@TheButler, noticed your rating message...

Well I've not tried this myself, but you might be able to consider using the HushMail service if you only need a secure email replacement and limited amount of storage (unless you are willing to pay for more):
http://www.hushmail.com/services/hushmail/features/

Their Free service offers:
- 25 MB worth of storage
- it looks like you must access it via the web (although apparently it has an online mobile-friendly version of access as well);
- TOS pretty much says that you shouldn't try to use it for illegal purposes (common sense really)

Further reading seems to indicate that all emails will be encrypted such that even HushMail themselves would not normally be able to read your emails (unless they were court ordered to make an exception for your account):
http://www.hushmail.com/about/technology/how-it-works/
http://www.hushmail.com/about/technology/security/
http://www.hushmail.com/terms/free/

*edit* Actually I just signed up for the Free service now... It looks like you don't even need to tell them who you are or supply a backup email address. What I found:
- you log into your email much like any other online email service to me (i.e. pretty standard);
- you must absolutely remember what your own username and password, as otherwise you'll never get back in (there is no forgotten password feature because they won't even know the password);
- remember to sign in to your account at least once every three weeks for it to remain active;
- if you don't sign in regularly, then you will lose access to all the emails you had on that account unless you pay within the year for Hushmail Premium;
- As mentiond above, I think all emails you receive/sent will be stored encrypted on their server and unless compelled by laws/legal court order even Hushmail won't be able to access your email data (based on reading the following in their explanation of how it protects you:
"_But I thought the data was always encrypted_
When one Hushmail user sends an email to another Hushmail user, the body and attachments of that email are kept on our server in encrypted form, and under normal circumstances, we would have no access to that data. We can’t just pick an arbitrary encrypted email message off the server and read it. However, since Hushmail is a web-based service, the software that performs the encryption either resides on or is delivered by our servers. That means that there is no guarantee that we will not be compelled, under an order enforceable under the laws of British Columbia, Canada, to treat a user named in an order differently, and compromise that user’s privacy." ).

Hope this is simple enough for you

PS: Other security features not directly intended for keeping your SO out of your business, but allow you to secretly discuss things with your recipient:
- when sending email from your Hushmail account, you have the option of "Encrypt Message" under "Message Options" tab, which will send an email to the recipient with a link back to Hushmail telling them there is a secure email to be read. As part of this process, you must send the email with a Question and Answer of your choice and then somehow let the recipient know of the correct answer to access the encrypted message online via the Hushmail link;
- Using it this way, the recipient will also have the option of signing up with Hushmail too and thus all future correspondence between you will be secured within Hushmail (see above about encrypted email data storage).
(https://help.hushmail.com/entries/250010-sending-email-to-people-who-do-not-use-hushmail )
- However, if you disable the "Encrypt Message" option, the recipient will be sent the email as per normal (i.e. whatever you write will be plainly readable by the recipient without need to log onto Hushmail's link). Your Hushmail account will store your sent email encrypted, but of course the recipient won't necessarily have the same setup.

Do you really think it's useful to sign up to Hushmail or anything similar ? I think I'll do, but more by principle.

I like Gmail, it's really great, and I don't think I can really switch to anything else, it really became part of my faily for many things. I don't only use the normal version, but also have some "paying" accounts. Ok, they run some program to check the content of my emails for advertising purpose, but it's not like it's someone reading my emails. Also, I think it's quite secure, I don't think hackers can ever steal my emails, only Google guys will.

So except by principle, would someone leave gmail here ? For work, usually you use a secured server at your company, but for personal use, unless you deal with illegal things, there's no really reason to change, right ?

@Marcopo: I meant "haven't" not "having". And I still use Gmail because at the moment, since I don't think I need extra privacy/security at the moment.  It's like you say, I don't do anything illegal and Gmail has a very usable set of features I like. I assume this thread is about protecting yourself from having your alter ego being exposed to individuals that would be sensitive to such info (SO/family/friends). Personally, I have yet to cum (sorry couldn't help myself with the pun ) to the stage where I'd want to give out my email address/non-temporary phone number to any WG that I'd like to secretly keep in contact with.

In the past, I haven't minded so much that my emails are being scanned by Google (or insert other big name free email provider). So I personally will probably continue using Google apps (Gmail, Youtube, search, etc) until I discover something more sinister/nasty that Google is attempting to do since their policy changes. Also, I don't use Google+ nor stay logged into my accounts unnecessarily (I don't see the need to keep both an FB and G+ account - in terms of features they're pretty the same) - so I'm not worried (yet! If say, Google buy out FB, then I'd definitely be worried!).

So I guess it really depends on your personal situation whether or not you want to start using something like Hushmail or the Tor/Tails suggestions above for your alter ego. Ask yourself what's the risk and consequences that you're willing to accept. If you have high risk + high consequences you probably would start ensuring your tracks are covered better. Only you can assess this for yourself. Things I would consider:
- Is mongering illegal in the country? Am I at risk for associating/keeping in contact with WGs? Will I end up in jail/pay fines, etc.
- How likely is your SO to find you out and what would you stand to lose? (I'm currently not aware of any country that would let someone do this, but if the laws in your country enable your SO to get a court order to expose emails stored by the service provider you could easily be screwed - even if you've been using multiple IDs, as long as you're with the same provider it might be fairly easy to work out that all of them are the same person based on the same IP address).

My assessment of personal risk/consequence at present is low+low (don't keep in touch with WGs + single + stay within laws + punting not illegal in visiting/home country). I personally would start using Tails/Tor and wouldn't use Google for emailing WGs if I did want to keep in contact with them or have an SO. As the saying goes: "Don't put all your eggs in the same basket". It might serve you well to at least make it more difficult for anyone to keep track of you (e.g. if you have accounts with many different service providers and non-identifiable IP address).

I might experiment with Tails later when I have time...

[ Last edited by  yyy111 at 4-3-2012 19:55 ]

How much is secure?
Security is a bit of a continuum, so the question is how secure is your definition of secure?  Free services have to make their money through selling services to someone else, and usually that service is either access to your eyeballs or your information.

Services you pay for, get their money from you - so should be more secure.

Email, by definition, isn't secure
Bottom line - No email is completely secure - email is like a postcard and can be read by anyone who has access to a server as it hops it's way through the internet.  

Securing your mailbox - the rich man's approach
But as for a totally secure webmail mailbox, the only one that you can be sure about is one that lives on your own server.

Since few of us have the time or inclination to actually run our own server, you can rent virtual machines on the internet and set up accounts on them.
It gets a bit pricey though - servint charges about $50 per month to give you your own private server (http://www.servint.net/vps.php).  

Securing your mailbox - the poor man's approach
A little less expensive route is to purchase a domain from a domain registrar such as web.com or godaddy.com and then use their hosting service.  No true guarantee that they won't snoop though.

The catch
If you pay for it, you usually have to give a credit card, so your real identity is married to the account.  Also, if your info is on someone else's machine then it is accessible to them and whoever they choose to share it with.  The route I choose is to set up a free Yahoo account with a fake name, and that is good enough for me.  Yahoo share away! I even share my yahoo messenger link in this forum.  Yahoo could still check my IP and cross reference it to my logging into Flickr (which they own) with my regular name though.  It really is a question of how much tin-foil you want to wrap around your head.

I use a separate browser for mongering sites, forums, searching, messaging and email.  It is not bullet proof by any means, but I do notice the ads I get served up when logged in as yazoo are Thai Sweethearts, Fillipina kisses etc, but when logged in as my real identity I get financial and travel ads, so I think it is a simple precaution that works OK.

