Gmail alternatives

What email providers are there that are


I'm sick of my ancient Gmail account (worst mistake I ever made) but have no suitable alternative. I was using lavabit for a while and it was perfect, but then it got fucked thanks to Snowden. Cock.li was nice but after it came out that he's a goon I don't trust him anymore. Right now Protonmail seems like the best option but they don't support pop3 or imap, so I'm locked into their shitty clients when there are far superior mail programs that have been perfected over the years.

Sorry for the lame pic, don't have anything better on hand.

Other urls found in this thread:

prxbx.com/email/
openmailbox.org/
8ch.net/tech/email.html
posteo.de/en/blog/cryptoparty-for-women-in-the-posteo-lab-on-feb-24
posteo.de/en/site/wedonateto
google.com/transparencyreport/saferemail/?hl=en
postfix.org/
dovecot.org/
protonmail.com/support/knowledge-base/protonmail-israel-radware/
privacytools.io/
wiki.installgentoo.com/index.php/Email_Providers
wiki.installgentoo.com/index.php/Email
prism-break.org/
swissmail.org/Swissmail/home/home.asp
darkmail.info/
github.com/lavabit/
protonmail.com/blog/protonmail-open-source/
github.com/ProtonMail/WebClient)
arstechnica.com/security/2015/11/crypto-e-mail-service-pays-6000-ransom-gets-taken-out-by-ddos-anyway/
security.stackexchange.com/a/73371
mxtoolbox.com/blacklists.aspx),
archive.fo/v0F7U
archive.is/etfDM)
cock.li/transparency/
vc.gg/blog/announcing-the-iron-dong-hidden-service-backup-system.html
vc.gg/blog/3-years-of-cock-li-cum-and-get-it.html
twitter.com/NSFWRedditImage

BTW somebody will bring up self hosted but it seems like getting a domain is a big problem. If you buy a domain you've now given a lot of personal info that's associated with that address, if you use a dynamic DNS service the domain could stop working any time and then you're screwed if there's any important mail you were waiting on.

If you're not paying for it, you're the product.

If you're looking for something reliable, fucking pay for it!

Check out prxbx.com/email/

That's not quite true. If you're not paying for it and you're not sure where the money comes from there's a very good chance you're the product. But some free services don't belong in that category.

I recommend Openmailbox:
openmailbox.org/
It's free, and funded by donations.

How about openmailbox? They don't charge money or run ads, but they ask for donations. I'd rather throw a few shekels into the hat than be datamined by some supposedly (((free))) service.

...

Question: How do we know that these alt emails are not going bust someday taking all our emails with them? That's what keeping me from switching to any of them.

8ch.net/tech/email.html

gmx

The fuck? Is this really a thing now?

What's wrong with France? Other than them bring cucks.


Isn't Protonmail shit because of that "DDoS" protection they have now. Not to mention their mobile app requires Google Play Services.

The nose knows.
t. frog

To be fair though, the servers are not in the freest place.
i2pmail?

What's wrong with Romania?

Wasn't it in germany?

offlineimap nigger

Unreliable admin, userbase has a bad reputation

Yes it was. The (((Germans))) raided VC's datacenter, stole hard drives from his server and threatened his ISP for fuck no reason (at least they didn't bother to provide any).
VC got to learn this the hard way.


kek

Not any more.

Don't be dense. Everyone and their brother knows what sort of people use cock.li, many normalfag orgs consider it a bad goy mailhost so it gets spamfiltered or blocked from sign up forms.

Doesn't matter anymore, he is a much more dangerous actor than the government, being outed as a goon. Goons are natural enemies of 8ch users, it's only a matter of time before he starts fucking with people because le trolleeng xDDD

Mailfence.
-Supports POP3 & IMAP
-Secure (Use GPG if you're sp00ked)
-Hosted in some EU country

Belgium, to be precise. "some EU country" can be really good or pretty bad or anything inbetween.

While we're on this topic, what do you guys use for throwaway mailboxes?

I'd like to find something more minimal than mailinator, ideally with no JS. Can't find shit on search engines though, there's a million shitty sites that are SEO'd out the ass.

if its throwaway, cock.li

No, I mean something that doesn't require registration at all, such as when you need to get past email verification or something.

oh. i usually just search disposable email and find one that works. sorry

10minutemail

Don't think I've yet ran into a site where they didn't accept cock.li emails, except one site that only had shit like gmail, yahoo and hotmail whitelisted and didn't allow anything else

I use cock.li, it's the best option imo
If you want more privacy then you use GPG and that's it…
I spoke withe vc on mumble and he seems totally reasonable, I definitely trust his hosting.

I don't understand why anyone still uses after that incident a while back where they forked over information to the FBI.

still uses cock.li

Protonmail

I ain't having that shit

France doesn't exactly have very privacy friendly laws
They had a ban on encryption until not too long ago.
There are laws for what kind of encryption technology is allowed.
A judge or prosecutor can demand access to keys, and if you don't comply you can get 3 years in jail.

Kolabnow it is Swiss based which has very strict privacy laws. but you have to pay.

Uses Kolab enterprise which i believe is FOSS.

Me either.

Can someone explain how you use cock.li after it's confirmed being read by the government? What's wrong with you people?

Apparently protonmail has a free account option, this sounds great. I want to switch from yahoo because I use that email for private trackers, and I know yahoo will happily scan for my emails.

But is protonmail for free a good option if I want to use it for like a year or two before I pay for it? 150 emails per day are enough for me.

What are you talking about exactly?

I remember that cock.li was seized by german authority for some reason

cock.li moved to Romania because of that and German law enforcement is not the FBI.

But does the cock guy know that romania has data retention laws up to 3 years?

Source? I found two old data retention laws that were both declared unconstitutional.

Well, I just made myself a free protonmail account and donated 2 bucks. I'll just use it for free for a few months or a year. This looks pretty good.

Sharklasers

Well, unless you use GPG (which would have largely protected you from the seizure) then you might as well consider your mail traffic 100% compromised. Most of it passes at some point through a place like the USA, and they most likely just indiscriminately intercept and archive copies of all correspondence. When he cooperated (I don't think he had much choice anyway) it didn't really compromise anything that wasn't compromised.

Also, he did move to Romania afterwards. They are still subject to EU, but their government cares less about surveillance and they are probably too incompetent to do it right. So the risk of a repeat incident is mitigated.

I don't really use cock.li myself anymore, the above arguments don't satisfy me. Just playing devils advocate.

It's not bad, and yes you can easily use it for free. Paying isn't really an option if you want privacy anyhow, once they have your CC# any hope of anonymity is gone (unless you pay with bitcoin).

Problem with protonmail is that they decided to be retardfag friendly and come up with their own shitty encryption system, instead of leaving it up to the users. Which means now you are reliant on their mail software, and of course they don't support POP3.

...

Because adopting a dysfunctional ideology magically makes you good at cyber surveillance, right user? Even almost 3 decades after you stop following that ideology?

The point is moot since you are probably emailing gmail addresses and people using datamining services.

Paid services have less of an incentive to steal your emails since privacy and lack of datamining is their business model.

I use posteo.de, some say mailbox.org is better. It's paid though.

I guess you can use openmailbox or protonmail, even cock.li

Posteo spends your money on (((diversity))) initiatives:
posteo.de/en/blog/cryptoparty-for-women-in-the-posteo-lab-on-feb-24

Somewhat related, here is the list of organizations they support:
posteo.de/en/site/wedonateto

>>>Holla Forums

just use cock.li then, faggot

posteo is probably one of the better options. but the webmail client is quite unsatisfying. i think it's javascript free, though ?

sure maybe politics isn't your thing, but posteo has:
- 2FA
- encrypted storage
- anonymous payment methods
- aliases
- end to end encryption
[pic related. yes i ran javascript on google for it deal with it]
google.com/transparencyreport/saferemail/?hl=en

etc. they're a well thought through company

I'm not an insecure cuck so I'm okay with that

riseup

So what's a good way to buy BTC for this? I haven't touched that shit since mtgox went bust with like $4k of my money.

10minutemail is the Holla Forums classic

they're all shit except cock.li, and cock.li could get raided any day

use gmail for legal and finance, and cock.li for everything else. it'll help you look like a good goy on google's terms.

Terrible advice, which is weird because most of the comments ITT were on point.

I also recommend protonmail, shame about no POP3 though.

What does Holla Forums think about teknik.io and tutanota?

What do you have to do to get your mail server whitelisted as not spam? I'd gladly host my own mail server if I could also send mail to people instead of just receive.

Openmailbox.org is free as in freedom but French. Also a really good domain name. Don't use it for super critical security, but if you want that, why would you use anything but your own servers, and why use email in the first place. Since it's French, you can guarantee all messages are being collected at the ISP level. Unless you live in Switzerland and use a Swiss provider, or live outside of north America and Europe, that's gonna happen regardless of what provider you have.

Email is inherently without privacy. Don't trust "safe" providers with things that are actually dangerous to be seen by others. Use private alternatives. If you just don't want family images being seen by men in the middle, then things like the usually recommended safe emails are fine, even if they're in the five eyes nations.

Get a good ISP or VPS (check their IP ranges against blacklists first)
Get DNS and matching reverse DNS setup (which will need your provider to do)
Don't set up your mail server as an open relay (spammers will be trying as soon as it's online which will get your IP blacklisted in a couple days)
That's really all you need for personal use. Add SPF records if you can for extra assurance.

I tried emailing my friends/business contact through protonmail but they got flagged as spam.

there's this, that gives you a little bit of comfort on what you're using
prxbx.com/email/

They're not saying when it's coming back, supposedly it's to improve the service for the current userbase.

Email is not secure in itself, signing up doesn't amount to a job application, and VC is a pretty cool guy.

If feds want to read your Email, they're going to be able to, no matter what it is. The servers might have been seized, but I'm pretty sure VC isn't selling my info to corporations or anything.

I'm in the same boat, when is registration ever coming back online?

?

I don't like the fact they use Google Captcha.


Would like second opinion about teknik as well. Read the site and seem fine.

Finish the sign up process and it'll tell you registrations are closed at this time.

whats a good android email app? i really do not like k-9 at all

why not? get it from f-droid or you don't like the GUI?

The GUI yes

Yandex won't be monitored by American agencies (The Russians sure as hell will be though). It's good for throwaway.

bump

postfix.org/
dovecot.org/

yeah, they're a lot less anal about account security than google is. same with mail.ru, which i've found to be easier to make an account for, and they don't hound you for a mobile phone number. I've actually started using them as my main email. god bless russia.

ultimately though this thread is pretty stupid, either host your own services or relinquish your privacy to a third party, is usually the end point on this topic.

You can hardly escape gmail when so many people use it. Let's say you have a non-gmail account. A lot of your recipients will use gmail, which will store your whole conversations. They likely have a profile of you tied to your email address. You're condemned to this unless you have the magic power to convince your recipients to switch to another provider just for you, and even Snowden revelations couldn't achieve this.

Yandex is good for shit like that. You can create multiple fake facebook accounts over Tor in seconds if you just use yandex to sign up. It's both a very popular email account in Russia that facebook is forced to accept without any further requirements and the email account itself is very easy to register over Tor (no phone number required as opposed to gmail).

cock.li is literally run by the (((goons))) in secret barely you stupid fuck.
Enjoy being their data bitch.

so, let's not even try and surrender to the botnet? nice plan, user

there are plenty of tools for your very example

Did I just waste my money, Holla Forums?

Have auto-responder that says "gmail and google services are banned".

Is there literally anything wrong with @teknik.io?

Sorry, I accidently your post.

Yes.

Hushmail has only one type of encryption, is most likely weakened by court order, and is based in America, which has already shown to be compromised because of Lavabit.

EFF does not recommend it.

Someone explain to me the point in having a "secure" email when all the people you're emailing are using gmail and aol.

yes, you could have just got Microsoft hosted exchange for $2 per month, had your own fashy domains.

Even if plebs keep using compromised shit you still get forward secrecy and the ability to send semi-secure emails out of the deal.

protonmail

bump

Just read this whole thread and lots of recs on using protonmail. And not one person brought up the fact that they were created by CERN...

Seriously? You've got to be fucking kidding me.

GMX definitely hits the last 4 points and they're about as trustworthy as other major free email providers (they'll try to make money off your information like just Google or Yahoo). They've also been around for almost 20 years so they aren't going to just shut down.


You may not be able to free yourself from all email providers datamining you, but you can limit the information that they can get. Email services that don't require your phone number to sign up will have a much more difficult time linking your data to your real identity than ones that do, and if you use an email provider that won't datamine you that means any email you get due to online purchases won't be datamined (you still need to make sure you buy from companies that won't sell your info though).

Particle physics research, creators of the world wide web, grid computing research, major network hub in Switzerland, made up entirely of scientists and engineers... I'm not seeing the problem.

France contributes to global surveillance even if not part of the 5 eyes, that country spies as much as any other.

God-tier: self hosting in country with strong privacy laws (ie switzerland, iceland)
And install openVPN by the way

Less bad tier: choose an email provider respecting your privacy, if possible in a country listed above (tax heaven == strong privacy laws)
cock.li --> romania
protonmail --> swiss (careful, DDOS attacks, relation with an israel security firm - protonmail.com/support/knowledge-base/protonmail-israel-radware/ - ) NO IMAP/POP support

Mid-tier : same but in a country part of the 14 eyes (cf wikipedia)
openmail box (FR), tuta nota (GER) ...

I-don't-care-about-my-privacy-tier : gmail, yahoo

ressources:
privacytools.io/
wiki.installgentoo.com/index.php/Email_Providers
wiki.installgentoo.com/index.php/Email
prism-break.org/

1/2

And get gpg working

IMO, the most difficult steps are:
1) be enough knowledgeable in linux admin etc. to host yourself (even if yunohost and others are quite easy)
2) convince others (specially normies) to follow your path

2/2

How would I self-host my server in Switzerland?

Should I use this?

swissmail.org/Swissmail/home/home.asp

...

LADSSSSS

Go sound your urethra with a rusty nail you nigger, there's a general thread for questions like this.

cock.li is awesome as a throwaway for forums.

cock.li is the best mail provider for accounts on sites and forums but i wouldn't trust my finances to it. plus, no knowing if it could get raided again. that being said, there's no other good free mail provider.

i don't want to pay for a mail provider because i don't want to end up in the same situation i'm in now, where i have dozens of accounts connected to one email and i don't want them all associated with the same identity this time around. so i'd need lots of accounts to connect them to. which means mail services that only give you a few addresses aren't gonna work.

...

This is such bullshit, Its like you want every service you use to be linked with your financial records.

sdf.org

The lack of IP logging on my (secure, generally speaking) server wouldn't prevent the google, etc. on the recipient end from keeping at last that? If this is the case, than definitely sound as more than enough reason to do it.

Basically the big ones, had the problem with some of my throw away/fake accounts.
Decided to use them to Login into a website, but fuck yahoo will not let me into my mailbox without phone verification

Had to delete about a dozen e-mail accouts because of this shit

There are reasons why some good companys want money.
Some need it to build servers in contrys where you have at least some legal rights to ensure your privacy. Some do it in canada or the netherlands.

I use @startmail btw

Had a guy in my area get busted for CP recently. He was caught trying to share photos over gmail. Image tripped an automated detector and they told the police apparently.

yopmail

I used it, but ... it's french.


How's cock.li?

he deserved to get caught desu

What is the purpose of using a different email provider such as ProtonMail if everyone you contact is using a provider such as Google or Microsoft? Won't big brother manage to get a copy of your email whether or not use an alternative mail service?

a) Forward secrecy of your own emails. They can't retroactively spy on what's already in your inbox.
b) Providers like Protonmail let you send an email with a link to symmetrically secured content that the recipient then enters a password to decrypt.
c) Network effects. More people using these services encourages even more people to use them.

Don't be a defeatist pleb, user.

I used mail.ru and pochta.ru and none of them ask for any kind of verification. They were reliable but I changed to le meme protonmail and have been too lazy to find another one as it jus werks

Just use Yandex, Google or Outlook and call it a day.

How when "pochta" is the Russian postal service for parcels?

Maybe just use it with services that are already linked to your name and financial records

Just host your own. That way NSA letters come to you, (better not tell yourself that you got one too). An rpi has more than enough power and space to run this shit these days.

Marry me

SIGAINT with PGP if you're serious about privacy.

This is easier said than done considering most ISPs filter port 25 to prevent you from doing this unless you have an ISP Gold Account™

KolabNow is the safest right now, but I haven't been able to find out if there's (((someone))) behind it. Considering all the other options, excluding hosting your own e-mail server, I would choose this email provider.

It's based on Switzerland which is known by its strict privacy laws, the downside for most of Holla Forums, is that is a paid e-mail provider.

I may be wrong or not, but if I remember correctly Iceland is also one of the countries with good privacy laws, however, I have yet to find an alternative there.

Unrelated but does anyone know what the fuck is going on with Holla Forums? It's absolutely shitting itself.

No but I noticed Holla Forums has been acting a bit odd too. Did someone let Josh back on the server? Is this Return Of Alacrity Demon?

The bigger problem is that every mail recipient learns your IP. With a webmail at least they have to get the mail provider to cough up logs first.

You could just wait for Lavabit to come back... Check out their homepage. They're coming out with a new RFC called "darkmail" IIRC.

DIME was an interesting idea several years ago, but the "alliance" now seems to consist of Levison and his dog:

darkmail.info/

and the main code repos for the project haven't seen any updates in 6 months, and who knows how long since any non-trivial updates.

github.com/lavabit/

It's not clear to me what the Lavabit relaunch is supposed to offer, because there's nothing on the page but the logo and a countdown timer. Maybe there's more info if you have javascript enabled.

auti.st

Is mail.teknik.io any good?

You can make infinite throwaways on cock.li although it is not a public feature.

lets say you have [email protected]/* */ username.[anything here]@cock.li will also forward to [email protected]/* */

I've been a fan of Fastmail for a while. You have to pay, but it's blazing fast and super reliable. I've been very pleased.

just want to clarify that I'm interpreting this all correctly:

essentially, it is not possible to have an external email server that provides both security and privacy; the only option is to host your own server, and to do it well - to know how to maintain that server along netsec and infosec guidelines.

Could anyone help me out in learning more about netsec? I'm using OpenNIC, I have a lan VPN set up (although that seems pointless when 90% of my internet usage is connected to that same network), I use DNSCrypt, and otherwise I try to practice some other simple *sec practices.

Any suggestions on 1) how to take this further, both in practice and in understanding, and
2) how to set up a genuinely secure home mail-server?

yes, I'll go read the domain thread

oh yeah, forgot to add this >mfw

I'm using Putanota and it seems fine.

mailinator was the first and biggest disposable mailbox.

for real mail get a vanity domain name and point the mx at fastmail. looks good on resumes

there's like 10 different ways to fuck that up and if your ip range gets on a blacklist you can't do shit about it.

Your own mail server is even less secure than external. Everyone you mail will know your IP, therefore where you live. If you use a domain the DNS registrar will have access to a lot of personal info as well.

i don't disagree but i think you're confusing security and privacy which are distinct concepts. if i'm running my own mail server with a vanity domain tied to my irl identity i don't need additional privacy. i still need security though

if more people self hosted it would make mass surveillance harder (than everyone using gmail and only having to hack one google server)

WHAT ABOUT TUTANOTA

I'm also a happy customer of Fastmail, but it needs to be noted that their focus is on reliability/speed/security first, and privacy second. They may be an Australian company and they may claim to ignore illegal US gov demands, but their servers are all located in New York, with their colos in easy NSL range of the US gov. And they don't do any sort of metadata-hiding like the new Lavabit/DIME system is supposed to.

That said, I really like their techie-friendly features. There's no bullshit setup fees or artificial limits for adding custom domains, and they stick to standards-compliant caldav/carddav/imap/webdav/etc/etc/etc for everything.

Why do we have a fucking 150 reply thread for something that's already answered in the sticky?

Because people don't feel the sticky says everything that needs to be said, clearly?

Posteo might be left of the spectrum, but they seem to be more obsessed with environmental concerns than anything else. Even as a fascist, I wholeheartedly support these efforts, we must be good stewards of the land.

What puts me off proton is the self aggrandizement of the creators. They essentially say, "We're PhD physicists from MIT, therefore we can create a secure email service". That's very nice and all, but why isn't half the company staffed with experts in cryptography and systems security? And yes, I know Tim Berners-Lee was also a CERN physicist.

I find it ridiculous that they
a) expect you to trust closed-source mail encryption in this day and age (seriously, HushMail was basically the same thing and it got cucked in what, 2010?)
b) don't provide IMAP/POP3

It just gives me a real normiebait vibe. Zero real security, ample security theater, touting irrelevant credentials (classic charlatan move). If they wanted privacy conscious people, just provide a KISS IMAP box and then tell people to use GPG. But no, they want you to lock in to their shitty webmail, meaning that their target audience is retarded normies... But what normie cares about email security?

Looking at it like this, their fancy PhDs say more about MIT and CERN than about their own qualifications, if you catch my meaning.

Agree with everything you put
This basically what posteo do.

Not true in the case of protonmail.

The difference is that you encrypt your emails on the client-side. They don't have access to plaintext. So they couldn't simply give over encryption keys to law enforcement, they would have to instead feed their users malicious javascript code, which is a difference even from a legal standpoint.

*decrypt your emails on the client-side...

*cough*
protonmail.com/blog/protonmail-open-source/
That's a good thing. The more normies up their game on privacy, even it's not perfect, the more secure we all are.

And if you're paranoid you can probably develop an automatic verifier inside the browser that will warn you when their crypto js code has changed, before you even start writing your passphrase in their form.

The code is definitely open sourced and is on github. I know because I was once looking at a possibility of rewriting their code (github.com/ProtonMail/WebClient) as a library that could then be used in local email clients. Lack of local client support is their greatest shortcoming imo.

I didn't realize they wrote a local client. I guess that's much better than what I though in , my bad.

I still don't get why they do all these crap, though. Why bother writing yet another shitty client when all you have to do is support IMAP and people can use GPG through many excellent programs like Thunderbird, Evolution, Claws, etc.

I just use cock.li

The meme domains are for personal emails and I use the "airmail.cc" one for more formal things that are tied to my identity since if you go to www.airmail.cc it doesn't redirect you to cock.li and pretends to not be a meme email provider.

Most people use web clients and don't know how to configure a local client program, they don't know what is IMAP or any of that. You could argue that ProtonMail's user base is more experienced, but I don't think that's actually the case - it doesn't seem like "paranoia" is correlated with tech knowledge, at least not since Snowden.
So their primary goal was to provide a client-side crypto within the browser to make it accessible to retards. Now they developed a stand-alone ProtonMail app, which is a shitty road to take because a) they make you dependent on even more of their software, and b) they don't provide implementations for all platforms (e.g. there's no linux version).

Not an argument.

ProtonMail's own page about this is full of people asking for IMAP.

Clearly no because retards don't care about mail security to begin with.

The problem is probably that they want clients to be forced to always use encryption for sending emails when available, and forced to always use encryption for storing emails. As far as I know IMAP can't do this, and actually has features counter to this such as server side search.

A lot of them do since Snowden. Just as an experiment search for articles about privacy and read the comments. Most people are completely retarded when it comes to how tech actually works, but they are at least smart enough to know that they need to do something about surveillance and control. And most of the time the advice they're capable of following is limited to "switch from that service to this one", "use this application", etc.
If you care about security and privacy then you surely benefit from making it easier for normies as well because it makes mass surveillance harder and more expensive. This principle has been discussed so many times before that I'm not going to repeat it here.
Or maybe you're just LARPing and actually want a target painted on your back?

Fair enough but again this is security theater. Whether my mail provider reads my emails is a non-issue because even if they don't, the providers of my correspondents will, as will all the intermediaries.

It's basically GPG or bust. Without full asymmetric encryption on both ends, you're only solving non-issues like rogue employees or data breach. The elephant in the room is surveillance from state or megacorps.

The best we can do at this point is set the scene by being GPG-compatible. Even if you never encrypt any email, you should at least have the capability, so as to not discourage any future correspondents from encrypting. People love to bitch that GPG is not widespread because it's hard, but it's not, Thunderbird+Enigmail is noob friendly as can be, and Ubuntu comes with everything preconfigured out of the box, you just need to have an IMAP (or POP3) compatible provider (no thanks to protonmail there). The real barrier is that if you use GPG, you can only talk to a handful of FOSS developers.


This is why they are a lost cause, user. Any shit company can come along, create some security theater, and blow thousands of dollars on marketing and to normies this will hold as much credibility as you recommendation to use Tor, GPG, etc. They also don't understand security at all, and operate purely on trust, so "well it's fine if google spies on me i'm not a terrorist anyway so i have nothing to hide from them so long as hackers don't steal my ssn i'm okay" is a valid idea for them.

Not if normie baiting security theater displaces actual security, as it did with secure messaging on mobile for instance. I'd rather security be provided by semi-obscure software that is easy to find, instead of the market being saturated with fake security making real security impossible to find.

This is great, if it actually does it. But security theater doesn't make it harder at all.

Most often you'll talk to them on mailing lists or bug trackers, so at best you're only going to be signing your messages and not encrypting them.

arstechnica.com/security/2015/11/crypto-e-mail-service-pays-6000-ransom-gets-taken-out-by-ddos-anyway/

Protonmail is pure garbage.

What protects any other e-mail host from these sorts of attacks?

A straight refusal to pay.

security.stackexchange.com/a/73371
This guy has some good responses, but you really need a competent ISP with a lot of capacity. It's very hard, so that's why most people just use kikeflair, which is probably a giant NSA MiTM.

Hi friends, I run cock.li which has been mentioned several times in this thread, and I figured I'd clear some stuff up.

For starters, I want to preface everything by saying I don't benefit at *all* if you use cock.li. Dealing with the mail server takes a up significant amount of my time, and I don't profit off of it at all. I do make a modest profit from my VPS hosting business, but that is not only a separate venture but also takes significantly less time to manage. The mail server is like a second job to me, so if you don't want to use it, by all means don't! I don't want this post to come off as shilling, merely (((correcting the record))) :^)

Every single person that believes I have anything to do with something awful outside of EVE Online got the shit trolled out of them by pic related. The truth is that I played EVE with Goonswarm and had a blast doing it, and sent out an E-mail to cock.li users asking them to come play with me. Any perceived connection outside of internet spaceships is complete fabrication. The 8ch Holla Forums mod even bans people he suspects of being me because he is so hilariously terrified of SA, even though I'm pretty sure SA hasn't done anything significant in like 10 years.


I sure did. Granted cock.li was a lot smaller when I moved the host from the U.S. to Germany, and I didn't have reason to believe the site would be able to financially support itself on (or even have a legitimate use for!) the dope colocation setup it has today.

Cock.li today is colocated on a 1U server in Bucharest, Romania. This means it's on a server I own and have full physical access to, and have deployed FDE on all disks. The mail server has 4x3TB disks encrypted with LUKS with ZFS RAID-Z1 layered on top.


Cock.li is on no major blocklists (check yourself: mxtoolbox.com/blacklists.aspx), and I haven't heard of a complaint of cock.li being sent to spam in a long time. I developed an amazingly effective abuse protection script that ensures that if anyone uses cock.li to send spam, it won't be for very long.

The one site I've heard which still has blocked cock.li registration is Twitter (even though my Twitter is registered with cock.li). Haven't found a way to resolve that yet unfortunately. Past that, it's not really an issue.

You're referring to one of two situations, neither of which should be relevant:
1. Germany stole two of my HDDs by request of the U.S. government (1. archive.fo/v0F7U 2. archive.is/etfDM)
2. I am periodically subpoenaed by the U.S. government (all of which are published here: cock.li/transparency/ )

For 1, the situation was entirely outside of my control, though since then I've taken every possible step to ensure that if any government wants access to data on cock.li, it will have to be through me.

For 2, The subpoenas are not requests, they are *orders*. I could be extradited to the U.S. and thrown in jail if I did not comply with them. People that think that any provider worth their salt just breaks the law because "lol whatevs" is a fucking idiot and has clearly never done any research into the topic.


The seizure I eventually found out via a FOI request to the German government was an "international matter", leading me to conclude it was by the hands of the U.S. government. That also explains the complete stonewalling I got when I tried to find out anything about it.


Cock.li could get completely BTFO and would still live on. The worst thing that could happen is the mail storage could be unrecoverable, but who cares about E-mails? I would have an up-to-date copy of the user database to restore from and me (or a successor) could have the site back up in a matter of hours.

You can read about my hidden service backup system here:
vc.gg/blog/announcing-the-iron-dong-hidden-service-backup-system.html

also holy shit I just realized a lot of the posts I just replied to are 4 months old, fuck. I finished the post because I was already almost done, but I doubt there was any point to writing all this up.

Thank you for providing hosting, i'm using cock.li (firemail.cc) as my main email address and it's pretty cool to have a non-botnet email account and to be able to trust the provider !

Was still interesting reading so thanks.

The posts you replied to may be old but boards are hive minds so the next user to read you still benefits.

Thank you for all your impressive dedication and hard work, even if I just use cock.li as a plan B when mailinator is blocked.

Pursuant to the question raised here
, how would you deal with a ransom request to prevent a DDoS attack? Just tell them to fuck off and not pay?

YES LMAO

Cock.li has pretty good DDoS protection though no protection is perfect. I would happily let cock.li be offline for however long the attack lasts, and I would absolutely not under any circumstances pay a DDoS ransom no matter how small. I also have multiple ways to access the server over a private network if it's ever inaccessible like that.

I recently made a twitter account with @airmail.cc and they were fine with it.

Thanks for hosting cock.li and double thanks for having the foresight to make airmail.cc not redirect people to cock.li so I can use the email for things attached to my name without curious people finding out I use a website that hosts nigge.rs and loves.dicksinmyan.us

It ain't 2001 anymore. Deliverability with this setup is going to be poor, particularly to Google and *especially* Microsoft.
Sadly, you need to do more work than that. Reverse DNS is a good start. SPF is becoming essential now. DKIM, DMARC, DNSWL, and "priming" major senders by sending a fair bit of trusted mail to each of them that your recipients specifically flag as ham are also necessary.
It's rewarding having control of your mail and it's not as impossible as people like to pretend, but it does take work to get trusted.

Thank you for running cock.li

Hey Vince, I'm one of your critics so I figured I'd respond. Let me be clear that from what I've seen of your behavior you seem like a breddy gul dood and I want to like you, and cock.li as a service does almost everything right. Except maybe not being accepted by some sites, but that's not necessarily your fault.

The problem is however that when your goon connection came to light it irreversibly poisoned the well. Any sane person can see that it probably means nothing, like you say all you did was play some EVE with them. I played MMOs with goons too, I played games made by them, but I'm wholly unaligned with their agendas. But if one were to be serious about privacy, "probably" isn't good enough. Because of that tiny, tiny chance that there really is more to this than mere vidya shit, it is now impossible for me to use cock.li for anything besides basically a mailinator alternative.

Pardon my paranoia but if you were a goon agent out to accumulate user's info and dox everyone, wouldn't you say what you said now? Of course, had you actually been a malicious goon, and not sent that email, it would be much worse, and yet we would still trust you, but that's an academic matter now.

I don't mean to attack you, but I think there's an unfortunate complication in your relationship with any user. I wish there was a solution to it. Best I can think of is for you to say in the FAQ or something that you may or may not be a goon, so it's up to the user to trust or distrust you. You kinda said the same about reading emails, which I think was quite admirable.

What exactly makes people so afraid of goons? All I know about them is that they were a really big thing in EVE until their faction got beaten by a coalition of smaller ones. I tried to go to their forum but it asked for $10 so I didn't bother.
Are they SJWs? Are they more like redditors? Are they mindless trolls with no agenda other than to cause chaos? (this is the one I assume to be true)

RING RING, Yeah, hello 2000, this is 2017 calling. SA isn't relevant anymore. No one gives a shit about who may or may not be a goon.

I appreciate reading criticism of cock.li, so I hope you don't interpret my incoming shitposting as the opposite of that.

If playing a video game with the wrong* people disqualifies someone's entire work as being a "poisoned well", I really hope those extremely low standards for disqualification doesn't carry over into other aspects of your life. Literally no other connection other than me playing EVE has *ever* come out, because there isn't one. There were multiple active and inactive SA members in that Holla Forums thread, don't you think one of them would have found something if there was?

it sounds like you're agreeing with my story, no? so what is there to worry about?

Should anything you create of worth also be dismissed under the same criteria? How would you feel if someone propagandized you playing video games with the wrong* people to discredit your largest projects you have poured thousands of hours into?

Me too, on the matter of politics. But we share a common interest in making people mad in video games, and goons sure are good at it. That extends online, too; If you read what mittens wrote online about gamergate it was SJW nonsense but he did a great job at making nerds angry on the internet, and who doesn't love that? You can read my reply to the dude who replied to you for my full thoughts on this.

You had better self-host your own E-mail on a server in your house on your own ASN or else the only reason you use any provider ever is because no one's whispered the word "goon" in your ear about it. I'm sure if you look you can find problems just as "bad", if not far worse, about any provider.

This "that's exactly what an X would say!" argument is an even more childish equivalent of asking "why?" over and over. If you can't judge things off of their substance instead of your own stupid utopian vision for mail providers, you are truly beyond all help.

Why is that an academic matter but "if I was a goon agent" is not? You made an absolutely excellent point, if I were an undercover goon the last thing I would do is blow my cover.

same

Definitely not "any user", just the paranoid whackos. See my reply to the other poster below

HOLY SHIT KILL YOURSELF LOL

It's a meme outside of Holla Forums that I see people making fun of 8channers for all the time. Specifically 8ch Holla Forums. There's this whole conspiracy that goons are out to destroy Holla Forums by all means necessary and regularly infiltrate threads a la CTR. The board owner has completely bought into it and is convinced this is a huge issue, when in reality it is just self-cannibalizing. If I *were* a goon with my lasers set on Holla Forums annihilation, there is not a single thing I would change, because watching them stampede each other to rid themselves of the spooky scary goons is way funnier and self-destructive than anything SA could muster themselves.

The SA community as far as I've seen does a really good job at not taking itself too seriously, and making fun of people who do. 8ch/pol/ is the exact opposite. They take themselves way too seriously and get fucking terrified of anything that does not perfectly match their warped sense of reality.

To put things another way, SA absolutely loves making fun of angry nerds on the internet. 8ch/pol/ are angry nerds on the internet and *really* don't like being made fun of. I'm sure you can see the recipe for disaster here.

They definitely lean more liberal from what I've gathered (granted my experience is literally limited to a video game), but I've noticed quite a bit of "whatever he doesn't like", so your last point is probably the most accurate. People hail 4/Holla Forums for being great at trolling, and they're right, but what a lot of them don't realize is that once you start taking yourself seriously, you've already lost. That realization is paramount to the goon/SA community, and that's why Holla Forums is still flipping their shit to this day while as far as I know, no one in the SA community gives a fuck.

Agree strongly with this. When there's ego, there's a target.

Mind you, I still think Holla Forums is fine. The enemy of my (((enemy))) is my friend.

Most people on Holla Forums I suspect just play along with the rigidness in order to placate those who take it seriously and ward off outsiders.

4chan Holla Forums is a fucking mess though and I think they're also trying to prevent it from becoming like that.

This seems like a pretty good explanation, thanks.

Unless you're running your own server I don't really think you have a way around this. I guarantee that at whatever email server you use there's at least one person working there that you'd find to be explicitly "problematic" (unless of course you have your own). I mean this goes for other things too, RMS is a huge SJW so does that mean you shouldn't use linux? Microsoft and Apple have plenty too so that rules them out as well.

I just don't think it's healthy to live your life assuming that everyone else is guilty by association.

There have been some pretty serious activities perpetuated by groups that spun out of SA, for instance SRS started there. I think they infiltrated and doxed several high profile reddit admins.


I suppose it's more a criticism of your image than the service. I think the service is literally perfect and honestly the way it works should be industry standard to all other email providers.

Of course not. IRL trust is very different from online trust. I also don't do anything questionable IRL. I don't really do anything questionable on cock.li either for that matter, but for instance I would hesitate to use cock.li for things like talking to my wife, professional correspondence (some confidential), email from my bank, and so on. You might say, what kind of retard would use cock.li for these anyway. True, but the point is that a real email like Gmail can or at least is trusted with such things. So, my concern is, what does it take for cockmail to be a real email service in this sense?

There's probability p of you being trustworthy. Probability q of being malicious. p results in no loss, q results in big risk. p>>q but q=/=0. Hope that explains it?

I take pains to avoid myself getting associated in such ways, in no small part because of this. The things I have created would retain their value regardless of what is known about me, although it might make paranoids jumpy so I avoid it. Perhaps this is deception on my part, and having hung around the wrong people means I am liable to betray their trust in the future. I'd like to think not, but who knows? Granted I create things that that the user fully controls, I don't provide services like you do.

The problem begins when you hang out with group A, and expect group B to trust you with their mail, but many in A probably think that it would be totally hilarious to fuck with B because B has very politically incorrect views that A is opposed to.

What makes you think I don't? 3rd party email still have its use, though. Plus you're a better admin than I am. I have a job. I don't have your resources.

This is a strawman. For instance, Google is clearly more hostile than you, but I would sooner trust Gmail with sensitive mail than cock.li. Why? Because Google wouldn't just read my one email where I say I'm happy Trump won, and decide to just dox me for the lulz, or to hack my bank account. They're bound by various laws. You are anonymous and outside US jurisdiction (not saying you shouldn't be, obviously that's the point of cock.li). So I don't have to trust Google entirely, I can distribute my trust between Gmail and US judicial system (mostly the latter). With you, I have to trust what, Romania cooperating with US over some bullshit defamation of character charges? You could fuck me and there's not a thing I could do about it, man.

It's a simple Bayesian probability statement.

Maybe you got drunk and didn't think it through, I don't know. A hypothetical bad actor doesn't become trustworthy just because of imperfect opsec. I will concede that transparency helps improve trust.

I have to ask, who is it that you expect to use cock.li, exactly? And what for?

Hey, I didn't say it's a good idea. Be nice.

tl;dr: Anonymity and trust can conflict with each other, and email requires user to trust provider. Unclear how user could trust you, beyond "I wouldn't read your emails because it's boring". That argument, while sound, implies you can only use cock.li for boring emails.

Look, honestly, I bet it feels unfair as fuck that people react like this to such a small thing. I know I'd be really frustrated. I sympathize with you there. But it doesn't make sense to base trust on sympathy.


I'll restate since maybe you don't want to read the above: There's actually 2 ways -

1) If the admin disclosed his identity, we could examine his past behavior and trust him on that basis. Not realistic for cock.li because I don't think Vince is interested. This, for instance, is how DDG guy initially built trust, and also how it later came to light that he wasn't trustworthy, which illustrates the basis of such trust.

