Fucking encrypt your emails!

Alright, so there is a other thread about protonmail and what email provider to use, that is full of so much FUD, bullshit and misinformation that I had to start a new thread to debunk all of the lies being thrown around.

The vast majority of these "secure" email providers are complete snake-oil designed to take your shekels or even spy on you.

Please read this entire post before responding with bullshit.

This is how you secure your emails:

>create an email account at any email provider (gmail, yahoo or any other NSA controlled mail server).
>whenever you send someone an email, first encrypt the contents of the email on your computer, then send it

Your probably going to say: gmail has an NSA backdoor. Yes, Gmail does have a backdoor, but it is still safe to use gmail.

You have to understand. Email does not protect your metadata, which is stuff like who the email is from who it is to, the subject line and when it was sent.

All of this information is sucked up by the NSA regardless of what email provider you use. Because when emails are transferred between servers, they are sent unencrypted. The vast majority of emails are sent in cleartext, and of the remaining, the vast majority are sent unencrypted. So The entire email, all the metadata and the actual message, are easily intercepted by the NSA.

Protonmail or ANY provider CANNOT protect the metadata of your emails. This is because email is an utterly shit protocol.

However because we encrypted the email on our PC using something like GnuPG, the message is the only thing actually encrypted and so the only thing the NSA will have any problem reading.

Now you will probably say: well the NSA can probably break the encryption, therefore I will use protonmail. Well, even if the NSA can break the encryption, then they can also break protonmails (which also uses PGP) therefore you are still fucked.

So thats why it doesn't matter which email provider you use.

Just use any provider and fucking encrypt your emails!

Attached: images.jpg (275x183, 5K)

Other urls found in this thread:

medium.com/@obsidian_crypto/why-privacy-is-important-and-having-nothing-to-hide-is-irrelevant-d011b49de4c8
twitter.com/NSFWRedditVideo

Small mistake:

>The vast majority of emails are sent in cleartext, and of the remaining, the vast majority are sent unencrypted

should be

>The vast majority of emails are sent in cleartext, and of the remaining, the vast majority are sent using "opportunistic" encryption, which does not validate keys, it is just the same as cleartext security wise.

or you could just not do criminal shit online then you wouldn't have to worry about the NSA reading your emails

"nothing to hide" argument is bullshit: medium.com/@obsidian_crypto/why-privacy-is-important-and-having-nothing-to-hide-is-irrelevant-d011b49de4c8

But you do bring up a good point, and this is threat modelling. People are freaked the fuck out about the NSA and doing all sorts of paranoid shit, meanwhile some 15 year old steals their tax refund. It's best to be realistic about threats and use the right countermeasures.

That works until you email people who don't encrypt. It's gotta be two way, otherwise there's no point.

This can be said for EVERY email provider. My point is the email provider is completely irrelevant.

It is still better than nothing and you are making NSA's job much harder. If everyone started doing it they would had to spend more millions of dollars in their surveillance program.

Those are dollars that will not be used to bomb people in the middle east!

I don't give a shit about the NSA. I DO give a shit about crackers, blackmailers, identity thieves etc. tho.

>sending sensitive info through email
there is no reason to do this

If I for whatever reason needed to send sensitive information through email, couldn't I just manually encrypt that message and send it base64 encoded?

OP is a colossal faggot. Why couldn't you just state your points in THAT thread but instead spurge out with max autism and make yet ANOTHER thread on the same topic. If this isn't a shill post I don't know what is.

quints of truth, OP on suicide watch, based and redpilled
anyone who shills for (((gmail))) needs to have their head examined or they just simply glow in the dark

Attached: 1534610216677.jpg (251x251, 19K)

>Your probably going to say: gmail has an NSA backdoor. Yes, Gmail does have a backdoor, but it is still safe to use gmail.
You're probably going to say: that hooker by the motel 6 has HIV, herpes, warts, and a little bit of syphilis. Yes, but if you use a condom it's still safe for a quick shag.

Attached: 1534195715289.jpg (251x242, 12K)

Yea this really, if you really need to keep some informations secret, just don't use a service owned by NSA or anything.

>and fucking encrypt your emails

I agree with you. Whilst the e-mail content can be encrypted, the metadata cannot. However, you can mitigate that by using Tor.

Nevertheless: How can I convince the idiots at my bank to send me encrypted e-mails? The employees don't even have admin rights and probably don't even know how to encrypt the content of an e-mail. There is the weak link.

Sending me a bank statement as a PDF attachment whilst not knwing that it easily could be encrypted.

Tech illiterate imbeciles have no place on this board. He is not even endorsing any particular mail service.

Fuck off.

Oh look another retard who can't even read and happens to be a pepe poster

um, he's pretty clearly shilling for gmail, which is the worst possible option in terms of privacy, learn to read senpai

>muh green frog!

Attached: cool_pepe.jpg (244x249, 9K)

>sending emails
>ever

OP here. I'm using gmail as an example to prove that the email provider matters much less than the email client. Encrypt your emails on your PC and your good to go, regardless of email provider.

Everything transmitted is being collected, so it doesn't matter which email server you use as long as you encrypt first.

This is the best option. Just don't use email. It's not private/secure. Signal messenger is better, even better is to get out of your mom's basement and talk to the person face-to-face and not leave digital evidence behind.

>GnuPG is part of the GNU Project, and has received major funding from the German government

Attached: 1411892942219.png (1298x1316, 180K)

And Tor came from DARPA. Actually the entire internet was a DARPA project, right? better not use the internet at all, it's development was funded by the US government.

Actually it does matter. Why would you want to support a corrupt service like gmail. People need more privacy-oriented services that are newbie friendly. Not everyone is going to have the technical skill to set up email encryption.

What we really need is email clients with encryption built-in. The point I am trying to make is it literally does not matter what server you use to relay your encrypted email, these services are pure marketing bullshit.

I feel like computers could have been designed better and instead of starting over we just keep adding fixes, kind of like everything else

Doesn't this mean you have to send the key to the person somehow? So, how do you propose to do that without compromising it? You are fucked either way, pedro. Just accept that the feds are onto your ass.

oh yes a complete redesign from scratch always goes SO WELL

Just look at the state of Windows, years of duct tape is adding up to the bloat-fest that it is today and it's only going to get worse

It's generally never a good idea to "throw away code".

You're not even thinking outside of the box.

I sure hope this is bait

I recently switched from G(oy)Mail to Protonmail, but not because of the encryption, but because I don't want Google to collect my data.

So, should I use cock.li with PGP or what?

>shilling gmail

Attached: is_this_guy_serious.gif (736x689, 61K)

Yes, cock.li is really awesome because you don't have to provide a phone number etc etc.

cock.li will sell you out for the first bag shekels they get

Who gives a shit? my emails are encrypted boi, thats the whole point of this thread.

Except one problem, didn't he get a subpoena over something? Also I don't know how to use PGP.

if you are ok with your emails being stored in plaintext on some neet's homeserver, and the whole site might as well die tomorrow because no company is backing it then yes

Probably a good idea to read the OP and understand what this thread is about. It doesn't matter what email provider you use because they are ALL compromised, and you need to just use pretty much any and encrypt your shit.

Don't matter if your emails are encrypted if they hand over all your data and IP address

This. That guy Vincent or w/e his name is turned everything over to the feds for some users. I wouldn't touch it with a 10 foot pole.

And what data would it be they are handing over? Everything that was transmitted in the clear already by the mail server and intercepted by every intelligence agency?

I'm not going to spoonfeed you

Normies don't use PGP.
Now if you're a pedo, or a corrupt politician, or a political activist, sure you should make the people you deal with learn PGP, but average day-to-day people, not gonna happen.

mail with cocks is obviously the best option for everyone

What? Protonmail emails are encrypted and nobody besides me can access them once they are on their servers, that's a concrete benefit over the other providers

This.

From the OP:
>whenever you send someone an email, first encrypt the contents of the email on your computer, then send it

Go fuck yourself.

I use protonmail because they don't shove ads in my face and they don't do analytics on my mail or metadata and sell the information. I pay them a small fee because mail hosting isn't free, and without ads or something else the service would be unsustainable. Having my mailbox encrypted at rest on their server is a bonus. If I want actual privacy I just gpg the message.

that's sending though, not data received

Fully encrypted messages make you easy to target for extra surveillance (and you probably deserve it, because you're mentally unstable). Rational people who actually need to hide shit would be using a system of coded messages.

I've got several friends who now use protonmail, so any proton-to-proton messages are automatically encrypted between email boxes, and in theory the messages are basically on the same server, fully encrypted. Now that's a bonus.

IF someone sent you an unencrypted email, that email has been transmitted between the two mail servers in plaintext and is compromised by NSA etc etc. More than likely the person sending the email used gmail so gmail also still have a copy of the email. Also how much do you really trust protonmail to actually encrypt the email and not store any cleartext copies of it? there is literally no way you can know if they do this or not.

Because if you use a Swiss email account marketed for it's advanced privacy features you won't be targetted for surveillance?

How is that relevant to my point?

You can't actually know if that is true and are completely trusting protonmail to a) properly encrypt the emails using whatever the fuck they use b) not lie about encrypting them or storing plaintext.

>Email clients with encryption built in
What are k9mail+OpenKeychain, Thunderbird+Enigmail, and Outlook+gpg4win.

They are awesome. I personally use mutt. But they are not as beginner friendly as I would like them to be.

gpg is not beginner friendly. Key management and exchange is not beginner friendly. The fact is, if you don't understand how the system works then you don't know your communication is really secure.

It's open source, you can freely audit the code.

This is why I bought a static IP and run my own mail server, and encrypt everything. Yes, it's a little pricey to get a "business class" connection with a static IP address so your emails aren't automatically blacklisted by every provider straight out of the gate, but in my opinion $110/mo for 1Gbps/1Gbps, with a UPS thrown in as a bonus to keep my "phones" up and running (if I had office phones on a VoIP system lol, but they don't need to know that I don't) which my gateway is plugged into, with a static IP address, no monthly bandwidth caps, and "express" customer support (no pajeets when I call, and I can schedule exact service appointments instead of the bullshit 2-4 hour windows that consumer accounts deal with) is fucking worth it. Granted, I also run a small hosting service for Linux shells and web pages, so it's useful for that too.

>Paying more than $50/yr for email

Attached: 1534561819009.jpg (394x399, 36K)

I believe it can be designed in a way that is beginner friendly and the end user will have no idea their emails are even encrypted, similar to whatsapp with it's private chat feature. Exchanging keys is a real fucked up situation right now because the WoT thing is never used by people except for some insanely paranoid folks, it can definitely be improved a lot.

condom wont protect against herpes

I think the joke went a little over your head user

Without doing the key exchange manually you can't know you aren't getting mitm'd.

Right. This is the only way to be 100% sure, but certificate transparency logs can help mitigate the risk by having an auditable key server. It can still attack, but it would be detectable and provable, so the key server would no longer be trusted.

Realistically 99% of people aren't going to manually validate their keys. The 1% of people who will still can do so by comparing fingerprints in person etc.

nah it just wasn't funny and i figured every guy should know bout herpes and condoms.

or maybe you just don't have a good sense of humor. the post you're referring to was obviously implying through sarcasm that a condom was not actually effective as a metaphor for using a compromised email service but you still encrypt things on it

he should have used a food analogy, those are hilarious

Does anyone have any experience with the browser based encrypted email that GMX offers?

All browser based encryption is snake-oil, because the javascript can be modified at any time to insert a backdoor.

The reason I started that thread was to find a provider that wasn’t going to ask for my phone number etc for (((security))) reasons, and won’t scan my emails and sell the results to corporations.
Im computer illiterate, I dont understand how to write simple functions in python let alone set my own servers and encrypt messages.
All I want is an easy to use email service with no bullshit, no constant pestering me for my identity

For the scanning part, use thunderbird+enigmail to encrypt your emails and use any provider. This is the only way to 100% prevent scanning.

For the phone number part, there are plenty of providers that don't ask for phone numbers. cock.li, gmx.com, even inbox.com. protonmail is one if you really want to use that.

I also don’t want to support businesses that give no fucks about their clients

>Implying I only use my connection for email
You're a fucking retard.

>getting angry at a meme joke

Attached: winnie.png (320x287, 104K)

Dont mind him, Jow Forums is filled with angry incels

Attached: 1533635815870.jpg (762x717, 77K)

But want People in middle est to be bommed

>break PGP
stopped reading right there