Lavabit.com and Tormail Email Alternatives...

[herzmeister]

The fact that Mailpile consists of a google developer already makes me nervous to use Mailpile. 

The fact that Bitcoin consists of a google developer already makes me nervous to use Bitcoin.

[Lauda]

The fact that Mailpile consists of a google developer already makes me nervous to use Mailpile. 

The fact that Bitcoin consists of a google developer already makes me nervous to use Bitcoin.

I feel you bro 

[smscotten]

One more thing: why isn't there (or is there that I don't know about?) a web-of-trust model system for SSL certificates? At this point, it seems like the only secure solution is self-signed certificates, and that is only "secure" if you know the person who runs the server.

At this point I would say anyone who wants web-based secure email had better be running their own web and mail servers. Or else they are more trusting than I am that every Certificate Authority in the world isn't CCing everyone's private webserver keys (which the CA's generate) to every three-letter-agency on Earth.

[marcus_of_augustus]

One more thing: why isn't there (or is there that I don't know about?) a web-of-trust model system for SSL certificates? At this point, it seems like the only secure solution is self-signed certificates, and that is only "secure" if you know the person who runs the server.

At this point I would say anyone who wants web-based secure email had better be running their own web and mail servers. Or else they are more trusting than I am that every Certificate Authority in the world isn't CCing everyone's private webserver keys (which the CA's generate) to every three-letter-agency on Earth.

I agree the CA system is flawed and proven to be broken/compromised in some important cases.

Namecoin TLS is now at functional state and the concept has been proven. Now it needs some more work (and devs) to bring it to a level where widespread usage is simple.

http://dot-bit.org/forum/viewtopic.php?f=2&t=552

[smscotten]

One more thing: why isn't there (or is there that I don't know about?) a web-of-trust model system for SSL certificates? At this point, it seems like the only secure solution is self-signed certificates, and that is only "secure" if you know the person who runs the server.

At this point I would say anyone who wants web-based secure email had better be running their own web and mail servers. Or else they are more trusting than I am that every Certificate Authority in the world isn't CCing everyone's private webserver keys (which the CA's generate) to every three-letter-agency on Earth.

I agree the CA system is flawed and proven to be broken/compromised in some important cases.

Namecoin TLS is now at functional state and the concept has been proven. Now it needs some more work (and devs) to bring it to a level where widespread usage is simple.

http://dot-bit.org/forum/viewtopic.php?f=2&t=552

Thank you for pointing that out. I was of course aware of Namecoin but not Namecoin TLS. I'm setting up a forum (and probably web-based email) with encrypted storage and SSL-only access, and physical hosting at a location I have control over. I don't have a lot of bandwidth so I'm not making it available to to the public (sorry) but I am concerned about making it work.

What I've done is put the root domain and a subdomain on two different physical servers: one has a Comodo SSL certificate and the other has a certificate generated by my own local Certificate Authority. The root certificate hasn't left the machine with the webserver. The domain with the Comodo cert has one thing on it: a download link to my own CA public cert which can be installed into people's browsers or OSes.

This gets me third-party authentication so you know that the cert came from the controller of the domain, and then encryption where the private keys for the server and CA are only on the server and have only ever been on the server.

And it's *really* kind of convoluted. AND if I were offering it publicly, it still wouldn't be an alternative because all it would take is someone physically stealing the server or arresting me and cutting the lock off the case.

Anyhow, I'd been thinking about registering a dot-bit domain as an alternate means of accessing the site. Now I'm considering that much more seriously. Thank you.

[jedunnigan]

The fact that Mailpile consists of a google developer already makes me nervous to use Mailpile. 

The fact that Bitcoin consists of a google developer already makes me nervous to use Bitcoin.

you've got to be kidding. If any changes are made the community disapproves of we won't update our clients, simple as that. Mike Hearn is a legend mate don't be a dick.

[marcus_of_augustus]

The fact that Mailpile consists of a google developer already makes me nervous to use Mailpile. 

The fact that Bitcoin consists of a google developer already makes me nervous to use Bitcoin.

you've got to be kidding. If any changes are made the community disapproves of we won't update our clients, simple as that. Mike Hearn is a legend mate don't be a dick.

... he's not a legend ... bitcoin is the trust no-one currency, you'd do well to remember that.

[jedunnigan]

The fact that Mailpile consists of a google developer already makes me nervous to use Mailpile. 

The fact that Bitcoin consists of a google developer already makes me nervous to use Bitcoin.

you've got to be kidding. If any changes are made the community disapproves of we won't update our clients, simple as that. Mike Hearn is a legend mate don't be a dick.

