Slashdot Mirror

← Back to Stories (view on slashdot.org)

GhostMail Closes in September, Leaves Users Searching For Secure Email Alternatives (zdnet.com)

Posted by EditorDavid on from the disappearing-act dept.

On September 1, "GhostMail will no longer provide secure email services unless you are an enterprise client," reports ZDNet. "According to the company, it is 'simply not worth the risk.'" GhostMail provided a free and anonymous "military encrypted" e-mail service based in Switzerland, and collected "as little metadata" as possible. But this week on its home page, GhostMail told its users "Since we started our project, the world has changed for the worse and we do not want to take the risk of supplying our extremely secure service to the wrong people... In general, we believe strongly in the right to privacy, but we have taken a strategic decision to only supply our platform and services to the enterprise segment."

GhostMail is referring their users to other free services like Protonmail as an alternative, but an anonymous Slashdot reader asks: What options does an average person have for non-NSA-spied-on email? I am sure there are still some Ghostmail competitors out there but I'm wondering if it's better to coax friends and family to use encryption within their given client (Gmail, Yahoo, Outlook, whatever...) And are there any options for hosting a "private" email service: inviting friends and family to use it and have it kind of hosted locally. Ghostmail-in-a-box or some such?

27 of 158 comments (clear)

  1. Privacy is dead by JustAnotherOldGuy · · Score: 2

    I'm at the point where I have to say that real privacy is truly dead.

    Between the NSA, FBI, CIA, DHS, and the other untold number of government and non-government snoops and spies, I don't believe there is any real expectation of privacy left, period. If they want to read your stuff, they will.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:Privacy is dead by Dunbal · · Score: 2

      No, real privacy is so private you will never hear about it.

      --
      Seven puppies were harmed during the making of this post.
    2. Re:Privacy is dead by mentil · · Score: 2

      To be fair, that's what the TLA's WANT you to think: that you have nowhere to hide, therefore you might as well give up trying. Computer security is hard, but some significant progress has been made recently. Compare the security of the latest iPhones to Windows XP, for example.

      --
      Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
    3. Re:Privacy is dead by gweihir · · Score: 4, Informative

      It is not. It takes a little effort though. But if you encrypt email with PGP/GnuPG, use TOR or TAILS for sensitive browsing, don't post your life's story on social media and make sure your PC has reasonable security, then unless you are a priority to be spied on, you will not be.

      Sure, they will still know who you did send email to, but that is about it. As far as I remember, the NSA TAO (the "hackers") has capacity for 100-1000 targets, but not much more. The rest is all mass-surveillance and that can be made much, much harder for them. And it should. Mass-surveillance has zero value to make society safer (remember all those spectacular recent failures ?) and a lot of potential to make everybody less safe and to reduce quality-of-life by eroding freedoms.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:Privacy is dead by gweihir · · Score: 4, Insightful

      Indeed. In fact, every person that gives up on privacy makes the TLA's jobs easier and increases their power. So please do not give up. These people are not who you want to rule the world.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:Privacy is dead by yuvcifjt · · Score: 2

      Well said; Apple appears to be the only major company interested in privacy of their users, and dare I say, even fighting for their users' privacy. Each iteration of iOS hardens their system further from gov surveillance. Case in point.

      Although iOS and iPhones are fairly well protected against gov surveillance, I'm not sure what Apple is doing against commercial spying apps and advertisers, particularly the most evil of all: Google.

    6. Re:Privacy is dead by gweihir · · Score: 2

      It is not as simple as that. Every time they install such malware, they risk losing the vulnerability used. It just takes one person uploading something suspicious to https://www.virustotal.com/ and their $100'000 zero-day exploit may be gone. And the cost is not even the worst. There are at one time always only a small number of zero-day exploits. Hence in order to keep their capabilities intact, they can only ever use these against high-value targets. And they will try conventional hacking (which good security practices prevent) first, which again is expensive.

      So, no, they are not "giggling", they are very careful to use the limited resources they have only against targets that are high-priority. The mere amount of things they do _not_ discover before something bad happens should be a clue.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  2. Re:FastMail by ebonum · · Score: 2

    I think the servers are in NY.

  3. Lavabit by mentil · · Score: 2

    It's ok just sign up with Lavabit.

    Oh...

    --
    Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
  4. Similar happened with anon.penet.fi by Antique+Geekmeister · · Score: 4, Interesting

    Those of us old enough to remember when Usenet was a critical online resource will remember when anon.penet.fi provided a helpful, pseudonymous email and NNTP service. It was invaluable for people discussing issues that were not work safe, ranging from dating services to gender identity to cancer fears to AIDS help to thoughts of suicide. Some typical coverage was done by Wired, quoting the Observer newspaper, at:

            http://www.wired.com/1996/11/a...

