by Jean Luc Picard

Privacy-Conscious Email Services

 

On this page, you will find a listing of various email service providers.

Visit here to specific informations around their security and privacy (website refreshed every 30 minutes).

Anonymous Speech
Autistici/Inventati
Bitmessage E-Mail Gateway
Co-Mail
Cotse.net
Countermail
Fastmail.fm
Inbox.lv
MyKolab
Neomailbox
Openmailbox
Posteo
Privat DE Mail
RiseUP
Runbox
SAFe-mail
Swissmail
TorGuard E-mail
Unspyable
Vmail.me

from here

by Jean Luc Picard

Recommended Mail Provider

 

The following email providers are privacy-friendly and offer secure SSL encryption for POP3 and SMTP. The HTTPS encryption for some webinterfaces is not genuinely secure and email tracking features are not blocked at all if you were using webinterfaces. We recommed the usage of email clients like Mozilla Thunderbird for email communication to avoid this flaws. (The random order in the list isn’t an assessment.)

Provider Comment
neomailbox.com offers secure, anonymous e-mail accounts hosted in Swiss, sender IP hiding, for $3.33 per month, anonymous payment with Pecunix, secure HTTPS encryption for webinterface)
Posteo and aikQ German mail providers, servers located in Germany, accounts from 1 € per month, anonymous accounts possible, anonymous payment by letter, secure HTTPS encryption
Mailbox.org German mail provider, servers located in Germany, anonymous accounts from 1 € per month with calendar, addressbook, filesharing, OpenPGP encrypted mailbox and mail delivery only with SSL/TLS possible, sender IP hiding, anonymous payment by letter and Bitcoin, secure HTTPS encryption
JPBerlin German mail provider, political committed, servers located in Germany, accounts from 1 € per month, user address is used only for the bill and fakes are accepted as well, anonymous payment is possible by letter and Bitcoin, secure HTTPS encryption
runbox.com Runbox Solutions AS is a Norwegian limited company, server located in Norway, accounts for $1,66 per month, anonymous payments by postal letter possible, secure HTTPS encryption
VFEmail anonymous mail provider, free and premium, sender IP hiding for premium user, use a temporary e-mail address for registration and choose hosting in Netherlands, disposable addresses, secure HTTPS encryption
ETHICmail offshore corporation (Seycellen), operators are located in Gibraltar, servers located in Japan, Swiss, two accounts from $11.90 per month, emergency wipe of mailbox by SMS possible, secure HTTPS encryption
CryptoHeaven anonymous accounts from $60 per year, offshore corporation, servers located in Canada, flaws in HTTPS encryption
Private DE Mail supported with donations (not free as FreeBeer), free anonymous email accounts with POP3/IMAP/SMTP, operator unknown(!) and NOT listed on website, Tor hidden services for all protocols
XMAIL.net operated by Aaex Corp registrated at British Virgin Islands, server located in Canada, free version with POP3 but without SMTP, premium accounts from $10 per year, flaws in HTTPS encryption
MyKolab.com Swiss hosted groupware with addressbook, calendar and email, email accounts for 4.41 CHF per month with SMTP/IMAP/POP3, groupware accounts for 10 CHF per month, no third party ads used for webinterface, secure HTTPS encryption
Associazione-Investici, Nadir.org, AktiviX.org services for political activists, offers blogs and mailing lists too, you have to give a prove for your political activities but it is not required to give a real name

Due to the US PATRIOT Act (especially p. 215ff) and the fourth amendment to the FISA Amendments Act it is possible for US authorities to eavesdrop on the communication of non US citizens without warrant. According to the US authorities it is enough that the servers are located in the US. In the EC study Fighting cyber crime and protecting privacy in the cloud the authors are warning about political surveillance. That’s why we can recommend the following email providers only partially.

  • SecureNym (offers anonymous e-mail accounts, offshore corporation, servers located in US)
  • Fastmail.fm (free version without SMTP support, premium version full featured, server located in US)
  • Riseup.net (service for political activists, offers blogs and mailing lists too, servers located in US)

Security Notes: Information about long term communication partners can be used to feature out your real identity! If you need a highly anonymous e-mail account to do something – may be for whistleblowing – create a new mail account and use it only for this one job. Delete the account, if the job was done and never use it for other communication partners.

GMail and anonymisation services

User of GMail accounts may have problems using TorBirdy and anonymisation services like JonDonym. The Google account security team wrote an answer because of questions by the Tor community:

Hello,

I work for Google as TL of the account security system that is blocking your access.

Access to Google accounts via Tor (or any anonymizing proxy service) is not allowed unless you have established a track record of using those services beforehand. You have several ways to do that:

  1. With Tor active, log in via the web and answer a security quiz, if any is presented. You may need to receive a code on your phone. If you don’t have a phone number on the account the access may be denied.
  2. Log in via the web without Tor, then activate Tor and log in again WITHOUT clearing cookies. The GAPS cookie on your browser is a large random number that acts as a second factor and will whitelist your access.