... he's not a legend ... bitcoin is the trust no-one currency, you'd do well to remember that.

If you read my post, it's not about trust in Mike. He has done a TON for this community. Trust comes in when you update the client, so you peruse the changes and see if they are up to standard. You trust the code, not the people. Here i am speaking to the hard work mike has put in making bitcoinj possible. You'd do well to remember that.

[MysteryMiner]

Self-hosting your own mail server is a short term solution for long term problem. e-mail must be retired because of usability and security problems. Just like BBS or Gopher is no longer used by mainstream.

[marcus_of_augustus]

Here i am speaking to the hard work mike has put in making bitcoinj possible. You'd do well to remember that.

Thanks .. maybe I will. Deifying devs and calling people dicks is probably not going to make me listen to you much though ... I wonder how he missed that random number generator Android bug for soooo long? Maybe concentrating on the law enforcement possibilities for bitcoinJ was occupying too much of his dev mind share?

[jedunnigan]

Here i am speaking to the hard work mike has put in making bitcoinj possible. You'd do well to remember that.

Thanks .. maybe I will. Deifying devs and calling people dicks is probably not going to make me listen to you much though ... I wonder how he missed that random number generator Android bug for soooo long? Maybe concentrating on the law enforcement possibilities for bitcoinJ was occupying too much of his dev mind share?

lol deify? boy oh boy i love leaps in logic.

But sure thing mate, you're the boss. I'll stop defending someone who has dedicated their time to meaningful development in the bitcoin space and start throwing baseless accusations around that even if they were true, wouldn't fly in practice. Happy now?

What I can tell you is I'm definitely over this OT convo tho, thanks for the insights.

To make this post worthwhile:

Self-hosting your own mail server is a short term solution for long term problem. e-mail must be retired because of usability and security problems. Just like BBS or Gopher is no longer used by mainstream.

I agree to an extent, although it will be ages before email is phased out. An easy-to-use alternative will have to be made accessible first.

[smscotten]

Self-hosting your own mail server is a short term solution for long term problem. e-mail must be retired because of usability and security problems. Just like BBS or Gopher is no longer used by mainstream.

BBS? Isn't that what we're having this conversation on?

I'm interested to know what you suggest to replace SMTP. I have little doubt that whatever comes next will still end up being called email.

[favdesu]

i havent done much research into hosting my own server. i use a combination of gmail and bitmessage depending on who im talking to.

im really excited about MailPile though.

The project is run by 3 developers, 1 from google, 1 a member of the Icelandic Pirate Party, and 1 open source user interface developer.

Its still in the works, but should be useable in 6-12 months.

You can follow their progress and look up details here.

http://www.mailpile.is/

this looks really promising. I will "contribute" the $23 thing

[stevegee58]

Kim Dotcom of megaupload fame wants to get in on the act as well, starting an end-to-end encrypted email service:

http://yro.slashdot.org/story/13/08/11/1244209/after-lavabit-shut-down-dotcoms-mega-promises-secure-mail

This should be good ... he may come across sometimes like a big, funny guy (clownish) but you know what? ... He just goes ahead and does shit, he doesn't just talk about it.

Yea there is no doubt he is a doer more than a talker, but don't walk into his playpen willy nilly. If you are looking for secure encrypted mail storage the only person you can trust is yourself. Using open source software or at least auditable services is key.

I agree.  But still I like KDC because he's bold, disruptive and a PITA to the government.  We need more like him who refuse to be sheep.

[wolverine.ks]

I'm interested to know what you suggest to replace SMTP. I have little doubt that whatever comes next will still end up being called email.

what about bitmessage?

[Sage]

I'm interested to know what you suggest to replace SMTP. I have little doubt that whatever comes next will still end up being called email.

what about bitmessage?

Systems like Bitmessage are the ultimate solution, but in the interim we need something to bridge the gap.

So far its looking like enigma mail + openPGP is the best option.  But getting contacts to actually setup encryption has been a challenge.

What's it gonna take for the lemmings to wake up?

[LightRider]

The owner of groklaw (which she just shut down, btw), suggests https://mykolab.com/.

[ANX_Service]

I'm interested to know what you suggest to replace SMTP. I have little doubt that whatever comes next will still end up being called email.

+1

ANX.HK

[virtualmaster]

ANX.HK

What is this ?
The Bitcoin price seems to be 800 $ there.

[Winterfrost]

What is this ?
The Bitcoin price seems to be 800 $ there.

A bitcoin exchange for Asia it looks like. It defaults to HKD (Hong Kong Dollars), so that's why it shows up as 800.