/tech/ - Technology★

>>878322 (OP)

No such thing. The best you can do is setting up your own server.

Sticky

>>878338

* not even

all "secure" and "privacy" emails are just honeypots

>>878338

>Doesn't require you to install anything for it to work, it works in your browser.

implying that's a good thing, nigger

also I bet this CIA shit requires javascript

> Open-source: htt ps://github.com/tutao/tutanota

It's not free software because you cannot see the server code as it runs, you can only trust it (if you're idiot, and you are)

>>878338

< No support for other e-mail clients like Thunderbird (yet)

< No search function to find emails, so you need to organise them into folders

You can't do these because they have a retarded ultra-top secret special snowflake encryption. And no, it won't be changed. The result is that you are forced to use their shitty, bloated, javascript-infested webmail only instead of a normal client, for "muh extra security". They really fucked up with that one, IMO.

>>878322 (OP)

>Obviously you're never going to keep out Big Brother,

fuck off back to tech crunch

>>878338

it's shit. literally anything that isn't cock.li (or some obscure yiddish email host that somehow survived from the 90's) is complete garbage

any mail is secure if you use gpg

I agree that Tutanota isn't what email should be, however I think it's the best we can get for now, which was the OP's question.

Running your own is the best of course, but most people can't be bothered to set it up.

>>878351

I called it open-source not free software, read my post.

>>878354

Then use the app instead of the browser.

I think they also planned a desktop-client of their own.

>>878359

> literally anything that isn't cock.li is shit

> obscure yiddish email host that somehow survived from the 90's

Then stay in the '90.

>>878363

>it's 2015!

>we need 100mb of JS so it can feel like you're doing something sophisticated while waiting 2 minutes every time you want to check your email

>we need crypto in the browser so we can feel secure!

>>878322 (OP) >>878338

Javascript they provide is not free software.

Their "Apps" are neither.

(((Open Source))) is not Free Software. Learn the difference, it may cost your life.

It is impossible to prove whether they scan and datamine your mails or not.

It is impossible to prove whether it's a honeypot or not.

It is impossible to make secure cryptography with javascript IIRC. There is a GnuPG extension for Firefox that can encrypt any text you enter in a browser, so it doesn't matter what webmail you use, it even works with imageboards.

There were numerous proofs of Protonmail collaborating with police/courts from irrelevant shithole countries like Indonesia or Ukraine and giving them server logs, they also ban people for something bad or false accusations of it. If you want to be a bad guy on the interwebz, use Tor or i2p-based email systems.

If you need privacy/confidentiality, any normal email server, especially self-hosted, is sufficient, don't forget to encrypt the data with GnuPG and wipe it with cloth or something.

Be aware that most email servers are poorly configured and won't accept mail from other servers they don't trust. Also there is a much probability of your incoming mail being passively sniffed, stored and read by every host operator between your server and sender's server if link is not encrypted.

If you need anonymity, don't use email ever. The protocol itself leaks too much metadata and GnuPG/RSA has no forward secrecy, key management is cumbersome. It is okay to use GPG for signing official documents and software packages, but not encrypting data on daily basis while staying anonymous and keeping legal deniability.

Use XMPP with OTR or OMEMO if you want better encryption security than GPG.

Read the sticky thread first, it has lots of useful links and articles if you expand it.

>>878374

>your ISP on any local hackerman can tap into your cable and see all incoming Dragon Dildo subscription offers

>>878322 (OP)

>any comm setup whatsoever

botnet faggot

>>878388

Protonmail also requires a resident IP and/or Google ReCaptcha to register an account. avoid.

>>878391

>not using the RSS feed

>>878417

recaptcha? when i try to create a protonmeme account over tor it requires donation or phone. then once in a while it will let me use an already existing email address. even the cancer that is recaptcha would not be as bad as this. because recaptcha only outright blocks tor 50% of the time

>>878391

>hosting your home server at home

Is the cock.li+gpg combo the most secure email setup I can get? I couldn't find another "secure" email provider which lets you register without javascript.

