Yes, the SCRYPTmail account is Sergei. I'm a new addition to the team during the past couple months. Yes, the SCRYPTmail web site needs an update. We also have a new interface coming out. That's the priority at the moment. There are a few updates for the web site we want to get done after the interface is released.
It all comes down to who you can trust. It's just a judgement call really. I would rather trust the USA with my email than say Russia or China. At least in the USA they need a warrant or court order to look at your email. In Russia or China they don't bother with the rule of law. I honestly doubt Private Internet Access and their team magically relocated one day to other parts of the world. To me that's impossible and dishonest and spin. There is too much spin going on to believe what the owner says. They are incorporated in the USA thus they are subject to USA warrants and court orders. It doesn't matter if Private Internet Access staff live in Zimbabwe they are still a USA registered company and subject to their laws no question about it.
@SCRYPTmail , @popowich - thanks for the replies, I really sympathise with you guys and it's terrible that we should even have to be thinking about this stuff, there are many more important things and creative things I'd rather be doing - but here we are. For example, I'm having to look at my options in case they do anything silly when it comes to any legislation about encryption and back-doors, and under no circumstances am I going to put a back-door in my products. Trying to represent the issues on behalf of a non-US user, I'd say there were two main factors, both of which relate to place of incorporation as opposed to operation (which are mainly more technical in nature).. 1) The Lavabit effect. I cannot trust - from real experience, not theory - that USG will not serve you with an NSL, which you will have to comply with, regardless of where the servers are. It is easy to see how a modification to the javascript code downloaded to the browser could compromise targeted or non-targeted users. Or you'll be forced to hand over certificates. I do not trust warrant canaries for this kind of thing. On top of that, we have nonsenses like the US court demanding MS hand over email records for a non-US citizen in Ireland, without involving MLAT or anything else. Or course, this international jurisdiction conflict is a lawyer's dream and a company nightmare, but experience shows that the US thinks it can demand anything from anywhere - and often it's right, regardless of due process and rule of law. Pesky foreigners are unhappy about this, which leads on to:- 2) Emotion and consumer power. Do not underestimate the extent of anger at the behaviour of the US with mass surveillance. As superpowers go, the US has not been terrible, but the support and moral authority is being squandered for no very good reason - in fact weaponising the internet is really dumb for the US, it stands to lose much - but here we are again! Both my head and my heart tell me to avoid US security, computing and cloud services until their conduct come into line with your own constitution, decent international relationships, and rule of law. Given the supine and bent response from Congress, the only remedy I have to change their minds is economic sanctions. For what it's worth, my top 5 security concerns/features are: 1) place of incorporation 2) independent audit of architecture, client and server code 3) Two factor authentication - extremely important for this class of service because of the reliance on passwords. Yubikey HMAC/OTP or Fido U2F would suit (NOT mobile phones or biometrics). 4) Option to run from native client code 5) Gateway to the PGP world Hope that helps and good luck!
I will second deBoetie's expression of sympathy for the difficulties of setting up a service like this and negotiating the technical and legal hurdles. Also, popowich, I think the website looks good and professional, but, as noted, some blanks as far as the information available could be filled out and updated. And, once again, deBoetie, thanks for an astute and succinct statement of the complexities of this situation and the choices users face. I also like your top 5 list. It was hard for me to choose, though location for me is definitely there. A gateway to the PGP world really would be great. There are a lot of different encrypted email services starting now, which is nice, but without interoperability they are all kind of islands unto themselves. It's useful for specific purposes, but I can't see how that will ever lead to more broadscale use of encryption. It also seems to me that it would be in the economic interest of some of the higher profile, more popular, and better designed services to cooperate on creating interoperability. The more other services they work with, the more useful their own service is, the more people may be willing to adopt one of the services. There is so much enormous room for growth in this area that it doesn't seem one needs to shut out one's competitors.
Thanks, and this is a great point about interoperability benefiting all secure email providers. I'm reminded of the early days of email, when the basic problem was, you had no-one to talk to. The dream as a business owner right now is for easy-to-use secure B2B communications that allow you to interact securely by default with other businesses. Certificate-based systems are too complex for many to contemplate. So the big prize as a service provider would be to have an environment where that is possible - and so forming relationships with "competitors" is a good idea,. Of course, the technical difficulties are significant, and you might lose at least some security, but on the other hand, it's hard to see how it cannot improve the current desperate state of affairs (where business are very vulnerable to hacks, economic espionage by competitors and foreign governments, and often not fulfilling their data protection responsibilities).
I am not sure just check country by country. I can imagine that if you go outside those countries then you will have more surveillance. But I think in general Scandinavian countries have better respect for their laws and constitution than England or United States. One has to understand that once you make yourself stand out too much then surveillance in unavoidable. Most likely it's computerized and then re-evaluate at some point by a human. I decided to go with runbox as my personal protest against American based email services and to support email provider in a country that requires due process... I've been with runbox now over 2 years and their service is quite good and my emails are not scanned and used to serve adds.
I wish the fantasy of re-evaluation by a human were likely, but I think it's not. Even if a human does pass a cursory glance at it, it will be based on a default carry-on-monitoring-because-it-costs-us-so-little. And this is the problem - it costs them little, and they do not bear the costs. IMO, the spooks (and everyone else they share the data with) need to be limited by a budget to ensure only the highest priority cases are followed, and the rest should NOT be done (despite it being so easy and cheap for them).
I think we can discount Sweden as a safe haven now for privacy. Portlane sued for hosting Piratebay proxies, PRQ sued and domain confiscations. So I think Sweden is out of the question now.
Not sure if it's been mentioned yet... too lazy to look through every post. But have you checked out "Yandex"? If I've tested it I forget the results, but heard good things about it and it seems privacy friendly.
Also the problems with Vmail seem to be resolved. The problem was they were taking on more clientel then they envisioned, faster than they did, and had to upgrade/expand server space. I mentioned them in several security forums and no doubt that had an effect. These are the 2 webmail options I use.
Sounds extreme I know, but the only way to really stay private is to talk to a circle of acquaintances you do business with over the computer, your hacking team or whatnot, in person, and create runes to obfuscate your messages. Like one letter really means a different letter/symbol, and each of you have a chart (on paper, not online), stored safely away. And use this method to decrypt sensitive material. And you would even have to make that very complex or the NSA would break it. And use all the other measures mentioned in here on top of that.
Removed Off Topic Political Posts. We Don't Want to Close this Thread As Per Policy Because It Contains Useful Information, However, Any More Political Leaning Posts, It Will Be Closed. Its Future Is In Your Hands!
Yandex works very well, I use it myself. But their privacy policy is as bad as many out there. Basically the only good thing is that they strip the sender's IP address. But Gmail does too. I've also found Vivaldi mail. http://www.ilovefreesoftware.com/07/webware/vivaldi-email.html It comes from Vivaldi.net they are based in Iceland and their privacy policy looks acceptable/good. I have not tried it myself, though.
Seems noone has mentioned Mail.ru, the second biggest email provider In Russia following Yandex. http://help.mail.ru/enmail-help/UA
Problem with yandex email is that I've already encountered a couple of forums that do not accept it for signing up, I guess because of the many spammers.
@mirimir I noticed in the OP next to Startmail you said it is recommended by me. Although I did mention Startmail in this thread as something to add to the list, I have never used it and so would not say I "recommend" it, beyond knowing that it's one of the better known private email services and that people might want to check it out.
sigaintevyh2rzvw.onion No one has mentioned Sigaint. I've seen the owners talk on various forums and they know security. They look reliable and they don't look like a short term fix.
