Re: [Trisquel-users] What's wrong with OpenMailBox?
I find this attitude weird. Sure, it would be naive to think using an email host who use libre software magically makes your email more secure (it doesn't for all the reasons discussed in the threads about OMB), but if early adopters and software freedom champions don't support services like OMB (or use GNU Social instead of the birdsite) in their experimental stages, how will reliable, sustainable, privacy-respecting hosts ever come into existence? Despite my criticisms of OMB on the more recent thread, I'd much rather support the network effect of a provider that uses 100% free software (as confirmed by their FSF endorsement) than one which refuses to disclose what software they use or what license covers it, or to share all the code they write for their service.
Re: [Trisquel-users] What's wrong with OpenMailBox?
I can't see why how encrypting user data prevents them making backups of it. Or are you just saying that they don't do backups for some other reason, and it's a downside of their service.
Re: [Trisquel-users] What's wrong with OpenMailBox?
All this talk about hiding your email from the spooks misses the point. The most important reason to use a libre host for email (or any other server-based system) is the same as the reason for using a libre OS - to support and encourage increased use of free code software, and reduce dependencies on proprietary software wherever possible. Reducing the attack surface available to entities wanting to spy on or mess with you is just a bonus. Given everything we've learned about the masses of surveillance machinery that has been built to monitor the internet, at this point any non-specialist using the internet to communicate about illegal stuff might as well print out a copy and post it to their local police station. That said, one good reason for learning about the various vulnerabilities, and how to mitigate them where possible, is to be part of building and testing the various moving parts that might one day add up to an internet where reliably private communication is possible.
Re: [Trisquel-users] What's wrong with OpenMailBox?
e, openmailbox, I'd rather use google, at least you know what you get.
Re: [Trisquel-users] What's wrong with OpenMailBox?
hi Tonlee, Seems you got to pay 4-5 euro /month if you want access to your e-mail by using Thunderbird.
Re: [Trisquel-users] What's wrong with OpenMailBox?
Openmailbox account stopped working in thunderbird. It wants to import a new certificate. A certificate with a shasum I am not able to verify is legitimate. Hhttps://www.openmailbox.org/webmail/ has worked. It does not anymore. Not Found The requested URL /webmail/ was not found on this server. I can log in on https://app.openmailbox.org/login
Re: [Trisquel-users] What's wrong with OpenMailBox?
It seems more complex than I thought. The config makes it even less likely to be used by friends/family. And you're right again, I didn't think about the hardware. One more downside. My perspective is always the random normal user who's privacy conscious. To me it would be the rare case of "I don't have my computer with me, but I have to check my emails". Considering all that, the Tails method isn't vital. Nonetheless, if more people I know are willing to use GPG for emails, I'd go along with it.
Re: [Trisquel-users] What's wrong with OpenMailBox?
If you burn the tails ISO to read-only media, then yes you'll have to configure it each time. It is also possible to simply use the command line. You could add your private key to the ISO before burning it, but I wouldn't do that. I wonder how many people actually use untrusted computers in this manner. If you're serious enough to use Tails, wouldn't you inspect the hardware at least. It all comes down to your threat model.
Re: [Trisquel-users] What's wrong with OpenMailBox?
I see, so for personal machines (including a Replicant phone, though there's no guarantee the private key can't be accessed from the modem), problem solved. So Thunderbird + Enigmail on Tails would need some config on each boot? Too bad, as if it wasn't annoying enough to reboot from a thumbdrive. About the "targeted" argument: Sure but that's socially acceptable encryption (not the kind of encryption that would attract attention, even though perfectly legal and reasonable). In a way, all this is meaningless https://www.xkcd.com/538/ But to me, the point is simply to cover as much leaks as possible/reasonable, to as many unwanted third-party readers possible/reasonable. Which should be normal use. I mean if people prevent their emails to be accessed by other people, it makes sense that the mail provider (and more commercial/governmental entities) should get the same treatment, legally. Well, actually I still wonder why I put so much effort into all this. I guess I consider it forbidding legal but abusive behavior. Legally. Or at least making it harder to put in practice. So, their argument that it might increase exposure has some truth, which is why I have a hard time answering that. OTOH, which is better: having all my data on diplay but not being on the radar (in theory), or possibly standing out a bit more, but having very little of my data on display? Frankly, I don't like option n°1.
Re: [Trisquel-users] What's wrong with OpenMailBox?
With IMAP, it is possible to have encrypted e-mail available on multiple devices as long as you copy you're private key to them. So, if you have a desktop at home and a laptop both could be configured to read your e-mail. For something like Tails, an encrypted flash drive with your private key would be necessary. This would require some configuration on each boot. Using Thunderbird with the Enigmail plug-in is probably the easiest way to achieve this. One could use the terminal to encrypt and then attach the result to the e-mail. The people that make that argument don't realize how much encryption they habitually use. I doubt that encrypting e-mail increases your exposure, the alphabet soups still know who is talking to whom. If your friend does something stupid today, they'll pay you a visit tomorrow.
