You are not logged in.

#1 2012-02-28 10:52:15

johnd357
Member
Registered: 2012-02-28
Posts: 2

Email privacy possible?

Gmail is great, but in a world where online privacy is getting harder and harder, I find it a priority to leave free webmail services. Sadly, I can't see any great alternatives.

Running my own VPS mailserver poses it's own risks. I certainly trust Google more than I trust myself to be able to run a secure mailserver that won't get compromised, or won't periodically fail to receive or send emails, or won't get filled with spam. At the end of the day, you still have to put your trust in someone. Why should I trust my VPS provider more than I trust Google not to read my mail?

What are your thoughts? I'd love to run my own mail server, but I don't see the benefits outweighing the costs.

(And I know about PGP, but sadly that's just not practical to use everywhere.)

Offline

#2 2012-02-28 11:04:58

/dev/zero
Member
From: Melbourne, Australia
Registered: 2011-10-20
Posts: 1,247

Re: Email privacy possible?

You can use, say gmail - just use it with mutt, which can encrypt everything.

Offline

#3 2012-02-28 11:14:03

johnd357
Member
Registered: 2012-02-28
Posts: 2

Re: Email privacy possible?

/dev/zero wrote:

You can use, say gmail - just use it with mutt, which can encrypt everything.

Sadly that's part of the dilemma.

PGP encryption is really not practical at all, as it requires people on both sides to act. Communications with online stores, or bank accounts, or whatever will not be encrypted. Most friends and family won't have the first idea about what encryption means.

Offline

#4 2012-02-28 11:47:23

/dev/zero
Member
From: Melbourne, Australia
Registered: 2011-10-20
Posts: 1,247

Re: Email privacy possible?

Ah, sorry, I need to ltfr - I missed the bottom line wink.

Well, no encryption works in isolation. You can't just have encryption magically work if other people aren't playing ball.

You always have the choice of not conducting your affairs in cyberspace, if you're really worried.

Offline

#5 2012-02-28 11:50:14

geniuz
Member
Registered: 2010-04-10
Posts: 127

Re: Email privacy possible?

Running your own (mail)server is really not as hard as it seems. There are plenty of guides on the internet that can give you a pretty good idea on how to secure your server such that most script kiddies won't even stand a chance. All it requires is some time, will to learn and of course money. As to your paranoia towards VPS hosting services...well, if I look at Google's privacy policy and compare it to the one of just about any VPS hosting service I can find on the internet, I don't think I'd think twice where to put my stuff. Is there a guarantee they won't look at your information, ever? You won't know, but since its generally not in their terms of service to do so without some court order, they'd be breaking the law in quite some countries.

By the way:
As for the most serious of hackers, I'd say not even Google or any other corporation for that matter can guarantee they won't get comprimised. Better still, having your e-mail address hosted at such companies will expose you even more IMHO, as they are often one of the targets of those skillfull hackers. Just imagine how much all the information they can get from even one of Google's servers might be worth...whilst if you maintain your own VPS hosting just your mail and/or blog, I'd say chances are pretty slim the elite will waste their time cracking your box.

Last edited by geniuz (2012-02-28 11:57:57)

Offline

#6 2012-02-28 11:53:54

/dev/zero
Member
From: Melbourne, Australia
Registered: 2011-10-20
Posts: 1,247

Re: Email privacy possible?

I think if your every email on gmail was stored in encrypted form (because it was put there via the imap interface from a client that uses encryption), it wouldn't matter if Google's servers were compromised. This is the whole point of encryption, right - if it's strongly encrypted, you should just be able to leave it sitting out in the open and it will look like gibberish.

The hard part, as Johnd357 has pointed out, is getting other people to play the encryption game.

Offline

#7 2012-02-28 12:12:33

geniuz
Member
Registered: 2010-04-10
Posts: 127

Re: Email privacy possible?

/dev/zero wrote:

I think if your every email on gmail was stored in encrypted form (because it was put there via the imap interface from a client that uses encryption), it wouldn't matter if Google's servers were compromised. This is the whole point of encryption, right - if it's strongly encrypted, you should just be able to leave it sitting out in the open and it will look like gibberish.

The hard part, as Johnd357 has pointed out, is getting other people to play the encryption game.

