Anyone using StartMail for their email?

JockVSJockJockVSJock Member Posts: 1,118
https://www.startmail.com/

Got an invite to use this email service as I'm very concerned with the latest Yahoo email breach along with privacy concerns with using the free Yahoo email and Gmail (As a disclaimer, I don't have any tied or affiliation to startmail).

Saw a review here:

StartMail Review & Rating | PCMag.com

However I was wondering if anyone had any personal experience using it. I have tried out hushmail a few times, however there were some questions on where their email servers were hosted (Canada?) and privacy laws.

One of the things is that I'm really tied into Google Calendar, so I'm wondering how to replace that. Also there isn't an Android phone app at this time either for mobility.

thanks
***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)

"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown

Comments

  • rob42rob42 Member Posts: 423
    I've been using StartPage for a number of years now, but, like you, I really like the cross-platform functionality that google provide.

    I've come to the conclusion that the only way to send secure messages over a public network, using servers that you have no control over, is to encrypt a file locally and sent it as an attachment. It then doesn't matter about the connection or who's running the servers. All you need is a per-established relationship between you and the recipient. The fact that my way of doing things is not integrated into a user interface puts some people off, but it is secure.

    Thanks for the link.

    Have a good Christmas.
    No longer an active member
  • JockVSJockJockVSJock Member Posts: 1,118
    Google makes it convenient with their software products, however they along with everyone else is spying on what your doing and selling that information to 3rd parties or giving it up to various gov't agencies.

    If costing out StartMail, comes to around $5.00 a month, however I wanted to hear from someone who is actually paying for the service to see if it is worth it.
    ***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)

    "Its easier to deceive the masses then to convince the masses that they have been deceived."
    -unknown
  • rob42rob42 Member Posts: 423
    Bang on: no such thing as privacy on the internet. I can't see that paying for an email service will make it any more privet than not paying for an email service; you're still using a server over which you have no control. Do you trust that your emails will not be scanned? I don't, so why pay for it? Also, you have no way of knowing what any service provider is doing with your information. The only hope you have for any kind of privacy is to take things into your own hands.
    No longer an active member
  • si20si20 Member Posts: 523 ■■■■□□□□□□
    My 2 cents: I ask myself this question every single day. I was using hotmail for YEARS until I moved to gmail. I used gmail for years until I found out via numerous youtube videos and security/privacy activists explaining just how much privacy we're giving away by using their services. So, I moved back to hotmail. But lately, the spam email I get on hotmail is beyond ridiculous. I spend 50% of my free time manually managing my inbox. And to make matters worse, I recently set up my hotmail account so only emails that were whitelisted should come through - but somehow, I keep getting spam messages which say: "trusted sender" - yet the sender isn't in my trusted list. In short: Microsoft's filter is trash.

    So that means i've moved back to gmail. I'm going to set up PGP and in the very unlikely event I need to message someone using that, I will. But being honest - I don't know anyone (even security professionals) who actually use PGP. It's a great thing but when even security professionals aren't using it, you know it's not going to be picked up by anyone who isn't a professional/hobbyist.

    I've got a Protonmail account but I fully expect them to go pop soon enough. It'll happen, whether it's 1, 2 or 5 years from now. I can't see Protonmail lasting.
  • p@r0tuXus[email protected] Member Posts: 532 ■■■■□□□□□□
    I also use Protonmail. Been transitioning out of Yahoo for the last 3 months. Taking a little time to do. Kind of like deleting F-Book. Takes time out of real-life to get things consolidated in the digital one. I don't care much for Gmail, but it's useful for keeping in touch with a couple of people on G+. Otherwise, I'm all about Protonmail. Even their phone-app is easy to use and secure. I like the encrypted mail services and it's free for now. I wouldn't mind paying for it if I can have a little say in how the company lobbies the swiss govt.
    Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
    In Progress: Linux+/LPIC-1, Python, Bash
    Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    As usual, the only robust thing is your own mail server in your basement. All other options are flawed.

