Email security how and why

I hope this thread will become a good path for people to follow on their journey towards privacy and security which are non-negotiable parts of free society.

WHY is privacy and email security important? It is not just what you write and your security, it is also security of the person you are writing with.

For example… one is writing perfectly legal correspondence involving … say sexual minority… with person in another country… say Palestine. Now… IF the emails are NOT encrypted there is a RISK that local intelligence network will capture that message. This means that there is a good chance that Mossad (israel intelligence) will want this email as it involves palestine people (Intellegence sharing and trading). While the palestinian person has not committed any crime… information about his/her sexual orientation can be used (by mossad) to blackmail him/her to observe and report on third persons activites (who might live in same building or next door).

This is an example of plausible path where perfectly law abiding person is put in a very compromising position.

email security is a part of much lager issue but to keep things manageable I wish to focus just on email security on this thread. As things move along… we can open new threads to address other issues.

and now to HOW…

We have few different types of email, few different OS and we wish to access email from our computer and from our phones. This means a lot of different combinations. I hope to gather a good HOWTO that will have sections for most common setups and list pros and cons for them.

I hope to hear from people who have already done setups for their own systems (what they used and how happy they are with it)

Email can be a web service (like google mail) or it can run as a service on providers server. ( like … IMAP, POP3, SMTP ). One needs a mail client to access mail servers ( like icedove ) … one that supports encryption or encryption addons.

So far i have only tested

webmail - google (<> os - linux )<> browser - firefox and tor browser <> addon - mailevelop : works, major con - google tracks you extensively. Has e list of web mail providers with which things work smoothly (no knowledge on how secure these are ) inconvenience involveld if one wishes to use specific webmail that is not listed.

untested - should work
webmail - google (<> os - win mac … )<> browser - firefox <> addon - mailevelop

Next I am looking for pop / imap setup with linux. This will add mta (mail transfer agent) and mail client to the setup - recommendations?

@enomuumi I appreciate your concerns but I have to assume there must be a lot of information on that subject outside of Overgrow & the answers you’re looking for are probably there too. Not to diminish your point or to discourage, just saying we’re experts on cannabis here more so than email/ip sec. There are indeed some smart people here so I hope you find what you need.

remind them it’s called the “fertile crescent”

Checkout https://flowcrypt.com/ it is browser plugin that can encrypt Gmail smoothly.

For desktop clients (like Thunderbird) there is Enigmail PGP.

hi cannabissequoia

As cannabis is still illegal in many part of the world … extra care should be taken with people who are interested on such things. As mentioned… it is not just you, it is also people who you communicate with.

This is partly to document my journey so that others could follow. Naturally pointers and help (if someone has already done the journey) is much appreciated.

connecting to mailservers <> linux <> ice dove (mail) + enigmail (addon) … works nicely so far.

connectin go google mail … very easy
connectin to unknown mailserver (config info given) … Still easy imho.

Just saying it’s up to any one person. How they wish to act in regards to email security. If you believe mossad or any other malicious entity is trying to intercept your emails. It’s up to you as a person to remove yourself from those situations that may “very hypothetically MAY” arise. Not everyone else. This is bullshit imo unnecessary scaremonger tactics

A very simple method - both correspondents sign up for a Protonmail account and use it exclusively for communication.

There is no way to get reliable info on how common or rare such things are. (blackmail my inteligence services)

Point of the story is that it is not just YOUR message and what it would mean to YOU. it is also what they would mean to the other person. … these days something like lbgt is ‘who cares’ for westerners but it is a major issue that can get one killed in africa. not something I would wave a flag in palestine or russia either.

Indeed it is my responsibility regarding what I write and to whom I write to. I do think it is better to be safe than sorry. I also feel that people too often only consider what it would mean TO THEMSELVES PERSONALLY if their email was public and never think about what it would mean to the people they have written to.

Intelligence agencies are not trying to intercept my emails specifically… they intercept everything they can. I trust snowden shed enough light on this issue to verify this.

Thank you for the link cogitech. proton mail is good.

I feel that people would be more likely to add pgp to their current email than open up a new email with new provider.

Proton, tutanota and tor are all comp’d. Tutanota was the last to fall (just recently). OPsec is the new wooly mammoth… extinct…

What Snowden didn’t, vault 7 did. And yes, EVERY piece of digital information is mass collected. To the point even ‘drafts’ in gmail. And fun fact… it’s ALL sent to China

You can also use a wifi than is not linked at all with your physical adress ^^

1. Adding PGP to your e-mail client is useless unless the receiver also uses PGP. Many people you send email to will have no idea how to add PGP to their email client and no idea how to ensure it is actually working. If the receiver of the message is not using PGP, they won’t even be able to read your encrypted messages.

2. Signing up to protonmail is far easier to do, for the vast majority of people, than installing and configuring PGP for an e-mail client.

You do you.

Reference?

It is all well and good to make such claims, but another thing entirely to provide irrefutable evidence.

Not extinct, just different than 20 years ago. But, it takes being thoughtful to comprehend the different scenarios / risks / big-picture. Ring-fence what’s important to you.

Pretty sure I referenced vault 7. Sorry wrong post. Tutanota comp was leaked recently by a foreign gov employee. Stating basically after the ‘recovery’ update it was backdoor’d

I’ve seen the Echelon building in S.F. Skated on it too

Old news folks, come on in!

“The ECHELON program was created in the late 1960s to monitor the military and diplomatic communications of the Soviet Union and its Eastern Bloc allies during the Cold War, and it was formally established in 1971.[5][6]”

yes,

Echelon is old news

Data amounts and % of all data traffic captured specifically regarding Brazilian peoples (just ordinary people and business) is bit more recent.

I dont have links to this. One of the aftermaths of Snowden cases.

Difference is that echelon (i did not have details of this) was to monitor MILITARY AND DIPLOMATIC communications OF USSR and EASTERN BLOCK.

To the merit of US and CIA … they have at least moderate documentation and release policy (50 years) on their actions. That is much more than its counterparts.

Tip to “hide” your network from your neighbors or anyone else in range of your wifi.
Add the line" _ nomap " to the end of your ssid or Wifi name. So if your routers name is NoPigs, then simply change it to NoPigs_nomap.

This will prevent your access point or router from broadcasting your network. In the off chance you think you are followed or hacked it just might slow them down a little.
So whatever your network name is just add _nomap to the end…