Insights For Success

Strategy, Innovation, Leadership and Security

Email

Navigating the World of Disposable Email: A Look at Temp-Mail.org

GeneralEdward Kiledjian

Explore the benefits and risks of Temp-Mail.org, a disposable email service that helps protect your privacy and manage spam while navigating the digital world.

Today, managing your online presence and maintaining privacy are important considerations for individuals and businesses. As a result, disposable email services have become increasingly popular in recent years. We will discuss the benefits, uses, and risks of Temp-Mail.org, a popular disposable email service.

Why Temp-Mail.org Exists

Temp-Mail.org provides users with a temporary, disposable email address. By using this service, users can protect their privacy and combat spam. By using a disposable email address, users can avoid disclosing their personal or work email addresses to potential spammers or hackers. Instead, they may use a temporary email address generated by Temp-Mail.org to subscribe to services, newsletters, or promotions without worrying about their primary email address being compromised.

Reasons to Use Temp-Mail.org

  1. Privacy protection: Protecting your privacy is one of the most significant advantages of using Temp-Mail.org. Data breaches and identity theft are on the rise, so minimizing the exposure of your personal information is imperative. By providing a separate email address from your primary address, Temp-Mail.org allows you to accomplish this.

  2. Avoiding spam: Signing up for various online services is often associated with increased spam emails. Temp-Mail.org allows you to use a disposable email address to prevent this problem so your primary inbox remains clean and organized.

  3. Trial accounts and promotions: Trial accounts and promotions: Many services offer free trials or promotions that require an email address for registration. With Temp-Mail.org, you can take advantage of these offers without worrying about your primary email address being inundated with unwanted messages.

Risks and Cons of Using Temp-Mail.org

In addition to the numerous benefits of Temp-Mail.org, it is crucial to be aware of the potential risks and downsides associated with using disposable email addresses:

  1. Limited duration: Temp-Mail.org provides disposable email addresses intended to last for a limited period, typically between a few minutes and a few hours. As a result, if you need to access important emails later, you may lose access to that email address and any messages sent to it after that period.

  2. Not suitable for sensitive information: A disposable email service such as Temp-Mail.org should not be used when dealing with sensitive information, such as financial transactions or confidential business communications. As the service is temporary, it is less secure, and using it for such purposes may compromise your data's security.

  3. Potential inaccessibility: Inaccessibility: Some websites and services may block or restrict access to users with disposable email addresses. In certain circumstances, Temp-Mail.org may not be suitable for use.

Upgrading to Temp-Mail.org's Premium Plan

While the free version of Temp-Mail.org offers a great way to protect your privacy and manage spam, the service also provides a premium plan for users who require more features and flexibility. For $10 a month, Temp-Mail.org's premium plan offers the following additional benefits:

  1. Connect your custom domain: With the premium plan, you can connect your custom domain to create disposable email addresses with a more personalized touch.

  2. Dedicated premium domains: Premium users can access a selection of dedicated premium domains that may be less likely to be blocked by websites and services.

  3. Up to 10 addresses at the same time: The premium plan allows you to use up to 10 disposable email addresses simultaneously, providing more flexibility in managing your online presence.

  4. 100% private address with full ownership: Premium users enjoy complete ownership and privacy over their disposable email addresses, ensuring enhanced security.

  5. Extended 100MB storage for email messages: The premium plan offers a larger storage capacity of 100MB for email messages, allowing you to store more important emails for longer.

  6. Seamless functionality inside web browsers: The premium plan provides a smooth, user-friendly experience within your web browser, making it easy to manage your disposable email addresses.

  7. Enhanced privacy and security: By opting for the premium plan, you can benefit from improved privacy and security features to protect your online identity.

  8. No ads and premium support: The premium plan offers an ad-free experience and premium customer support for any issues or concerns you might have.

Conclusion

The Temp-Mail.org website is a valuable tool for preventing spam and protecting privacy. Disposable email addresses offer anonymity and security that can be beneficial in various situations. However, users should be aware of the risks and limitations of using disposable email addresses and exercise caution when deciding where and when to utilize them. Nevertheless, temp-Mail.org can be an effective tool in your arsenal of online privacy tools if you use it responsibly and for its intended purposes.


We want to clarify that this blog post is an independent review of Temp-Mail.org and is not sponsored or affiliated with the service. No compensation was received for this review, and none of the links provided in this post are affiliate links. To assist readers in making an informed decision regarding whether to use Temp-Mail.org, we aim to provide an unbiased, informative overview of the service, its features, and its risks.


