We've Moved! Visit our NEW FORUM to join the latest discussions. This is an archive of our previous conversations...

You can find the login page for the old forum here.
CHATPRIVACYDONATELOGINREGISTER
DMT-Nexus
FAQWIKIHEALTH & SAFETYARTATTITUDEACTIVE TOPICS
PREV12
Encrypted eMail Options
 
Ancotar
#21 Posted : 8/17/2013 6:05:11 PM

DMT-Nexus member


Posts: 156
Joined: 25-Jul-2012
Last visit: 10-Oct-2023
Very interesting articles and thank you so much for sharing so I could read!

I should point out that a site like this seems to best be used for brief, temporary discreet exchanges.

I would never suggest using any encrypted email accounts for any sort of blatantly illegal activities that may draw unwanted attention. Always be skeptical of a company who claims NO ONE can access their info.

Unfortunately, we live in a time now where privacy is hardly an option and a simple court order can be used to literally get away with anything that LEO and Fed wants to get away with, for a time at least. They have a funny way of wording things and using technicalities to accomplish this.

And as much as I wish I was wrong, more and more countries are beginning to follow this trend. Sad
"We speak of Time and Mind, which do not easily yield to catagories. We separate past and future and find that Time is an amalgam of both. We separate good and evil and find that Mind is an amalgam of both. To understand, we must grasp the whole." -Isaac Asimov

"You will not be punished for your anger, you will be punished by your anger." -Buddha

"I must not fear. Fear is the mind killer. Fear is the little death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when my fear is gone I will turn and face fear's path, and only I will remain." -Paul Atreides, while being tested with the Gom Jabbar by the Reverend Mother Gaius Helen Mohiam
 

STS is a community for people interested in growing, preserving and researching botanical species, particularly those with remarkable therapeutic and/or psychoactive properties.
 
alert
#22 Posted : 8/17/2013 7:24:50 PM
DMT-Nexus member


Posts: 559
Joined: 24-Dec-2011
Last visit: 03-Nov-2020
Shaolin wrote:
Don't rely on others to do your encryption for you.

PGP + any email provider.


More or less this. Personally I use GPG and run my own mail server off a dedicated server.

EDIT: If anyone or there friends are to lazy to set up GPG or PGP (don't be!) bitmessage is good too imo.
 
PsilocybeChild
#23 Posted : 8/18/2013 2:01:48 AM

DMT-Nexus member


Posts: 574
Joined: 24-Jan-2009
Last visit: 25-Aug-2023
Location: somewhere in the sands of time
Quote:
Unfortunately, we live in a time now where privacy is hardly an option and a simple court order can be used to literally get away with anything that LEO and Fed wants to get away with


This is why you want an offshore service in a country that is not friendly with our government agencies. This seems to be the only free email service that seems trustworthy. I don't trust hushmail because of what's already been mentioned. And I forget why I don't trust Safe-Mail. I think more than one reason. The location of their servers I believe.

http://privatdemail.net/en/

Need an email application to use.
I use Thunderbird with enigmail plug-in.
―λlτεrηιτγ→
Kambo.me Forum
​Internet Security Walk-Through
[url=https://kambo.me/smf/index.php?topic=395.0]Tobacco Disinformation

PM me about personal Herbalist consultations.
Can do it over PMs as to not reveal personal information.
 
Infinite I
#24 Posted : 8/19/2013 2:48:54 PM

JC


Posts: 1183
Joined: 18-Jan-2008
Last visit: 03-May-2022
Location: Scotland
Someone told me that safe-mail allow police access to accounts if theyre is suspicion of any law breaking, heard the same thing about hushmail, this is just hearsay though obviously theres more to the hushmail thing.
 
User 18517
#25 Posted : 2/21/2014 4:29:53 AM
DMT-Nexus member


Posts: 87
Joined: 03-Feb-2012
Last visit: 04-Feb-2022
 
thymamai
#26 Posted : 2/25/2014 7:09:37 AM

DMT-Nexus member


Posts: 711
Joined: 22-Jan-2012
Last visit: 10-Mar-2023
riseup not so easy to qualify, apparently.
 
Paradoxon
#27 Posted : 3/6/2014 10:28:39 PM

DMT-Nexus member


Posts: 37
Joined: 07-Jan-2013
Last visit: 20-Mar-2021
Location: Europe
Another interesting option is to use encrypted email including only a link to a self-destructive note. If you want, you can get a message when the note has been read (and therefore destroyed). If it wasn´t read by the guy you send the mail to, you know somedbody else has read it.
Are we a human being with a spiritual experience, or are we a spiritual being with a human experience?
 
skoobysnax
#28 Posted : 3/9/2014 5:40:08 AM

DMT-Nexus member


Posts: 685
Joined: 08-Jun-2013
Last visit: 04-Mar-2024
Ancotar wrote:
My favorite is www.hushmail.com

You need to login once every 30 days to keep your free account active, or it'll deactive automatically.

