reminder about the right version of the story!

Special Program in My Area

There is a special program going on in my area where for less than $0.50 my sealed, encrypted correspondence will be hand delivered to it destination by a uniformed representative of the United States government. These representatives will stop by my home or place of business to pick up my correspondence or I can use several convenient drop boxes located throughout my neighborhood. I find this service to be an excellent way to securely communicate with friends and family and to conduct business in this modern era.

There might be a similar service in your area. You can find out here.

Re:Special Program in My Area

[fustakrakich]

Metadata will still give you away. The better alternative is still through the newspapers' classified ads. Transmitter and receiver remain unknown.

Re:Special Program in My Area

Well don't put a real senders name/address on the back. Doh!
What metadata then eh?

Re:Special Program in My Area

[fustakrakich]

The post mark will suffice, gives the date and the city. That's a start. And you do need to put the address of your intended recipient on the front, amirite?

BYO Dovecot + Exim with TLS on both sides

[dimethylxanthine]

Don't panic - it's homegrown and organic!

Re:BYO Dovecot + Exim with TLS on both sides

Just don't forget to encrypt the storage that's used for when your friendly neighbourhood TLA comes and yanks the server from the cupboard under the stairs.

Re:BYO Dovecot + Exim with TLS on both sides

[dimethylxanthine]

Good point, which goes without saying. I use a combination of FS-level encryption and dovecot's maildir bz compression to almost quadruple storage.

Re:BYO Dovecot + Exim with TLS on both sides

[Bert64]

This, run your own service at home... There are many ISPs out there that will give you static ips these days, modern home connections are more than fast enough for a moderately loaded email server and if the server is at your home you have physical control over it and can monitor it, you can also ensure the disk is fully encrypted since you'll be physically present to re-enter the key on bootup.

You don't even need a powerful, expensive and noisy server, a raspberry pi is more than adequate for running a mail server.

Re:BYO Dovecot + Exim with TLS on both sides

You don't need a static IP. Just use a dynamic dns service like noip.

Re:BYO Dovecot + Exim with TLS on both sides

[swb]

I think it's generally more secure to have a personal email server at home than to rely on a third party system. It does raise the question as to how physically secure your home is, though.

And of course it raises the question as to who you exchange email with and how secure they treat your emails.

Re:BYO Dovecot + Exim with TLS on both sides

you must have slept through the hillary home email server multi-year post-snowden psyop. Everybody has been conditioned to understand that Hillary made a mistake. Why would anyone want to make the same mistake?

Re:BYO Dovecot + Exim with TLS on both sides

you are of course completely wrong in fact, but oh so right in spirit. The problem is the internet as a platform. If there was some magical principle, perhaps based on the philosophy of free speech, that every node on the edge would have their traffic passed equally well, regardless of type of content, application, or device, then I think things would evolve quickly to where you would actually be correct in both fact and spirit. BYODC+EXwTLS and similar solutions _could_ be made generally more secure than depending on third party systems. But it's not going to happen until the dawn of that magical priniciple. Until then, ISPs will have CYA ferengi print, that relegates server operators to the oh so small subset of people invulnerable to the hillary home email server psyop conditioning. In other words, almost no chance at that beautiful, entirely predictable, rapid cyber evolution. I.e. 90% of the target market won't go for such a solution if they feel like they are akin to criminals descrambling HBO without paying for it. Or rather, they won't pony up the server-tax the ISPs want to charge. And the NSA will do everything to shape the human terrain to avoid an outcome with actually secure technology in the hands of the masses.

As for physical home security, that would be a beneficial side effect, getting people to think about something they should have been thinking about more anyway. But that too is not really that big of a deal. With a truly open and competitive landscape for solutions, we'd see raz-pi sized solutions with full disk encryption, and even moderate levels of tamper evidence and resistance, along with automated backup/replication to nodes chosen by the user (read: friends). I.e. thief will get your raz-pi, but they won't get your data, and you won't lose it either.

All of these issues have straightforward engineering solutions/mitigations/etc. It's amazing how adept at technology retardation the NSA and FBI are.

