Address book scanning

Discussion in 'SCRYPTmail' started by compleo, Jul 12, 2015.

  1. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    The primary reason i use scrypt mail is to avoid what i call high profile/high target e mail programs.such as g mail,yahoo etc.They scan address books & steal contacts.

    Can they scan my scrypt mail address book or whatever?

    I don't know if i'm viewing this correctly but i feel if i send an e mail to someone who uses g mail,yahoo etc. that my scrypt e mail will now be tainted since it will be in their address book only to be compromised since they scan to steal contacts?
     


  2. SCRYPTmail

    SCRYPTmail Email Service Provider

    Joined:
    May 6, 2015
    Messages:
    148
    Likes Received:
    32
    If you send email then yes, when it leaves our server it's totally under control of recipient server. And yes, they may scan it and use on their own discretion. To overcome that, you may try to use email aliases to communicate with people. And if they sign for SCRYPTmail account, you can protect your real email address from disclosing.
     

  3. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    I thought of aliases & DE but is that just a work around.Like locking you front door but leaving the back door unlocked.It seems to be a security/privacy issue if another program can scan so called encrypted data.i read,from different e mail providers that the mail sent/received is safe but there seems to be a security/privacy issue not addressed which is protecting the data that is stored in the end users address book.

    This is a quote from "tutanota" mail...
     
  4. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
    The quote is true for SCRYPTmail too. Here is an encrypted email service comparison chart you may not have found yet - Compare - Encrypted Email Service Providers
     
  5. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    Then if it encrypted how can another party scan the address book?
     
  6. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
    A 3rd party can't scan a SCRYPTmail address book..

    What SCRYPTmail was saying is that if you send an unencrypted email outside their system to a 3rd party email address such as Gmail, then that Gmail user might save your email address in their address book on the Gmail servers.

    Even if you use Secure Reply, and require users of unencrypted email services to click a link to view the email from the sending service, the recipient still could save your email address even if the email isn't located on that system.

    To avoid that problem, you can use an email alias or disposable email address when sending email to a recipient who you don't want to know your primary email address.
     
  7. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    Sounds good to me....:cool:

    As many know some e mail providers scan the users address book for the purpose of data mining to connect the dots,as in create a profile on the user.I don't do social networking but FB,as well as others are known for such acts as scanning address books to to create a profile for data mining.

    I'm not a member of FB but if i were can they can the address book of scrypt etc be scanned like they do with g mail,etc,because they do scan for contacts in address books with the high profile e mail programs.

    How does anyone know if scrypt etc doesn't practice the same as mentioned above.
     
  8. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
    I should have added as an option, perhaps the best option, besides using aliases and disposable email addresses, encourage those users to create SCRYPTmail accounts.
     
  9. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
    No, there isn't an API that allows a 3rd party service such as Facebook, with or without user permission, to access and scan/import the address book of a users SCRYPTmail account.
     
  10. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    I have tried countless times suggesting change their e mail provider for the obvious reasons,but to no avail.I suppose many are today are focused on whats supposedly easy,bells & whistles.You can lead the horse to water...
     
  11. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    Can this task be accomplished with the better know e mail providers?

    I found this,not sure if i'm allowed to link it here.An excerpt..."FaceBook has an opt-in service called Friend Finder that will scan your various email accounts...."
     
  12. SCRYPTmail

    SCRYPTmail Email Service Provider

    Joined:
    May 6, 2015
    Messages:
    148
    Likes Received:
    32
    Many services can promise a lot of things, be NSA proof, fight for privacy, etc.

    All that statements, have very low value. What most important is to make sure people can learn about system as much as they can to establish level of trust. And if more and more people are saying some service is deserves to be trusted - is one of the major factors.

    With that in mind, it's natural for people to gravitate towards open code/source projects, where you can see whats happening behind the scene, and be suspicious if project don't show their code, but proclaim how safe they are.

    To protect our users, we encrypt as much as we can on client side using password, that never leaves your computer and never stored in our system. Basically it encrypts everything except information required to be send to third party servers. And don't take our word for granted, we released our code completely open for audit, and to proof we do what we said.
     
    popowich likes this.
  13. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    This is all well & good but doesn't help the layman much to read technical info.Does this document explain if e mail address books are scanned or not.

    Some e mail providers do an excellent job with encrypting messages etc.But if the address book is vulnerable then half the job is not done.

    What about what i read regarding "FaceBook has an opt-in service called Friend Finder that will scan your various email accounts".

    What i'm trying to find out is do any of the secure e mail providers protect e mail address books.
     
  14. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
    Hi @compleo,

    This is the "Encrypted Contacts" line of the comparison - Compare - Encrypted Email Service Providers

    I added (address books) to help make it stand out in case someone looks for address book instead of contacts.

    Does that help to answer your question?

    Please feel free to start a thread and list the yes/no status for these and other encrypted email services as you discover the answers.

    :thanks:
     
  15. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    "Does that help to answer your question?"So i take it that not all e mail providers have encrypted address book,meaning it can scanned,& if that's the case it certainly does answer & much appreciated.
     
  16. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    A sender has encrypted mail & sends mail to a recipient without encrypted mail is the address book/contacts safe from scanning?

    Or is the address book/contacts only safe from scanning if both the sender & recipient have encrypted mail?
     
  17. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
    Sender (such as SCRYPTmail) the senders address book is encrypted and safe from scanning -> Recipient (such as Gmail) the recipient's address book is not safe from scanning / subpoena.
     
  18. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    I'm quite sure the highest percentile use insecure e mail,so whats the sense of using a secure e mail when it is compromised due to the recipients insecure e mail.
     
  19. SCRYPTmail

    SCRYPTmail Email Service Provider

    Joined:
    May 6, 2015
    Messages:
    148
    Likes Received:
    32
    Obvious difference would be knowing only your email address instead of learning all your contact list
     
  20. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
    Many of the encrypted email services offer a "Secure Reply" feature that sends the user of unencrypted email services a notification with a link to follow to view the email back at the encrypted email providers web site. They recipient will usually need a pin or password to view the message. They're not really viewing an email at that point. It does limit what is transmitted unencrypted. The recipient might still put your email address in their address book, but none of the email contents will be in their accounts. Also, to piece back together "your address book" someone would need to access every email account at every email provider looking for signs of your email address.

    It is interesting to me the weight that you are placing on securing "who" you are communicating with and not only the "what" is being communicated.

    How do you tell someone your email address in the first place? Is that an encrypted and/or offline communication?
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...