<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>hello All<div><br></div><div>The problem as I see it with using POP3 and stuff like this is that it will clutter up your hard drive. I recall whilst I was an Outlook user, my PST file was approaching its max file size limit. Also there were limits on the size of the mailbox at the server side. When using Earthlink I had to delete a bunch of files on the server simply cuz I was running out of space.</div><div><br></div><div>These drove me in part to move to webmail. Plus if you download via POP your emails to your email client, such as Outlook or Thunderbird, the messages will disappear from the server, thus inaccessible via webmail. The downloaded emails will only be visible on the device you downloaded it to, most likely a PC. So you want to see those messages from another laptop, a tablet or smartphone - you're out of luck. You'll have to dig up those downloaded messages on the very device you downloaded them to. </div><div><br></div><div>Making things worse, if you start downloading messages to your tablet or worse yet your smartphone, you'll max out its storage capacity lickety split like if you use K-9 or another email client. on my Asus phablet I'm already facing space issues and I'm not even downloading emails.</div><div><br></div><div>So for practical terms looks like open source PGP plugins may be our only solution for now unless someone builds a secure webmail system from the ground up that has no opt out for encryption. The trick there for its widespread adoption is that is must be easy to use.</div><div><br></div><div>Thoughts anyone?</div><div><br></div><div>Joe</div><div><span style="font-size: 12pt;"><br></span></div><div><span style="font-size: 12pt;">Crypto-chi] Follow up on March 14 crypto meeting at PS1</span><div>> <br>> -----BEGIN PGP SIGNED MESSAGE-----<br>> Hash: SHA512<br>> <br>> "Whilst usingplug ins like enigmail for Thunderbird is great and<br>> everything , we need to be cognizant touhhat quite often we are using<br>> webmail of one sort or another."<br>> <br>> Most, if not all web-mail providers give you mailbox access via<br>> POP3, or IMAP protocols which you can use with Thunderbird keeping the<br>> content both plaintext and encrypted on your local system which is more<br>> secure then browser based applications.<br>> <br>> "Especially for those of on our mobile devices."<br>> <br>> On Android, there is K-9 Mail and OpenKeyChain-- both work<br>> quite well, but as I said in my talk mobile platforms are severely<br>> broken in many ways. I would not store my private keys on a mobile phone<br>> ever. Mobile devices are very easy to loose too.<br>> <br>> "Fortunately there are various bowser extensions that facilitate this.<br>> For gpg we can count on the following..."<br>> <br>> Counting on software that has not passed community audits by security<br>> professionals or professional cryptographers is dangerous and should<br>> be avoided for sensitive use.<br>> <br>> "Google has yet to release its own Chrome plug in"<br>> <br>> I'm looking forward to this project, however I do wonder what Google<br>> will do to continue scanning your email to serve you ads based on the<br>> content so they can make money.<br>> <br>> "It's alpha not yet ready for prime time.."<br>> <br>> Don't trust early stage software especially new crypto to sensitive<br>> needs, it may harm you.<br>> <br>> "..don't know wot's taking them so long."<br>> <br>> Strong cryptography, and good code is not a rush job as any oversight<br>> can possibly compromise the security of the project in turn your safety.<br>> <br>> "Even Windows has support for GPG through VisualGPF."<br>> <br>> "..Windows app that does key management stuff like sign, decrypt<br>> and key maintenance. It's GUI based so you don't have to use the CLI to<br>> perform these tasks."<br>> <br>> GPG4Win has a nice interface and support for Windows.<br>> <br>> http://www.gpg4win.org/<br>> <br>> "...even MS Outlook has its own GnuPG plugin. Though there are some<br>> grumblings about Outlook being closed source, I think this can overcome<br>> that objection."<br>> <br>> Just using a plug-in that is open source does not make the client less<br>> susceptible to compromise. This plug-in is also not written by Microsoft.<br>> <br>> ".. let's not forget our smartphones. Chatsecure, Textsecure, Redphone.."<br>> <br>> Yes, you should use all of these! They use strong crypto and have been<br>> audited by professionals. 10/10!<br>> <br>> <br>> <br>> All the best,<br>> <br>> - -Brian<br>> -----BEGIN PGP SIGNATURE-----<br>> <br>> iQIcBAEBCgAGBQJVH5qgAAoJEFjBjkteF9VaY7kP/jmh7EG+wLsLuf+uk+mvgpfT<br>> vbYP++JktbhrXKXrcgqNdgLvHFyaLkMlVQ8Gp84ixTWIrkYJ77wi414hV5k7E8cF<br>> NnznQ0En0Z3GEJ5FlajvQQ3PE7cPBBcB6hqb8toU+ZKsduIwLqNAN1LYuJ65UgiV<br>> 3SWTn8DO8ZImiJ6cFsT3qY15X0+lqendmczyclBnsGt2+nYe38vT9i1Ksgtjo49B<br>> aiwkmWJZlF8OFtXQw8oFCF9KlJPscR+TmceC/80h8sI4gpSqaOx9j5f4CKz843tj<br>> BRVZjnC8/+p2eN6MfxE7fGQLlNRR3Tmr8dr2bPNMOuNpAHNVqsXa5S9e2cKwMWgC<br>> fRt2spug/GVD5OGQAaQ+VIyxRA4SZlJDqG+03+/mK7AFLgf2qOfrAb/hB+ZwZZFF<br>> LX+HCqwZuvIZsaPZLIldmYDAp91aPhIpIXuv6jhrmEGkDhqbIj4TZIHUgygH34DS<br>> AJ2GYdAQd5HVNx0puAmbmuF532L7fC9W4PK53pYByZ5gaEAEliJVlS96BpcP58tD<br>> rmRfKJMI363S649Oekx14PjOwXZ5M4/4ousoqcaP6MLSvp+jBj9hcomxyfv79MLz<br>> B/zdzxoFvMdk7z6rK2LzY6XdCKviklo2tq6C88Nqp3ZhK3sqSbLGjL69NInZaihm<br>> qXMwkZLzsbnJhT3dxv46<br>> =VNmV<br>> -----END PGP SIGNATURE-----<br>> _______________________________________________<br>> cryptoparty-chi mailing list<br>> cryptoparty-chi@groups.sshchicago.org<br>> http://groups.sshchicago.org/listinfo/cryptoparty-chi<br></div></div> </div></body>
</html>