[HacktionLab] Own-Mailbox: Self hosted web mail PGP/ HTTPS

Garcon du Monde gdm at fifthhorseman.net
Thu Sep 24 16:47:18 UTC 2015 

On Thu, Sep 24, 2015 at 02:48:11PM +0100, yossarian wrote:
> I've recently set up a Seafile server in my house, it works really
> well and I've been very happy with it as a kind of self-hosted Dropbox.

hmm, didn't know about that, thanks for the pointer.

> I need to test whether the claims of my new ISP, that email will work
> off my home connection, are true. Then I could be in the market for
> one of these little boxes too. If I need extra comfort, I can always
> double down with GPG. Sam, if you try out one of these things please
> report back, I'm very interested to hear about it.

i've ordered a few, i can probably give you one if you want. won't
arrive until next june though. or you could just order one yourself -
they're not that much ;-)

> What is PLM, anyway? My searches all come back with "Product Lifecycle
> Management", which seems like not the right thing.

following is from the website FAQ (apologies for the bad formatting!):
 
 Can you explain
 more in details how Private Link Message (PLM) works?


	                 Private Link Message (PLM) allows you to send and receive
			 messages from people who don't use GPG.
			 
			                 In order to send a message you can send a secret HTTPS link to your
					 correspondent. It will look like https://test.omb.one/n3FVgtFwR2cp839nX6dkQGzGjF38bJ5VwiX86uXY8kAD25wLJaDbjfz4.php .

                The link is temporary: once clicked by your correspondent it is too late to spy, the link does not work anymore.

                You can also, optionaly, setup an expiration date for the link. If your correspondent did not access the
		message before this date, it is too late to read.

                The link is filtered by a question. Depending on the level of
		surveillance you think you are in, the question can be a simple captcha to
		avoid bots, a secret question that your correspondent can answer but not
		the NSA, or a request for a password previously exchanged with your
		correspondent, or no question at all.

                Your correspondent will have a web interface to answer your
		message privately. <b>You can also activate a permanent HTTPS interface for
		anyone to send you a message privately at any time.</b>

In practice a simple captcha will allow you to be safe from mass surveillance, since only targeted surveillance can be done by human beings. On top of that any spy will be detected, and have his IP address revealed.
On our test, no PLM has ever been spyed even with no question at all.


[end copied text - that was https://www.own-mailbox.com/ FAQ 16 i think]

solidarity,

	--gdm
	
-- 
GPG: 5607 E4BC C6B6 90F4 5EBC  B348 D01B 9D77 912F 963C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.aktivix.org/pipermail/hacktionlab/attachments/20150924/102cedfe/attachment.sig>

More information about the HacktionLab mailing list