>>878437

I have like 10 protonmail accounts and not once have I not had the option to use an existing email.

>>878519 (me)

Or captcha*. Never had to use a phone number or donation.

>>878520

then you have a good goy IP address. it's still shit

>>878526

>t. torpedo

>>878494

Cock.li is not particularly secure. The potential harm caused by javascript during sign-up isn't that big.

>>878338

You forgot to add that you can't block annoying spammers without a paid subscription. I'm moving away exactly because of this.

>>878322 (OP)

There is one thing Protonmail does, but most normal email providers don't: incoming plaintext mail encryption. Yes, those Dragon dildo subscriptions and whatnot. Websites only ask your email address, not a gpg key, therefore most email still comes unencrypted, and this is what people use email for, registering to websites and sometimes mailing lists. Communications could be done more efficiently with Tox, XMPP or Matrix mentioned above, and those have superior encryption algorithms, but you can't register a forum account with XMPP.

Though, inbox encryption could be easily solved with self-hosted solutions, but leaves metadata like text/file size and date/time stamps.

>>878391

Good. Maybe he'll give me some recommendations.

whats wrong with protonmail?

>>878671

nothing

>>878671

>whats wrong with protonmail?

<here goy let us encrypt that for you.

<no goy we totally don't have acess to your keys

not sure if mentioned yet, but protonmail does a decent job

>>878768

>protonmail does a decent job

To share your email with Mossad?

>>878710

<just ignore the fact we have the plain text of your emails before we encrypt them

>>878776

There's no way around that. Protonmail does the most an e-mail provider reasonably can, as far as I'm aware (I don't use it).

When cock.li's servers were seized, Protonmailesque protection would have been able to stop law enforcement from getting access. It does provide real protection, just no full protection.

>>878338

If you forget your password you're fucked as there's no recovery options

>>878779

I completely disagree. Protonmail is much more harmful because it gives people a false sense of security. They are the ones who encrypted it so they can can decrypt it when law enforcement asks them to. With cockmail Vince is conpletely open about the fact that email is inherently insecure and that if you want privacy you are expected to use PGP.

>>878782

They can't decrypt it on request if they don't have your password.

Asymmetric cryptography lets you have separate keys for encryption and decryption. You do know about that, right? It's essential to PGP-encrypted e-mail as well.

>>878785

As far as I am aware protonmail stores your private key on their servers(encrypted using your password as a key) and thus has access to to it. This is why you can't use third-party clients with their service. I could be wrong of course.

Semi-unrelated but they base64encode unencrypted messages and because of this shit up a load of mailing lists with messages that only the unimportant people using webmail see.

>>878793

They only have access to it if they have your password, then. If they don't have your password they can't do much.

As long as they're willing to go full lavabit if they need to it's fine.

>>878799

Every time you give in the password they can be running a modified (probably non-free) javascript program that sends the secret to them. Any "security solution" that requires you to run their proprietary software, especially if they can change it anytime as is the case with web apps, is snake oil.

>>878671

everything

>>878782

what this anon said

/thread

>>878821

hey stop please, if too much people know about it, they will overload it

let it be only for the elite initiated

also I think eventually some (((corporations))) would blacklist his domains because he allows anonymous signups; a few services already do.

>>878362

>any mail is secure if you use gpg

not really

shit mails like protonmail or tutanota force you tu use javascript webmail, javascript allows them to fingerprint you to death (time between keystrokes, reading things from web browser etc)

>>878363

>I agree that Tutanota isn't what email should be, however I think it's the best we can get for now

it's not best, it's worst. Even hotmail is better as you can use 3rd party client with it

>I called it open-source not free software, read my post.

then why calling it open-source when it's meaningless and doesn't offer any advantage?

>Then use the app instead of the browser.

>I think they also planned a desktop-client of their own.

