Replace Gmail

Reading the Forbes article, it is an unfortunate case of a phishing attack, but no, it doesn't mean that gmail was hacked.
Phishfry said:
Is the public ready for digital certs?
Click to expand...
Already using them for all HTTPS sites anyway, including gmail.

Time to think about this stuff with a level head, people! And try to see holes in the explanation.

Exactly how does introduction of end-to-end encryption connect with a phishing attack? Especially that phishing attacks (see the Wikipedia link) don't require cracking of any encryption, even when link manipulation is involved!
The process by which this encryption service works involves a kind of protective bubble that surrounds the email in question. So, what’s the issue? Well, if you send such an encrypted email bubble to a Gmail user, then it gets automatically decrypted in their inbox, no problem there. If the recipient isn’t a Gmail user, however, they are presented with an invite to view the email within a restricted version of Gmail, using a Google Workspace guest account.


As Jérôme Segura, the senior director of threat intelligence at Malwarebytes, told Wired, “users might not yet be familiar with exactly what a legitimate invitation looks like, making them more susceptible to clicking on a fake one.”


We already know how AI-powered phishing attacks are blurring the lines between reality and risk, and you can be sure that scammers will be looking for the best way to create fake invitations within a convincing threat campaign to gain access to the potential victim’s email account credentials.
Click to expand...

Looking for alternative email services is not really a solution here - unless you subscribe to the idea of 'security by obscurity'. As Phishfry pointed out to me earlier in a profile post, it's about the 'Attack the herd' mentality in the attack.

Yeah, the real problem is that Google is so big and ubiquitous, most of us have no idea that alternatives even exist. And even if alternatives to exist, it's a lot of work to set them up to be on par with Google. So, it's actually easier to trust Google, right? And that's exactly what the phishing attack exploits - this blind trust in the face of absence of viable alternatives.

The most flabbergasting part is that even the users on these very Forums got suckered in and started spreading misinformed FUD, Stallman-style - I usually expect more level-headed analysis from this crowd.
 
To point out what astyle is talking about. The problem is not with GMail. The problem is with users being tricked into thinking a fake invitation is a real one.
As Jérôme Segura, the senior director of threat intelligence at Malwarebytes, told Wired, “users might not yet be familiar with exactly what a legitimate invitation looks like, making them more susceptible to clicking on a fake one.”

We already know how AI-powered phishing attacks are blurring the lines between reality and risk, and you can be sure that scammers will be looking for the best way to create fake invitations within a convincing threat campaign to gain access to the potential victim’s email account credentials.
Click to expand...
 
USerID said:
https://www.eclipso.de/
Free SMTP.
Click to expand...
Yeah, this is a Germany-based cloud provider that looks to be a Google alternative in some regards like email.

But if you pay attention, the problem was not email services getting hacked, the problem was phishing. Phishing does NOT involve hacking or cracking encryption, it's about gullible users. With a gullible user, exact email service doesn't matter.

Please re-read what I wrote earlier.
 
Posteo (paid email; German-based) has something where they don't need a Spam/junk folder by-default but enforce something where spam emails don't go through or can't be sent to your address.
 
Nothing is secure, run your own pop3/smtp server , I dont think that google will be hacked, but..everything is posible , until a digital war is created (Us,China,Rus) etc .. I stay ok with gmail
 
cracauer@ said:
How is Gmail a bigger security risk than other systems?

I roll my own mailserver and mainly use mutt.
Click to expand...
Agreed. How is gmail a bigger security risk than other providers? I.E. my wife uses our ISPs mail service. This precludes us from shopping around. That's a bigger risk than Gmail

I've been using my own mail server for 25 years. It's served me well. I use MH based MUAs on my FreeBSD system and dovecot for my Android's access.
 
As far as I can tell, to a first approximation everything (digital) is insecure, unless you do something like the following.

$ cat msg
We're pulling the heist on wednesday night. The tunnel is already dug, you just
have to knock through the wall and we're in. Fingers will take care of the
safe, and Wheels will have the car running outside. I want you and Lefty to go
through the wall and bring out the merchandise, starting at 11 PM. Don't forget
your stocking.