    But it takes effort to maintain it far beyond amounts like $5 a month.
  • si20si20 Member Posts: 523 ■■■■□□□□□□
    As usual, the only robust thing is your own mail server in your basement. All other options are flawed.

    But it takes effort to maintain it far beyond amounts like $5 a month.

    But it wont be as secure as the likes of Google etc, even if your privacy is better - and is it better, really? A guy I know does just this. He has a mail server at home, a firewall and a webserver which he can access his mail through remotely. He pays for his own domain and gets his own hosting and a unique [email protected] address - it all looks quite nice. Until one day, I noticed he hadn't yet updated his webmail plugin and his plugin was vulnerable to a RCE. Obviously I didn't take it any further than that, but running your own mail server securely requires you to have the knowledge of a seasoned pen-tester - otherwise, forget it.

    For anyone who is interested, his server runs Ubuntu's server edition and we all know that recently Linux has been hit with several high-profile security incidents in the past few years.

    But the main reason I mentioned this, is because he mainly emails...... gmail accounts! So his unencrypted emails end up sitting in a gmail account anyway - so his privacy is gone seeing as Google's automated scanner picks up keywords, then gives ads based on his conversations with his contacts.

    And here's a fun fact: Once, I got an ad on gmail saying 'Drive fast cars, like Ben!' (Ben being the guy's name) and his email hadn't even been opened yet. When I opened it, it was saying how he was considering a new, faster car. The email had been scanned and i'd been served an ad before I even read the email myself. Scary.
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    si20 wrote: »
    Until one day, I noticed he hadn't yet updated his webmail plugin and his plugin was vulnerable to a RCE. Obviously I didn't take it any further than that, but running your own mail server securely requires you to have the knowledge of a seasoned pen-tester - otherwise, forget it.

    First, what you most likely did is you used existing public information about this RCE meaning that the patch for it was most likely already available. So it comes down to just patching everything in a timely fashion which is due care and should be done, it is part of those ">$5 efforts" to maintain it.

    Second, you keep it simple. In my case when I did that (now I don't but will resume one day) I didn't use any webforms, because it involves web-server, etc. which are complex and are often written by open-source developers and quality of software is inferior. All I had was SMTPS, IMAPS, POP3S. There were mail servers out there that exist for 20+ years and they never had any RCEs in their services serving these protocols.

    Not sure what you mean by he mainly emails google accounts. If the majority of his respondents are on google -- it's okay as it is unavoidable and still it will be harder for Google to recreate this user's psychological profile with his wishlists and habits and all that. If he just uses his gmail mailbox to fetch all his emails from his private server then yeah, dumb idea.
  • powerfoolpowerfool Senior Member Member Posts: 1,649 ■■■■■■■■□□
    I use Office 365... I get Microsoft Action Pack and use one of the 50% off promo codes, so I have 5x E3 licenses and more (including $100/mo Azure credit) for less than $250/year.
    AZ-204 [ ] AZ-400 [X] AZ-500
    2020 Goals: Azure Developer Associate, Azure DevOps Expert, Azure Security Associate
  • p@r0tuXus[email protected] Member Posts: 532 ■■■■□□□□□□
    Once, I got an ad on gmail saying 'Drive fast cars, like Ben!' (Ben being the guy's name) and his email hadn't even been opened yet. When I opened it, it was saying how he was considering a new, faster car. The email had been scanned and i'd been served an ad before I even read the email myself. Scary.

    Exactly the situation. Encryption doesn't do much if both ends are not encrypted in the communication or the payload doesn't require being decrypted after received. Google touts that they have encrypted (https) services but really, they are the biggest perps when it comes to abusing personal information after it's been collected. It's pay to play, like most systems, and it's hard not to want to play.
    Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
    In Progress: Linux+/LPIC-1, Python, Bash
    Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
  • JockVSJockJockVSJock Member Posts: 1,118
    Thank for posting about Protonmail, their website has more info then Startmail.

    I wanted to host my own mail servers, however it looks like it would take time/money...Would be a great learning experience.
    ***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)

    "Its easier to deceive the masses then to convince the masses that they have been deceived."
    -unknown
Sign In or Register to comment.