All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Looking for testers: email encryption gateway
After all the Snowden stuff, I decided to work on an email encryption gateway so that my and others' information is protected from snooping.
Email sent through this gateway will be encrypted by your public PGP key, and delivered to your personal email address. This message can only be decrypted with your private PGP key and password (if set). PGP is a mature standard, and many clients offer support for it (e.g. Thunderbird with Enigmail, K-9 mail for Android with AGP, Gmail with Mymail-Crypt Chrome extension, OpenPGP.js, etc.).
When receiving through the gateway, the gateway will attempt to negotiate a TLS session, which will allow for the entire data stream to the server to be encrypted. The gateway will then import your PGP key (if given), encrypt the message with it, and deliver it to your personal email address. The gateway is currently hosted in NL.
You will get a new email address that points to the gateway. To receive encrypted messages, you simply have to give out this email address. You can set an outbound mail alias in your email client, and use PGP locally to send encrypted messages to have bidirectional encryption. Note that this is an incoming-only mail server.
To participate, simply PM me the mail alias you'd like, your personal email address, and your PGP key ID. This is the 8-character hex number found when entering your email address in the search box here:
http://sks-keyservers.net/i/
If you don't have a PGP key already, you can create and publish one with:
Create key:
$ gpg --gen-key
Publish key to keyserver:
$ gpg --keyserver hkp://eu.pool.sks-keyservers.net --send-keys <key id (email, fingerprint, etc.)>
Find key on keyserver:
$ gpg --keyserver hkp://eu.pool.sks-keyservers.net --search-keys <key id (email, fingerprint, etc.)>
A web interface will come out soon enough so you can do all this via a dashboard.
If you have any questions or feedback, let me know.
P.S. PLEASE don't send any shady stuff through this gateway. This is for personal privacy protection, not a child porn encryptor!
Comments
This is an interesting service, but how do you plan to deal with spam? Is the biggest problem I can think of with a service like this.
What's the point when they sniff the mail before it reaches your gateway? And what when they seize your server and have all the aliases and their real emails. Not to mention it shouldn't be hard for the government to crack a GPG email.
Yeah, slightly better (resolves second problem, sort of) would be to run your own mail server and install software that does the encryption. For example, with Postfix, http://vpsboard.com/topic/1503-postfix-encrypt-incoming-mail/
But the only reason people encrypt their email is because they're doing shady stuff (or they have autism).
That's something I've thought of, and a tough one to tackle without looking at the content of messages (which I really want to avoid, unless enough people complain about spam). I might do the standard DNS-type checks and RBLs that will filter out a good chunk, but far from all, spam messages.
If the sending mail server supports TLS, then they'll be sniffing a bunch of blah. It's against standard practice, but I am considering enforcing TLS, and refusing plain-text communication with the gateway. Most servers support TLS, so plain-text communication will be the exception, not the norm, anyway.
I don't know what the government's true capabilities are, but if you think they can crack PGP, then you definitely wouldn't want to use this. If the server was seized, you're right--they'd be able to see your aliases and personal email addresses. But that's it, nada mas. As much as I or anyone would dislike that, at least they wouldn't have any actual email contents.
If you're concerned about this, do as @perennate says and run a personal server, although you'll run into the same issues as described here, with the exception of the end transmission of the encrypted message to the personal email account.
Maybe I have autism and don't know it, but I'd definitely prefer for my SolusVM emails to be sent securely, along with any other emails with sensitive data in them. I use a mix of this and my personal address directly; I don't need for most of my emails to be encrypted. It really depends on you and what you're comfortable with.
So what's difference from running your own mailserver and making it encrypt incoming messages and enforce TLS? :-)
I am not trying to call this service useless or something but just confirming.
You can certainly do that. It's pretty much the difference of why you use Gmail instead of run your own mail server. This will allow you to use Gmail (or email provider of your choice), but securely.
Using gmail makes TLS moot. NSA has their keys, no worry about that.
I am thinking to encrypt the mail before leaving the computer and decrypting it at the other end when entering the receiver's computer. There can be an easy app/plugin to do that. Then, they will have to seize your computer from home, wont be able to snoop undetected or even seize your dedi/VPS node. I mean, they can still do that but wont be for much good.
As for awson and his non-original child porn theories, just one more victim of the propaganda and future victim of the crackdown on people, unless he will join the thought police or the clergy later on to preserve the freedom and democracy against deviant extremists: libruls, various banned cults, terrorists, right-wing, left-wing, hispanics, arabs, negros, gays, democrats and everyone "associated" with them that betrayed the democracy and freedom as the great ruler(s) define them.
The good thing about TLS is that keys are created and exchanged on-the-fly, and the server is in charge of the cipher selection. That definitely helps ensure there's some minimal level of security that can only be broken of the protocol or cipher itself is vulnerable.
You do not understand, I was not clear. Who controls the server, can read the traffic. You need that both ends are trustworthy enough say you and your correspondent. The server that processes the mail should be treated as untrusted, even if belongs to me, someone might control and read everything without my knowledge since it is remote. Therefore the encryption and decryption must happen at the ends.
@Maounique, gotcha; I misunderstood what you were saying. The ideal is encryption on the sender's client side so that no server anywhere ever sees a clear-text message. But since setting up PGP is a bit involved for most people, I think a gateway like this is a good alternative. Solus emails will never be sent PGP-encrypted, and neither will most (if not all) automated emails. Gateways like this ensure that sensitive data is always encrypted, regardless of the sender.