Re: [Trisquel-users] What's wrong with OpenMailBox?
Thank you very much for understanding the situation. :)
Re: [Trisquel-users] What's wrong with OpenMailBox?
Another problem of a personal mail server is that the most common webmails might reject it as spam. For other uses than email, a personal server is still a great idea. Ah, right, the title isn't encrypted, I forgot. Regarding privacy, security and reliability, encryption seems to still be the best best, in this regard a popular proprietary mailbox is actually fine, since communicating with one is virtually unavoidable. I guess you're right: the true downside is having other people using it. For this: * I remember someone here suggesting to put links and GPG key in the email signature * A couple of tutorials were suggested to me. Roughly, it's about installing Thunderbird, a plugin, generating keys and using it. I wonder if building a special script/installer that does ALL of that would be a good idea. A one click install, regardless of the OS. The other obstacle would be reading emails on other devices the easy way (yet safely enough). Even if configuring the same mailbox with GPG on Tails could be easy, no way most people would do it. Last but not least, the argument that "if I do all of that, I'd be listed/targeted by the government, even more than we all are now. I would be standing out". It's a bit tough to answer that, actually.
Re: [Trisquel-users] What's wrong with OpenMailBox?
I meant to write that it is *not* difficult to encrypt the messages on the server (if you have control of it). I would imagine that most e-mail providers encrypt communications between servers. No real reason not to. I was talking about running your own server and using a client. The only point is to decentralize, but if the government is tapping the major backbone then it probably wouldn't matter. It's harder to coerce many entities instead of just one. About GPG, that's correct. It's also not perfect because there's metadata. The subject field of e-mails cannot be encrypted and it is still possible to tell who is communication with whom.
Re: [Trisquel-users] What's wrong with OpenMailBox?
I'm an OpenMailBox user, and I really hope that they get themselves together. I recommended OpenMailBox to a friend of mine a month or so ago, and that's when I found out that registration was closed. It's sad to see that not much progress has been made; this should be investigated for sure. The amount of money from fundraising hasn't changed a bit in a long time; every time I go to their home page, the bar is in the same spot that it's always in. It makes me wonder if they're just not getting any donors or something more is going on.
Re: [Trisquel-users] What's wrong with OpenMailBox?
Interesting. So the most common mail providers might not allow encrypted emails to pass? To make sure we're talking about the same method, I'm talking about using something like Thunderbird instead of the Webmail. - A few more remarks: * Both persons need to use a libre OS, but even then, at least the email provider can't read a thing. So that's already one GAFAM player out of the game. * Indexation of encypted email doesn't work. But if not using the webmail, it shouldn't be a problem. - in a nutshell: * I might misunderstand it, but I don't see the point of having a libre email provider, or even a personal email server (trusting the provider, communicating with non-free mailboxes cancels the point, even more if mails are fetch to the non-free OS, etc.). * as for GPG, although it's (to me) the best way, it demands some preparation that most aren't willing to make, and that might be tricky (if using someone else's PC for example, or your smartphone). I guess that's where Tails comes into play (most people wouldn't make the effort of using it though). Setup on several machines, including smartphone and Tails, that's A LOT of work. Too tempting to simply connect to the webmail only to find that the encrypted emails are unreadable. I guess I'll have to try.
Re: [Trisquel-users] What's wrong with OpenMailBox?
They are a French website, and sometimes their English translations are lacking. I wouldn't be suspicious.
Re: [Trisquel-users] What's wrong with OpenMailBox?
Encrypting the e-mails on the server is difficult. Encrypting the messages between the servers is doable as well, but the other server must be configured to allow it as well. End-to-end encryption is quite difficult but not because of technical reasons. You have to convince the person you're communicating with to create a GPG key and use it. Furthermore, this person will likely use it on a proprietary OS anyway, so it can be considered compromised anyway.
Re: [Trisquel-users] What's wrong with OpenMailBox?
I mostly avoid using non-free emails, but as for Openmailbox.org? It is better than some, but I got a weird email from them one day... about needing authorization for something or my account would be deleted... I am not sure if it was a scam or not, but it was in french so I am highly suspcious... of them...
Re: [Trisquel-users] What's wrong with OpenMailBox?
They store your information from what I remember in their forums due to what was french law for a year I believe...
Re: [Trisquel-users] What's wrong with OpenMailBox?
I don't understand why a server isn't an option for you. To me: * people I communicate with are 99% on non-free providers. So my emails are compromised anyway. * from there, Openmailbox/mail server vs Gmail/Yahoo, not much of a difference, I suppose. Well, free software on a personal server is still better. But The server might take a bit more work, for no real gains. And the libre provider can still act use your data, in theory. * Encryption is the key (pun intended), but it's not easy to understand/use. Still the best option around. Is my reasoning flawed somewhere?
Re: [Trisquel-users] What's wrong with OpenMailBox?
Thank you. I didn't know that. In light of new information, I'm going to attempt to gift some posteo accounts. UsernameV we're talking one lousy euro a month and they've been around for seven years: https://posteo.de/en
Re: [Trisquel-users] What's wrong with OpenMailBox?
Posteo actually offers the option of paying totally anonymously by cash. You can send your cousin to pay or even send cash in an envelope. The also offer encryption of all data on their disks (with the downside of no back up) I think the (little) money serves a very good purpose.
Re: [Trisquel-users] What's wrong with OpenMailBox?
I like posteo.net. I haven't used it much because I do have an OpenMailbox and I also have a grandfathered Riseup from my activist days that I use very sparingly. Calmstorm, do you know something negative about them that I don't? They do cost money, but it's negligible. The problem is more that getting it to them compromises anonymity and if that is a major issue with you, you're better off with "I know about that one and it doesn't work for me" on anything as public as the Trisquel boards. I know all too many people who think I can magically pull an openmailbox clone out of thin air just because I use an FSF endorsed distro on cheap hardware and am not afraid to ask questions and make mistakes. :( Thanks for the heads up, Adfeno; dropped another quarter in Pierre's tip jar and plan on doing that instead of kicking the cat or shaking my fist at the sky whenever I feel feelings.
Re: [Trisquel-users] What's wrong with OpenMailBox?
my only problem with tutanota, is that they support proprietary operating systems more than free ones and that they have no debian or ubuntu support. also, it would be better if they used AGPL3 as their license, but mostly it is the first two sentences of this post that make me not happy with them. and the fact that imap isn't allowed...
Re: [Trisquel-users] What's wrong with OpenMailBox?
I use Tutanota. It pretty much satisfy the requirements pointed out by yourself. Give it a chance if Openmailbox keeps suffering the same problems.
Re: [Trisquel-users] What's wrong with OpenMailBox?
Important note: I'm *not* involved with OpenMailBox.
Re: [Trisquel-users] What's wrong with OpenMailBox?
I also noticed that, thanks to some mass missinformation that carried on to most of the OpenMailBox users and donors, it's now very hard to make the donation mark pass the 30%. As a user, and unemployed poor, I'm trying my best to attract more donors, but I think I'll have to make some drastic changes on how I communicate if I don't want to be indirect victim of those annoying non-founded boycotts --- non-founded because the service provider is still alive and providing services. Currently, I see these options: a. Find another free/libre software friendly email provider that provides gratis registration and usage, but which also accepts donations and paid storage enhancements. b. Get a gratis domain name that is not subject to tracking by government, and go through the road of setting my own email service, only for my personal use, and hope that my messages don't end up flagged as spam. I don't know how to do this option, although I can learn, it'll probably take some time, specially to find a trustworth domain name provider. c. Forget about server based email and move to distributed (no server involved) BitMessage email. By default, this will make communication with others that have server-dependent email impossible --- this also applies to sites or services that expect you to have validation through email, because most of these services don't know how to send BitMessage messages. There are some service providers that provide an average email address that can represent your existing BitMessage address, but once again, if you start depending on this, then a boycott like what happenned to OpenMailBox can easily make these independent service providers vanish. If I end up only with this option (and without the BitMessage-Email both-ways forward service), I might be unable to use most forums and mailing lists, including this one. Poor OpenMailBox, why don't those boycotters do the exact same thing when they were HotMail/Gmail/Yahoo/OtherFreeSoftwareUnfriendly users, I guess we would have won the attention of those service providers already. :) In the end, I and OpenMailBox just need more help getting more donors. It's not over yet, because the service is still being provided. -- - [[https://libreplanet.org/wiki/User:Adfeno]] - Palestrante e consultor sobre /software/ livre (não confundir com gratis). - "WhatsApp"? Ele não é livre, por isso não uso. Iguais a ele prefiro GNU Ring, ou Tox. Quer outras formas de contato? Adicione o vCard que está no endereço acima aos teus contatos. - Pretende me enviar arquivos .doc, .ppt, .cdr, ou .mp3? OK, eu aceito, mas não repasso. Entrego apenas em formatos favoráveis ao /software/ livre. Favor entrar em contato em caso de dúvida.
Re: [Trisquel-users] What's wrong with OpenMailBox?
Hi, Registration is disabled for everyone, you better conctact the openmailbox team.
Re: [Trisquel-users] What's wrong with OpenMailBox?
It is probably best to ask the openmailbox people. This is the forums for Trisquel, and we don't run the openmailbox site.