Riseup Will Encrypt All Emails to Prevent FBI Searches

[steven36]

The news comes after the activist email service revealed it complied with two warrants related to users suspected of criminal activity.

 

 

Late last year, popular activist-focused email service Riseup failed to update its warrant canary. At the time, no additional information was provided. But the move raised suspicion, as warrant canaries are cryptographically signed messages that, when not updated per an expected schedule, are intended to warn users that a company or service is facing some sort of legal battle, but is also under a gag order and can't address it publicly.

 

On Thursday, Riseup clarified what happened. The FBI had served two warrants onto Riseup, which the service complied with. In response, Riseup said it is now implementing encrypted storage so it won't be in a position to handover useful data again.

 

"After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization)," a Riseup statement reads. ("Riseup birds" are volunteers that help maintain the service.)

 

To be clear, those warrants did not relate to activism. According to Riseup, the first concerned the contact email address for a DDoS extortion ring, and the second was related to a ransomware campaign.

"Extortion activities clearly violate both the letter and the spirit of the social contract we have with our users: We have your back so long as you are not pursuing exploitative, misogynist, racist, or bigoted agendas," Riseup's statement continues.

 

Riseup was unable to inform its users of the warrants because of related gag orders, although it did say in a November 2016 interview with The Intercept that the case did not concern a National Security Letter—controversial legal demands for data that the FBI often uses.

 

Regardless, this event has inadvertently shown that Riseup's warrant canary was perhaps not phrased in the best way.

"A Canary is supposed to signal important risk information to users, but there is also danger in signaling the wrong thing to users or leading to general fear and confusion for no good reason," the statement adds. Now, the canary has been tweaked to only apply to "significant events that could compromise the security of Riseup users."

 

Most importantly, Riseup is now going to store user emails in such a way that, theoretically, even the service's administrators won't be able to read their contents.

"Starting today, all new Riseup email accounts will feature personally encrypted storage on our services, only accessible by you," the statement reads.

This isn't end-to-end encryption: your data may still be read if intercepted in transit. But it should protect user emails if a server is physically seized, or if Riseup is legally compelled to hand over info.

 

By Joseph Cox

https://motherboard.vice.com/en_us/article/riseup-will-encrypt-all-emails-to-prevent-fbi-searches

 

[straycat19]

Novell Groupwise Mail was excellent because it encrypted a users mailbox and without their password it couldn't be accessed except by an Administrator or Forensic Investigator who had the authorization of the Director of Information Technology or CTO.  This authorization came in the form of a daily password that would allow a special code to be given that would allow access to an account.  It was very secure and protected since there was only one person who had the daily transmitted password for the authorization.  Why institutions wanted to switch to a totally unencrypted system like Microsoft Exchange is beyond me, but they did.  While some people may want end to end encryption, at least having the mail encrypted on the server is better than nothing, but it doesn't mean the encryption can't be broken and your email read.  So regardless of the email system, I always tell people that you never send anything by email that you wouldn't say standing on a corner of a crowded street with a megaphone.  Otherwise the best way to convey the information is face to face which is still the most secure form of communication.

[Togijak]

 

The riseup problem is a Fourteen Eyes problem

 

and there are more then one mail provider with encryption

 

https://www.privacytools.io/

[steven36]

2 hours ago, Togijak said:

The riseup problem is a Fourteen Eyes problem

It dont matter witch email you use it's a problem  if someone  sends you a email from a 5 eyes provider  they can read what they send you and if you send anything back they can read it  thats if the mail dont bounce because its a 5 eyes blacklist  . So there not much good unless the person your emailing  has a prvaite email too  ... I have  2 of those mails you posted above and i have others that are for encase  those want work and a lot times those privacy emails will be banned lol.

 

You think using  a private email  personality is going to solve a world wide problem ? We just know what little  bit we know about what 5 eyes , 9 eyes , 14 eyes does thanks too Snowden . Still countries not listed as such have there own data mining programs and we dont have any idea what they are doing too our emails because it's never leaked out  .

 

You got too love it  when everyone and every site think there a privacy expert based on outdated data that leaked out almost 4 years ago. that was already old when it leaked out . I dont use email unless I really need too and  none of them was made with my real info . Ive not used  Gmail , Yahoo or Microsoft  emails since 2011 some years before Snowden  woke you sleepy heads up ..Google changing there privacy policy in 2011 was enough for me  to stop signing in too services it helps if you read  there  toss and know what you are getting into .

 

For years  Tech companies kept everyone in the dark while it was all written in there  privacy policy and people needed told by Snowden to make them see the world was in a state of denial pre 2013 and still today there's many on the internet who dont know who Snowden is lol.

 

5 Reasons Why ‘Snowden’ Couldn’t Hack It at the Box Office

 

Quote

 

1. People Don’t Know/Care About Snowden

For many Americans, Snowden may not be a household name — or one with enough appeal to lure them into the movie theater. Jeff Bock, senior analyst at Exhibitor Relations, pointed to the 2013 film “The Fifth Estate” about WikiLeaks founder Julian Assange as a recent comparison.

“I fear Snowden has about as much relevance as Assange, and [“The Fifth Estate”] debuted with just $1.6 million and an embarrassing worldwide total of $8.5 million,” he said. “Seems like a pretty clear bedfellow with ‘Snowden,’ if you ask me.”

Open Road itself has acknowledged the challenge of selling a film about Snowden. “Most people do not know who he is. If they recognize the name, they have a vague understanding,” the distributor’s marketing director Jonathan Helfgot told TheWrap in a recent interview. “A lot of people think he has something to do with WikiLeaks. Actual awareness is very low kind of across the board.”

 

 

 

You can read the rest of the reasons here but the top reason is no one knows who he is are even cares.

http://www.thewrap.com/snowden-box-office-not-hack-joseph-gordon-levitt/

 

[Togijak]

I think it is around something like 30 years ago where AOL changed there rules (the told the user that thy will read all mails if needed) and that was the day where I leave AOL = is not a new theme for me. And you are right, we don't know much about things doing by government and there spying organization, but for me it is already to much to like this word in which I must live. Not terror etc. is the motivation for them, the motivation is to keep their power

[steven36]

8 hours ago, Togijak said:

I think it is around something like 30 years ago where AOL changed there rules (the told the user that thy will read all mails if needed) and that was the day where I leave AOL = is not a new theme for me. And you are right, we don't know much about things doing by government and there spying organization, but for me it is already to much to like this word in which I must live. Not terror etc. is the motivation for them, the motivation is to keep their power

I never used AOL in my life for email so i dont know much about them ..I know they were a dial up  ISP  that were used a lot in big cites  but  reality is  it's just like DSL  if you live  away from a big city like 30 miles you dont have any choices much  its a monopoly done by you're phone company or cable provider so they was no AOL in many places Ive lived.. I started out using Yahoo mail and latter  used Gmail  but i dont use ether one since like 2011.

 

I got a few emails that's not privacy emails because I had trouble using my emails for privacy.. if you want  to be able too correspond with the rest of the world you will find some sites and other emails block privacy emails .  I dont really even know anybody in real life with one of  those privacy emails only some i talk too on the internet have them.  You really cant call many people on the internet you're real friends  because a real friend would have you're phone number and snail mail and in my case that's only people who are very close too me..  

 

The actual  list for privacy based emails is

Privacy-Conscious Email Services

http://prxbx.com/email/

Whats so funny the maintainers of this list  removed tutanota because some of the Trump family use tutanota now .

https://tutanota.com/blog/posts/trump-family-encryption

Well  what the mainstream media said about the Trump campaign talking to Russian spies has been deemed fake and there using it to protect them from  the former Obama administration and fake news .that shows there's moles  inside the intelligence agencies that have access too USA emails leaking fake news too the press or the Trump family fears there is.

 

Intel officials cleared Trump campaign of contact with Russian spies, says Priebus

http://www.washingtontimes.com/news/2017/feb/19/reince-priebus-white-house-chief-intel-cleared-tru/

 

[Togijak]

@steven36

 

many thanks for this great Privacy-Conscious Email Services list (I have some mail accounts from this list, but its nice to have this list for share)

[steven36]

22 minutes ago, Togijak said:

@steven36

 

many thanks for this great Privacy-Conscious Email Services list (I have some mail accounts from this list, but its nice to have this list for share)

really if you're worried about Prism if you use windows at all there is no guarantee you have not been compromised already 

Quote

Warning: Microsoft Windows is affected by PRISM. Even using the software tools we recommend here, your privacy may be compromised by Windows. The operating system of any device can unfortunately lever out any privacy protection that a program tries to offer you. The latter has to run in the confines of the OS after all. We strongly recommend replacing Windows with either Linux or BSD.

 

There's many problems in Linux that make it hard to run in older PCs so it's easier said than done.

Main Linux problems on the desktop, 2017 edition

https://itvision.altervista.org/why.linux.is.not.ready.for.the.desktop.current.html

11 Reasons Linux Sucks - Down To Earth Linux

http://downtoearthlinux.com/posts/11-reasons-to-avoid-linux/

And I  know there's lots of problems with Linux because I been messing  with it for awhile now and these are just facts.. I research privacy a lot but i also research the grim reality that technology is meant to benefit the end user and not  technology benefit  from the end users from endless hours messing with software trying get it too work right..It should work out of the box.

[Togijak]

@steven36

 

I don't worry about Prism, I know that some ass hols are watching me but thy only see what I allow them to see. What thy don't have to know I do on my full encrypted Linux AirGap and if I want to be without control in the net I do it form a portable VB on a USB stick running Tails (and only there I use some mail accounts I never used on my normal computer) on a public computer. 

[steven36]

1 minute ago, Togijak said:

@steven36

 

I don't worry about Prism, I know that some ass hols are watching me but thy only see what I allow them to see. What thy don't have to know I do on my full encrypted Linux AirGap and if I want to be without control in the net I do it form a portable VB on a USB stick running Tails (and only there I use some mail accounts I never used on my normal computer) on a public computer. 

some people would have problems  running newer tails, because of the open source drivers wont work .. I have one pc that seem to work great with newer Linux  then my other PC it only runs older Linux good  but runs Windows fine ..On my AMD  PC its a full time job trying keep newer linux working  due too updates and i grow tried of fooling with it. 

[Togijak]

I use Linuxmint 18.1 cinnamon 32 bit on a very old Netbook (ASUS 1008HA Eee PC) and it runs without any problems and the latest Tails works fine on the ASUS 1008HA Eee PC and on my Toshiba Satellite. To run Tails without problems it is important to use a BIOS and not UEFI