Once we see that your account has a track record of being successfully accessed via Tor the security checks are relaxed and you should be able to use TorBirdy.

Hope that helps,

Google account security team

from here

by Jean Luc Picard

Anonymizing Documents and Pictures

 

Office documents and pictures contain lots of information in the meta tags that may deanonymize their author. Before uploading them to the Internet you should remove this meta data.

Pictures and Fotos

Meta tags in pictures and image files may be deleted in the file manager with a right-click. Choose the option “Remove meta tags” in the context menu. You may select and clean several files at once if you press the <CTRL>-key simultaneously. In the properties dialog of the file manager you may check the success of your attempt to delete the meta information.

metadata anonymisation

Office Documents, PDFs, MP3….

You can use the Metadata Anonymisation Toolkit (MAT) to clean OpenOffice documents, Microsoft Office documents, PDFs and MP3 and FLAC sound files. Archives are supported too. Simply click with right mouse button on the file in the file manager and choose the entry “Metadata Anonymisation (MAT)”.

Alternatively you may open the GUI of MAT. A menu entry you may find in the applications menu in the group “Utilities”. Add the files you want to clean to list clean the list. The cleaned files are stores in the same directory like the original files with the extension “.cleaned” in the name.

Deleting meta information

Documents from unknown source

MAT for documents and “exiv2” for fotos are useful tools to remove meta data from your own, self created files. Both can not anonymise the content, nor handle watermarking, steganography, or any overly customized metadata field/system from unknown source. You have to clean such documents more aggressively:

  • You may print the document with low resolution and scan it afterwards. For scanning of text documents you may use black/white color scheme and a low resolution too. Clean the scan images as descripted above.

from here

 

by Jean Luc Picard

NSA Email and Phone Tracking Programs

 

Reportedly based on Edward Snowden NSA documents provided to Glenn Greenwald who co-authored an article for Brazil’s O Globo newspaper.

Source of four slides:

http://oglobo.globo.com/infograficos/volume-rastreamento-governo-americano/

Translation from Portuguese to English by Google, slides by Cryptome.

Original in Portuguese

[Image]

from here

by Jean Luc Picard

Lavabit and End-point Security

 

[In reverse chronological order.]

Date: Sun, 11 Aug 2013 08:55:42 -0700
From: Andy Isaacson <adi[at]hexapodia.org>
To: cypherpunks[at]cpunks.org
Subject: Re: Lavabit and End-point Security

On Sun, Aug 11, 2013 at 10:39:55AM -0400, Sean Alexandre wrote [full email not received]:

> your more typical sys admin could find
> and use. They might not have everything, but enough to make their services
> 99.99% secure. Those that provide the info would probably still have some
> things to their own and be 99.9999% secure.

Security doesn’t work that way. Keeping your system secure is like walking a tightrope across a gorge filled with ravenous tigers every morning. There are a billion ways to fuck up and get owned/eaten by the tigers, and asking someone who’s successfully walked the tightrope every day for 40 years “tell me your secret?” completely misses the point.

The expert can share advice and point out when you’re about to step off the tightrope, but no kind of advice can substitute for your own caution and experience. Pretending that a magic balance bar, or a magic technique that can be applied without careful thought, or a magic shoe that will make you stick to the rope, will save you is the kind of thing that works in a fairy tale but not in real life.

The analogy breaks down, though, because in fact you can get totally owned, through and through; exfiltrated, impersonated, and strung up by a prosecutor before a secret grand jury before you even learn that your security has failed. At least the tiger has the courtesy of giving you pain when you fail.

-andy

Date: Sun, 11 Aug 2013 05:45:02 -0700
Subject: Re: Lavabit and End-point Security
From: coderman <coderman[at]gmail.com>
To: cypherpunks[at]cpunks.org

some questions, some answers, …

On Sun, Aug 11, 2013 at 2:27 AM, coderman <coderman[at]gmail.com> wrote:

> …
> 1. use a common distro, but rebuild critical components – bootloader,
> initramfs, openssl, openssh, the kernel, gnutls, libgmp, use 64bit,
> etc.

this means rebuild hardened versions of these libraries from source; excluding insecure cipher suites in an OpenSSL build for example, altering architecture optimizations, supported features, in others, the goal being that an exploit targeted to a vanilla distribution will more likely fail with observable error or crash, rather than succeed silently.

many exploits are very brittle in this respect, with any change in symbol offsets or capabilities rendering them completely ineffective.

> 2. use isolation and RBAC, Qubes, VirtualBox, VMWare, Parallels,
> remember that VM escapes are available and expected. defense in depth
> can never be too deep.

virtualization implies chained exploits for full compromise. combined with the above you’ve drastically increased the cost of a successful attack with modest effort. the likelihood of detection (by appearing vulnerable yet not being so) is also increased.

remember that VMMs and hypervisors are themselves potentially vulnerable software systems suitable for hardening and customization.

