Subj : Re: encrypted email providers
To   : Oli
From : tallship
Date : Mon May 31 2021 09:43 pm

On 20 May 2021, Oli said the following...
 Ol>  p> Here are a few supposed private/encrypted email providers that offer f
 Ol>  p> mailboxes (as well as paid plans of course):
 Ol> 
 Ol> It doesn't matter that much. Most of emails conversations aren't
 Ol> encrypted anyway. If you want an encrypted inbox, just retrieve mails
 Ol> from the (webmail provider's) server and encrypt it at home. Use a mail
 Ol> client or browser plugin for PGP.
 Ol> 
 Ol> For really private stuff use p2p FTN Netmail over Tor Onion Service ;).
 Ol> 

I have a slightly different take on it.

1.) Yes, encrypted email providers are a misnomer. I can't tell you how many
people proudly boast that they have a protonmail account so their mail is
encrypted.... Only to discover it isn't, because when they send messages
outside the network it's in clear text, unless your keys have been added to
each other's keyrings.

https://pgp.mit.edu is traditionally where I keep my keys available, and it
looks like sks-keyservers.net has been deprecated. I also take advantage of
the proofs available via https://keybase.io

I use PGP keys all the time, but not always. I typically sign with my keys so
that the authenticity can be relatively assured, but for realy encrypted
communications....

2.) I recommend Matrix - you can run your own Synapse matrix server if you
like, it's pretty straight-forward, and a couple of good clients for both
desktop and Android are SchildeChat and Element.

XMPP is good too if you're using OMEMO, on Android, Conversations or
Conv6sations are good clients, and you have a lot of choices for desktop
clients. I personally prefer Gajim.

I really don't care much for Signal, it leaks too much metadata, such as your
DID (always) and it also shows when the remote party has displayed the
message on their device. Plus, it's not distributed - it's set up as a silo,
although there's no reason why that really has to be, other than the forked
project became unmaintained when Moxie expressed his disdain for others
repurposing his clients to use with other forks of Signal.

I don't really think I would depend on PGP encrypted mail for secure
communications, but it's fine for authenticating the sender. But if you want
to do so I would recommend installing and using Fair Email directly from the
git repo here: https://github.com/M66B/FairEmail

The reason for that is because you'll always have the laterst version for
your Android, and it will automatically update from there. F-Droid would be a
second choice, but updates lag and some feature sets aren't incorporated.
Anything from the Google Playstore should be considered spyware - because it
is.

For Desktop, Most of my customers use Thunderbird, as do I (conigured with
OpenPGP), There are a couple of other good email clients, but Outlook isn't
one of them.

I also recommend that people run their own email servers -
SMTP/IMAP/OpenDKIM/SpamAssasin/etc. The combo I like is Postfix with Dovecot.
I do realize, however, that email is a complete mess to set up correctly out
of the box nowadays, so you should have someone who is good at it do the
install :) With DKIM, DMARC, SPF blah blah blah... Yah, nightmare, but once
you set it up it's a dream to host your own domain's email services.

I don't think that using TOR lends itself to a respectible business
impression, so I would definitely advise against it in the commonplace
business world of communications - other than that of course... it freakin'
rocks! 

--- Mystic BBS v1.12 A43 2019/03/02 (Linux/64)
 * Origin: Vger.Cloud - NOMAD Internetwork (21:2/104)

.