Then if a backdoor was demanded to be added, it would affect the whole user base of these browsers. Does Lavabit use PGP?New comments cannot be posted and votes cannot be castThe intersection of technology, privacy, and freedom in a digital world.Press J to jump to the feed. The recovery code is essentially a government recovery code/backdoor used to read your email if requested by the government. Easy problem to side-step.I tried a few different times before and there were only sms and donate options, on my last attempt now did I see the email verification option.I don’t think any of us know what is the overall situation on exit nodes, do most people see an email option or not?
Then if a backdoor was demanded to be added, it would affect the whole user base of these browsers. We should not encourage users to trust inherently unsafe services just because they are easier. [footnote: Notwithstanding the emergence of free (beta), opensource end-to-end encrypted email providers that also encrypt meta-data, such as Scryptmail. It does not protect against: Fortunately, Protonmail has just established a new Tor hidden service for ProtonMail, which also includes an Extended Validation (EV) certificate, increasing the difficulty of targeted MITM attacks. So anything not encrypted before reaching their servers can be read by them.
I have a Proton Mail account and have done since the start, but something is drawing me away from using the service. The most usable method for PGP end-to-end encrypted emails, which involves an important security trade-off, is to use a centralized email provider such as ProtonMail or Tutanota. It just didn’t evolve or improve like HTML or other standards have.The only changes we’ve seen were SMTPS (which is the implementation of SSL on top of SMTP) and Extended SMTP, which as far as I’m aware mainly introduced a few new commandos.Thus, looking at it, there appears to be no genuine effort in improving what we currently call E-Mail.
(There are some browser plugins that may assist with this.) Love them or hate them, but modern Instant-Messaging-Services have a better encryption and user verification standard than mail ever will. Passwords couldn't be recovered. ... Renogy vs Rich vs Lightcatcher vs Mightymax - …
Maybe SMTP just isn’t flexible enough to make any significant improvement in regards to verification and encryption.Though it seems to be getting replaced for better or for worse anyways.
I have a Proton Mail account and have done since the start, but something is drawing me away from using the service. But they don’t seem Tor-friendly to me. Similarly, Microsoft has a history of reading ‘private’ emails and messages and cooperating fully with LE authorities.
against for critical communications, particularly if exposed meta-data . )Someone feeling awesome to check if that was suggested / can suggest that to them?Last I saw DIME support is in Thunderbird is worked on a fork called Volcano behind closed doors.Nonetheless if you think this belongs better in the browser I’ll see what I can do.Email is a pile of shit however its going nowhere.
Then they would have to ship the backdored add-on to everyone and then there would be evidence that there is a backdoor.I don’t think an add-on will find widespread adaption either. Whonix users - the kind that ask questions in the forums every day - who won’t/can’t manage PGP due to technical issues and are willing to risk Javascript in a separate VM just used for email and nothing else.
SSL-stripping, man-in-the-middle (MITM) attacks and a host of other vectors mean it is only a matter of time before your account is breached and exposed under one of the dragnet surveillance programs in operation world-wide.Privacy is also impossible if you resort to corporate services like Gmail and Yahoo, which have automated software that scan all incoming and outgoing emails for keywords for advertising purposes. [ I believe LavaBit allows you to set up your own client easier too ]However, Tutanota and Protonmail set up and manage PGP a lot smoother.Posteo you will probably have to manually set up PGP.I’m for tuta, if u encrypt, it’s end to end as ur receiver cannot open it without logging onto the tuta server.
How much worth is your super secure SSL engine, if the communication between the web server and the SSL engine on their server is still easily compromised by an adversary that can force local hardware access. I can hardly see any way of making a fully end-to-end encrypted mailbox possible with a standard mailing program like Thunderbird.Making a purely subjective guess, I’d say it’ll stay the same unless PM changes their stance on Tor nodes, seeing how over time more “bad guys” will likely try to use PM over Tor, while at the same time, new nodes are added to the network at a steady pace.Again, I don’t think we can write off Protonmail just because it doesn’t (yet) have desktop email compatibility with Icedove et al and the Javascript issue.Unless your key is on your machine none of this is considered safe. That might be worth writing up alongside a basic outline for secure PGP key generation and Enigmail with Icedove when/if I get around to it. Unfortunately, this is simply beyond most users and unnecessary for their threat model.
Email is a notoriously insecure protocol which is generally recommended . (Much more people involved than just a few people using some unpopular browser add-on. Though now, they claim these are stored in a “hardware security module” which isn’t accessible by themI easily grant them this to be true, yet that doesn’t give one what they are implying with it.