Haha good goy, if you think I am going to use their malware x86 code to use their fucking mail then you are nuts

their client will have full access to your computer. guess they need more than access to your web browser with javascript. They are CIA after all

>>878651

>There is one thing Protonmail does, but most normal email providers don't: incoming plaintext mail encryption. Yes, those Dragon dildo subscriptions and whatnot. Websites only ask your email address, not a gpg key, therefore most email still comes unencrypted

it doesn't matter because since email comes unencrypted to protonmail, man in the middle like CIA can just take it and store it

also it's obvious protonmail saves all mail messages as second copy with protonmail private key, so they can decrypt all messages and send them to CIA (or maybe they don't need to send to CIA, because protonmail could be CIA itself)

>>878779

>When cock.li's servers were seized, Protonmailesque protection would have been able to stop law enforcement from getting access. It does provide real protection, just no full protection.

Protonmail servers won't be seized because they just give away all emails to any "authority" that request this

>>878785

>They can't decrypt it on request if they don't have your password.

but they HAVE the password. all they need is to send you modified javascript code ONCE, that will send password from input box when you enter it to them

or are you saying that you analyze few megabytes of protonmail javascript code every time you visit it?

>>878821

waifu was cucked a few months ago. cockli might be the same

>takes great pains to send secure email

>recipient slips up and you're compromised along with him

You're all idiots.

>>878829

>since email comes unencrypted to protonmail

Email is sometimes sent over TLS. A lot of email servers don't use it though. You are still relying on the other person to be secure.

>>878322 (OP)

>has secure email

>emails friend@gmail.com

bitchass dicksucker vincent cockfield disabled a bunch of my inboxes that i registered using tor fuck yall cocklickers

protonmail

/thread

>>887544

>Israeli servers

<KEK my Shekels

>>887544

>>878782

<THIS.

PGP... what ever happened to TOX?

>>878322 (OP)

anything you can use pgp on, which is basically anything.

>>889903

speaking for myself, twice there was an instance where a file transfer request popped up and the person it came from said they didn't send it. Haven't touched it since.

>>878769

so going by all the baseless fud posted, looks like protonmail mail is pretty ok. Still I would encrypt messages just the same, or better yet, not use fucking email.

>>878821

Cock.li is good for a laugh, but it's probably run by FSB. I wouldn't touch that shit with any online payment or banking unless you enjoy being raped.

>people using cock.li

It's confirmed run by goons. Avoid.

>people using protonmail

It's confirmed run by israelis. Avoid.

What about Mailfence or Scryptmail?

>>889902

Still better than US.

Funny story for you guys:

Logged on to this ancient hotmail account I have to send an email to an old coworker. I decided to add a joke title that involved a string of.. problematic words such as bomb, terrorist, jihad, etc.

Upon attempting to send, the email went into drafts and stayed there for half an hour along with some bullshit message that was pretty much saying "your email needs to be verified" or something along those lines.

GG M$!

>>878823

>blacklist

That's my biggest issue with cock.li. Sending emails to normalfaggots is unreliable as I've discovered many times. Gmail simply does not let them receive my mails sometimes, and I suspected it didn't let them send to my address on occasion as well.

>>890532

They want you to verify because you're logging into an ancient account, the system will think you're a spambot using harvested user:pass combinations. Fucking retard.

Posteo

>free/libre JS

>A small yearly fee.

>encrypted storage optional.

>gpg encryption supported.

>Multiple mail clients supported.

It's honestly much better than Proton and Tutanota since they're web only and require loading of nonfree JS. I use it and love it.

>>890546

No dipshit, I didn't mean that I don't log in or send emails thorugh it, I just said that I've had that account for a really long time.

It has never, ever done such a thing with any other email ever before.

The exact message I got while waiting for half a fucking hour was "Your message will be sent, but we're not quite ready yet."

cock.li or sdf.org

Email is insecure by design, baking encryption into the platform is like putting make-up on a pig. If you absolutely need to send something mission-critical over email, use PGP.