[liberationtech] Correction about Riseup Email

Douglas Lucas dal at riseup.net
Sun Aug 12 15:02:57 PDT 2012 

Hi Libtech,

Earlier (see quote below) I said "it appears Riseup plans encryption for
stored emails on their servers in the future." To get a better somewhat
better picture of their email storage encryption and overall privacy
practice, note that their About Us page[1] currently states:

"We strive to keep our mail as secure and private as we can. We do not
log your IP address. (Most services keep detailed records of every
machine which connects to the servers. We keep only information which
cannot be used to uniquely identify your machine). All your data,
including your mail, is stored by riseup.net in encrypted form. We work
hard to keep our servers secure and well defended against any malicious
attack. We do not share any of our user data with anyone. We will
actively fight any attempt to subpoena or otherwise acquire any user
information or logs. We will not read, search, or process any of your
incoming or outgoing mail other than by automatic means to protect you
from viruses and spam or when directed to do so by you when
troubleshooting."

Douglas

1. https://www.riseup.net/en/about-us

On 08/07/2012 10:53 AM, Douglas Lucas wrote:
> Hi Libtech,
> 
> If Riseup does what they say they do[1], emails sitting on their servers
> are not mined for advertising or LE (unlike Facebook chat, or as Maxim
> suggests, gmail); their servers do not log IPs; IPs are not embedded in
> emails; and outgoing emails to other secure email providers are
> encrypted (StartTLS).
> 
> Furthermore, it appears Riseup plans[2] encryption for stored emails on
> their servers in the future. Such a scheme would make the emails
> difficult for LE, or more broadly, attackers, to get, even with a
> warrant -- not only would they have to obtain forced decryption power,
> which I don't think they have as of yet in the US, but also Riseup might
> not be able to provide the relevant keys in any case. (That the NSA has
> copies is a vulnerability, but perhaps not a relevant one, as to my
> knowledge LE can't introduce NSA copies as evidence.)
> 
> 2. https://we.riseup.net/riseuplabs+fsoc/personally-encrypted-imap-storage

More information about the liberationtech mailing list