Search Mailing List Archives
[liberationtech] Secure hosted mail
mfidelman at meetinghouse.net
Sat Feb 25 10:40:49 PST 2012
John Graham-Cumming wrote:
> I'd be interested to hear opinions from the list in privacy aware and secure hosted email.
> Are there opinions about any of the services like Hushmail, Neomailbox, ... Looking to dump gmail.
Well... hosted implies that you have to trust the hosting provider. You
get some protection by encrypting your traffic.
You're a bit better off if you run your own server - be it on a virtual
or physical machine - but it still ends up "living" somewhere, be it on
your laptop, desktop, in a data center rack, or as a virtual server on
someone's cloud (it's still in a rack somewhere). Security remains an
issue of how hard it is for someone to get to that server, and then to
its contents - and how much you care about traffic analysis (encryption
doesn't help a lot there).
All of the above are somewhat vulnerable to DNS-based attacks, and
attacks on intermediate transport nodes.
If you want to be really paranoid, you can play with something like
Freemail - email running over Freenet (see
https://freenetproject.org/freemail.html). Now you're sending mail
peer-to-peer over freenet transport -- no intermediate servers to worry
about at all. Not sure though how things work when you're exchanging
email with non-Freenet users. (I also expect that there's something
similar for gnunet, gnutella, and other p2p environments).
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
More information about the liberationtech