[liberationtech] Secure hosted mail

[Miles Fidelman]

John Graham-Cumming wrote:
> I'd be interested to hear opinions from the list in privacy aware and secure hosted email.
>
> Are there opinions about any of the services like Hushmail, Neomailbox, ... Looking to dump gmail.
>

Well... hosted implies that you have to trust the hosting provider.  You 
get some protection by encrypting your traffic.

You're a bit better off if you run your own server - be it on a virtual 
or physical machine - but it still ends up "living" somewhere, be it on 
your laptop, desktop, in a data center rack, or as a virtual server on 
someone's cloud (it's still in a rack somewhere).  Security remains an 
issue of how hard it is for someone to get to that server, and then to 
its contents - and how much you care about traffic analysis (encryption 
doesn't help a lot there).

All of the above are somewhat vulnerable to DNS-based attacks, and 
attacks on intermediate transport nodes.

If you want to be really paranoid, you can play with something like 
Freemail - email running over Freenet (see 
https://freenetproject.org/freemail.html).  Now you're sending mail 
peer-to-peer over freenet transport -- no intermediate servers to worry 
about at all.   Not sure though how things work when you're exchanging 
email with non-Freenet users.  (I also expect that there's something 
similar for gnunet, gnutella, and other p2p environments).



-- 
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra