Sign in to follow this  
Followers 0
Engineering

Which free email service is best? (in security terms)

6 posts in this topic

Yahoo? Gmail? Hotmail? Aol? Lavabit? Gmx? Zenbe? Gawab? Mail?

Which email provider is more ideal for the security inclined practitioner? I've read some have a history to either:

*Keeping forever records of account logs (including logins/ip's/transactions and more)

*Doesn't not "permanently" delete inbox messages (remain in "backup" servers for indefinite amount of time)

*Leaks user info to third parties

*Shitty/Flawed privacy agreement policy

*No resistance over subpoenas (aka doesn't defend/advocate privacy rights)

*And even though they say they don't do any of the above, they in fact do under the sheets to meet their "agenda".

What provider is trustworthy? what are your opinions? What would you, or do use?

Which to stay with, which to stay away from?

1

Share this post


Link to post
Share on other sites

imo hotmail has more users, thus more grounds for hacking,

y!mail is just plain crap

the rest i have no clue

0

Share this post


Link to post
Share on other sites

I suspect you're talking about GMail in the first few items on your list. I wouldn't worry about this stuff. GMail reads your mail, but so do the other webmail services. GMail is open about it, and that says a lot. Google also doesn't give in to subpoenas automatically either. Yes, they're going to comply with court orders (as any other service will), but they're not going to hand over your mail, access logs, search data, etc if they're merely asked for it. I think there was one case in China, but it's a different story over there.

It all comes down to who you're going to trust. You have Google who, for all their creepiness, are completely open with what they do with your mail. They also have tons of cash, so there's no real pressure to make a profit on GMail. Then you have Microsoft, who are not the most trustworthy of the bunch. They have also broken Hotmail, MSN, etc intentionally on browsers other than IE, and for Linux in the past. That might factor into your decision. But what ever you do, don't use Yahoo!. They're a sinking ship. They're losing money left and right, and I don't think they're above selling your email address (maybe even paired with keywords) or doing anything else to make a buck. Also... they're a sinking ship, they might not even be around for much longer. So there's a lot to consider here.

Of course, webmail is inherently insecure, as is all email for that matter. If you want really secure email, use PGP.

0

Share this post


Link to post
Share on other sites

Of the well known ones you list, only GMail doesn't show your IP address in the header.

0

Share this post


Link to post
Share on other sites

I'm going to say GMail.

1. They provide you with the last five ip addresses that signed into your account. So, you'll know if you've been hacked or not. If somebody steals you yahoo password, you won't know until they start doing something to let you know.

2. They don't put your ip address in the header (unless you're using their SMTP).

3. They allow the option of putting a secondary e-mail on the account, so in the case of a lost password, password reset instructions will be sent to your alternate e-mail address first (this prevents secret answer guessing). GMail requires 24 hours to pass after the recovery e-mail was sent, in order to change your password via your secret question. If you login to your gmail account during this 24 period, the reset process will become void, and the attacker will have to request another e-mail be sent, and wait another 24 hours of account inactivity.

If Sarah Palin had used GMail, instead of Yahoo, that kid wouldn't have been able to guess her secret question.

4. GMail allows add-ons an extensions. Which makes it fun. Not really security related, but cool none-the-less.

Whoever said GMail fights subpoenas is dreaming. GMail is legally obligated to hand over any data a court demands; if they don't, they'll be held under contempt.

I know some wise ass is going to say, "Get an e-mail provider from another country, that way they won't have to listen to the US Government!" I hear this myth all the time (especially with proxy servers). The American government fully cooperates with Interpol, and other international law enforcement organizations. Going back to that Sarah Palin hacker, he thought he was safe double proxing through Canada and Germany. He was wrong. Within a day, the Secret Service had his real info. Other countries cooperate with the United States the same way we cooperate with them.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0