i2pmail outdated and less secure

Proposals for I2P
Post Reply
anonymousmaybe
Posts: 35
Joined: 06 Oct 2018 17:06

i2pmail outdated and less secure

Post by anonymousmaybe »

I have already spoke to postman before almost one month and hes aware of some of these points that's im going to mention, but its better if i profile it here so we can keep an eye/track to the progress of it.

- http://hq.postman.i2p/ the documentations are outdated, some links doesn't work, the email itself needs more security e.g:

* Doesn't support uploading pgp (disabled by default), which against this rule listed here

* Instructions for pop3 and smtp are outdated , not working for Thunderbird

* Passwords has huge issues as it only accept -30 characters AND it doesn't accept Extended ASCII Password e.g:
only accepting: ";QJma+R3" but NOT "çæ±ã¡Í½¸À¿ç®¨¾" which making the passwords very common and insecure for brute-force attack

* Having a public addressbook for users email is very bad for users , as they gonna be harmed through Email Spambot.

*Emails encrypted by default in the server?

* Feature Request a: Add keys revocation, in case someone forgot his real password then he can only use these keys to restore his passwords. otherwise no way to help (better to read Zero-knowledge password proof)

* Feature Request b: add a Multi-factur authentication to the user account, whether by uploaded a saved hash, or as tokens ...etc. (many options)

* outdated documentation like: http://hq.postman.i2p/?page_id=23 which refers the user for susi.i2p which is gone since ages, in meta you find "Valid XHTML" which is a W3C page but its gone, The SMIGACY Proxy its 2005 instructions? ...etc.

* Suggestion 1: modernize the i2pmail user login with Mail-in-a-Box a good example of successful mail to take notes from is Riseup.

* Suggestion 2: have a logo of i2pmail, so we can refer to it if someone want to refer/mention it or list it in wiki ..etc.

These changes will allow the extending the life and usage of i2pmail in more secure modernized way. Hope to see them soon.

Thank You!
Last edited by anonymousmaybe on 24 Oct 2018 21:33, edited 1 time in total.
echelon
Posts: 261
Joined: 10 Feb 2018 13:36

Re: i2pmail outdated and less secure

Post by echelon »

Hi!

As the mail system is setup by postman, please send your ideas to postman to work on these topics.
I2Pmail by postman is not a official I2P service and not managed/setup/controlled by the I2P team.

echelon
User avatar
lgillis
Posts: 144
Joined: 20 Oct 2018 12:52

Re: i2pmail outdated and less secure

Post by lgillis »

echelon wrote: 19 Oct 2018 08:38 As the mail system is setup by postman, please send your ideas to postman to work on these topics.
I2Pmail by postman is not a official I2P service and not managed/setup/controlled by the I2P team.
In the absence of sufficient justification, which conclusively explains why the I2P development team is working for an external vendor, in addition to Echeon's apt remark, I request that Susimail be removed from the software package and that no further resources be inverted into the development. Susimail can be added as a plugin if Postman wishes and provides it.

In the alternative, I request the removal of smtp- and pop.postman.i2p to protect users.
Spring https://www.youtube.com/playlist?list=PLF-q-IGQQb1uK7fYuaQiRpcORDSmfsY2n
echelon
Posts: 261
Joined: 10 Feb 2018 13:36

Re: i2pmail outdated and less secure

Post by echelon »

It seems a complete misinformation about the openess of I2P is the base of this.
I2P is a software suite of different components made and developed by lots of people, not all being active all the time or at all now.
Some tools are nice to have, some vital for I2P, some absolute needed.
While anyone can provide services for I2P and help the community grow, the contribution to the distributed router package needs further reviews and dedication.
As the last 12 years of I2P was very unsteady and managed by several teams, not all had the same basic ruleset to work on and decided different as current people working on I2P.
I2P takes several private services and included them as default setup config into the I2P router package after those has prooved reliability, security, responsibility and long running visions. Especially on those services I2P cannot provide itself (namely all of them except for the official i2P website, forum, bug tracker and source repository) I2P does provide a set of tools to use those services as a benefit for the user.
The I2P team keeps on working to keep the provided tools in the router package secure and safe to use.

P.S.: anyone can send in patches to help in I2P router and associated tools & services development. But to keep it able to handle, one patch per issue, good documented

echelon
anonymousmaybe
Posts: 35
Joined: 06 Oct 2018 17:06

Re: i2pmail outdated and less secure

Post by anonymousmaybe »

its better to write a notifying sign saying for e.g:

"i2pmail anonymity/security is for testing purposes dont rely on it for heavy personal usage".

because i2pmail not really reliable to either of them.

i know i2pmail issues not here , BUT since its used and run by default inside I2P then its better to warn the new/old users about that.
echelon
Posts: 261
Joined: 10 Feb 2018 13:36

Re: i2pmail outdated and less secure

Post by echelon »

Hi

I2Pmail is relyable as the i2prouter is, and all other services on I2P.
Sure, we can announce a lot of notes all over the place, but the more we announce, the less users read it.

I2Pmail is a mail service and it works as it is expected to do so.
Please ask postman to edit the hq.postman.i2p information to include this and other changes.

echelon
anonymousmaybe
Posts: 35
Joined: 06 Oct 2018 17:06

Re: i2pmail outdated and less secure

Post by anonymousmaybe »

echelon wrote: 19 Nov 2018 09:58 Hi

I2Pmail is relyable as the i2prouter is, and all other services on I2P.
Sure, we can announce a lot of notes all over the place, but the more we announce, the less users read it.

I2Pmail is a mail service and it works as it is expected to do so.
Please ask postman to edit the hq.postman.i2p information to include this and other changes.

echelon
Already done , and wont happen any fixation for that because he doesnt has the power/time for it.

only if someone can volunteer to do that.
Post Reply