The point you make here is valid and I fully agree with you. But you would have to agree that using any (default) Google services, or even having a gmail account in the first place, for somebody really privacy savvy, does not make much sense. Even if you go through the hassle of encrypting your e-mail and accept the fact that other people won't play along, you still have the gmail account in the first place and you still provided Google with quite some personal details just by having the gmail account. Just because they can't actually read your e-mail doesn't mean they can't still collect plenty of information about you...

Last edited by geniuz (2012-02-28 12:13:12)

Offline

#8 2012-03-17 16:29:04

Evanlec
Member
From: NH, USA
Registered: 2007-12-16
Posts: 141
Website

Re: Email privacy possible?

geniuz wrote:

Running your own (mail)server is really not as hard as it seems. There are plenty of guides on the internet that can give you a pretty good idea on how to secure your server such that most script kiddies won't even stand a chance. All it requires is some time, will to learn and of course money. As to your paranoia towards VPS hosting services...well, if I look at Google's privacy policy and compare it to the one of just about any VPS hosting service I can find on the internet, I don't think I'd think twice where to put my stuff. Is there a guarantee they won't look at your information, ever? You won't know, but since its generally not in their terms of service to do so without some court order, they'd be breaking the law in quite some countries.

+1 for running your own mail server. I run my own mail server, which I use for my personal e-mail,
and I've setup a few imap accounts for friends and family.

I use postfix and Dovecot on a 256mb vps on Slicehost (really want to move to Rackspace, but haven't had the time lately).

It really was not all that difficult to setup, I got by mostly just from the Arch wiki.
You CAN make it difficult if you get in deeply involved in the configuration, as the
number of configuration options / setups is HUGE. But stick to just the minimum
setup (no spam filtering etc) first, and then as you have time to learn more
you can add more features.

I found that the largest benefit (for me anyway) in setting up my own mailserver was the close-to-the-metal
knowledge I picked up about how the E-mail system works (or doesnt work sometimes ;p).

I recommend you get a 256mb VPS from rackspace (running Arch of course) and use Postfix and Dovecot as I feel both are superior
to other e-mail server packages.

Last edited by Evanlec (2012-03-17 16:30:58)

Offline

#9 2012-03-20 23:41:26

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: Email privacy possible?

If you are emailing confidential details of your bank accounts or exchanging financial details, for examples, with online stores via unencrypted email then you are making yourself ridiculously vulnerable. Maybe I misunderstood but this sort of information should *never* be sent via unencrypted email. And, as you say, that means, in most cases, never by email. Email just isn't (reasonably guaranteed to be) private if it isn't encrypted.


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#10 2012-03-21 00:40:56

Pank
Member
From: IT
Registered: 2009-06-13
Posts: 371

Re: Email privacy possible?

If you don't want gmail you might want to check out lavabit.  It could be a solution.  Their paid version is like USD 12 per year or something like that and then you could use, say, your own domain.


Arch x64 on Thinkpad X200s/W530

Offline

#11 2012-03-21 06:32:39

Gcool
Member
Registered: 2011-08-16
Posts: 1,456

Re: Email privacy possible?

cfr wrote:

If you are emailing confidential details of your bank accounts or exchanging financial details, for examples, with online stores via unencrypted email then you are making yourself ridiculously vulnerable. Maybe I misunderstood but this sort of information should *never* be sent via unencrypted email. And, as you say, that means, in most cases, never by email. Email just isn't (reasonably guaranteed to be) private if it isn't encrypted.

Absolutely. I would even say don't send that sort of sensitive info by email at all. You never know how the recipient will handle this email once they've received it.


Burninate!

Offline

#12 2012-03-21 18:53:31

stealthy
Member
Registered: 2011-05-02
Posts: 67

Re: Email privacy possible?

Pank wrote:

If you don't want gmail you might want to check out lavabit.  It could be a solution.  Their paid version is like USD 12 per year or something like that and then you could use, say, your own domain.


THANK YOU, been looking for something like this.


clipodder-git A small simple cron-friendly podcast downloader, with support for arbitrary user defined media types (pdf, html, etc...)

Offline

#13 2012-03-21 22:13:27

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: Email privacy possible?

johnd357 wrote:

Email privacy possible?

No.

Offline

Board footer

Powered by FluxBB