NSA Stops Controversial Program That Searches Americans’ Emails

Score one for citizens’ rights. The National Security Agency is set to stop using a highly classified program that in part collected Americans’ emails and text messages without a warrant.

The program allows the NSA to collect and search the emails and text messages to and from Americans who mention names, email addresses, phone numbers, or other kinds of details about foreign targets under government surveillance. Most attorneys argued that process of collecting private email messages of Americans violated the Fourth Amendment, designed to protect against unreasonable searches and seizures.

Details may be found in an article by Zack Whittaker in ZDnet at: http://zd.net/2puFA6S.

If You’re Running Squirrelmail, Sendmail, Stop Immediately!

Security researchers have uncovered a critical security hole in SquirrelMail, the open-source webmail project. Filippo Cavallarin and Dawid Golunski independently discovered a remote code execution hole in SquirrelMail version 1.4.22 and likely prior. That’s the latest version, by the way, and is dated July 2011.

Fixes are available.

Details may be found at: https://www.theregister.co.uk/2017/04/24/squirrelmail_vuln/.

Opinion: The Senate should pass the Email Privacy Act without Delay

Writing in the Christian Science Monitor at https://goo.gl/X8Z9Rp suggests:

“With Congress consumed by political battles, there’s still a glimmer of hope for bipartisanship on privacy issues: The House last week passed the Email Privacy Act by unanimous voice vote.

“That’s not altogether surprising. Introduced by Kansas Rep. Kevin Yoder (R) and Colorado Rep. Jared Polis (D) the measure was even known as the “most popular bill in Congress” for garnering 315 co-sponsors last year.

Continue reading

Entire Trump Family Reportedly Switches to Encrypted Tutanota Emails

After the recent scandal revealing that Trump campaign aides have had repeated contacts with Russian intelligence in 2016, the entire Trump family apparently turned towards encryption to protect their private communications amongst themselves and possibly with others. Several encrypted Tutanota mailboxes were registered yesterday alone with distinct names of Trump family members.

trumpfamily

Now the Trump family seems to have learned from those early mistakes during the presidential electoral campaign. They have learned that everything that happens online will be copied by the NSA and can be read and analyzed at a later stage.

The Secret Service or perhaps some other US agency captured the email messages and telephone calls between Mr. Trump’s associates and the Russians, as reported the New York Times. Then the FBI asked the NSA to collect as much information as possible on this, and analyze troves of previously intercepted communications. We can assume that the captured information includes some email messages made by or received by Donald Trump or members of his family. Now the new President and his family reportedly are switching to encrypted email messages.

Continue reading

A List of Private and Secure Email Services

NOTE: This is an update to an article I published several months ago. I have added a couple of new encrypted email services to the list. If you know of other such services that should be added to this list, please post a comment below.

“Free” email services like Gmail, Yahoo! Mail, and Hotmail come at a high price: your privacy. The fine print lets them search every message you send and receive for profit‐generating keywords. They even keep their own copies of your deleted messages and your attachments. Furthermore, your emails can pass through servers all over the world as plain-text messages, where they’re vulnerable to hackers and mass‐surveillance programs.

The governmental spying on citizens’ private email messages has been a problem for years. However, the problem has gained a lot more publicity in recent months. We now know that various US government agencies and presumably the United Kingdom’s GCHQ can obtain copies of nearly every email message you and I send or receive.

The only exception we know of is the various email services with offices and email servers located outside the United States and outside of the United Kingdom that offer encrypted email services. Most of these safe and secure services are based in countries where national laws prohibit any kind of email snooping, even when the snooping is done by governments. The use of encryption means that government agencies and civilian hackers alike cannot read your messages.

Continue reading

ProtonMail Adds Tor Onion Site To Fight Risk Of State Censorship

Encrypted email provider ProtonMail now has an onion address, allowing users to access its service via a direct connection to the Tor anonymizing network — in what it describes as an active measure aimed at defending against state-sponsored censorship.

protonmail_logo

Users of the Tor browser can now reach ProtonMail directly using its new onion address: https://protonirockerxow.onion.

The startup, which has amassed more than two million users for its e2e encrypted email service so far, launching out of beta just over a year ago, says it’s worried about an increased risk of state-level blocking of pro-privacy tools — pointing to recent moves such as encryption messaging app Signal being blocked in Egypt, and the UK passing expansive surveillance legislation that mandates tracking of web activity and can also require companies to eschew e2e encryption and backdoor products.

Continue reading

Use BitMessage for Secure Messages

Normal email is not secure! With the thousands of malevolent hackers around the world and the rise of widespread government monitoring programs, a secure email service is needed by many individuals, corporations, and others.

A number of companies offer secure versions of email services for additional fees, each with its own advantages and disadvantages. The one drawback of all of them is that the user is dependent on the company that writes the software and provides the service. Do you trust the company’s security? Is their software really secure?

I suspect the answer is “Yes” to both of those questions although I do not know of any method of proving it. Without such assurance, a provable secure alternative that does not depend on any company or any other person for security is a very attractive offering.

One alternative is to use a service that does not depend on email companies, does not use the normal email networks, and uses open source software that is available for security examinations by anyone. It is also immune to most big tech companies’ outages that disrupt email or other messaging services due to software bugs or network failures. In addition, it is invisible to the prying eyes of hackers or government spies. Finally, it appears to be 100% legal, at least for now.

Continue reading