Announcement

Collapse
No announcement yet.

Is Anyone familiar with RiseUp email services?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • joshwieder
    replied
    Originally posted by Agent X View Post
    If you threat model is nation state spying of Christian Missionaries in a Muslim Theocracy or similar, you cruising for bruising. Riseup, PGP and other such tools really aren't what you want to be using. They stick out like a giant red flag that your are doing something! Riseup is a hotbed of left leaning activism, PGP/GPG has a ton of security issues and isn't exactly quiet.
    There are a few very controversial and perhaps contradictory claims in Agent X's post above. Agent X, can you clarify what you mean by "PGP/GPG has a ton of security issues", for example? I am aware of some serious issues in the past with injecting phony data into signed messages with GPG, but that was resolved 8 years ago. I am also familiar with arguments that XKEYSCORE-like infrastructure will flag encrypted information for further inquiry. However, you then go on to recommend the OP use TAILS, for which the same issue applies ([through surveillance of download mirrors](http://www.eweek.com/security/linux-...atch-list.html)), and indeed XKEYSCORE had a plugin written specifically to ID those even tangentially interested in TAILS. Even if this was not the case, OP is a religious missionary heading to a muslim country. This alone places him/her among the most strident of red flags for state surveillance. Finally, strong PKI remains a mainstay of good OPSEC; identity verification remains a weak arm against the use of strong PKI when it remains the only method to prevent interception of sensitive content.

    As for self-hosted email, I agree that this is the best option for attempting to secure a means of communication which remains intrinsically insecure - with one vital proviso. Self hosted email servers are only a gain for OPSEC when an experienced email administrator is available to both configure and provide ongoing maintenance for the self hosted email server. Furthermore physical security as well as redundant power and network connectivity must be insured to prevent interruptions of service as well as the implementation of surveillance equipment. These items are simply beyond the resources of many people who are in need of securing their communications. IMO email administration, particularly when encryption is thrown into the mix, is not a core competency even among IT employees. I have known many, many admins who have worked in various sysadmin capacities who would be completely incapable of troubleshooting email besides possibly reading email headers. The upshot of this is that an email server hosted in a competent data center by an ethical company that would fight CALEA warrants and eventually lose is *infinitely* safer than an email server that has accidentally been configured as an open proxy, or that leaks user information.

    Leave a comment:


  • Agent X
    replied
    If you threat model is nation state spying of Christian Missionaries in a Muslim Theocracy or similar, you cruising for bruising. Riseup, PGP and other such tools really aren't what you want to be using. They stick out like a giant red flag that your are doing something! Riseup is a hotbed of left leaning activism, PGP/GPG has a ton of security issues and isn't exactly quiet. See this.

    I would suggest using a hardened operating system, with anonymity functions (Tails),a very generic VPN service like Private Internet Access, with a always on function (traffic is always going over the VPN.) Use PGP/GPG when need to communicate with folks outside of area of operation. Use your own hosted email service and pass messages only internally.

    As for your mission, the people going to the AO are very faithful or very stupid. The spreading of the Christian Gospel is inherently about communication with strangers, strangers that in this case are both indoctrinated through it's own native faith and incentivized to turn you in. At best your missionaries will be roughly escorted to the border, at worst they won't.

    Much love stay safe.

    Leave a comment:


  • Blitzer71709
    replied
    I currently use Riseup.net for XMPP chat services with OTR as well as PGP encrypted email, I have no complaints.
    Some of my privacy-centric friends also use it for the same resources, I would not say to use it for a VPN.

    Leave a comment:


  • joshwieder
    replied
    "Also I never heard from RiseUp."

    Its been a while since I dealt with their account activation process, but I seem to remember that they have a sort of application process and that due to their limited resources they strongly prioritize signups from non-profits and that sort of thing. In my own case, the account I activated was for / on behalf of a non profit research organization called the Puppycide Database Project that compiles records of and crowdsources research in relation to police killings of animals. Anyway, the group has some very legitimate surveillance concerns and I think that may have helped expedite the application. Again, its been a while since I went through the signup and I don't know your own circumstances VideoPod but if you're doing some sort of non-profit/NGO/charity work, journalism or activism I would recommend including some reference to that in your signup.

    Leave a comment:


  • Deviant Ollam
    replied
    i don't want to speak for anyone else, but i will say that Moxie Marlinspike is one of the smartest hacker friends i have and also one of the most devout people when it comes to trust, privacy, and keeping one's secrets secret. he has publicly said that RiseUp is one of a very short list of entities whom he has found worthy of a not-insubstantial degree of trust over the years. but those comments were a couple years back.

    some of the folk who attend the DEFCON Shoot also have riseup.net emails which are still current.

    short answer: i'd trust them more than many other privacy- and crypto-associated entities out there.

    Leave a comment:


  • VideoPod
    replied
    Originally posted by sainate View Post
    VideoPod no guarantees but I've got my feelers out to see what I can find.
    Thank You soooo Much!

    Leave a comment:


  • sainate
    replied
    VideoPod no guarantees but I've got my feelers out to see what I can find.

    Leave a comment:


  • VideoPod
    replied
    Originally posted by sainate View Post
    VideoPod , regardless of the service or medium you choose to use I like joshwieder 's suggestion of PGP to encrypt and sign the messages *before* they hit the wire. Unfortunately, I have no experience with RiseUp or similar services but our Church has a number of Missionaries in Muslim Countries and I'll check with them to see what they're using.
    That would be wonderful We've got a very young couple with 5 children... I know.... Don't ask... They felt the call and I personally am concerned about their family but it's in Gods Hands. Also it helps if we can keep them secure. Blessings...

    Leave a comment:


  • VideoPod
    replied
    Originally posted by joshwieder View Post
    I know this is an older post but in case anyone else comes across it I thought I would add me two cents (esp since no one else replied). I have used Riseup. They provide free email, a chat service, and VPN. For quite some time they were using PPTP which is inexcusable. They have moved away from this with a new VPN offering called "Black" that relies on Bitmask, but they have not allowed me to use this service yet. The docs I have seen for the new VPN look good, but I will trust it when I can test it. The chat service is acceptable so long as you are using strong encryption a la OTR. As for their email service - securing email is both hard and probably illegal for US companies (think CALEA which requires ISPs to wiretap customers at government request). They provide good documentation on how to use PGP with a variety of email clients. You can also connect to Riseup services using Tor. In conclusion: Riseup is not perfect, but it is among the best and most comprehensive security suites available for free. Users with enough tech acumen to identify Riseup's shortcomings can use the service to significant benefit.
    Thank you so much for the reply. It's been a long time and I appreciate the response. Also I never heard from RiseUp. If they did reply it may have gone in to my spam filter so now I'm wondering if I should bother to recontact them again. Hey Isn't Def Con sort of looming on the horizon? 8-)

    Leave a comment:


  • sainate
    replied
    VideoPod , regardless of the service or medium you choose to use I like joshwieder 's suggestion of PGP to encrypt and sign the messages *before* they hit the wire. Unfortunately, I have no experience with RiseUp or similar services but our Church has a number of Missionaries in Muslim Countries and I'll check with them to see what they're using.

    Leave a comment:


  • joshwieder
    replied
    I know this is an older post but in case anyone else comes across it I thought I would add me two cents (esp since no one else replied). I have used Riseup. They provide free email, a chat service, and VPN. For quite some time they were using PPTP which is inexcusable. They have moved away from this with a new VPN offering called "Black" that relies on Bitmask, but they have not allowed me to use this service yet. The docs I have seen for the new VPN look good, but I will trust it when I can test it. The chat service is acceptable so long as you are using strong encryption a la OTR. As for their email service - securing email is both hard and probably illegal for US companies (think CALEA which requires ISPs to wiretap customers at government request). They provide good documentation on how to use PGP with a variety of email clients. You can also connect to Riseup services using Tor. In conclusion: Riseup is not perfect, but it is among the best and most comprehensive security suites available for free. Users with enough tech acumen to identify Riseup's shortcomings can use the service to significant benefit.

    Leave a comment:


  • VideoPod
    started a topic Is Anyone familiar with RiseUp email services?

    Is Anyone familiar with RiseUp email services?

    I've got a request in to RiseUp but they say it may take 2 weeks to get back to me without an invite. Anyone here on RiseUp? If So how does this service compare to others if there are any at or above this level of security.
    PS: I'm also looking for an email service as well as browser service (I had thought Tor would work) that can be use by Christian Missionarys in a Muslim Country... So I guess you get the critical issue here....Thank You in Advance.
Working...
X