LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (http://www.linuxquestions.org/questions/general-10/)
-   -   Secure alternatives to Yahoo! and Gmail (http://www.linuxquestions.org/questions/general-10/secure-alternatives-to-yahoo-and-gmail-4175428594/)

nobuntu 09-22-2012 09:46 PM

Secure alternatives to Yahoo! and Gmail
 
Good evening,

A friend of mine has retained an account with Yahoo! Mail since 2000, and a Gmail account for somewhere between 3-5 years.

Obviously, these accounts contain massive amounts of information. In my friend's case, much of the information is sensitive and/or related to her life in intimate ways. Both of these addresses are also bogged down with messages from mailing lists she has subscribed to over the years, as well as with a ridiculous amount of spam.

After a discussion we had about Google's use of the information it collects via Gmail, YouTube, searches, etc., she has decided she wants to make a fresh start - to deactivate her Gmail and Yahoo! Mail accounts and start over with a new, more secure service.

I recommended Fastmail or Lavabit, but felt it would be a good idea to make an appeal here for alternate suggestions and/or testimonials.

Discuss... :)

kooru 09-23-2012 01:49 AM

Try Zoho.
And look at here too.

H_TeXMeX_H 09-23-2012 04:10 AM

What I usually do when switching e-mails is forward it to the new mail for a while, until all meaningful contacts get the new mail, and then cut off the forwarding and delete the old account. Of course, it would be better to just switch right away, in case the old e-mail provider becomes aware of the new e-mail account and decides to share it with third parties.

craigevil 09-23-2012 07:35 AM

https://www.hushmail.com/

jefro 09-23-2012 10:46 AM

There are a few companies that offer secure email. The data of course can be compromised if a person downloads the data. Generally you both have to have accounts in this new secure email system.

You'd be surprised how many people put personal data online and think it is safe. I even found that https everywhere fails on new firefox at hotmail. You'd think every email would at least require full time https.

A hackers dream is just watching email. Simple things like lawyer offices and real estate people and even doctor offices have every bit you need to take someones credit.

NyteOwl 09-23-2012 12:51 PM

Or you could get a domain and set up your own e-mail.

BTW, deactivating those accounts, especially G-Mail will NOT remove all the material currently stored. It remains available to the company (and the US government without warrant after 6 months).

sundialsvcs 09-25-2012 07:17 AM

If you want to protect the content of your e-mail, you must encrypt it.

If you want to keep an e-mail "channel" (so to speak ...) spam-free, you need to require everyone who will be talking with you to digitally sign their messages, and to have an e-mail MTA that discards any unsigned message, or any message from anyone whose certificate you have revoked.

Digital signing also provides assurance that the message has not been tampered-with. All encrypted messages are signed, but not all signed messages are encrypted.

S/MIME is a standard for e-mail encryption. GPG plug-ins are also available for most mail programs.

Encryption won't protect your mail from those government agencies with 3-letter acronyms for names. But you didn't expect it to, did you, and you've got nothing to hide from them anyway, do you?

H_TeXMeX_H 09-25-2012 07:32 AM

Quote:

Originally Posted by sundialsvcs (Post 4788809)
Encryption won't protect your mail from those government agencies with 3-letter acronyms for names. But you didn't expect it to, did you, and you've got nothing to hide from them anyway, do you?

If you use GPG public and public key encryption, it is unlikely that even they can break it. But, they don't have to break it ... they only have to break you ;)

NyteOwl 09-26-2012 01:48 PM

Quote:

...you've got nothing to hide from them anyway, do you?
Not this straw man again please!

sundialsvcs 09-26-2012 02:02 PM

Actually, I meant that comment seriously, and aware of the "straw man" issue. :)

Any encrypted message can potentially be broken, and I more-or-less expect that agencies who can throw ##CLASSIFIED## dollars at any problem will have ##CLASSIFIED## ways to solve it.

(And if they don't, then what-the-heck are they spending ##CLASSIFIED## of my tax-dollars for, exactly?!) ;)

You need to protect your messages from ordinary, reasonable, civilian-grade attempts at interception. (Such as, for example, Google's "bots" which, I assure you, analyze every e-mail message that passes through their doors "for marketing purposes.")

But you also, of course, need to place as few obstacles as possible in the way of the intended recipient(s) of that message being able to "of course" open it right up and read it. Well-implemented security ought to be something that legitimate users can basically ignore ... as, for example, the "https" secure web-page or page-frame now already does. It should not inconvenience them in the slightest.

Both S/MIME and GPG plug-ins are quite capable of doing this right now. S/MIME, at least, is well-integrated into pretty much any e-mail client program that I can think of. On any operating-system I can think of (and I use Windows, OS/X and Linux, "all day every day.").

If you say that any message to thus-and-so is to be encrypted, and that the public-key for thus-and-so is whatever-it-is, and that 'this key' ought to be used to send messages to him or her, then ... it just happens that way. And, should any message wander by that doesn't meet those requirements, it either gets red-flagged or hoisted-up on the mizzenmast before being consigned to Davy Jones' locker ... your choice. If instead you want to implement such rules on a mail-server level, so that you get the benefits without troubling you or any of your users with it, "sure, consider it done."

(And you can in the preceding paragraph substitute "message signing" just as transparently ... forged and/or tampered-with messages are instantly and effortlessly detected and killed.)

Just like "https," this is "a well-known problem with a well-known solution that works great everywhere."

...
Guv'mint agencies with three-letter acronyms not included. "Spooks" can do whatever they want, but who cares about them anyway. ;) ;) (No, seriously, we actually appreciate you guys, "whoever and wherever you are," and what you do for us.)

lindav 09-26-2012 02:27 PM

I agree with the OP.. Fastmail is state of the art fantastic...

Does anyone know who owns Fastmail and Opera..?
Is the owner Democratic oriented, or Republican oriented..?
What about Yahoo..? What about GMail..?

Is there an email service that's owned by people who are democratic oriented..?

nobuntu 09-29-2012 11:11 PM

Quote:

Originally Posted by lindav (Post 4790060)
Does anyone know who owns Fastmail and Opera..?

Opera Software ASA.

nobuntu 09-30-2012 01:23 PM

Quote:

Originally Posted by R3nCi (Post 4786875)
Good evening,

A friend of mine has retained an account with Yahoo! Mail since 2000, and a Gmail account for somewhere between 3-5 years.

Obviously, these accounts contain massive amounts of information. In my friend's case, much of the information is sensitive and/or related to her life in intimate ways. Both of these addresses are also bogged down with messages from mailing lists she has subscribed to over the years, as well as with a ridiculous amount of spam.

After a discussion we had about Google's use of the information it collects via Gmail, YouTube, searches, etc., she has decided she wants to make a fresh start - to deactivate her Gmail and Yahoo! Mail accounts and start over with a new, more secure service.

I recommended Fastmail or Lavabit, but felt it would be a good idea to make an appeal here for alternate suggestions and/or testimonials.

Discuss... :)

Does anyone know if it is possible to set nameservers of a given domain from within FastMail?

My friend wants to have her email address associated with a domain name which we will register for her (e.g. her.name@her-name.org). However, she also wants to build a website which would be accessible from that same domain name (www.her-name.org); given the astounding level of success I have had with FastMail in the past, I have no hesitation in recommending it for the email side of things, but I/we are planning on hosting her site somewhere else. Therefore, I am wondering if there is some sort of built-in nameserver allocation system within FastMail so we could point the domain to FM and also to the web host which I/we have selected.

NyteOwl 09-30-2012 03:42 PM

I've not used Fastmail, but many services can be used this way. It requires setting the MX record for the domain to point to the appropriate account at Fastmail. Depending on the host, they may need to do this. If it can be done I'd expect it to be somewhere in Fastmail's support docs (or a quick e-mail query to their support team).

Quote:

...
Is the owner Democratic oriented, or Republican oriented..?
...
Is there an email service that's owned by people who are democratic oriented..?
-facepalm- The politicalization of e-mail.

nobuntu 09-30-2012 05:17 PM

Quote:

Originally Posted by NyteOwl (Post 4793450)
-facepalm- The politicalization of e-mail.

Yes, it's ridiculous, isn't it?

The Internet was meant to be an open place where people don't really distinguish between eachother much, or at least less than in the offline world. Democrats only choosing services run by fellow Democrats and Republicans only choosing services run by fellow Republicans seems to be to be a potentially nightmarish situation.

There is enough polarization in the real world; let's try to keep the Internet fairly neutral.


All times are GMT -5. The time now is 12:30 PM.