> 3. use constrained network access – identify anomalies, control
> bandwidth, firewall ingress and egress aggressively. this implies
> constant monitoring to detect such events. (another exercise left to
> the reader)

data exfiltration can be very visible via network behavior if you’re paying attention. cross referencing connection state in your upstream router vs. local OS view of sockets can identify discrepancies where compromise has concealed covert connections. malware communicating directly on an ethernet or wireless adapter outside of the OS is also visible at this junction.

> 4. rootkit and backdoor your own systems – use the dirty tricks to
> observe and constrain your system before someone else uses dirty
> tricks to compromise your system.

this is mostly a variant of #1 at a kernel / system level. like notepad.exe connecting to the internet, there are some syscall, file access, and network requests which are clearly anomalous and indicators of compromise.

> 5. don’t forget physical security – this is the universal oversight
> and most effective end run around all other operational and technical
> security measures. there is a reason physical access so often implies
> “game over” and why black bag jobs are still and will continue to be
> effective against all targets.

this is a storied tangent unto itself…

last but not least: you must develop a routine of continuous hardening and improvement. these steps are not done once and finished; they are elements within a larger strategy of operational rigor defending against motivated and capable attackers. asking for my “hardened linux build” is missing the point entirely!

Date: Sun, 11 Aug 2013 06:51:32 -0400
Subject: Re: Lavabit and End-point Security
From: Steve Furlong <demonfighter[at]gmail.com>
To: coderman <coderman[at]gmail.com>
Cc: cypherpunks[at]cpunks.org

On Sun, Aug 11, 2013 at 5:27 AM, coderman <coderman[at]gmail.com> wrote:

if i were to summarize what i have found effective against dedicated
and resourceful attackers (again, i can’t go into details 🙂 this
would be the top 5:1. use a common distro, but rebuild critical components – bootloader, initramfs, openssl, openssh, the kernel, gnutls, libgmp, use 64bit, etc.

By “rebuild” do you mean compile it yourself or are you talking full-up review and rewrite? The former should be no problem for anyone capable of setting up a secure hosting service. The latter is probably beyond the means of small teams in any commercially reasonable timeframe.

Neca eos omnes. Deus suos agnoscet. — Arnaud-Amaury, 1209

Date: Sun, 11 Aug 2013 02:27:54 -0700
Subject: Re: Lavabit and End-point Security
From: coderman <coderman[at]gmail.com>
To: cypherpunks[at]cpunks.org

On Fri, Aug 9, 2013 at 7:43 AM, Sean Alexandre <sean[at]alexan.org> wrote:

> … this says Lavabit’s security was so good they
> couldn’t back door his machines….
>
> I’d love to see some kind of write-up by Ladar about how he did this…maybe
> even a book.

i’ve been contemplating a write up about this, but the problem is once you advertise your methods they become less effective.

there really is “security through obscurity” in this sense; when at a resource disadvantage, every little bit counts…

if i were to summarize what i have found effective against dedicated and resourceful attackers (again, i can’t go into details 🙂 this would be the top 5:

1. use a common distro, but rebuild critical components – bootloader, initramfs, openssl, openssh, the kernel, gnutls, libgmp, use 64bit, etc.

2. use isolation and RBAC, Qubes, VirtualBox, VMWare, Parallels, remember that VM escapes are available and expected. defense in depth can never be too deep.

3. use constrained network access – identify anomalies, control bandwidth, firewall ingress and egress aggressively. this implies constant monitoring to detect such events. (another exercise left to the reader)

4. rootkit and backdoor your own systems – use the dirty tricks to observe and constrain your system before someone else uses dirty tricks to compromise your system.

5. don’t forget physical security – this is the universal oversight and most effective end run around all other operational and technical security measures. there is a reason physical access so often implies “game over” and why black bag jobs are still and will continue to be effective against all targets.

Follow discussion thread: http://cpunks.org/pipermail/cypherpunks/

from here

by Jean Luc Picard

We see the writing on the wall

 

Last week the email provider Lavabit.com was closed. It was one of few secure email provider. It was used by Edward Snowden along with other privacy sensitive users. Ladar Levison (founder of Lavabit.com) did not say what it had been asked to do, only that it was legally prohibited from sharing the events leading to its decision. He don’t want to “become complicit in crimes against the American people.”. In an interview he said:

If you knew what I know about email, you might not use it either.

A second secure email service was closed last week too. Lavabit’s note has led to Silent Circle dropping its email service, saying “We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail now.”. In the opinion of Phil Zimmermann and other privacy activist working for Silent Circle there is no way to get email secure:

Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it with SMTP, POP3, and IMAP cannot be secure.

Because of publications by NSA whistleblowers like Snowden, Binney, Bamford or Drake we get knowledge about vast surveillance programs. Email is one of the first targets for communication surveillance. It seems, there is no email privacy any more. You may re-think you communication behavior and don’t use email anymore as far as possible in future. Think about Jabber (XMPP), private messages in forums, TorChat… More ideas are welcome.

from here