
Mailbox.org gpg encrypted €1,- email solution now in english. - Ihmahr
https://mailbox.org/en/
======
aw3c2
FYI, in Germany if you provide more than 10000 mailboxes you have to add a
SINA box to your network. [https://de.wikipedia.org/wiki/Sichere_Inter-
Netzwerk_Archite...](https://de.wikipedia.org/wiki/Sichere_Inter-
Netzwerk_Architektur)

This allows law enforcement to silently direct specific user's mails to them.
This requires a ruling and the provider will be aware of it. Still, I think a
company like this should mention this in a full disclosure spirit as it can
render their promise "No disclosure: Your data remains with us. We never pass
on any data to third parties without authorization." void.

\--- I do not understand the Legal Certainty paragraph.

~~~
cavac
Data Privacy Statement from mailbox.org:

"According to TKG Section 113 (German Telecommunications Law), the public
prosecutor and the police can access the user data held by telecommunications
providers such as ourselves relatively easily. A simple information request
suffices; no court order is needed. According to TKG Section 113, a
telecommunications provider has no legal recourse against such a request; it
must comply. It should also be noted that according to TKG Section 113 (II),
the provider is required to treat such a request confidentially, and that the
affected customer must not be informed about the request."

[https://mailbox.org/en/data-protection/](https://mailbox.org/en/data-
protection/)

~~~
ushi
You should have included the next paragraph. They make a difference between
user data and the users emails:

"Access to the log data of mail and web servers and to the e-mails contained
in a mailbox, on the other hand, requires a search and seizure warrant signed
by a judge, unless the investigative authorities can claim exigent
circumstances. Telecommunications providers again have no legal recourse
against search warrants; seizure of the log data cannot be denied."

------
riquito
This is another lavabit. They receive e-mails in clear text and then they
encrypt it. This is not secure at all.

It would be ok if it they were clear about it, but it's exactly the opposite
"[...]This means that no one can read your e-mails except yourself – no
password thieves, no governmental or law enforcement agencies, not even us
here at mailbox.org."

~~~
pheinlein
We ARE clear about that. It's explained on

[https://mailbox.org/en/doodle-video-explains-fully-
encrypted...](https://mailbox.org/en/doodle-video-explains-fully-encrypted-
mailbox/)

and our doodle film explains the benefit and risk.

Using the feature does not forbit to set up a "real" PGP end-to-end-
encryption. Users should do that and our job is to help them -- step by step.
And we're explaining that to them.

Our encrypted INBOX is useful in case an e-mail hasn't been sent encrypted,
because there ARE many senders (like companies or unexperienced users) that do
NOT encrypt their e-mail. That's how it is, so we have to deal with that. It's
a kind of "add on".

Right today round about 10% of our inboxes are completly encrypted. That's
great, but we'll still have to raise that level. An: > 10% of our users are
familiar with encryption in their daily e-mail-usage. -And they will explain
that to friends, business contacts and family. The usage and knowledge of
encryption has to grow -- and having an encrypted INBOX is one (!) step to it.

Peer (mailbox.org)

------
gregmorton
In fact you can't use gpg in mailbox.org when you send an email. Gpg is only
used to encrypt your mailbox (it encrypts the emails you receive) which is
kind of weird. You can of course use GPG in command line or with an external
program.

~~~
rakoo
... and useless, because they've had access to the mail in plaintext.

~~~
pheinlein
Yes, we HAD access to the plaintext e-mail. And we explain that and warn about
that.

But after encrypting the e-mail, nobody will have access to that e-mail any
more: Even hackers, phishers or the government. Many people are storing their
e-mails for years in their INBOX. Great to protect those e-mails over the
time.

But, anyway: The best way is always to use real end-to-end-encryption. In that
case, you don't have to trust us any more. We're happy to help to set this up.

------
lawl
So I clicked the page to check if I can a) use my own domain. b) upload my
public key and decrypt the mailbox locally to serve IMAP from localhost. Then
I read this

> _Our grasp on technology is flawless_

And they completely lost me.

~~~
pheinlein
We're not native english speakers and we just got everything back from our
translation office. We're still proofreading our website and the translations.

"marketing speech" is not our way of talking and if the translation office did
a bad job there, we'll correct that. But there wasn't enough time to read and
correct everything.

We just started last week with our englisch website, please give us some days.

Peer (mailbox.org)

------
dewey
That's a great landing page, lots of information and not stuffed with
marketing fluff.

And in case you are wondering if they are offering these services for your own
domain? - Not yet. [0]

[0] [https://mailbox.org/en/can-i-use-e-mail-addresses-from-my-
ow...](https://mailbox.org/en/can-i-use-e-mail-addresses-from-my-own-domain-
with-mailbox-org/)

~~~
dfc
They claim "Our grasp on technology is flawless". How much hubris does it take
to set off your marketing fluff alarm?

------
adam74
"The domain name, me@mailbox.org, is easy to remember and can be understand
anywhere in the world. "

understand?

