On 13.02.2013 22:47, Joe Btfsplk wrote: > I suppose even providers offering encryption of files while on their > server (like Lavabit), could read the mail just before it was encrypted > / decrypted, since they are doing the encrypting.
Even if they encrypt maildirs on their servers and unlock only while you are logged in, they can sniff your login/encryption password and poof. That's what Hushmail was forced to do on request by law enforcement. The only way to do this properly is to encrypt all incoming mails using your public key. That way, existing mails are protected. New incoming mails can still be intercepted when they are coming in, of course, that's why the provider should offer an option to drop non-PGP mail directly at MTA level for selective aliases/accounts. [1] Webmail will become mostly useless for these accounts. To be able to do fulltext search etc. one could add a local (!) imapproxy that decrypts all mails before putting them into the mail application's inbox. Is there anything like that? Similar thoughts for outgoing mails. > I believe one or 2 offer "end to end" encryption. Every provider supports this, just use PGP for everything. No provider can "offer" it, that is impossible. [1] https://github.com/moba/pgpmilter -- Moritz Bartl https://www.torservers.net/ _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk