[arch-general] Suggestions for email for a paranoid Archer
sungpae at gmail.com
sungpae at gmail.com
Thu Oct 11 20:49:00 EDT 2012
On Thu, Oct 11, 2012 at 02:13:54PM -0400, Dave Reisner wrote:
> Really, just add two-factor auth to a gmail account and be done with
> it. Google has no interest in singular people.
It should be noted that Gmail's two-factor authentication provides
no extra security if you're planning on using it with a mail client.
You will have to set up an "application specific password", which is
a fixed-length alphanumeric password given to you by Google. Despite
the name, it is simply another password that can be used to log in via
IMAP/POP through any client (`openssl s_connect`, etc), without the
out-of-band verification.
> Moreover, Googlers who take an interest in data or logs belonging to
> singular people find themselves no longer working at Google.
This is true, but if you were really very paranoid, you would notice
that you don't have any control over how long Google keeps "deleted"
email on the server, and that any unencrypted emails on a server can be
obtained by governments with relative ease.
If you control the server and mailserver, you can encrypt your drive and
also have all incoming email encrypted with your public key, so that
your mail isn't just sitting around on a box for the taking.
Neither of these things would stop a truly determined government-level
attacker (unencrypted mail is still vulnerable in-flight for instance),
but it would be useful if you have not yet been identified as someone of
interest.
guns
More information about the arch-general
mailing list