This allows law enforcement to silently direct specific user's mails to them. This requires a ruling and the provider will be aware of it. Still, I think a company like this should mention this in a full disclosure spirit as it can render their promise "No disclosure: Your data remains with us. We never pass on any data to third parties without authorization." void.
---
I do not understand the Legal Certainty paragraph.
"According to TKG Section 113 (German Telecommunications Law), the public prosecutor and the police can access the user data held by telecommunications providers such as ourselves relatively easily. A simple information request suffices; no court order is needed. According to TKG Section 113, a telecommunications provider has no legal recourse against such a request; it must comply. It should also be noted that according to TKG Section 113 (II), the provider is required to treat such a request confidentially, and that the affected customer must not be informed about the request."
A SINA Box is nothing else then a kind of VPN Gateway. A SINA Box does NOT provide direct access to a user's mailstore or something else. The still have to get in contact with the ISP to set the interception up and running. There's is no "silent access" just because of having a SINA box.
Anyway: mailbox.org does NOT have a SINA box installed.
This is the German implementation of the European Data Retention Directive [1]. The legal landscape across the EU is bound to be similar. The gist of the directive, regarding email is: providers must retain sender, recipient, date and IP address information for a period (6 to 24 months, depending on the country). This data may be requested by a court order, and only by court order.
The directive says nothing about the secrecy of the request, so this is up to the specific implementation in member states. In Germany it is secret, in Portugal it is public except for complex cases in investigative phase (a specific, well defined situation meant to deal with large organized crime). I don't know about other countries, but since our laws are usually modeled on the French version, I'd wager France is similar to Portugal (actually, it's the other way around)
This is another lavabit. They receive e-mails in clear text and then they encrypt it. This is not secure at all.
It would be ok if it they were clear about it, but it's exactly the opposite "[...]This means that no one can read your e-mails except yourself – no password thieves, no governmental or law enforcement agencies, not even us here at mailbox.org."
and our doodle film explains the benefit and risk.
Using the feature does not forbit to set up a "real" PGP end-to-end-encryption. Users should do that and our job is to help them -- step by step. And we're explaining that to them.
Our encrypted INBOX is useful in case an e-mail hasn't been sent encrypted, because there ARE many senders (like companies or unexperienced users) that do NOT encrypt their e-mail. That's how it is, so we have to deal with that. It's a kind of "add on".
Right today round about 10% of our inboxes are completly encrypted. That's great, but we'll still have to raise that level. An: > 10% of our users are familiar with encryption in their daily e-mail-usage. -And they will explain that to friends, business contacts and family. The usage and knowledge of encryption has to grow -- and having an encrypted INBOX is one (!) step to it.
In fact you can't use gpg in mailbox.org when you send an email. Gpg is only used to encrypt your mailbox (it encrypts the emails you receive) which is kind of weird. You can of course use GPG in command line or with an external program.
So I clicked the page to check if I can a) use my own domain. b) upload my public key and decrypt the mailbox locally to serve IMAP from localhost.
Then I read this
We're not native english speakers and we just got everything back from our translation office. We're still proofreading our website and the translations.
"marketing speech" is not our way of talking and if the translation office did a bad job there, we'll correct that. But there wasn't enough time to read and correct everything.
We just started last week with our englisch website, please give us some days.
aw3c2|11 years ago
This allows law enforcement to silently direct specific user's mails to them. This requires a ruling and the provider will be aware of it. Still, I think a company like this should mention this in a full disclosure spirit as it can render their promise "No disclosure: Your data remains with us. We never pass on any data to third parties without authorization." void.
--- I do not understand the Legal Certainty paragraph.
cavac|11 years ago
"According to TKG Section 113 (German Telecommunications Law), the public prosecutor and the police can access the user data held by telecommunications providers such as ourselves relatively easily. A simple information request suffices; no court order is needed. According to TKG Section 113, a telecommunications provider has no legal recourse against such a request; it must comply. It should also be noted that according to TKG Section 113 (II), the provider is required to treat such a request confidentially, and that the affected customer must not be informed about the request."
https://mailbox.org/en/data-protection/
pheinlein|11 years ago
Anyway: mailbox.org does NOT have a SINA box installed.
Peer (founder of mailbox.org)
sergiosgc|11 years ago
The directive says nothing about the secrecy of the request, so this is up to the specific implementation in member states. In Germany it is secret, in Portugal it is public except for complex cases in investigative phase (a specific, well defined situation meant to deal with large organized crime). I don't know about other countries, but since our laws are usually modeled on the French version, I'd wager France is similar to Portugal (actually, it's the other way around)
[1]http://en.m.wikipedia.org/wiki/Data_Retention_Directive
ronaldx|11 years ago
My interpretation is: Spam is deleted in order to give you plausible deniability that you haven't received and read it.
i.e. There is no spam folder.
But, this seems like it would normally be a bug rather than a feature.
ushi|11 years ago
https://www.bundesnetzagentur.de/cln_1432/DE/Sachgebiete/Tel...
stfu|11 years ago
riquito|11 years ago
It would be ok if it they were clear about it, but it's exactly the opposite "[...]This means that no one can read your e-mails except yourself – no password thieves, no governmental or law enforcement agencies, not even us here at mailbox.org."
pheinlein|11 years ago
https://mailbox.org/en/doodle-video-explains-fully-encrypted...
and our doodle film explains the benefit and risk.
Using the feature does not forbit to set up a "real" PGP end-to-end-encryption. Users should do that and our job is to help them -- step by step. And we're explaining that to them.
Our encrypted INBOX is useful in case an e-mail hasn't been sent encrypted, because there ARE many senders (like companies or unexperienced users) that do NOT encrypt their e-mail. That's how it is, so we have to deal with that. It's a kind of "add on".
Right today round about 10% of our inboxes are completly encrypted. That's great, but we'll still have to raise that level. An: > 10% of our users are familiar with encryption in their daily e-mail-usage. -And they will explain that to friends, business contacts and family. The usage and knowledge of encryption has to grow -- and having an encrypted INBOX is one (!) step to it.
Peer (mailbox.org)
gregmorton|11 years ago
rakoo|11 years ago
lawl|11 years ago
> Our grasp on technology is flawless
And they completely lost me.
pheinlein|11 years ago
"marketing speech" is not our way of talking and if the translation office did a bad job there, we'll correct that. But there wasn't enough time to read and correct everything.
We just started last week with our englisch website, please give us some days.
Peer (mailbox.org)
kome|11 years ago
Comedy gold. Classic German smugness (?).
dewey|11 years ago
And in case you are wondering if they are offering these services for your own domain? - Not yet. [0]
[0] https://mailbox.org/en/can-i-use-e-mail-addresses-from-my-ow...
dfc|11 years ago
unknown|11 years ago
[deleted]
adam74|11 years ago
understand?