[OPSEC/Computer] safe-mail ?

I tried searching and came up kind of empty. I read a comment the other day that said NOT to use safe-mail and another person backed them up. But they never said why and now I can't find the comments.

A few vendors that I've used also use safe-mail as their alternate contact. So why is it bad? As long as PGP is used with TOR & TAILS, I don't see why it would matter anyway.


Comments


[2 Points] kamn74:

As long as PGP is used with TOR & TAILS, I don't see why it would matter anyway.

It mostly shouldn't,


You might also consider SIGAINT. Since you can only access your email account via their Tor hidden service, it's impossible to link your account to your home IP address by accidentally reading your email via a clearnet browser.

Go to http://sigaint.org/ to get their onion address.


[2 Points] None:

[deleted]


[1 Points] h0melesscomrade:

safe-mail is OK as long as you are using at least TOR at bare minimum. PGP is essential, too. Think wisely. Good luck mooger.


[1 Points] Derrick4Real:

That was most likely me in that thread. Check my post history and you'll find it. I advise everyone who mentions safe-mail that they should move to one of the many pro-privacy conscious services to choose from that weren't around a year ago.

Sorry, too tired to find articles...but Google 'Forbes and safe-mail'.

And ysk the only reason safe-mail gained popularity was due to the loss of TorMail (the default email service used by SR1 users) and safe-mail's compatability with Tor.

The Feds TorMail bust is what lead to a mass exodus to safe-mail. And at that time, a lot of new people had come to the scene after reading about SR1 bust. So everyone followed the flock and went to safe-mail. However there are many other privacy, security, anonymity focused ESP's these days that you can choose over safe-mail.

Rest assured that as soon as that Forbes, Wired and several other articles were published worldwide after SR1 went down...every interested LEA...and whomever else is capable of dragnetting comms...shifted their focus on monitoring the now seized TorMail server they had mirrored and eventually shut down, seized and studied thoroughly...directed their efforts to safe-mail.

Google 'TorMail and Freedom Hosting' for the earliest the beginning of the time line.

Like someone mentioned, just PGP everything, and continue to use them. You won't need to worry. Consider any clear text messages sitting on safe-mail vulnerable to prying eyes.

I literally deleted my account after reading an enlightening post in the /r/privacy subreddit. What the specifics were, I don't recall anymore.

But there was enough justification, for me a year ago, to move to a service that focuses on anonymity and privacy. One that passes all of the perfect forward secrecy standards. That didn't log your IP...and didn't store your login info for life. And didn't break to LE requests for data. Hint: read safe-mail's TOS.

Edited for clarity


[1 Points] justsayinthat:

I'd say too that it shouldn't be a problem using safe-mail in combination with pgp and tor/tails and maybe in addition a vpn on top of that. when in doubt, use tutanota (of course in combination with pgp and tor..and only for one purpose (not for stuff that is somehow linked to your identity)


[1 Points] mooger_fooger:

Thanks for all the replies. I feel better now.