[tor-talk] Email provider for privacy-minded folk
Joe Btfsplk
joebtfsplk at gmx.com
Wed Feb 13 21:47:11 UTC 2013
On 2/13/2013 3:58 AM, bvvq wrote:
> On 12/02/2013 3:15 PM, Joe Btfsplk wrote:
>> Here's an article someone pointed out on email providers & privacy; if
>> allow signing up w/ Tor, etc.: the_simple_computer
>> <http://www.thesimplecomputer.info/articles/email-for-privacy.html>
>> They all have + & -, depending on needs. For many, if read TOS &
>> Privacy Policy closely, they may be better than gmail, but not as
>> private as their hype says.
>
> Great link. Interesting site.
> (It's amazing that the web is so vast that after 15 years online,
> there are still websites tucked away that I haven't seen.)
>
>
>> I took the info from The Simple Computer article & made a chart, plus
>> current data (some not in the article) from several providers' sites. If
>> anyone was interested & if I knew how to (easily) get it uploaded -
>> somewhere - I could do that. It's not the be all & end all, but has
>> current info on several providers, including how long they retain data.
>> It's now in pdf and / or .ODT format. I don't know if it's possible to
>> attach small files to tor-talk emails.
>
> I would be interested in your data. Do you have any problems uploading
> it to mainstream file sharing sites? You could encrypt it and send
> tor-talk the passphrase. Or perhaps upload it to a .onion (I don't
> know any off-hand).
>
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
Sure - there's nothing private about it. Most data I took right off the
provider's TOS & Privacy Policy (or verified The Simple Computer site's
data). I didn't fill in all "items" on all the providers. Some policy
specs weren't mentioned by some providers. You can ask CS if they don't
have some "privacy" issue in writing, but a verbal / email reply
probably doesn't mean much (legally, at least), if it's not in their
official TOS / Privacy Policy.
One item is how long providers retain mail, after you delete it. Some
don't store at all; - to hrs / days / months / indefinitely. VFEmail's
storage falls into indefinitely category (though not on my chart).
I've never had a need to u/l a file to a free server, so if someone
could give suggestion of a simple, free one (file's only 100 KB). I see
no need to encrypt it - unless I'm overlooking a reason. Nothing
private, sensitive.
Had an interesting response from VFEmail CS. Though I've researched
"more privacy conscious" email providers a while, I'd over looked one thing.
Unless you encrypt the email - yourself - BEFORE it hits their server,
ANY provider can & does read (scan) the email, *at least for spam
checking* - at minimum. Many of you know this & probably many don't.
What else they say they do / don't do with scanning results (or anything
to do w/ privacy), like any other agreement / contract, is only as good
as the company that wrote it. And if they violate an agreement, only
recourse is to ask them to stop or sue them.
I asked about this one sentence, out of VFEmail's - ONE - paragraph
privacy policy:
>> 7. VFEmail.net PRIVACY POLICY VFEmail.net will not monitor, edit or
>> disclose the contents of a User's email or any other communication
>> based on VFEmail.net, except that User agrees VFEmail.net may do so:
>> (a) as part of the TECHNICAL PROCESSING of the VFEmail.net
>> communication;
> Joe: That's fairly vague. Monitor could mean anything or nothing.
> Do you scan or look at email contents - ESPECIALLY the message body or
> attachment contents, in any manner, except for data in the header
> needed to send & receive mail, to scan for viruses or when legally
> compelled to monitor email? I suggest that vfemail clarify & expand
> this part of the privacy policy.
VFEmail responded:
>
> Of course the message body is viewed. If you send out 200 emails and
> cause the free outgoing queue to stop with your 'flood', would you
> prefer if we verified you were just sending an address change, or
> should we just block your account for spamming?
>
> You're welcome, and encouraged, to use PGP from your local PC to
> ensure no middle man can read your emails. Any provider who claims
> they can not and will not read your mail are full of it.
As I said, wrote that before thinking, all providers scan unencrypted
mail for spam, at minimum. That may not violate privacy, if that's ALL
they do. If you really want privacy, use encryption. BUT... you have
to convince a lot of people to do the same. Not easy, in my experience
- outside of a crowd like this list.
I suppose even providers offering encryption of files while on their
server (like Lavabit), could read the mail just before it was encrypted
/ decrypted, since they are doing the encrypting. I believe one or 2
offer "end to end" encryption.
More information about the tor-talk
mailing list