Re:BYO Dovecot + Exim with TLS on both sides

[Bert64]

If you don't have a static ip with appropriate reverse dns, you will have major trouble sending any email (most spam filters will flag a dynamic or nonresolving ip as suspicious).

The "wrong people"?

[fustakrakich]

Either these guys are dorks or they were threatened.

Oh well, it has been said many times before, we are on our own. Best of luck

Ennetcom

A more recent and closer example is surely Ennetcom. The dutch provider of encrypted messaging. The dutch police raided the owner, admitting that encrypted comms is not illegal, but that the communications were being used by criminals.

The actual charges though, did not reflect the PR. There was no such 'illegal because it could be used by criminals' charge. They did a 'possession of an unlicensed weapon', against the owner and a 'money laundering' charge.

That second charge, the Dutch press expanded on, saying the company was assisting laundering money by selling the phones which could/were resold by criminals to other criminals to launder criminal money. i.e. a nonsensical vague claim. How would selling a phone to another criminal be laundering? You'd receive criminal money as payment!

It was timed shortly after the failure by the FBI to force Apple to backdoor their phones and it was by the drug police, a unit trained by the FBI, so it appeared to be related to lobbying from external back actors.

So be careful what you say.

Re:Ennetcom

You miss a bigger irony! Dutch SIM company Gemalto, employees started using Ennetcom phones after Gemalto was found to be hacked by GCHQ to steal all the SIM card keys. So the secure phones issued to defend a dutch company against foreign government hackers were blocked by their own dutch police force.

Another thing you missed: Ennetcom's servers were in Switzerland, the money laundering charge was how they were able to get the Swiss to confiscate the servers, which a simple gun license charge wouldn't have achieved. This company is also Swiss based and so they didn't want police raiding them, and throwing any random charges against their executives.

gangue do sarney

a reweb treinou a helena santos pra engolir porra e usar o crm da processor, pra se infiltrar e instalar um virus que provavelmente vai fuder com alguma coisa na suíça. daqui a pouco entra o vagner lima, que é um denis pimentinha que fugiu da cadeia, pra pagar uma de cuzão e gagejar enquanto vende intel pro Google.

Secure overseas email

[ArtemaOne]

I have had a very secure overseas email service for the last decade and a half. I don't want other people to start using it, however.

Re:Secure overseas email

Get off my lawn!

Re:Secure overseas email

oooooOOOOOOOOOH!

That sounds *sunglasses* MYSTERIOUS!

This site must be hurting if you're +5 anything for that nonsense post.

Re:Secure overseas email

[Simulant]

Who do you email then?

AOL E-mail

it's good enough! good enough for me!

http://arstechnica.com/tech-po...

Weeding out the riff-raff?

[jenningsthecat]

we do not want to take the risk of supplying our extremely secure service to the wrong people... we have taken a strategic decision to only supply our platform and services to the enterprise segment

Because of course, and so obviously that no explanation is needed, "the enterprise segment" of the market couldn't possibly comprise "the wrong people", could it? Why, I bet there's not a single large criminal organization or shady financial corporation among GhostMail's enterprise clients!

Re:Weeding out the riff-raff?

[Etcetera]

To be fair, it's a different kind of riff-raff. Corporate shennanigans might be of a different type of shennanigans than an ISIS user who got told by his buddy to use the service. Let's not pretend that the differences can't lead to a different moral determination.

At the very least, having only enterprise contracts leaves them with someone very easy to sue if something is misused.

Re:Weeding out the riff-raff?

[Burz]

Because "enterprise" people are, by definition, "the right people". Just ask the Saudi government!

Is Hosted Email Really Secure?

[kboodu]

Until we know how deleted emails on yahoo were recovered (seen on Slashdot here: https://news.slashdot.org/stor...) can we know if using encryption on any webmail service is safe? The answers in this might go a long way but with both Google (GMail) and Yahoo saving "draft" emails for you (are THOSE encrypted?) any encryption added around it might not be necessary. Of course, you can use your own email client and send through Yahoo (or others), but how many non-technical people can do that safely?

privacy will end with implants

they will be mandatory

Self contradictory

risk of supplying our extremely secure service to the wrong people... In general, we believe strongly in the right to privacy, but we have taken a strategic decision to only supply our platform and services to the enterprise segment."