Good place to go for a temporary, encrypted exchange.

Hushmail has turned over account encryption keys to LE in the past so definately encrypt. Under duress any provider might or if their server gets seized the keys may be discovered.
Do not trust encryption to any provider. Encrypt your own communications with PGP so even if the server and all your mail is collected they cannot read it unless they get possession of your private key and password. For mac users gpgtools (dot) org It is a great tool to have for anyone who might want to encrypt sensitive password lists, business and financial documents etc to keep them safe in their own system from hackers and the like.

Forget privnote. Cute but not proved secure. There were also some nasty malwares that were passed off to people as pgp upgrades from a 3rd paty that installed keylogging bots hackers were using to steal passwords etc... so be careful what you download.
Marijuana, LSD, psilocybin, and DMT they all changed the way I see
But love's the only thing that ever saved my life - Sturgill Simpson "Turtles all the Way Down"

Why am I here?
 
Ufostrahlen
#29 Posted : 3/13/2014 7:34:21 AM

xͭ͆͝͏̮͔̜t̟̬̦̣̟͉͈̞̝ͣͫ͞,̡̼̭̘̙̜ͧ̆̀̔ͮ́ͯͯt̢̘̬͓͕̬́ͪ̽́s̢̜̠̬̘͖̠͕ͫ͗̾͋͒̃͛̚͞ͅ


Posts: 1716
Joined: 23-Apr-2012
Last visit: 23-Jan-2017
Another backdoor has been found:

Quote:
Samsung Galaxy Back-door

This page contains a technical description of the back-door found in Samsung Galaxy devices.

[..]

This back-door is present in most proprietary Android systems running on the affected Samsung Galaxy devices, including the ones that are shipped with the devices. However, when Replicant is installed on the device, this back-door is not effective: Replicant does not cooperate with back-doors.

Abstract

Samsung Galaxy devices running proprietary Android versions come with a back-door that provides remote access to the data stored on the device.
In particular, the proprietary software that is in charge of handling the communications with the modem, using the Samsung IPC protocol, implements a class of requests known as RFS commands, that allows the modem to perform remote I/O operations on the phone's storage. As the modem is running proprietary software, it is likely that it offers over-the-air remote control, that could then be used to issue the incriminated RFS messages and access the phone's file system.

http://redmine.replicant...ki/SamsungGalaxyBackdoor
https://www.fsf.org/blog...-samsung-galaxy-backdoor


So if you own a Galaxy device with still the original OS running, it's a good time to switch to Replicant.

Edit: or update your CyanogenMod

Quote:
Alternatively, the kernel could block the incriminated RFS requests and keep a trace of them in the logs for the record. That option would work for CyanogenMod, where the incriminated proprietary blob is still used.

http://redmine.replicant...ki/SamsungGalaxyBackdoor
Internet Security: PsilocybeChild's Internet Security Walk-Through(1)(2)(3)(4)(5)(6)(7)(8)
Search the Nexus with disconnect.me (anonymous Google search) by adding "site:dmt-nexus.me" (w/o the ") to your search.
 
a1pha
#30 Posted : 3/13/2014 4:51:17 PM


Moderator | Skills: Master hacker!

Posts: 3830
Joined: 12-Feb-2009
Last visit: 08-Feb-2024
+1 for CyanogenMod.

I've been using CM since the original Dev Phone 1. I am currently running CM 10.2.1 on my Nexus 10 and can't praise the OS enough. Unfortunately, it is not available for my mobile... but that's OK. Rooting and applying various mods (like AdAway, SuperSU, etc) solves this problem. Still wish I could run CM though.

If privacy is a serious concern then you should probably avoid carrier-loaded ROMS -- and esp Samsung.


Update: “Virtually no evidence” for claim of remote backdoor in Samsung phones
"Facts do not cease to exist because they are ignored." -A.Huxley
 
tseuq
#31 Posted : 7/27/2015 10:31:42 AM

DMT-Nexus member


Posts: 673
Joined: 18-Jan-2015
Last visit: 06-Dec-2023
As a computer amateur, this site https://privnote.com/ seems quite safe to me, not as a solo encyption but as a security-addition. What do you guys think of it?

tseuq
Everything's sooo peyote-ful..
 
nexalizer
#32 Posted : 7/31/2015 1:04:31 PM

DMT-Nexus member


Posts: 788
Joined: 18-Nov-2011
Last visit: 25-Oct-2023
Any systems that do the encryption for you or rely on the browser doing the encryption for you are not secure.