Keywords: #TempMail #DisposableEmail #OnlinePrivacy #SpamProtection #DigitalSecurity #TempMailReview #PrivacyTools #EmailSecurity #InternetPrivacy #AnonymousEmail #TemporaryEmail #PrivacyMatters #DataProtection #AvoidSpam #EmailTips

Send large file via the internet securely and for free

Edward Kiledjian

I wrote about the original test version of the free Mozilla Firefox Send service in July 2018.

Mozilla Firefox Send is a free service open to any user, accessible with any browser, that allows you to securely send a large (up to 2.5GB) file to another internet user. The process is very simple, you upload a file, they provide a unique link that you share with the intended recipient.

The file can be expired after one to one hundred downloads or 1 to 7 days.

You can also protect the file with a download password

There are other services but most charge for add on features like download password protection or expiry configuration. Firefox Send is completely free and comes from the fine folks over at Mozilla that we trust.

Review of encrypted email provider Protonmail

GeneralEdward Kiledjian

Why would anyone use Protonmail instead of Gmail or Hotmail? SECURITY

Email is inherently insecure and if you are a political dissident whose online communications can mean the difference between living and dying, don't use email. For everyone else looking for an easy and secure email solution, keep reading about Protonmail.

Everyone needs to understand that SMTP was not designed to be secure and will always have security weaknesses.

We use email because we don't have a choice and everyone agrees it won't be displaced tomorrow.

The other major issue faced by secre service providers is ease of use. PGP is a good example of strong unbreakable email encryption that never became mainstream because it was simply too complicated for the mortal man. 

Absolute security is unpractical and will never gain widespread adoption so good security should be the goal for most services.

There is always a tradeoff between usability and security, The difficulty is finding the right balance.

So what does Protonmail offer?

The bright scientists behind Protonmail understand fine balance they must find between usability and security. Make the product too secure and no one will use it (aka bankruptcy) or make it extremely user friendly but not secure (become a me too email provider). 

They have chosen to implement good enough security which makes encryption generally accessible to the masses while protecting against unauthorized government seizure or mass surveillance.

What are the weaknesses of Protonmail?

Read my blog post about the Vault7 leaks (here) and you will realize that when government is stifled  by strong encryption (Whatsapp, Signal, etc), they compromise the endpoint and extract the information pre/post-encryption. 

Protonmail does not protect you if your endpoint is compromised. It would be unreasonable to assume any secure online service could protect you from this type of attack. if you want maximum endpoint security, learn about real security protocols and use a secure operating system like Qubes OS.

Nation state level man in the middle attack. Protonmail implements all of the controls to prevent a common man in the middle type of attack but a nation state actor with the ability to redirect your web traffic and generate real "fake" TLS certificates could theoretically intercept your traffic, ask you for your username/password then use those to access your account and decryption keys. Let's be clear that your garden variety hackers (even those that are extremely skilled) won't be able to pull this off. This would require skills, money and huge technical capabilities to reroute internet traffic and generate encryption certificates.

Intelligence break in. With all the talk about government backdoors, the third major weakness of Protonmail (and all other secure services products you did not write) is the fear that a nation-state actor would somehow infiltrate Protonmail and then implement "special" code that sends bad encryption code to the users thus allowing the threat actor to access unempted versions of the messages. Protonmail has stated that they have multiple controls in place to protect against this type of attack. They scan servers for unauthorized code changes.

Some nice features of Protonmail

Protonmail is a Swiss company based in Switzerland. Any government request for information would have to be done there using Swiss law, which is very protective of private information (USA cannot issue a National Security Letter to force the company to turn over information and hide the request from the user).

In the rare situation that a government were to spend the money and convince the Swiss court to compel Protonmail to turn over user information... Protonmail uses "Zero Access Cryptography" which means they do not hold the encryption keys and therefore can only turn over encrypted information. 

Protonmail supports (and you should use) 2-factor account authentication. This means that in addition to something you know (your username and password), you need something you have (a time based authentication code generated by an authentication app Google Authenticator or Authy.)

If you want to send something more secure than normal email to a non-Protonmail user, you can create a Protonmail hosted message that requires a password to open (obviously don't send the password using email) and can even have a fixed expiry date. 

Creating a password for the secure "hosted" email

Setting an expiry time for the message

Protonmail stores user based encrypted authentication logs. This means you can see when your account was logged into and from which IP address. You can turn this off it you don't want this captured. Protonmail does not capture or log your IP anywhere else.

 

The ProtonMail service has internal authentication logs. When I say internal, I mean that these details are available only to the account owner, and are recorded and encrypted with all the other data inside the account. As I mentioned earlier, Proton Technologies AG doesn’t log IP addresses, but this information can be logged inside your web client session. If you don’t need them, just wipe the logs and switch to basic mode which doesn’t record info on the IP addresses you logged in from.

Basic stores login dates / times only. Advanced also stores the IP Address from where you logged in. The choice is yours. You can always download this information or secure erase it.

No user profiling. When you use a free service, the provider is conducting deep analysis and creating a deep analysis about you. Protonmail doesn't do this since everything is encrypted.

They encrypt all non Protonmail emails received immediately upon ingestion. 

Emails that come from third party email providers obviously cannot be delivered with end-to-end encryption, but upon reaching our mail servers, we will encrypt them with the recipient’s public key before saving the messages. All this is done in memory so that by the time anything is permanently stored to disk, the email is already unreadable to us.

This is good for security but limits what they can do for SPAM control. In a blog post, they explain what they do to help fight SPAM:

  1. They check the IP address of the incoming SMTP server against known blacklists
  2. They pass all messages through their own Bayesian filter marking suspicious emails as SPAM
  3. They generate a checksum for each email message and verify this checksum against known SPAM messages
  4. They verify the authenticity of the email using standard protocols (SPF, DKIM and DMARC)

Sending secure emails to non Protonmail users

I alluded to this earlier but wanted to restate it here in it's own section since I would otherwise receive a dozen emails asking this question. 

Can secure emails be sent from Protonmail to non-Protonmail uers (Gmail, Hotmail, Outlook, etc)?

When sending emails to non-Protonmail users, you can:

  1. Send an un-encrypted standard email. This is what every other email provider does.
  2. You can use the lock icon in the compose window which asks for a password (See screenshot earlier in this post). In the case this is set, the recipient will receive a message with a link to a Protonmail web interface and he/she can use to  enter the provided message password and see the email. 

Notification non-Protonmail user receives

Password requested by non-Protonmail user.

Free versus paid

Protonmail offers a free basic tier and I recommend everyone start with this level. If it meets your needs, you should consider upgrading to a paid tier which offers custom domains and more storage. 

Conclusion

I love Protonmail and am moving my private (not public) email address there. I like the security it provides and the open philosophy they espouse. I say use them if you want something more secure and private.

You may also want to read my article about SpiderOak. SpiderOak is a Google Drive, Microsoft OneDrive or Dropbox alternative with strong trust no one encryption.

Google allows you to receive 50MB email attachments

GeneralEdward Kiledjian

I've been a Google GMAIL user from the start and get excited when Google releases new features. The sultan of search has increased the inbound attachment limit to 50MB (from 25MB). Outbound attachment size is still capped at 25MB.

Sending and receiving attachments is an important part of email exchanges. While Google Drive offers a convenient way to share files of any size, sometimes you need to receive large files as direct email attachments. So starting today, you will be able to receive emails of up to 50MB directly.

This change is rolling out to users and should hit everyone in the next week.

Google announcement here.

Google wants easy end-to-end email encryption in Chrome

technologyEdward Kiledjian
2291896028_d47d5595d6_o.jpg

Sending an email is akin to mailing a postcard. Everything written in it can easily be read, copied or analyzed by any one of the email transfer points. It is this simple fact that motivates security advocates to push for email encryption. The main obstacle to mass adoption of email encryption is the complexity. It requires installation and configuration of special software. It requires the purchase or generation of you private/public keys. 

Google wants to change all of that and has released an alpha Chrome plug-in called End-to-End (link). End-to-End will provide an additional layer of security over and above what your existing email prover already makes available.  The plug-in means all of the complexities of encryption are hidden from the user which should help at-risk but less technically savvy users happy (journalists, human rights workers, whistleblowers, etc).

Google is clear that this is currently an alpha release for technically proficient users only and is not meant for general use yet. They want the community to review the open source plug-in and provide security recommendations to strengthen and improve the tool. 

I haven't reviewed the tool just yet but am really happy google is taking the first step in making email more secure and accessible. Once this plug-in is ready for general consumption, I'll let you know.