PS don't show this message to anyone!
- the Guvnor

$ cat msg | openssl enc -aes-256-cbc -a -salt -pbkdf2 -pass pass:guvnor
U2FsdGVkX19raEhs1v7J1BK5xQU5pm7T4YCTZVh4t+yV9Raqfbg/Nn2QfL8e51oe
ikuYz5lsq5CCjbPcvaKtTny8KTLAe0fYcXSsJy+8hkorU0vbe3O/nxzNYbAyJjiO
0LgP9hVkdhYAoMwOu2yKIhZRdycwxMUJ4l4riX8pI/7xm02GRSy2BNbhT4ffgMcz
B0SPTuc08Qw/nQGUdQxtjl2/BGqeRicDDH/ZNTh6lC/ydFIp1e2/a+0UL4tc540e
JLYoxW1fzjj1rmgk8lqGOfxIO7wv1oW/mDbSCVokauQDNJHOR+V05Y12LLnpD2v3
73RUY7eB/o9N2lfH2/g/H2x2WmINYFBW6FFz8iK1aXtqo77e/4kwP+zNolL+buKG
2bACNbDsRZ3PCmQJtTYv5+OP4wPSpfPs9C6+thQ3JdV4ixJbQxHOxr2agr9Ws+h2
LvITW9BO5Epy3LengK2RqYdq/0c4CVK1OQWmalAUz/DeRquXUvS9D7lOGShpTonh
wqGaGtX3rPausWg7XK8o0VCIp/N6BsG5LymIxlSZlA8=

... cut and paste ciphertext into email to send to Biff.

Of course any national security agency worth it's salt that sees this email pass by the backbone router backdoor wiretap will raise their suspicions and it will be sent to the auto decryption department....

Running your own mail server is a lot of work...
 
Just to summarize, if you're looking for an alternate email service, you're just barking up the wrong tree!

Did everybody go nuts in here? The description of the problem is incorrect, so the solution of looking at alternate email services is completely pointless! 😩
 
astyle said:
Did everybody go nuts in here? The description of the problem is incorrect, so the solution of looking at alternate email services is completely pointless!
Click to expand...
OK an ISP based email account should be relatively secure and a service like Proton and Fastmail should be somewhat secure. They have a reputation to uphold.

GoogleMail straight up tells you they are reading your mail.

Don't you think having your emails scanned to sell to advertisers and anybody that pays is a security risk?
 
Phishfry said:
Don't you think having your emails scanned to sell to advertisers and anybody that pays is a security risk?
Click to expand...
Privacy, yes. Calling it a security risk is a bit of a stretch, though. It's like trusting the biggest bank around with your money. Yeah, the biggest bank around employs some people who are frankly bad apples and really should not be trusted to handle business inside the bank. At what point does it stop being a minor annoyance and become actually a security risk? When you lose all your money?

Advertisers are annoying, but they are not gonna send somebody with an AK 47 to knock down your door and demand your life savings.
 
Phishfry said:
GoogleMail straight up tells you they are reading your mail.
Click to expand...
Using the word "reading" here is highly misleading. It's not like a human employee at Google can actually read your e-mail, except in highly restricted circumstances (perhaps as for debugging with your cooperation). Otherwise, e-mail contents are encrypted internally. The Gmail service can scan your e-mail for keywords that triggers ads. The result of those type of scans and other identity-related information is also highly protected internally, and not accessible except to the automated systems that use it. But "scanning for keywords for ads" really doesn't fit the meaning implied by the word "reading", such as understanding content.

Phishfry said:
Don't you think having your emails scanned to sell to advertisers and anybody that pays is a security risk?
Click to expand...
First, the part "anybody that pays" is false. Flat out false.

Second, claiming that showing ads is security relevant is quite ludicrous. When you buy the local newspaper, and the back side has a full-page ad for "A Sale at Penney's" (quote from the Airplane movie), how does the fact that Penney shows you and ad impact your security?

The level of paranoia and innuendo that are used by anti-tech-company luddites continues to amaze me.
 
You must log in or register to reply here.
Back
Top