    What was amazing about most of the press reports at the time was how they failed to identify the incident that caused Julf Helsingius to shut down anon.penet.fi. The incident is better described at:

          http://articles.latimes.com/19...

    Simply put, someone kept using anon.penet.fi to post court documents revealing Scientology's inner secrets. The documents are infamous and broadly available online, but 20 years ago they were not so broadly avaialble.

    Why do I mention this? Partly because it points out that anonymous, and pseudonymous services, are always at risk from court ordered revelations about their clients. And I mention it partly because it's vital to see press coverage about the events as possibly skewed by fears of retaliation by powerful groups. 20 years ago, man reporters were justifiably _frightened_ of covering Scientology stories. They remembered what had happened to Paulette Cooper, who wrote about them and had bomb threats faked in her name by the cult. Today, press coverage that risks the ire of Fox News or of the Department of Homeland Security or run afoul of the so-called Patriot Act are at similar risks of abusive, extra-judicial censorship with little safe recourse.,

    I'm afraid the desire to censor communications is always around. I do look forward to better details about what triggered the closing of GhostMail's free services. I hope it wasn't a similar abuse of authority, but see real reasons to be concerned that it _is_ about Patriot Act or other government enforced tracking of users.

    1. Re:Similar happened with anon.penet.fi by Kohath · · Score: 3, Insightful

      ...Today, press coverage that risks the ire of Fox News or ... are at similar risks of abusive, extra-judicial censorship with little safe recourse.

      Citation needed. Fox News is just somewhat silly partisan news, like NBC News. When/how did they ever commit "extra-judicial censorship"? Or are they merely guilty by association?

    2. Re:Similar happened with anon.penet.fi by Kohath · · Score: 2

      So just like anyone who ever voiced an opinion then? Let's not proclaim guilt by association. Innocent people are not guilty by association, even when they express an opinion you don't like.

    3. Re:Similar happened with anon.penet.fi by wvmarle · · Score: 3, Insightful

      More likely: they are afraid that they will be suspected of helping suspected people that may be suspected terrorists that may in the future blow the whistle about secret invasive government programmes. Because just that tiny air of suspicion is nowadays more than enough to get the whole world against you (just being called "suspected terrorist" or "suspected terrorist associate" is in certain countries enough to take away any legal rights a normal suspect has, and put people in jail for months without even a formal charge against them).

      By targeting corporate clients only, they can even brush away that risk of suspicion.

    4. Re:Similar happened with anon.penet.fi by Anonymous Coward · · Score: 2, Informative

      Fox News already went to court over this. They successfully argued that they are an entertainment channel and therefor are allowed to lie and make up stories.

    5. Re:Similar happened with anon.penet.fi by Antique+Geekmeister · · Score: 3, Interesting

      > Fox News gets bent out of shape about something,

      Getting "bent out of shape" is not the problem. It's the fraudulent crusades against political, ethical, or ideological opponents. that are the problem.

      Fox News repeatedly, and sadly effectively, misreports basic news to anger and mislead their viewers for ideological reasons. There were numerous examples during the conservative furor that led to the Iraq War. Such deceit was present during the "Black Lives Matter" protests, the "Occupy Wall Street" protests, and the Fox reporting on the fraudulent "abortion harvesting" videos about Planned Parenthood.

      > Fox News here is merely an example of the pulpit,

      The danger is that they represent themselves as a news organization, not a political pulpit. This means that their fraudulent attacks are taken more seriously than those from a more openly political spokesperson.

    6. Re:Similar happened with anon.penet.fi by Antique+Geekmeister · · Score: 2

      I'm sad to say, yes, I'm personally convinced by having watched it. They consistently rate the worst for truthfulness of any national news publisher.

      If it's worth your time, check any level of Fox news reporting about _anything_ where you personally know anyone involved or know the subject matter. It's true even for scientifically verifiable subjects. See http://mediamatters.org/blog/2... as a good example of the problem.

  5. BYO Dovecot + Exim with TLS on both sides by dimethylxanthine · · Score: 2

    Don't panic - it's homegrown and organic!

    1. Re:BYO Dovecot + Exim with TLS on both sides by swb · · Score: 2

      I think it's generally more secure to have a personal email server at home than to rely on a third party system. It does raise the question as to how physically secure your home is, though.

      And of course it raises the question as to who you exchange email with and how secure they treat your emails.

  6. The "wrong people"? by fustakrakich · · Score: 2

    Either these guys are dorks or they were threatened.

