Replace Gmail

Phishfry said:
Is the public ready for digital certs?
Click to expand...
I am reading this thread, fascinated. I will say "yes" to this, having almost no idea what it is. People are recognizing that we are living in a new world, and if a thing can be made simple enough, and is presented properly, they will adopt it. I have two colleagues still in windows world, and one of them has switched to signal. The other.. is trying very hard to make -public- change, so hiding his communications kind-of defeats the purpose. Right now, submitting pgp encryped (or whatever it's called) messages to something like g-mail is the only way ordinary folk can be sure of secure communications, unless they use signal. E-mail -does- remain useful, for anything benefitting from a certan "formality".
 
mikethe1wheelnut said:
I have two colleagues still in windows world, and one of them has switched to signal.
Click to expand...
Signal is the very app that leaked classified info from top brass in Pentagon, in case you haven't noticed the news recently. Anyone at rank major or below would be court-martialed for that. Just goes to show that the problem is NOT the service, problem IS inattentive users, even within Pentagon.
 
astyle said:
It won't be on par with Google's stuff, and your users can get phished just as easily as with Gmail, probably even easier.

It's definitely less effort to just stay vigilant when checking your own email (no matter the service) than to set up a private email server. I'd know, I did set up a mail server before, proper maintenance is no joke.
Click to expand...
"my own private mail server"
I acknowledge that I am almost totally unqualified to even define right now what I really mean, assuming that it is any different from what you think it means. I'll let you know when I've learned enough for us to have a more intelligent discussion about it. :rolleyes::)
 
astyle said:
Signal is the very app that leaked classified info from top brass in Pentagon, in case you haven't noticed the news recently. Anyone at rank major or below would be court-martialed for that. Just goes to show that the problem is NOT the service, problem IS inattentive users, even within Pentagon.
Click to expand...
I -was- aware of -something- like that, but I had assumed that one of the participants in the conversation leaked it.. -signal- was responsible? ..gulp.. ..having finished reading what you actually wrote, I'm now confused all over again. I'll have to look up what happened.
 
mikethe1wheelnut said:
assumed that one of the participants in the conversation leaked it.
Click to expand...
That one assumption is absolutely correct. Signal was not at fault - users were.

Same situation with gmail - Gmail is not at fault - moronic users are.

This is why alternate email services are NOT the solution.

Have fun setting up your own email server, just don't expect to solve the phishing problem with it.
 
astyle said:
And even if alternatives to exist, it's a lot of work to set them up to be on par with Google.
Click to expand...
I submit that here, you need to be clearer about what precisely you mean by "be on par with google". I submit that quite possibly what is needed is instead an information campaign: people need to be educated about these things, learn what is "reasonably easy" to implement, and what is really quite hard. If it can be made clear to people where the sweet-spot is of "this is both reasonably easy to setup, is safe and reliable, and also usable/doesn't look like total crap", then people will be fine with it. You need something that is easy enough to maintain that you don't get the situation of that overwhelmed german dude, but that is reliable enough and easy enough to use, once it is explained in under, say, 30 minutes, that you get people, as a community, to agree to switch over. Community really is a powerful thing. Especially in this day-and-age of "uncertainty", people will be sticking together more. Convince them that you can provide safety and security, and they'll be grateful. Obviously the people you -really- have to convince are the people that they know and trust.

In other words, in jumping to the bsd's, I'm deliberately signing up to change the way I use my computer. To take charge of it. Or more charge of it. To change my whole mind-set. You would be asking people to take that same kind of attitude, and people like me would be "doing the selling", and much of the educating.
 
Phishfry said:
Don't you think having your emails scanned to sell to advertisers and anybody that pays is a security risk?
Click to expand...

It's more insulting than anything else.

Another perspective here is that the -real- problem is people coming to terms with what has already been mentioned, that if you aren't paying for the product, you -are- the product. I think a lot of people, when they started using something like gmail (..I certainly didn't..), didn't reflect on what they were -really- doing. For a very long time, I think I operated with the blissful fantasy that my communications were private. It's only relatively recently that I've really started reflecting on the "no free lunch" saying, and become revolted at the idea of having .. whoever, watching over my shoulder as I wrote. Also, possibly, "google" seemed friendlier back then. It was smaller, "harmless".

The idea of paying for privacy in communications, the way you pay for electricity and everything else, no longer seems so crazy.