If you rely on an OS by Microsoft or Apple, then you are not secure either (there are backdoors in place that will subvert any encryption before/after encryption/decryption, but I guess you'd have to be a high profile target - as far as I know this is not routinely done, it would be too obvious); not saying an open source system is foolproof, but you're lightyears ahead using Qubes or OpenBSD instead of Windows.

Unless you know what you're doing, secure communications on a mobile device is much harder to achieve. And like the recent Stagefright Android security advisory demonstrates, these devices are especially vulnerable. Also in no small reason because in all but a few, the baseband processor essentially has free reign over your mobile device, rendering any app or os-level protections essentially useless; This does a fairly good job of explaining this problem and some others, and it is, in my opinion, an interesting read.


Unfortunately, even on desktops or laptops the security put in place by the OS can be potentially bypassed in certain other ways (of which the linked one is but one among many).. your network card essentially has free reign over your whole computer memory, and any exploitable bug in the cards' firmware means game over. The network card is connected to a global computer network. You see the problem.


The strength of your email encryption will only be as strong as the security of your whole system [weakest link]. For instance, if you have a keylogger installed, encryption is essentially useless. You need to secure your system to the best of your skill if you're going to do anything important with your encrypted communications; If your key passphrase is 'lol123', it won't be very hard to crack.


Regarding the security of email itself, it's simple: what you want is end-to-end encryption, like GnuPG. Use >=2048bit keys and make sure to confirm the fingerprints through another secure channel.

Also, if you can use Tor and a service which supports emailing to .onion addresses (like sigaint), then that is ideal, as there will be less metadata being generated - your email will never leave the Tor network then.

As a further step, you want to create different identities for different contact groups, and use something like The Tor Browser so that a) your browser fingerprint is the same as millions of others, and b) your location is concealed; the idea here is using the providers' webmail rather than directly sending over SMTP (even over Tor); less information to fingerprint and uniquely identify you this way.



To sum it up, ideally use an open-source operating system, prefer desktops/laptops to mobile, don't install any more software than you need to, prefer open source software to commercial software, use GPG (GnuPG), prefer emailing over ther Tor network and using webmail rather than smtp/smtps, and make your key passphrase strong.

Additionally, encrypting your entire hard disk is almost never a bad idea. Just remember that it is easy to recover the encryption keys and thus bypass the protection that disk encryption offers if your laptop is seized while it's suspended or hibernating (there are some possibly mitigations if you *hibernate*, but lets not go there here). I would recommend shutting down the laptop for instance while crossing borders.
This is the time to really find out who you are and enjoy every moment you have. Take advantage of it.
 
fluidfocus
#33 Posted : 1/24/2016 10:53:12 AM

DMT-Nexus member


Posts: 160
Joined: 05-Apr-2015
Last visit: 01-Sep-2023
 
concombres
#34 Posted : 1/24/2016 11:09:12 AM

DMT-Nexus member


Posts: 1311
Joined: 29-Feb-2012
Last visit: 18-Jul-2023
Linux mint > boot tails from USB device > PGP encryption > tutanota.com
 
PsilocybeChild
#35 Posted : 12/14/2020 6:57:15 AM

DMT-Nexus member


Posts: 574
Joined: 24-Jan-2009
Last visit: 25-Aug-2023
Location: somewhere in the sands of time
+1 for https://www/protonmail.com/
―λlτεrηιτγ→
Kambo.me Forum
​Internet Security Walk-Through
[url=https://kambo.me/smf/index.php?topic=395.0]Tobacco Disinformation

PM me about personal Herbalist consultations.
Can do it over PMs as to not reveal personal information.
 
breathingneon
#36 Posted : 11/5/2021 4:02:56 PM

DMT-Nexus member


Posts: 24
Joined: 02-May-2020
Last visit: 19-Feb-2024
Location: Lost in the Mushroom Jazz
Please be aware that protonmail is no longer recommended for any communications requiring privacy. A few months back, they redid their policy to allow the logging of IP's. This following compliance with authorities, resulting in an arrest.

Please be cautious of offers that seem too good to be true, especially regarding cyb-sec.


Stay safe out there.
"In the dark and the deep there are truths that can always heal"
 
PREV12
 
Users browsing this forum
Guest

DMT-Nexus theme created by The Traveler
This page was generated in 0.036 seconds.