NSA Stops Controversial Program That Searches Americans’ Emails

Score one for citizens’ rights. The National Security Agency is set to stop using a highly classified program that in part collected Americans’ emails and text messages without a warrant.

The program allows the NSA to collect and search the emails and text messages to and from Americans who mention names, email addresses, phone numbers, or other kinds of details about foreign targets under government surveillance. Most attorneys argued that process of collecting private email messages of Americans violated the Fourth Amendment, designed to protect against unreasonable searches and seizures.

Details may be found in an article by Zack Whittaker in ZDnet at: http://zd.net/2puFA6S.

If You’re Running Squirrelmail, Sendmail, Stop Immediately!

Security researchers have uncovered a critical security hole in SquirrelMail, the open-source webmail project. Filippo Cavallarin and Dawid Golunski independently discovered a remote code execution hole in SquirrelMail version 1.4.22 and likely prior. That’s the latest version, by the way, and is dated July 2011.

Fixes are available.

Details may be found at: https://www.theregister.co.uk/2017/04/24/squirrelmail_vuln/.

Opinion: The Senate should pass the Email Privacy Act without Delay

Writing in the Christian Science Monitor at https://goo.gl/X8Z9Rp suggests:

“With Congress consumed by political battles, there’s still a glimmer of hope for bipartisanship on privacy issues: The House last week passed the Email Privacy Act by unanimous voice vote.

“That’s not altogether surprising. Introduced by Kansas Rep. Kevin Yoder (R) and Colorado Rep. Jared Polis (D) the measure was even known as the “most popular bill in Congress” for garnering 315 co-sponsors last year.

Continue reading

Entire Trump Family Reportedly Switches to Encrypted Tutanota Emails

After the recent scandal revealing that Trump campaign aides have had repeated contacts with Russian intelligence in 2016, the entire Trump family apparently turned towards encryption to protect their private communications amongst themselves and possibly with others. Several encrypted Tutanota mailboxes were registered yesterday alone with distinct names of Trump family members.

trumpfamily

Now the Trump family seems to have learned from those early mistakes during the presidential electoral campaign. They have learned that everything that happens online will be copied by the NSA and can be read and analyzed at a later stage.

The Secret Service or perhaps some other US agency captured the email messages and telephone calls between Mr. Trump’s associates and the Russians, as reported the New York Times. Then the FBI asked the NSA to collect as much information as possible on this, and analyze troves of previously intercepted communications. We can assume that the captured information includes some email messages made by or received by Donald Trump or members of his family. Now the new President and his family reportedly are switching to encrypted email messages.

Continue reading

A List of Private and Secure Email Services

NOTE: This is an update to an article I published several months ago. I have added a couple of new encrypted email services to the list. If you know of other such services that should be added to this list, please post a comment below.

“Free” email services like Gmail, Yahoo! Mail, and Hotmail come at a high price: your privacy. The fine print lets them search every message you send and receive for profit‐generating keywords. They even keep their own copies of your deleted messages and your attachments. Furthermore, your emails can pass through servers all over the world as plain-text messages, where they’re vulnerable to hackers and mass‐surveillance programs.

The governmental spying on citizens’ private email messages has been a problem for years. However, the problem has gained a lot more publicity in recent months. We now know that various US government agencies and presumably the United Kingdom’s GCHQ can obtain copies of nearly every email message you and I send or receive.

The only exception we know of is the various email services with offices and email servers located outside the United States and outside of the United Kingdom that offer encrypted email services. Most of these safe and secure services are based in countries where national laws prohibit any kind of email snooping, even when the snooping is done by governments. The use of encryption means that government agencies and civilian hackers alike cannot read your messages.

Continue reading

ProtonMail Adds Tor Onion Site To Fight Risk Of State Censorship

Encrypted email provider ProtonMail now has an onion address, allowing users to access its service via a direct connection to the Tor anonymizing network — in what it describes as an active measure aimed at defending against state-sponsored censorship.

protonmail_logo

Users of the Tor browser can now reach ProtonMail directly using its new onion address: https://protonirockerxow.onion.

The startup, which has amassed more than two million users for its e2e encrypted email service so far, launching out of beta just over a year ago, says it’s worried about an increased risk of state-level blocking of pro-privacy tools — pointing to recent moves such as encryption messaging app Signal being blocked in Egypt, and the UK passing expansive surveillance legislation that mandates tracking of web activity and can also require companies to eschew e2e encryption and backdoor products.

Continue reading