They are contradicting themselves. They say they strongly believe in the right to privacy but then say because some people are criminals no one should have it. Unless you are an "enterprise customers" = has lots and lots of money.

The people running Ghostmail sound like emotionally immature fools who had no idea what they were doing or even what they were selling. This shows the risk of trusting your privacy to companies who are only as good as the people running them.

Re:Self contradictory

Anyone running a "secure communications" initiative is an immature fool. The governments do not like it, period, and I think they made the point clear enough. Challenging them is like playing with matches and gasoline, it can only end badly. To all the deluded fools who think they can "stick it to the Man" I say: remember Aaron Swartz. Remember how he was destroyed. It can happen to you too.

mmm

jnjnj

ProtonMail

[Corwyn_123]

Try ProtonMail

Based in Switzerland. End-to-end encryption. Even the admins cannot access their user's e-mail. and it's free.

Falls under strict Swiss privacy laws, out of the reach of other governments.

Re:ProtonMail

Only problem is you'll end up "vendor locked" due to no support for standard protocols such as IMAP or POP3. :-(.

Thus, if you ever want to change providers, you'll loose all your emails first.

Re: ProtonMail

And then Switzerland will simply be forced to change its laws. Don't forget how powerful the adversary is... If you dare to name it as such.

Re:ProtonMail

ProtonMail is open-source. You're welcome to download the source code, add what you want, and then use it ;)

Re: ProtonMail

And what about all those powerful Americans who have (cough-cough) Swiss bank accounts? Do you really think that getting Switzerland to change its laws is going to be that easy?

Re:ProtonMail

[yuvcifjt]

Indeed!
This is the only thing that stops me from migrating over to ProtonMail; I'd even be happy to pay for their service, but the biggest problem is not having ultimate control over your own email and data - no ability to download emails to your local device.

It would be cool if they could build an addon for Thunderbird which is able to download and unencrypt the data to be stored locally, i.e. every time you open Thunderbird, it would ask for the decryption password, similar to their web interface.

Re: ProtonMail

The Swiss banking laws have already changed. They made some changes in 2009 to try to curb tax evasion, and more recently they've changed the laws so that they're going to share information just like EU banks do starting in 2018.

I'm not contending that this has a bearing on their other privacy laws, but, if one does decide to take banking as an example, disappointment awaits.

Re:ProtonMail

> Falls under strict Swiss privacy laws, out of the reach of other governments.

Bullshit! Ask any American living in Switzerland about the value of these 'strict privacy laws'. Or bank directors and the Bundesrat about what they do, when other governments want something. It's so bad, even the Swiss populace is pissed off at the subservient tail-wagging of the folks in charge!

Alternatively ask any Swiss about the new intelligence bills soon in effect, legalizing placing trojans on private machines, audio- and video-bugging private apartments with impunity and numerous other measures to give Orwell a (non-literal) run for his money!

Switzerland is being destroyed. From inside and from the outside. They had a really good thing going there for a while, but are fucking it up royally. So long and thanx for all the cheese!

critical mass

[swell]

Until a critical mass of users choose to encrypt their messages, it will be inconvenient and ineffective for anyone to do so. For some reason half of Americans, and Europeans too, trust their government to some extent. They protest 'I've got nothing to hide' and continue their lackadaisical ways.

You may convince your circle of friends to encrypt, but it's Joe Average that needs to join in. And Maria Average. Women and young people especially will resist the inconvenience.

But why encrypt when really there isn't anything to hide in a particular message? The reason, above all, is that only when everyone encrypts will we have the critical mass that discourages any government or private entity from attempting to spy on all of us. The effort will be futile and we will have a small victory.

Re:critical mass

[wvmarle]

Until a critical mass of users choose to encrypt their messages, it will be inconvenient and ineffective for anyone to do so

That critical mass has to be really big. It's a hard thing to get done, and may not be able to work at all, ever.

First of all, there has to be a universal encryption protocol, that is supported by all e-mail clients. If there is a need for multiple protocols, they all have to be supported by all e-mail clients. This alone is a massive hurdle to pass.