In large part it's insulting because in retrospect it's embarassing that we fell for their strategy so easilly.
 
mikethe1wheelnut said:
I submit that here, you need to be clearer about what precisely you mean by "be on par with google". I submit that quite possibly what is needed is instead an information campaign: people need to be educated about these things, learn what is "reasonably easy" to implement, and what is really quite hard. If it can be made clear to people where the sweet-spot is of "this is both reasonably easy to setup, is safe and reliable, and also usable/doesn't look like total crap", then people will be fine with it. You need something that is easy enough to maintain that you don't get the situation of that overwhelmed german dude, but that is reliable enough and easy enough to use, once it is explained in under, say, 30 minutes, that you get people, as a community, to agree to switch over.
Click to expand...
Not realistic to pull off. I've been down that road myself, so I'd know. If you only can get a FreeBSD installation running, it takes a couple months of research and planning just to get something off the ground if you want to merely start an email service. Learning how to fine-tune the filters and firewalls - it's another couple months of working pretty hard and feeling stressed by constant harassment by people who will scan your ports from outside.

And even then, Google has a lot of people who are far better versed in sendmail than you. Those people are professionals, they can tune a system for security far better than a random someone who doesn't even understand how phishing technically works and what solutions are appropriate for a given problem and why.
 
The ‹keygen› tag is “new in HTML5” — still states The WWW Consortium:

keygen.png
 
hruodr drhowarddrfine vienuolis vis. keygen: ..I'm not sure how many eye-rolls this is going to cause, but people like me are still interested in "the right way of doing things" even a topic seems to have been debated, discussed, and closed a long time ago. We currently live in a world that is full of examples of how "the thing that won" is actually no good at all, so going back and re-evaluating things that got chucked out is -not- off the table. :) Of course, "being interested in" does not mean I'll be able to absorb it all over-night, obviously.
 
vienuolis Note the date of wherever you got that--2009.

mikethe1wheelnut I linked to the official HTML standard written by Google, Microsoft, Mozilla, Apple and others. It's also published by the W3C. One should consider them authoritative sources and none of the current sources list the keygen element.

Therefore, I doubt that the element even works at all but I guess, now, I have to try it.

EDIT: Not going to try it. Requires a form and I don't see any examples of usage so not going to bother.
 
Do not be so quick to jump to conclusions, dear @drhowarddrfine. Each entry in the guide ends with a link to the most recent [Specification] on Whatwg.org — but these are still only the conclusions of the working group, not the final agreed and approved standard (“W3C recommendation”) — which are then published on W3.org.
 
astyle said:
... is not at fault - moronic users are.
Click to expand...
There are Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA).
Shouldn't they be improved to some kind of completely automated moron tests (MORONCAPTURE)?
For obvious reasons such tests might be disruptive to social media and commercial services.
 
drhowarddrfine said:
EDIT: Not going to try it. Requires a form and I don't see any examples of usage so not going to bother.
Click to expand...
<keygen> worked in firefox and opera. It does not work anymore in firefox, and in opera I cannot test.

I do not know if it once reached the status 'standard', but it is now deprecated.
 
POSIX.1 said:
There are Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA).
Shouldn't they be improved to some kind of completely automated moron tests (MORONCAPTURE)?
For obvious reasons such tests might be disruptive to social media and commercial services.
Click to expand...
CAPTCHAs do nothing for phishing. Well, let me correct myself - CAPTCHAs don't do a lot for phishing, it takes strategic placement of the captcha page within the login and authentication process to stop some of the damage. Well, a phisher can react by placing the redirect a bit earlier in the process, so the users/victims don't even get to the legitimate captcha page.

Phishing is about using impresonation and redirecting, and very well can include a CAPTCHA in their own process.

This is partly why setting up your own email server is not really a solution - do you think you have a good enough handle on sendmail.cf and authentication processes to not only set up something that works correctly, but to constantly play the game of musical chairs (using just the captcha page) while making sure the email service is still up? :rolleyes:
 
Phishfry said:
The question is can you trust them with your mail. I have nothing to hide but object to being sold.
Click to expand...
Emails are routed through multiple servers and some do keep copies without your knowledge. That's why never send personal information such as bank acct, social security or anything of value that someone can use. If you need to send encrypted message, use PDF with encryption plus password.
 
POSIX.1 said:
There are Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA).
Shouldn't they be improved to some kind of completely automated moron tests (MORONCAPTURE)?
For obvious reasons such tests might be disruptive to social media and commercial services.
Click to expand...
"..and this, ladies and gentlemen, boys and girls, is how you make lots and lots and lots of friends.." 🙃 🤣
 
You must log in or register to reply here.
Back
Top