Encrypted Email Service Providers

Discussion in 'Email Discussions' started by popowich, Jun 4, 2015.

  1. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    How is this done? If I click on "Keys and Security" it says "coming soon".
     


  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    I think I need to change these categories a bit. Create a new feature line for "Code is Open Source", and drop the "public" from the audit lines?

    As is, some providers are open source (anyone can view the source) and some services have 3rd party audits but others can't confirm for themselves.
     

  3. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    Or keep the public / open source as is, and create a secondary listing for 3rd party audit?
     
  4. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    @ProtonMail I think this is a false claim, unless you consider the "competing" services to be Gmail and not the other encrypted email service providers.

     
  5. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    I added Company HQ, Data Center Locations, and Legal Jurisdiction.

    I'm curious to see how much overlap there is within a service (legal vs. HQ, etc)
     
  6. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
  7. ProtonMail

    ProtonMail Email Service Provider

    Joined:
    Jun 13, 2015
    Messages:
    2
    Likes Received:
    0
    Hi there, we are still noticing a couple of errors on the ProtonMail column.

    Specifically:

    Company HQ - Geneva, Switzerland
    Regenerate RSA keys - Yes
    OpenPGP compatibility - Yes
    PGP Standard - Yes
    Front-end public audit - Yes
    Back-end public audit - Yes
    Free storage quota - 1GB

    It would be great if these could be corrected as we would love to recommend this site and guide to our 500,000 users when the information is correct.

    Best,
    ProtonMail
     
  8. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    Thank you for the quick responses, it's appreciated. I see you noticed the additional rows being added. Please fee free to suggest more feature rows.

    These two are updated.

    According to your web site there has been an independent 3rd party audit.

    I added a new row for "3rd Party Audit" and changed "public" to "open source" in the rows above to make them more clear.

    That allows ProtonMail to show there has at least been a 3rd party audit (vs. closed source and no audit at all), and allow the services with open source published code to have that feature listed.

    Can you please detail the procedure? I don't see how to do this in my account. I'm using ProtonMail v1.16 and this is what I see:

    ProtonMail Keys and Security.jpg

    I checked this one for the moment. I think it could use a "more info" link.

    Can ProtonMail as of v1.16 detect if another service, such as Whiteout Mail, is the recipient mail hosting and send an encrypted email message directly instead of turning outside messages into a "Secure Reply" notification email + link that can be clicked?
     
  9. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    I received the following updates from Oliver at Whiteout :

    Data Center Locations: Germany
    Legal Jurisdiction Germany
    Zero-Knowledge Systems Yes
    AES-256 encrypted storage Yes
    Encrypted Mailbox Yes
    Encrypted Metadata No
    Encrypted Attachments (more info) Yes
    Encrypted Contacts No
    RSA 4096 Keys (more info) No
    Own RSA Keys Yes
    Regenerate RSA Keys
    OpenPGP compatibility (more info) Yes
    PGP Standard Yes
    Two Factor Authentication (MFA) Yes
    Frontend Audit (open source) Yes
    Backend Audit (open source) No
    3rd Party Audit Yes
    HIPAA Compliant Email not certified
    Do Not Track No
    Secure Reply Yes
    Expiring Emails (more info) No
    Disposable Email Addresses No
    Session Expiration No
    Free Storage Quota "Bring your own storage" with our free client option
    Multilingual Interface No
    Compose HTML Email No
    Search Email Yes
    Spam filtering Yes
    Custom Folders / Labels No
    Draft Email No
    Android App Yes
    iOS App Yes
    IMAP Mail Server Yes
    Import contact list No
     
  10. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    To clear up some consistent confusion I did the following:

    I removed the row "PGP Standard".

    I'm now using "OpenPGP Compatibility" to mean the system supports PGP encrypted emails sent to other users within the same service.

    I added "3rd Party Interoperability" to mean the service supports sending & receiving encrypted email to & from other encrypted email service providers.
     
  11. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    If I send an email from ProtonMail to Whiteout mail, I receive a "Secure Reply" style email notification, not a prompt to decrypt an email with a known pin or key saved in my contacts:

    ProtonMail 3rd party inter-op.jpg
     
  12. SCRYPTmail

    SCRYPTmail Email Service Provider

    Joined:
    May 6, 2015
    Messages:
    167
    Likes Received:
    35
    Also would be nice if you indicate is it servers side encrypted or front-end.
     
  13. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    Update from @Tutanota (I'll check these today):

    ata Center Locations: Germany
    Legal Jurisdiction Germany
    Zero-Knowledge Systems Yes
    AES-256 encrypted storage - AES-128 storage
    Encrypted Mailbox Yes
    Encrypted Metadata Yes
    Encrypted Attachments (more info) Yes
    Encrypted Contacts Yes
    RSA 4096 Keys (more info) - RSA 2048 Keys
    Own RSA Keys No
    Regenerate RSA Keys No
    OpenPGP compatibility (more info) No, but planned
    PGP Standard No
    Two Factor Authentication (MFA) No, but planned
    Frontend Audit (open source) Yes
    Backend Audit (open source) No
    3rd Party Audit Yes
    HIPAA Compliant Email not certified
    Do Not Track - What do you mean by this? We do not track our users at all, we do not log/store ip addresses.
    Secure Reply Yes
    Expiring Emails (more info) No
    Disposable Email Addresses No
    Session Expiration No
    Free Storage Quota 1 GB
    Multilingual Interface Yes
    Compose HTML Email No
    Search Email No
    Spam filtering Yes
    Custom Folders / Labels Yes
    Draft Email No
    Android App Yes
    iOS App Yes
    IMAP Mail Server No
    Import contact list No
     
  14. SCRYPTmail

    SCRYPTmail Email Service Provider

    Joined:
    May 6, 2015
    Messages:
    167
    Likes Received:
    35
    why people like to put encrypted metadata?! it's clearly misleading as the way 99% of providers handle new emails it is impossible to encrypt recipient and sender
     
  15. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    Can you reply with a detailed post that describes everything SCRYPTmail does for encrypted metadata (the requirements to get a green check mark for this feature) and I'll link to it as the "more info" ?
     
  16. SCRYPTmail

    SCRYPTmail Email Service Provider

    Joined:
    May 6, 2015
    Messages:
    167
    Likes Received:
    35
    popowich likes this.
  17. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    In @ProtonMail, resetting your password will also change your keys. A side effect is that all existing email becomes unencrypted.

     
  18. SCRYPTmail

    SCRYPTmail Email Service Provider

    Joined:
    May 6, 2015
    Messages:
    167
    Likes Received:
    35
    How it is possible? if you resetting password, is it mean you forgot old pass? If this is true, how they can decrypt messages?

    Ps. right now it said:
    which doesn't make too much sense either
     
  19. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
  20. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    I fixed the last word when I was quoting because I thought there was a typo. They corrected me. If I understand correctly, if you reset your @ProtonMail password, you lose access to existing emails. They become permanently encrypted.

    I'll test this out later tonight or tomorrow to clear up the action & result questions.
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...