Then the encryption/decryption part. For a local e-mail client this can work securely and fairly conveniently and transparently, with your keys unlocked when you log in to your computer, just like encrypted hard disks.

But how could this ever work securely for webmail clients? The keys just have to be stored either on the main server, or the user has to carry say a USB stick with their key. Neither is exactly secure or safe. Using the USB stick method en/decryption may take place in the browser but then the security breaks when users want to use a shared computer and when the USB key is lost or breaks, the key is lost (unless they remember to keep backups), and all e-mails are lost. When the key is stored on the main server (and encryption is done there), the whole security of encrypted e-mail is broken, as the webmail provider has your key and just has to wait for you to log in to unlock it and they can read all your e-mails again.

The whole openness of e-mail itself, and it being used as webmail and on shared computers is going to be the issue. Somehow, somewhere the e-mail has to be decrypted, and both the key and the result have to be kept secure. I don't see how that can be done.

Re:critical mass

[ByteSlicer]

Somehow, somewhere the e-mail has to be decrypted, and both the key and the result have to be kept secure. I don't see how that can be done.

Erm, with public/private key pairs?
This is a solved problem: you exchange public keys, then encrypt all your mail to person X with the public key of person X.
Only they have the private key that can decrypt it.
When X replies tou you, they encrypt with your public key.
To authenticate your email, you can even sign it with your private key, and the other side can verify it with your public key.

Re:critical mass

[ByteSlicer]

Ok, I think I misread what you meant, which was the private key and the decrypted email.
So long as the decryption is done server side, there is no way to ensure the server doesn't leak this data to third parties.
So to make webmail secure, it would need to send you the message encrypted, and let you decrypt it locally with a trusted client.
It could be a plugin in your browser, or some local JavaScript that is under your control, or some local app on your phone that lets you scan the text and decrypt it on the fly.

Re:critical mass

[wvmarle]

You conveniently left out the rest of my e-mail - the comments about how to (not) keep the secret key secure!

I know the encryption itself is a solved problem. That's the easy part. Now keeping those keys secure, that's the hard part - lots of e-mailing is done using web clients and even shared computers. Securely exchanging public keys with everyone you want to talk to, that's another hard part (how can you be sure that you get the correct key, and that the key server is not performing a MiM on you?).

Re:critical mass

[ByteSlicer]

Well yeah, like I said in my other reply (sent 20 min before yours), I misread what you meant.
Sometimes you read something, and your mind just runs off with it, I guess. No "convenience" intended...

Re:critical mass

[wvmarle]

Saw the other reply only later :-)

Re:critical mass

[Burz]

Other types of messaging clients are doing this conveniently. Signal and Ring.cx come to mind. I think email itself may be obsolete, since it relies on servers and makes hiding metadata difficult.

Re: critical mass

Yes, because browsers and JavaScript have proven to be secure /sarcasm

Re:critical mass

[wvmarle]

Such messaging services (WhatsApp is also end to end encrypted) rely on a single company. That company has to make money off the service somehow, or it will end, sooner or later. Those companies have an incentive to read your messages and sell your personal data (either direct or indirect in the form of targeted advertising), and they ARE the MiM, so we have to trust them to not decrypt our messages with their own keys, pretending it's end to end encrypted. A government that wants to spy has to go to one and only one company and there they can intercept everything that is being sent over the messaging service. How can we be sure that WhatsApp is really end to end encrypted? That SnapChat messages are truly deleted and not kept on some server somewhere in the middle? They all say it's like that, and I take their word for it, but being sure - well, not really.

I have seen ICQ come, be the world leader, and disappear. MSN Messenger took over, and it's also gone. Yahoo messenger, AOL messenger - all IM applications that have gone. On the other hand, good old e-mail is decentralised, can be read on any platform by a huge number of client, and no MiM possible as long as you control your own smtp server and know your messages are encrypted before they leave your computer. Add smtps on top of encrypted message content. You can reach anyone with an e-mail address, regardless of which platform they use (WhatsApp is still mobile phone linked), independent from any one company.E-mail is anything but obsolete, even though it does have its flaws.

Re: critical mass

[ByteSlicer]

That's why I added the phone idea. You need a trusted client to do the decryption.
Don't trust your browser? Then use a dedicated device that is 100% under your control.
Or use pen and paper, since your device contains silicon you didn't create.
But make sure to close all curtains and sweep for bugs first.
If they *really* want your secrets, they'll just use the $5 wrench method anyway...

Re:critical mass

[Kjella]

Then the encryption/decryption part. For a local e-mail client this can work securely and fairly conveniently and transparently, with your keys unlocked when you log in to your computer, just like encrypted hard disks.

And this basically means hardware support. There's no way ordinary user passwords like "luggage12345" will be cryptographically strong, it takes hardware that will give you a limited number of attempts to translate this to a private key. Pure software solutions like Truecrypt or dm-crypt on Linux require you to type a very long and comple key so they're not convenient. And so if you need hardware, they won't be universal and it won't work for webmail. Honestly if you don't view it on a personal trusted device I don't see much point at all. It also doesn't make sense unless you're sure you're communicating with the right person, but giving a full fingerprint is much harder than an email address.

I'm kinda hoping Apple will do it, they could. Not instead of mail, but in addition to. Generate a PGP key locally with no password, encrypt it with AES, upload the file to iCloud and ask the user to write down the key and keep it safe. Locally you'd use the iPhone's authentication and secure enclave to make it transparent. Any new device you want to use you have to either authenticate it from an existing device (get device's public key, send PGP key in encrypted message) or download the AES-encrypted backup from iCloud and enter the AES key. Lose all the devices and your AES key? Tough, generate a new one and start over. If they could build this into phones and tablets and macs and a written down key *maybe* they could keep most people from losing the key.

Because that's really the main problem, people don't want things to be that secure. If I lose my house key, I don't want to be locked out of my house forever. I might have to get a locksmith (or break a window if it's urgent) but it's not like I lose everything permanently. It's much the same reason we keep money in the bank via debit/credit cards and not cash in our wallet, if the wallet gets stolen or lost it's gone. One thing to note as well is the lack of perfect forward security due to the asynchronous nature of email. It's actually better to negotiate a per session key, but then both parties have to be online to negotiate it. It's possible we should just skip the whole "server in the middle" and just keep it to ourselves until we can reach the destination directly.

Re:critical mass

[CronoCloud]

But how could this ever work securely for webmail clients?

Simple, don't use webmail via a webrowser. Access it with a REAL e-mail client (either desktop or mobile) via IMAP or POP3. For example, I can access gmail via IMAP and send/receive encrypted messages on either my desktop or phone/tablet.

Re:critical mass

[CronoCloud]

lots of e-mailing is done using web clients and even shared computers.

Which is totally unnecessary in 2016.

Securely exchanging public keys with everyone you want to talk to, that's another hard part (how can you be sure that you get the correct key, and that the key server is not performing a MiM on you?).

Compare the key as acquired from different sources? Make sure the key matches the email address you want to encrypt to? Check the fingerprint confirmed out-of-band?

And besides, if you encrypt to the wrong pubkey, the "right" receiver won't be able to decrypt

Re:critical mass

[BradMajors]

The problem is not with "joe average".

The problem is with technical geeks, who don't feel it is necessary to provide support for industry standard encryption by default in popular email clients.

Re:critical mass

> Securely exchanging public keys with everyone you want to talk to, that's another hard part
> (how can you be sure that you get the correct key, and that the key server is not performing a MiM on you?).

It's two different problems! Lumping into one is precisely why nothing's moved forward in twenty years!

Any fucking email client could be configured to automatically exchange keys without user intervention. But NOOOO, let's make it a HUGE problem to send an email with an attachment back and forth ONCE!

Re:critical mass

[Burz]

Ring.cx uses DHT not "a company". Clients connect directly to each other.

AOL & Plan9OS

When I've closed the door behind me, settled down in my favorite chair, wiped the sweat from my brow, and sit down before a super powerful PLAN9OS laptop, I crack open a beer and login to my free AOL e-mail and chat with my peeps.

Plan9 is always there for me.
AOL is always there for me.

So you could say I have the best of both worlds!