2) If users have some recourse against the admin, the required trust is much less. Traditional providers are subject to various laws, so if they fuck you too much there's possibility of suing them. Also not realistic for Vince, since he has set up his service to be protected from law (especially US law that most anons are subject to).

You're making a big fuss about this. If cock.li was a big dox operation, it would have been used up before the election was over.

Calling you a Holla Forums-browsing Trump supporter now, even in normie eyes, is only as bad as "oh look, that guy thinks he's edgy for that".

To think someone would read everybody's email and go after every single user without NSA-like resources is just madness. Character assassination doesn't scale like this, you can't defamate thousands of anons over email contents.

There's a whole bunch of illogical statements in what you wrote. I don't want to start a long argument so I'll refrain from writing a rebuttal. But basically you're strawmanning.

oh man lmao this is worse than I thought

The Internet *is* real life. Thinking otherwise is a defense mechanism.

same

hahahaha

*I* think it's hilarious to fuck with users of cock.li. Have you seen my maintenance schedule? Granted that doesn't mean I break the privacy policy, but I apparently take cock.li a lot less seriously than you do.

I didn't say you don't.

No it isn't? Your response is in reply to the exact substance of my argument, if it was a strawman you should explain how it was.

Cock.li houses tens of millions E-mails, with millions more being sent and received each month. I don't even know how it would be possible to find the E-mails you're worried about.

Also, I voted for Trump from the U.S. Embassy in Bucharest.

same

No I'm not.

No I'm not. As a U.S. citizen I still have to abide by subpoenas and warrants from the U.S. government.

No it isn't. The point of cock.li is for me to have a funny E-mail address. Everything else comes second.

No it isn't, you might be able to make that case about the probability of me being an undercover "write 8 paragraphs while drunk and OOPS blow my several-thousand-hour spy operation" goon, but absolutely not with "That's exactly what an X would say". You can't just slap "muh bayes" on anything you want. I could make the same exact case about you being literally schizophrenic ("that's exactly what a schizo would say!") but that doesn't make it have any weight, even in a probabilistic sense.

All types of people use cock.li. I know because I hear stories about how some people use it as a throwaway, some people use it because they're paranoid whackos, and some people use it for their bank, utilities, paypal, etc. Some people even use it to apply for (and, yes, get) jobs with their cock.li address.


See:

You're completely incorrect. I think it's fucking hilarious that people like you exist.


"anything I don't want to respond to is a strawman"

Maybe I'm reading your attitude wrong but you seem more interested in le internet shitflinging than an actual conversation, and a bit of a faggot yourself, so I'll stop here.

I'll just say that:
Seems pretty dumb given that

So thanks for clearing that up.

Your "actual conversation" all comes down to you getting trolled in the first place, so I'm not sure what you expected. Thanks for the laughs, it's okay, I won't blame you for ignoring the substance of my post. At least you didn't dismiss it by calling it a strawman again ;)

Here's one more for the road:

You can read this for more information on the topic:
vc.gg/blog/3-years-of-cock-li-cum-and-get-it.html
The point is that when my E-mail works, everyone else's (usually) does too. There's even this on the home page:
Sorry if you've been tricked into believing I'm trying to make the next gmail.

I sent a email to you a few months or so ago, regarding the blog and site without even reciving a simple "I can neither confirm nor deny,thank for your interest" reply.

sorry :(

I'm sure you're having a blast with the resident paranoids, just wanted to say I don't even care if you're a "goon", played Gaia, browsed Something Awful or whatever. I don't see how any of this matters even if I do browse Holla Forums.

Quick question: if George Soros was upcycled into a swastika-shaped soap while Anders Breivik is elected prime minister of Norway, would "goons":
1) have a hearty laugh
2) cry anti-semitism

It doesn't really matter seeing as life is full of disappointment and forgetfulness. I`l resend it soon.

How about C) all of the above.

Gee, I wonder.

So it's not 1) or 2) but C)?

This is an understatement. I wanted to pay my bills today but NOPE my gmail account is locked because I updated Firefox or something. It says "there's something unusual about the way you're singing on", pls send us a phone number etc etc. Im so fucking sick and tired of these fucking services that have hocus pocus security systems instead of a plain fucking password. Now I need to find a new service I can get my landlord to send my bills to. I might be able to get him to PGP encrypt/sign them, but then I'll still need a trustworthy email for my bank account, as they don't let you make an account without a backing email, and the backing email can be used to steal the bank account. I've been worried about being locked out for not being a normalfag for years, and have been locked out for days before. This time I'm not even sure it will let me have the account back. This and hard drive #35235 just broke and I almost threw all my computers out the window right now. ==JUST==

absolutely disgusting
kikeflair is only one of many anti-ddos solutions. There's no real reason to use them over any other. They are just popular in the hipster tech startup community right now.

kek

still can't sign in. i just looked at the last amounts i payed over the years for the bills and payed the highest amount reasonable based on those numbers. the next month the bills should be discounted to correct for this or maybe some other bullshit will break. was going to spend the rest of the night coding but am too angry/annoyed and probably smash the computer (ive already lost one computer and a keyboard to this type of problem). fucking christ. even going on the internet is risky. i might encounter some bullshit website that needs JS, then I enable JS and my browser freezes for 10 minutes.

All of this and you're a programmer who browses Holla Forums. If a certified card-carrying autist like you can JUST this much, what hope is there for the common volk?

so get a subdomain from a friend
subdomains are usually completely free, the only concern is that the friend has control over them and might screw you over/let the domain lapse later on
you can also get a subdomain from a 'friend' meaning: you, yourself, you are the one giving the subdomain to yourself. it's one degree of separation and might be enough to burn you, but think it over.

Ordinary goons are (maybe) not a problem. But a subsection of them are SRS and are definitely the enemy of the right.