    Oh well, it has been said many times before, we are on our own. Best of luck

    --
    “He’s not deformed, he’s just drunk!”
  7. Ennetcom by Anonymous Coward · · Score: 4, Informative

    A more recent and closer example is surely Ennetcom. The dutch provider of encrypted messaging. The dutch police raided the owner, admitting that encrypted comms is not illegal, but that the communications were being used by criminals.

    The actual charges though, did not reflect the PR. There was no such 'illegal because it could be used by criminals' charge. They did a 'possession of an unlicensed weapon', against the owner and a 'money laundering' charge.

    That second charge, the Dutch press expanded on, saying the company was assisting laundering money by selling the phones which could/were resold by criminals to other criminals to launder criminal money. i.e. a nonsensical vague claim. How would selling a phone to another criminal be laundering? You'd receive criminal money as payment!

    It was timed shortly after the failure by the FBI to force Apple to backdoor their phones and it was by the drug police, a unit trained by the FBI, so it appeared to be related to lobbying from external back actors.

    So be careful what you say.

    1. Re:Ennetcom by Anonymous Coward · · Score: 2, Informative

      You miss a bigger irony! Dutch SIM company Gemalto, employees started using Ennetcom phones after Gemalto was found to be hacked by GCHQ to steal all the SIM card keys. So the secure phones issued to defend a dutch company against foreign government hackers were blocked by their own dutch police force.

      Another thing you missed: Ennetcom's servers were in Switzerland, the money laundering charge was how they were able to get the Swiss to confiscate the servers, which a simple gun license charge wouldn't have achieved. This company is also Swiss based and so they didn't want police raiding them, and throwing any random charges against their executives.

  8. Re:ProtonMail by Anonymous Coward · · Score: 3, Informative

    Only problem is you'll end up "vendor locked" due to no support for standard protocols such as IMAP or POP3. :-(.

    Thus, if you ever want to change providers, you'll loose all your emails first.

  9. Re:critical mass by wvmarle · · Score: 2

    Until a critical mass of users choose to encrypt their messages, it will be inconvenient and ineffective for anyone to do so

    That critical mass has to be really big. It's a hard thing to get done, and may not be able to work at all, ever.

    First of all, there has to be a universal encryption protocol, that is supported by all e-mail clients. If there is a need for multiple protocols, they all have to be supported by all e-mail clients. This alone is a massive hurdle to pass.

    Then the encryption/decryption part. For a local e-mail client this can work securely and fairly conveniently and transparently, with your keys unlocked when you log in to your computer, just like encrypted hard disks.

    But how could this ever work securely for webmail clients? The keys just have to be stored either on the main server, or the user has to carry say a USB stick with their key. Neither is exactly secure or safe. Using the USB stick method en/decryption may take place in the browser but then the security breaks when users want to use a shared computer and when the USB key is lost or breaks, the key is lost (unless they remember to keep backups), and all e-mails are lost. When the key is stored on the main server (and encryption is done there), the whole security of encrypted e-mail is broken, as the webmail provider has your key and just has to wait for you to log in to unlock it and they can read all your e-mails again.

    The whole openness of e-mail itself, and it being used as webmail and on shared computers is going to be the issue. Somehow, somewhere the e-mail has to be decrypted, and both the key and the result have to be kept secure. I don't see how that can be done.

  10. Re:FastMail by davester666 · · Score: 3, Informative

    anything in Canada that anybody in the RCMP and/or CSIS even thinks someone in US law enforcement might like to look at gets fedexed there by 9am the next day.

    --
    Sleep your way to a whiter smile...date a dentist!
  11. Re:FastMail by Bronster · · Score: 2

    We run encrypted channels between our datacentres - we're not trusting telco pipes to be private.

  12. Re:FastMail by Bronster · · Score: 4, Informative

    Thanks for the plug. We definitely recommend that users who are concerned about security use GPG with our servers via the standard IMAP/SMTP protocols. We have very good standards support, and as others have pointed out in this thread - if we ran GPG server-side, you'd be delegating the security to us anyway, because we would see plaintext versions of your communication.

    For the best security, you should definitely be running the encryption on equipment under your control (and not 0wned under you... which is your own lookout in that scenario)

  13. Re:ProtonMail by yuvcifjt · · Score: 2

    Indeed!
    This is the only thing that stops me from migrating over to ProtonMail; I'd even be happy to pay for their service, but the biggest problem is not having ultimate control over your own email and data - no ability to download emails to your local device.

    It would be cool if they could build an addon for Thunderbird which is able to download and unencrypt the data to be stored locally, i.e. every time you open Thunderbird, it would ask for the decryption password, similar to their web interface.