LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 09-05-2009, 07:32 AM   #1
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,224

Rep: Reputation: 56
Most secure web-based email (against sniffers in my lan)


What would that be? I have hotmail and yahoo. There must be something more secure against any sniffer running in my lan.

Last edited by Ulysses_; 09-05-2009 at 07:36 AM.
 
Old 09-05-2009, 07:52 AM   #2
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,528

Rep: Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899
gmail uses https
 
Old 09-05-2009, 07:57 AM   #3
JulianTosh
Member
 
Registered: Sep 2007
Location: Las Vegas, NV
Distribution: Fedora / CentOS
Posts: 674
Blog Entries: 3

Rep: Reputation: 90
there's a google setting that will force https by default too.

gmail FTW.
 
Old 09-05-2009, 09:05 AM   #4
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,224

Original Poster
Rep: Reputation: 56
Isn't there anything stronger than the https of hotmail that I am already using anyway?
 
Old 09-05-2009, 10:07 AM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by Ulysses_ View Post
Isn't there anything stronger than the https of hotmail that I am already using anyway?
Unless things have changed recently, Hotmail only uses HTTPS for the login phase.

After that, all your email messages and stuff are transmitted in the clear.
 
Old 09-05-2009, 10:45 AM   #6
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,224

Original Poster
Rep: Reputation: 56
Quote:
Originally Posted by win32sux View Post
Unless things have changed recently, Hotmail only uses HTTPS for the login phase.

After that, all your email messages and stuff are transmitted in the clear.
Gosh! And yahoo seems to be doing the same too, and so does GMail!

Need a server that provides more complete encryption then. But it has to be one that also provides the option of downloading emails to my computer for storage with a standard email application.
 
Old 09-05-2009, 10:55 AM   #7
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
there's a google setting that will force https by default too.
 
Old 09-05-2009, 11:04 AM   #8
GrapefruiTgirl
LQ Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 553Reputation: 553Reputation: 553Reputation: 553Reputation: 553Reputation: 553
If the OP's interested, hushmail uses HTTPS on ALL pages, all the time, and they also offer some sort of enhanced security login using Java (Applet???) so maybe they're worth checking out.


Sasha

UPDATE -- since I now have broadband, I went and enabled (and read about) the Java option for hushmail.

The way I understand it, it uses Server & Client - side two-way encryption, the client-side being a Java-based encryption engine. Thus, the stuff from the client side is encrypted, THEN sent via SSL to the server, and de-crypted; and vice versa... Pretty cool IMO. How *great* is the security?? I haven't any idea, but it's better than most free/web-based email providers provide. Plus, don't lose your password, as they can't retrieve it for you.

Last edited by GrapefruiTgirl; 09-05-2009 at 11:51 AM.
 
Old 09-05-2009, 11:16 AM   #9
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,528

Rep: Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899
If you want to make sure no one can read your emails, use encryption (gpg or others),
or don't use webmail, but an email provider with a ssl connection, or imap over ssl.
 
Old 09-05-2009, 11:31 AM   #10
lionsong
LQ Newbie
 
Registered: Sep 2009
Location: UK
Distribution: slackware
Posts: 7

Rep: Reputation: 0
I use lavabit.com, which in their own words -
Quote:
In safer times, a strict Privacy Policy would have been enough to protect the rights of honest Internet citizens. But everything changed when the United States Congress passed the Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (PATRIOT) Act in 2001. If youíre currently unaware of the PATRIOT Act, we highly recommend you visit the Electronic Frontier Foundation (EFF) website.

The key element of the PATRIOT Act is that it allows the FBI to issue National Security Letters (NSLs). NSLs are used to force an Internet Service Provider, like Lavabit, to surrender all private information related to a particular user. The problem is that NSLs come without the oversight of a court and can be issued in secret. Issuing an NSL in secret effectively denies the accused an opportunity to defend himself in court. Fortunately, the courts ruled NSLs unconstitutional in 2005; but not before illustrating the need for a technological guarantee of privacy.

Lavabit believes that a civil society depends on the open, free and private flow of ideas. The type of monitoring promoted by the PATRIOT Act restricts that flow of ideas because it intimidates those afraid of retaliation. To counteract this chilling effect, Lavabit developed its secure e-mail platform. We feel e-mail has evolved into a critical channel for the communication of ideas in a healthy democracy. Itís precisely because of e-mailís importance that we strive so hard to protect private e-mails from eavesdropping.
Apparently it has a very redundent security system in place, so much so that lavabit admins themselves cant access your account without your password (so dont lose it basically).