Give them both a try and you'll see - the love is not only between them and me.

Anybody got numbers?

[hyades1]

I wouldn't be surprised if Free World police killed more innocent, unarmed civilians over the last couple of years than terrorists.

Like so many of us, GhostMail's owners have lost track of where the real threat lies.

I had ___ for lunch! mod me insightful!

I have had a very secure _______ ______ for ______. I don't want other people to start using it, however.

fucking meaningless!

So, it has come to this

The terrorists have won 10-0. Thank you for submitting to the fear. Ordinary people will keep losig their rights, privacy, independence and possibilities.

Re:So, it has come to this

there's no such thing as privacy in public.

quit with the delusions

Re:So, it has come to this

[ooloorie]

The terrorists have won 10-0. Thank you for submitting to the fear. Ordinary people will keep losig their rights, privacy, independence and possibilities.

During the Cold War, governments justified the same bullshit with other kinds of fear mongering. And while NSA spying on US citizens is certainly some cause for concern, economic and social policies represent far bigger infringements on our liberties: high taxes, regulations, restrictions on freedom of association, regulation of political speech, government-mandated monopolies, etc.

Criminals

Do criminals not have a right to privacy?

ProtonMail - That still in use?

Seems to work?

I wish people would just stop with this

[symes]

If you want privacy then randomly pick a motel, turn on the taps in the bathroom and have your meeting there. As soon as you write anything down you leave a trial. All this nonsense about privacy and email is daft.

Re:I wish people would just stop with this

[ControlsGeek]

Don't forget to draw the blinds LOL

Runbox

Works well. Fairly cheap. Good support

use i2p instead

use i2p instead

Not to worry

[kaizendojo]

This situation will get better when President Trump takes over....

"Wrong" user?!

[fnj]

Poor brainwashed intimidated scared Ghostmail: THERE ARE NO "wrong users". Freedom of personal life against spying is a HUMAN RIGHT. If you only allow cheery apple pie free speech that you agree with, then it's not free speech. And if you deny freedom from spying to random people because, heavens to murgatroyd, they MIGHT POSSIBLY be "bad" people, then you don't believe in freedom, and if you don't believe in freedom then you believe in subjugation.

One man's terrorist is another man's freedom fighter. The extremes may be obvious, but the line of separation in the middle is thin and ill defined. You may think you "know one when you see him", but you don't even know how to define what a "bad guy" is. Don't categorize. Punish the transgressions, not the thoughts and traits.

Good

If they think only some people should be entitled to freely communicate then they are against democracy and free speech. They have no business pretending to champion the causes of anyone but the authoritarians in government who want to remove any and all privacy

You're missing something obvious

For the time being, anyway, Apple mail and messaging are secure.

client encryption

[ooloorie]

Your E-mail isn't secure in transit anyway, so using a "secure provider" really only helps with where your data is permanently archived; if you don't want it to be permanently archived on Google/Yahoo/Microsoft/Apple, just download it. Most clients can be set up to do that. If you really think GhostMail-like models give you something, you can always host an E-mail server on a virtual machine, or even more securely, on a RaspberryPi at home ("E-mail server in a closet", popularized by someone recently).

None of that is going to give you actual security. If you want that, you need to use end-to-end encryption with an E-mail client that supports that, and both ends of the conversation need to use it. There are plenty of those kinds of clients for pretty much any platform, so just look for those.

Mail-in-a-Box

Setup your own secure email server on DigitalOcean or similar host using Mail-in-a-Box.

https://mailinabox.email/

We should also make sure only good people have gun

Oh wait...

GhostMail Alternative

StartMail.

"A word to the wise is sufficient."

Ghostmail shutdown is NOT an end !!

[Mailfencer]

Whatever the reasons are behind Ghostmail shutdown, I firmly believe that privacy-conscious users looking for email alternatives will not be let down - as their are other numerous other services out there, which are fighting for digital freedom and striving hard to provide secure & private emailing services at the same time (mailfence is one of them, that I personally use and am extremely satisfied with it). Now the only loss which I see here is more of a higher level to privacy-conscious community on the whole, which certainly needs more and more related solutions unless end-to-end encryption goes mainstream.