Address book scanning

compleo

Valued Member
The primary reason i use scrypt mail is to avoid what i call high profile/high target e mail programs.such as g mail,yahoo etc.They scan address books & steal contacts.

Can they scan my scrypt mail address book or whatever?

I don't know if i'm viewing this correctly but i feel if i send an e mail to someone who uses g mail,yahoo etc. that my scrypt e mail will now be tainted since it will be in their address book only to be compromised since they scan to steal contacts?
 

SCRYPTmail

Email Service Provider
If you send email then yes, when it leaves our server it's totally under control of recipient server. And yes, they may scan it and use on their own discretion. To overcome that, you may try to use email aliases to communicate with people. And if they sign for SCRYPTmail account, you can protect your real email address from disclosing.
 

compleo

Valued Member
If you send email then yes, when it leaves our server it's totally under control of recipient server. And yes, they may scan it and use on their own discretion. To overcome that, you may try to use email aliases to communicate with people. And if they sign for SCRYPTmail account, you can protect your real email address from disclosing.

I thought of aliases & DE but is that just a work around.Like locking you front door but leaving the back door unlocked.It seems to be a security/privacy issue if another program can scan so called encrypted data.i read,from different e mail providers that the mail sent/received is safe but there seems to be a security/privacy issue not addressed which is protecting the data that is stored in the end users address book.

This is a quote from "tutanota" mail...
Is my address book within Tutanota encrypted?...Yes, all data within Tutanota is end-to-end encrypted and only accessible with your password. Scanning and profiling of your data is not possible..
 

EQ Admin

EQ Forum Admin
Staff member
Then if it encrypted how can another party scan the address book?

A 3rd party can't scan a SCRYPTmail address book..

What SCRYPTmail was saying is that if you send an unencrypted email outside their system to a 3rd party email address such as Gmail, then that Gmail user might save your email address in their address book on the Gmail servers.

Even if you use Secure Reply, and require users of unencrypted email services to click a link to view the email from the sending service, the recipient still could save your email address even if the email isn't located on that system.

To avoid that problem, you can use an email alias or disposable email address when sending email to a recipient who you don't want to know your primary email address.
 

compleo

Valued Member
A 3rd party can't scan a SCRYPTmail address book..

What SCRYPTmail was saying is that if you send an unencrypted email outside their system to a 3rd party email address such as Gmail, then that Gmail user might save your email address in their address book on the Gmail servers.

Even if you use Secure Reply, and require users of unencrypted email services to click a link to view the email from the sending service, the recipient still could save your email address even if the email isn't located on that system.

To avoid that problem, you can use an email alias or disposable email address when sending email to a recipient who you don't want to know your primary email address.

Sounds good to me....:cool:

As many know some e mail providers scan the users address book for the purpose of data mining to connect the dots,as in create a profile on the user.I don't do social networking but FB,as well as others are known for such acts as scanning address books to to create a profile for data mining.

I'm not a member of FB but if i were can they can the address book of scrypt etc be scanned like they do with g mail,etc,because they do scan for contacts in address books with the high profile e mail programs.

How does anyone know if scrypt etc doesn't practice the same as mentioned above.
 

EQ Admin

EQ Forum Admin
Staff member
To avoid that problem, you can use an email alias or disposable email address when sending email to a recipient who you don't want to know your primary email address.

I should have added as an option, perhaps the best option, besides using aliases and disposable email addresses, encourage those users to create SCRYPTmail accounts.
 

EQ Admin

EQ Forum Admin
Staff member
I'm not a member of FB but if i were can they can the address book of scrypt etc be scanned like they do with g mail,etc,because they do scan for contacts in address books with the high profile e mail programs.

No, there isn't an API that allows a 3rd party service such as Facebook, with or without user permission, to access and scan/import the address book of a users SCRYPTmail account.
 

compleo

Valued Member
I should have added as an option, perhaps the best option, besides using aliases and disposable email addresses, encourage those users to create SCRYPTmail accounts.

I have tried countless times suggesting change their e mail provider for the obvious reasons,but to no avail.I suppose many are today are focused on whats supposedly easy,bells & whistles.You can lead the horse to water...
 

compleo

Valued Member
No, there isn't an API that allows a 3rd party service such as Facebook, with or without user permission, to access and scan/import the address book of a users SCRYPTmail account.

Can this task be accomplished with the better know e mail providers?

I found this,not sure if i'm allowed to link it here.An excerpt..."FaceBook has an opt-in service called Friend Finder that will scan your various email accounts...."
 

SCRYPTmail

Email Service Provider
Sounds good to me....:cool:

As many know some e mail providers scan the users address book for the purpose of data mining to connect the dots,as in create a profile on the user.I don't do social networking but FB,as well as others are known for such acts as scanning address books to to create a profile for data mining.

I'm not a member of FB but if i were can they can the address book of scrypt etc be scanned like they do with g mail,etc,because they do scan for contacts in address books with the high profile e mail programs.

How does anyone know if scrypt etc doesn't practice the same as mentioned above.

Many services can promise a lot of things, be NSA proof, fight for privacy, etc.

All that statements, have very low value. What most important is to make sure people can learn about system as much as they can to establish level of trust. And if more and more people are saying some service is deserves to be trusted - is one of the major factors.

With that in mind, it's natural for people to gravitate towards open code/source projects, where you can see whats happening behind the scene, and be suspicious if project don't show their code, but proclaim how safe they are.

To protect our users, we encrypt as much as we can on client side using password, that never leaves your computer and never stored in our system. Basically it encrypts everything except information required to be send to third party servers. And don't take our word for granted, we released our code completely open for audit, and to proof we do what we said.
 

compleo

Valued Member
Many services can promise a lot of things, be NSA proof, fight for privacy, etc.

All that statements, have very low value. What most important is to make sure people can learn about system as much as they can to establish level of trust. And if more and more people are saying some service is deserves to be trusted - is one of the major factors.

With that in mind, it's natural for people to gravitate towards open code/source projects, where you can see whats happening behind the scene, and be suspicious if project don't show their code, but proclaim how safe they are.

To protect our users, we encrypt as much as we can on client side using password, that never leaves your computer and never stored in our system. Basically it encrypts everything except information required to be send to third party servers. And don't take our word for granted, we released our code completely open for audit, and to proof we do what we said.

This is all well & good but doesn't help the layman much to read technical info.Does this document explain if e mail address books are scanned or not.

No, there isn't an API that allows a 3rd party service such as Facebook, with or without user permission, to access and scan/import the address book of a users SCRYPTmail account.

Some e mail providers do an excellent job with encrypting messages etc.But if the address book is vulnerable then half the job is not done.

What about what i read regarding "FaceBook has an opt-in service called Friend Finder that will scan your various email accounts".

What i'm trying to find out is do any of the secure e mail providers protect e mail address books.
 

EQ Admin

EQ Forum Admin
Staff member
What i'm trying to find out is do any of the secure e mail providers protect e mail address books.

Hi @compleo,

This is the "Encrypted Contacts" line of the comparison - Compare - Encrypted Email Service Providers

I added (address books) to help make it stand out in case someone looks for address book instead of contacts.

Does that help to answer your question?

Please feel free to start a thread and list the yes/no status for these and other encrypted email services as you discover the answers.

:thanks:
 

compleo

Valued Member
Hi @compleo,

This is the "Encrypted Contacts" line of the comparison - Compare - Encrypted Email Service Providers

I added (address books) to help make it stand out in case someone looks for address book instead of contacts.

Does that help to answer your question?

Please feel free to start a thread and list the yes/no status for these and other encrypted email services as you discover the answers.

:thanks:

"Does that help to answer your question?"So i take it that not all e mail providers have encrypted address book,meaning it can scanned,& if that's the case it certainly does answer & much appreciated.
 

compleo

Valued Member
A sender has encrypted mail & sends mail to a recipient without encrypted mail is the address book/contacts safe from scanning?

Or is the address book/contacts only safe from scanning if both the sender & recipient have encrypted mail?
 

EQ Admin

EQ Forum Admin
Staff member
Sender (such as SCRYPTmail) the senders address book is encrypted and safe from scanning -> Recipient (such as Gmail) the recipient's address book is not safe from scanning / subpoena.
 

compleo

Valued Member
Sender (such as SCRYPTmail) the senders address book is encrypted and safe from scanning -> Recipient (such as Gmail) the recipient's address book is not safe from scanning / subpoena.

I'm quite sure the highest percentile use insecure e mail,so whats the sense of using a secure e mail when it is compromised due to the recipients insecure e mail.
 

SCRYPTmail

Email Service Provider
I'm quite sure the highest percentile use insecure e mail,so whats the sense of using a secure e mail when it is compromised due to the recipients insecure e mail.
Obvious difference would be knowing only your email address instead of learning all your contact list
 

EQ Admin

EQ Forum Admin
Staff member
I'm quite sure the highest percentile use insecure e mail,so whats the sense of using a secure e mail when it is compromised due to the recipients insecure e mail.

Many of the encrypted email services offer a "Secure Reply" feature that sends the user of unencrypted email services a notification with a link to follow to view the email back at the encrypted email providers web site. They recipient will usually need a pin or password to view the message. They're not really viewing an email at that point. It does limit what is transmitted unencrypted. The recipient might still put your email address in their address book, but none of the email contents will be in their accounts. Also, to piece back together "your address book" someone would need to access every email account at every email provider looking for signs of your email address.

It is interesting to me the weight that you are placing on securing "who" you are communicating with and not only the "what" is being communicated.

How do you tell someone your email address in the first place? Is that an encrypted and/or offline communication?
 
Top