"Private" email foiled by google

[D Rusak]

As I'm sure many people here can sympathize (see this thread: http://www.cassiopaea.org/forum/index.php?topic=5248.0), I wanted to have a relatively secure email. I decided that the best course of action in my case (since I used to switch emails a lot, and want something easy to remember- .hush seemed to be forgotten easily or weird people out) was to use my university's email. It's very easy for people in the area to remember- most people know the school. On this service there was no spam, and I would imagine (is this a key word? perhaps I really am imagining) that it would be less easy for random people to see it. I suppose if anyone really wants to read my email, they'll find a way. Anyway, I just logged on to find that my email address will now be "[university's name]mail powered by Google". One more sign of closing down, I guess. Almost makes me want to switch to gmail and get it over with, at least that way I can use all those gadgety things.

 

[Nathan]

I've mentioned XeroBank before on this forum, but they do have a mail service bundled in. Emails are encrypted, access is anonymised and stored in offshore servers. Quoted below is the Xerobank operations manager from _wilderssecurity.com regarding tracking activity and complying with authorities.

We aren't locked out of controlling machines in our network like Tor is. However, we are governed by a sophisticated design that is highly resistant to compromise without collusion, and rules that allow us to deal very politely with our traffic, while respecting the privacy of our users. First we separate the identity of the user from the actions of the user, using the VAULTS technology we developed. Secondly, we employ machines to notice "malicious traffic" and to take actions if they see any. All non-malicious traffic doesn't get logged. If the traffic is indeed malicious, it is a violation of the terms of service and is not covered by a secrecy guarantee, so logging can occur in that instance. So legitimate traffic can be attacked in two directions when we don't collude, from exit or from identity:

1a. People's Republic of Banana saw some exit traffic about civil rights that they don't like and want to know which account it originated from. Our machines didn't think it was malicious so it was never logged. The End.

1b. Or our machines DID think it was malicious but a human auditor didn't, so the log created was wiped. Identity of user never exposed to the auditor, regardless. Sorry, Banana, still don't have that info.

2a. Republic of Banana believes a certain person has an account with XeroBank, and wants to know what traffic is associated with it. First, that is against our policy, second, we are not subject to the laws or wishes of Republic of Banana. Third, we don't have a link from Deposit to Access unless the user created one. The end.

2b. Republic of Banana believes a certain person has an account, is performing "evil", gives us the originating IP address. If there is indeed legitimate reason to believe Republic of Banana, we can investigate if there is indeed "evil" traffic exiting our network that originates from that IP address. Then the situation goes to a human auditor. This again reverts to our privacy policy, and if the "evil" traffic isn't violating our terms of service or we don't believe it is "evil", the audited account will attempt to be informed (via email) that an auditor had reviewed their traffic at the request of Banana and found it to be deficient of any concern. Then it is up to the Republic of Banana to acquire court orders in all necessary jurisdictions, assuming legitimate user XYZ doesn't change to a new account. The message sent to Republic of Banana is don't waste our time with anything short of solid misconduct, otherwise you scare away the fish.

I think that's as private as you're ever going to get online, to be honest. One could argue at least there is some protection.

 

[Rich]

I think that's as private as you're ever going to get online, to be honest. One could argue at least there is some protection.

I quite like _http://safe-mail.net, you can get a free account up to 3MB, which is quite usable if you delete regularly.

Their blurb:

Safe-mail is the most secure, easy to use communication system. It includes encrypted mail system with collaboration features and document storage functions. Always accessible at any time from anywhere!
3 Mb space is free. More space and functionality is supplied under Premium Packages. There are no advertisements, downloads or cookies. Safe-mail supports most hardware platforms and any operating system. Includes file storage, spam filters and anti virus protection. Full compatibility with most browsers, email clients and all relevant protocols including POP, SMTP, IMAP, S/MIME and PKI.

 

[ScioAgapeOmnis]

I wonder if the more they tout their encryption and security and privacy features, the more likely they aren't. It just seem that they would attract people that would like to send secure and private messages, and simultaneously attract those who are interested in all such communication (assuming the whole site wasn't created as a front by an alphabet group agency in the first place). Personally prefer hotmail or something equally popular because there are so many people using it with millions of emails going through all the time, making it more difficult to find any "signal" among the large volume of noise for those looking for it (whatever constitutes "signal" to them).

 

[dant]

More likely than not, privacy policies are there as a "sugar pill"
that gives users a "warm and comfortable" sense of privacy
when there is none to be had, potentially exposing the user
of their true identities and thoughts to be added to "The Book
Of Life" as Revelation may have it.

All inbound and outbound traffic are backed up raw for legal
reasons and being a former IT manager, this is true for the
most part - however - the White House and other Alphabet
Agencies may see things differently depending on who is who.

BTW: Amazon (if this is true or a mask) is supposedly building
a new data center on the Columbia River in Oregon close to
Google's Data center as reported by the Oregonian today
(the identity is "unknown") - and I wonder if "The Book of Life"
is/was being built in strategic locations in the US and globally.

FWIW,
Dan

 

[Tigersoap]

I think that's where the use of green language could come handy ?

There is something puzzling about people who share very sensitive datas over email (and the web).
It should be safe but it is not, so we'd rather be careful enough about what we share and with whom osit.
I cannot do much if they read my mail,anyway it's not like I am sharing very specific details about how much I like to watch "Gossip girls"...uhm... I said too much already :|.