Trusting DTS
Submitted by Bach on 2002-08-2 10:09:46, Friday
In reply to Re: A registered spammer?? ;-) submitted by drew on 2002-08-1 21:58:02, Thursday
|
Hi Drew, Do I trust DTS? Yup. As Fleetwood pointed out I am one of the DTS principals... which explains why I registered the nick. :) Sorry about the confusion yesterday, we're new at the marketing thing, and it wasn't too graceful. What does it mean to be secure? I guess there are 2 kinds of security: security by obscuring reality (not knowing what's really going on) and security through transparency (knowing that nothing is going on). DTS-Mail is secure because it is running on the open source model of transparency - source code publicly available, methods of encryption that are peer-reviewed. The server running DTS-Mail is using OpenBSD, which is considered the most secure operating system around, along with the Postfix mail server and OpenWebMail web interface. We are open about our strengths and weaknesses... other email services (which write their own encryption code, etc) tend to be secretive about the nature of their software. DTS-Mail is not meant to be a cover for illegal activity. We aim to provide BLs with a safe, reliable and secure operating environment. This means that we expect our users to comply with all applicable laws. We do not monitor the content on the service, and we believe strongly in the users right to privacy. All transmissions are the responsibility of the user. DTS-Mail cannot impede a criminal investigation and must comply with court orders. It is our hope that being upfront about this reality is one way of making our service more secure. So why a BL specific service? I think that there are certain advantages to knowing who is behind your email service. When you are with a large, free, online service you rely on being "one of millions" to protect you. This method is the "security through obscurity" model I refered to earlier. Our "transparency" model gives you information to know what exactly is secure, where the holes are, and the possible workaround. You know that DTS-Mail cares about your privacy and security as much as you do. Nuts and Bolts 300 has already posted a link to our Security FAQ, but let me highlight a few issues that many email users don't realize. When you send an email, it sits on every server from your local computer, to your destination computer (computer of the person who's getting your email), in clear text - which means that if you send it through an unencrypted channel, anyone who looks at any of the computers (and there are a goodly number of hops between you and your destination, think of one hop per major city between here and there) could read every word. DTS-Mail provides two main ways of ensuring that your messages are encrypted between your local computer and our mail server. We cannot control the email once it leaves our server to be relayed across the Internet. The first is with an https login. When you use our web interface, the information on the web page is encrypted by your browser before it is sent to our mail server, and the contents on the mail server are sent to your browser encrypted, and the web browser decrypts this information for you to see. The points inbetween - for instance, your ISP - cannot read the contents of this material. The second means of encryption is meant to be used with an email client - Outlook, Eudora, Pegasus - and allows you to send and recieve your email through an encrypted tunnel between your local computer and our email server. Again, this prevents snooping by someone along the route. And, again, this doesn't protect you once the sent mail leaves our mail server to go off somewhere else on the Internet. This limitation - email is not secure once it leaves the DTS-Mail network - is why you should use PGP encryption to keep the contents of your email private. Users are responsible for their own levels of privacy and security. The tools are available, but they do take some effort to use. The headers of email transmitted using DTS-Mail do not contain the originating IP address of the DTS-Mail user, rather the IP address of the DTS-Mail server is substituted. DTS-Mail knows that BLs appreciate their privacy! Users can register for the service without revealing any identifying information. Payment may be made in cash through snail mail. You have access to a high quality email service without compromising your anonimity. Why a paid service? When I tell my friends that I started a fee-based email service, they sometimes scratch their heads and wonder why they would ever switch from Hotmail or Ziplip... well, my mother always said, "you get what you pay for". And these days the service at free providers is sagging. Hotmail and Yahoo now want you to pay for extra storage and forwarding services... DTS-Mail is very straightforward about what you get for your money - full service email, a good user interface, the potential for secure, encrypted communications. As a bonus you get personalized service and attention to detail. All this by trusted and well known boylovers who know what it is to be paranoid in this crazy world we live in. I think this is worth $25 a year... but then, I'm biased. :) Peace of Christ, Bach |
Follow ups: