Thanks mirimir. This is a great idea. Shouldn't Startmail be in the list? https://www.startmail.com/ And does Mailpile count? https://www.mailpile.is/ I guess it's more akin to Thunderbird with Enigmail, since it's not a mail service and they have not yet implemented the original idea of making it easy to run one's own mail server.
Thanks, nice list. As far as I know Tutanota is the only one where you can sign up immediately for free. It encrypts subject and attachments as well. Definitely a keeper!
Do you honestly believe that if any email provider at all gets a court order saying that a certain email account has, for example, CP or details of a bomb plot on it (and it doesn't have to be true or based on any evidence, it could just be an excuse), they won't do anything in their power to assist? Of course they will, and that's probably true with less egregious things as well. The idea is with encrypted email is that even the provider can't access your account without the password, and that's what safe-mail and others claim to do. Anyhow, if you put your trust in any service provider (email, VPN, etc), your security is really just based on trust which isn't worth much when it comes down to it. Bottom line is that the safest thing is using open source impenetrable technologies like Tor and GPG and not relying on any company for utmost security. Gmail + GPG is infinitely safer than any of these, without GPG.
You might want to make these terms a bit more contingent. End-point security is "terrifically weak", all you can do, is do your best. There are pros and cons which work as far as they may, for your threat model - that applies to any of these technologies. Email as it stands is fundamentally flawed, and Google will certainly hand over your metadata and message subjects if requested, and you do not have PFS. My understanding of the class of provider like ProtonMail and Tutanota is that they are intending most of all to be easy to use rather than be as secure as possible (hence them storing encrypted private keys on their servers, use of javascript encryption and so on). In a way though, widespread adoption of reasonably secure and easy-to-use email is likely to raise the bar and increase penetration of stronger protections.
Yes, I'm sure of that. End-to-end encryption, keeping private keys local, is a good start. But one must also obscure metadata, avoiding meaningful subject lines, anonymizing correspondents' identies using multiple accounts, and Internet access via nested chains of VPNs, JonDonym and Tor. Yes, distribute trust so that compromise requires collaboration.
Good list. I only know of the provider I use (CM) - do any of those others allow local storage of private keys?
ProtonMail does not allow keys to be stored locally. I'm not sure about Tutanota. Their FAQ is ambiguous. It seems that neither uses GnuPG, or at least straight GnuPG, so users can't securely correspond with regular GnuPG users (except using symmetric keys). I gather that their goal is hiding metadata. CounterMail also needs your private key in order to hide metadata, as I understand it. I need to real about all these services and ask questions before saying much specifically.
Just a thought for food. I hope none of you guys are access your email service from iphone. Cause you might as well use regular gmail.
Tutanota plans to enable PGP functionality for interoperability with other services in the future: https://tutanota.uservoice.com/knowledgebase/articles/470724-why-does-tutanota-not-use-pgp Also note that Tutanota has a system for making suggestions, if you're a Tutanota user, and they seem to really be listening: https://tutanota.uservoice.com/forums/237921-general
Can you elaborate on this? What about while using something like Tutanota's app, which keeps things encrypted? Even CounterMail has a way to use their service on Android phones, with K9 mail and PGP. Is that also useless? Also, it's not email, but what about TextSecure, ChatSecure, RedPhone? There are some ways to communicate securely from phones, aren't there?
I guess rather than drawing the line, you could just describe the relative risks of different options and people can decide for themselves what they need. Or you could describe the relative risks and for what type of people different options make sense, e.g. if you just want some privacy from prying corporate eyes you're probably okay with x, if you need to protect information from such and such legal entities only use y, if you think you're the target of a major state security agency don't use a phone. * I'm still unclear though, with proper encryption, why phones are inherently worse than computers. I can see that with just regular built in email apps, phones are totally unreliable and basically designed to spy on you. But with an open source OS, good encryption from a reliable opensource app and dev like Whispersystem's Chatsecure, shouldn't it be just as good as proper PGP with Thunderbird? In both cases, one is relying on trusting the opensource system and the specific devs in question, but technically the encryption should work.
I meant more like "what to cover?" than "what's secure?". Even with an open-source OS and apps, you must trust the firmware/radio and its closed-source OS, which is known to share freely with carriers. The old-school PC BIOS had far less power to pwn users. But that's changing
Ah, oops. Yeah, there's a lot to write about. Whatever you do will be appreciated. I get that phones in their default state are a nightmare (it's why I totally recommend against using phones for banking apps, payments, purchases). But I still don't get how for secure communication it can break proper encryption. How does the radio break encryption? And if you don't want your cell service to track you connections, use a VPN. So I thought it takes more care and precaution with a phone, but it's not impossible. What am I missing, in comparison to computers?
I think that it basically comes down to the fundamental role of radio in phones, handled at firmware level, vs networking in PCs, handled in kernel and above. Maybe someone can say more about specifics. I'd just be quoting Wikipedia
I guess I'll have to search around. I'm still having trouble imagining how the radio can break proper encryption. I can imagine the radio could act as a man in the middle. But so can a router, public wifi, ISP, so isn't that what encryption and VPNs are for?
Right. It's not just the radio. It's the firmware (like BIOS) plus the radio, under joint control. The firmware can see everything, so encryption is useless. On a PC, encryption would be useless if the BIOS were backdoored. Phones are backdoored by default
Is vmail.me back again? It wasn't accepting new accounts, when I last checked. I've also liked yandex.com and mail.ru, and even gmx.*, but I don't know that I'd classify as privacy friendly. But then, how privacy-friendly is vfemail.net? They do have a hidden service, though. Maybe I need another category, semi-privacy-friendly But anyway, thanks
For me, the interest is about services that support users who are not online (in other words, store-and-forward, or some kinds of P2P). The IM secure messaging is rather "easier", although they vary in terms of pfs etc - and there are some pretty good solutions already for all platforms for IM. Like you, I wouldn't touch mobiles with a bargepole for this. Each to their own. Because of the reliance on strong passwords for Tutanota, ProtonMail etc, I would want/expect TFA to be supported, and one of those two has plans for that under their premium/paid service, as well as domain support.
