Ghostmail Snakeoil? #18
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#18
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Ghostmail makes Confusing claims like "the safest place on the Internet", "Once it’s deleted it’s gone forever." (although there is no forward security!), "Data is encrypted at all times."
There is no way to verify these claims as the service is based on proprietary, hardly documented encryption.EDIT: I was wrong, Ghostmail is actually open source and there has been a security audit. I am Sorry.
From their FAQ:
By disallowing SMTP (isn't that a requirement to be listed anyway?), Ghostmail hinders its users from using the encryption software of their choice. Using a
shadywebapp instead of a real mail client provides absolutely no protection in case the device gets compromised. Quite the contrary, this model introduces new attack vectors because users have to rely on the integrity of the website anytime it loads in addition to that of their devices.Ghostmail accounts can only connect to other ghostmail accounts. Therefore, a ghostmail account cannot replace a real email account.
In short: Ghostmail only let's you send messages to other ghostmail users, it doesn't allow you to encrypt your messages with the software of your choice and the information on the website is misleading. Ghostmail shouldn't be listed as a Privacy-Conscious Email Provider.
Hello @krumelmonster,
First and foremost, thank you for your detail in writing this issue.
Unfortunately, GitHub is reserved for technical issues only. Issues like yours belong on the forum where the community can share their opinion on it.
From
README.md
:It would be very much appreciated if you could take a couple of minutes to re-post this same issue to r/privacytoolsio. If you need any help, let me know! Thanks.
I would very much appreciate it if someone else could move the issue to reddit and delete it afterwards.
Done: https://www.reddit.com/r/privacytoolsIO/comments/3rm0po/ghostmail_snakeoil/
It would still be good if you could make an account to engage with anyone who might want you to clarify.