(Update 1/23/17) Yahoo email plans

[TWP]

Like some of you, I have an email account through Yahoo(r).

I use the free account for obvious reasons...

However, in the last few weeks, Yahoo has revealed some major security breaches and I have a report that they have been running an email reading program on all (all!) of their email stream...  The results are being sent to one of the three-letter-agencies...

This situation leads me to look for another email provider. 

I cannot afford to pay for an email account, so this limits my choices.

Some choices are not being considered:  Google GMail, AOL and obviously Yahoo itself.

If you need to ask why these email services are rejected by default, then I have a bridge in Arizona for sale and will want to talk to you about financing, low down and only a small interest rate...

My question is: what/which email service can you recommend which fits my criteria:

1) free, no charge
2) secure, to the degree that email can be secure
3) not on my auto-reject list, above.

Information about Yahoo's problems:

http://money.cnn.com/2016/09/22/technology/yahoo-data-breach/

http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT

There are multiple lists on the 'net which recommend this, that and the other email services.

I've don't my research.   I'm looking for some user recommendations, thanks.

[willc453]

Can't help you with an alternate email address, but has anyone checked out Tor? It's a security program which hides your pc address AND allows you to send encrypted emails to others, provided they also have Tor. Various 3 letter govt. agencies are fighting it, saying it helps terrorists. Link:

https://www.torproject.org/

[TWP]

Yes, I have and use TOR (The Onion Router).  It is not email related, so let's take this thread there anyway.

This is about OPSEC (Operations Security).  It is not for the faint of heart...

TOR attempts to make your 'net traffic hard to back-trace to you.  It uses a layer of three separate server connections to keep your online identity hidden.

It CAN BE COMPROMISED by TOR servers which are not part of the TOR network or which have been compromised by deliberate intent and instead record information about the traffic they handle.

If, over time, a pattern can be identified which points back at you, then you are no longer anonymous.

There may be other vulnerabilities, but this one can work if you do a lot of TOR usage.  Particularly if you maintain a single point of origin (you fail to change your ISP or Access Point (AP) frequently. 

TOR has it's uses, but I cannot trust it as my main access route to the 'net.   It can be used, with a fair amount of safety, if you restrict such usage to single messages separated by long time spans.   It is NOT a failsafe option, so be aware of this when you do use TOR.

And now we return you to your regularly scheduled thread about email account providers.


[EDIT] on option with TOR is to use the TAILS operating system which is TOR plus a Linux bootable operating system written to a DVD or USB memory stick and NEVER installed to a hard drive.

TAILS - The Amnesic Incognito Live System

https://tails.boum.org/index.en.html

The idea on TAILS is to NOT offer an identifiable machine signature on messages sent using TOR and an email client or when connecting to another website using the built-in browser (Firefox custom version).

[TWP]

For those with a Yahoo email account, this is more information about how badly your information has been compromised:

http://arstechnica.com/tech-policy/2016/10/house-wants-briefing-as-soon-as-possible-to-grok-how-yahoo-spied/

I'm still looking for a secure, free email server/host...

[Clay]

Did you find a good solution yet?

[TWP]

I've not yet made a choice.  There are several email providers which have their servers located outside of the US.

That is a good thing.

The use of encrypted mail is now a necessity, not just a desirable option.

The type and level of acceptable encryption has also changed in the last year.  128bit SHA1 and 256bit ESA encryption keys are no longer enough.  The minimum is now 2048biit RSA and 4096bit RSA is a better standard degree of encryption

My list of possibles include these, in no particular order:

Protonmail
Enigmail
Kolabnow

[Clay]

My next question is, and I'm sorry if this isn't a good one but I'm not a computer guy, why does encryption matter? It seems like most emails that are sent to me would also be unprotected, therefore making it not as important. Does that make sense?

[TWP]

Clay
It's my response to the things which are being done which violate our "right" to privacy.

This is not the forum to discuss this, so I'll just point at Yahoo(r) and Gmail(r) as recent examples.

As a "prepper", I do believe that OPSEC is important.

PM me if you don't understand what I'm talking about.
Thanks

[Ken K7KBJ]

We have 100 free email addresses included with this domain, nnpg.net
I can set you up with one if you want to try it.
I have no idea what GoDaddy's email policies are.
I suspect one can look that up somewhere at godaddy.com

Ken
K7KBJ

[TWP]

Ken, That is interesting, let me do some research on server location and Godaddy's privacy policy with respect to email.

My research on Protonmail shows that their servers are all located in Switzerland, which has hands off policy and does not allow "fishing" expeditions by other governments.

I'll get back to you on this.

[Jerry D Young]

I am definitely interested in one of the site e-mail addresses Ken.

And TWP, I am interested in one of the encrypted ones, once you have done your research and decided on one or more of the available options.

Thank you guys.

Just my opinion.

[TWP]

Jerry, I'll keep you advised.

[TWP]

It seems that Yahoo(r) had yet another (no pun intended) email breach, in a similar time frame to the prior one which I reported in my OP.

http://arstechnica.com/security/2016/12/yahoo-reveals-1-billion-more-accounts-exposed-and-some-code-may-have-been-stolen/

I direct your attention to the final paragraph, which points at an acquisition of Yahoo(r) by Verison(r) (the cellphone company)...

I still maintain my yahoo email account, but I no longer use it for secure communication.  I have moved all of that to another email provider, whose servers are not located in the US and appear to be much more secure than Yahoo's...

My personal opinion is that neither Yahoo(r) nor Version(r) are sufficiently trustworthy.  You must make your own decision with respect to online privacy, as much as that may be an oxymoron...

If you are concerned, as I am, about other people reading your email, please consider carefully...

[Jerry D Young]

I never use standard electronic communications for anything that I do not mind the entire general population, and particularly the authorities, knowing. For anything that I consider even moderately confidential, I use alternate means. This is sometimes electronic, but often not.

While the more secure options that are out there are good, some even very good, I continue to use my own security methodology even while using those methods to carry the message from point A to point B.

Just my opinion.

[Clay]

"The more you try and hide, the more you stand out."

My yahoo email got hacked again as well. At least that's what they say. All I can think to do is not keep emails stored and change the password regularly. I have always wondered if when you "trash" an email if it even gets deleted. Does anyone know?