Here's is an example of where it gets complicated: for U.S. citizens it doesn't matter what the law is in the country they're visiting, they can still be charged with solicitation when the return home.In another vein, just because everyone in the tech world is willing to look the other way about this hobby, that doesn't mean they (or the authorities) always will.  Witness the Singapore Geylang surveillance women putting up videos on the web of punters in Geylang, or the kook in Oklahoma who videos guys picking up street walkers and posts it.  Just because Google doesn't care about your hobby today (except to serve you viagra ads! ) doesn't mean they won't care (or the authorities won't care) tomorrow or 5 years from now.  Google and Facebook make billions of dollars every year because they know where you surf.  Just because they're being good guys today and keeping that intel anonymous doesn't mean they'll always do so and even more importantly: since that info is worth billions to them, it's worth just as much to others.  Some will want to make money on it, but there are even more right wing religious nut jobs that would want that info just to make a point and clean up society (in their opinion).

My point is that, while you may be perfectly safe letting the Google computer read your emails today, you may not always be and as social mores change so do the enforcement efforts that go with those mores.  We could find ourselves in a much more restrictive society in the future and there are plenty of people, from fundamentalists and moralists, to TV producers and Politicians who would love to make a big deal over who surfs where, what sites they visit and what they talk about with working girls.

The more privacy the better, you need one huge margin of safety between you and society on this one!

Reasons why I think Hushmail can be more secure from a technical POV:
- SSL access to Hushmail and so far (modern) SSL has yet to be defeated. This is why banks use SSL for online banking, where most browsers show that padlock icon for SSL. SSL is designed so that no one is supposed to be able to read anything transferred between the server (Hushmail) and the intended client (your browser).
- from what I can tell Hushmail encrypts your emails stored on their server based on your password and they do not store your password in any reversible/readable format. It should be as secure as the way Linux determines whether you entered the right password and PGP in terms of encryption strength (I'll spare you the in-depth tech details of hash algorithms and private/public keys ). I believe encrypted storage still holds true even if your "friend" sent you a plain (non-encrypted) email to your Hushmail account (but only you have the benefit of encryption - not their record of the sent email).
- there is a very good reason why a forgotten password feature doesn't exist. Without your password, no one knows how to decrypt your emails and thus no one would be able to decrypt and then re-encrypt your emails with a new password (at least without it all turning into useless garbage anyway ).
- if you ensured your recipient (i.e. your sweet secret WG ) also uses Hushmail to communicate back and forth, then the emails should in theory never leave the Hushmail server and are always stored encrypted*.
- when sending the email in Hushmail, use the Encrypt Message option with Question and Answer to make sure you are sending an encrypted email (i.e. the email will leave your account encrypted). Make sure you agree on the Question(s) and Answer(s) (use >1 and different Q/A's if you wish) outside of Hushmail (e.g. during a visit), so that you can decrypt each other's Hushmails.

*Note two things: only your own Hushmails are being stored encrypted and if you disable Encrypt Message, then messages leaving your account can still be sent non-encrypted (i.e. sending normal emails, but then why are you using Hushmail??). This is why the receipt should also use Hushmail to ensure all traces of the emails going back and forth stay in a secure and encrypted environment. If the receipt didn't use Hushmail, then records of the emalls telling the recipient to go to the Hushmail server to get the encrypted email will still be in their normal (non-encrypted) email account - so in effect you lose the benefit of deniability of an email ever existing.

Seems to me that Hushmail is designed to make sending/receiving encrypted of emails more user-friendly. If you know how, you and the secret recipient could setup and use PGP directly yourself (but deniability would be harder since PGP needs to work inconjunction with an existing email account and then how many email accounts do you know that have encrypted storage, free and don't ask who you are/contact info/any other identifying info).

Final Note: This does not cover legal side... I'm no lawyer. If you can be forced to divulge the password (or any other route that circumvents the above security mechanisms), then you might get in trouble.

[ Last edited by  yyy111 at 5-3-2012 17:54 ]

Google is not the only one doing this with Android. Looks like Apple is in on it as well. Good thing this Senator is calling for an investigation.   Accessing all our photos,calendars,videos,contacts,notes= WTF

http://9to5mac.com/2012/03/04/se ... ading-capabilities/