If your really wanting secure mail access id use these guys but via a decent client that supports ssl and gpg, like thunderbird. https is basically an ssl tunnel to a webpage, so if your really serious about finding something more secure (and you actually have a need for it) id suggest considering setting up your own mailserver out of an old computer and using a combination of fetchmail and ssh to access it.

Hope this helps any.

Quote:
Originally Posted by Admiral Beotch View Post

gmail FTW.
www.scroogle.org FTW
 
Old 09-05-2009, 11:39 AM   #11
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by Ulysses_ View Post
Gosh! And yahoo seems to be doing the same too, and so does GMail!
Right, but Gmail lets you easily configure your account to ALWAYS use HTTPS.

Quote:
Need a server that provides more complete encryption then. But it has to be one that also provides the option of downloading emails to my computer for storage with a standard email application.
I use Hushmail, which provides tons of encryption-related options.

BTW, I'm moving this to General, since it isn't really a GNU/Linux question.

Last edited by win32sux; 09-05-2009 at 11:41 AM.
 
Old 09-05-2009, 01:43 PM   #12
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 116Reputation: 116
While ssl might protect the last leg - from the server to your client - if you are really concerned about privacy you'd better be using gpg all the way through - and your correspondents had better be doing that too.

After all, let us say that someone is after your info - a US three letter agency perhaps. IF they can't get it by monitoring your connection, they'll just switch to monitoring your ISP and filtering on the incoming emails to get what they want.

Or, they'll enter your home when you are not there and put a keystroke logger on your system to get your passwords...
 
Old 09-05-2009, 04:09 PM   #13
JulianTosh
Member
 
Registered: Sep 2007
Location: Las Vegas, NV
Distribution: Fedora / CentOS
Posts: 674
Blog Entries: 3

Rep: Reputation: 90
Quote:
Originally Posted by jiml8 View Post
Or, they'll enter your home when you are not there and put a keystroke logger on your system to get your passwords...
No need to come to your house. Federally Injected Trojans let agents telecommute and work from home. Saves on gas and makes the planet green.

Last edited by JulianTosh; 09-05-2009 at 04:12 PM.
 
Old 09-06-2009, 02:03 PM   #14
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,224

Original Poster
Rep: Reputation: 56
Thanks for the information. It's only internet criminals that I want to stop sniffing at my emails, not three-letter agencies.

The lan here has some 200 users most of whom do not care about security at all, so their computers can get owned by hackers and used to sniff at connections to get our windows passwords and also bank passwords, paypal passwords etc.

Lavabit seems to have stronger encryption than hushmail. Hushmail does NOT allow you to keep copies of the emails on your pc, this is a major problem for me. Lavabit is the way then, but they do not support retrieval of emails from my older accounts.

Is there anything else?
 
Old 09-06-2009, 04:02 PM   #15
JulianTosh
Member
 
Registered: Sep 2007
Location: Las Vegas, NV
Distribution: Fedora / CentOS
Posts: 674
Blog Entries: 3

Rep: Reputation: 90
Quote:
Originally Posted by Ulysses_ View Post
...not three-letter agencies.
You say that like it's a bad thing. Look at it this way... what's legal today, doesn't mean it will be legal tomorrow. Anything left out in plaintext (an isp, your hard drive, etc) is forever fair game for LE datamining for "possible suspects" and "persons of interest".

LE will forever be looking for new ways to "improve their numbers" so don't count on the system getting more "constitutionally correct" any time soon. The opportunities to become an inadvertent criminal are only going to become more prevalent as time goes on.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Use web-based email as preferred email app? Short.Cipher Linux - Software 3 07-22-2007 03:23 AM
Secure web based retrieval of files Micro420 Linux - Software 6 03-17-2007 09:07 PM
which web-based email interace kubicon Linux - Networking 2 02-01-2004 11:57 PM
Linux and Web Based Email rioch Linux - General 3 10-01-2003 09:52 PM
web based email thesnaggle Linux - Newbie 4 09-26-2003 12:06 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 06:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration