Email options

Discussion in 'privacy technology' started by mirimir, Jan 18, 2015.

  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,024
    I'm working on a review of email options for better privacy, security, anonymity, etc. To start with, I'm compiling a list. Below are ones that come to mind.

    Which ones have I missed? Also, what's good and bad about each?

    [edit: The project has stalled :( But I'm updating the list :) ]

    Ready-to-Go End-to-End Encryption

    Confidant Mail https://www.confidantmail.org/ [edit: Beta, and very interesting. See posts on <tor-talk@lists.torproject.org>.]
    CounterMail https://countermail.com/
    DarkMail http://darkmail.info/ [under development]
    Hushmail https://hushmail.com [edit: They have cooperated with LEA in the past.]
    ProtonMail https://protonmail.ch/
    SAFe-mail https://www.safe-mail.net/ [edit: Recommended by krustytheclown2. LockBox disagrees.]
    start mail https://www.startmail.com/ [edit: Mentioned by cb474.]
    Tutanota https://tutanota.de/
    unseen.is https://unseen.is/ [edit: Recommended by krustytheclown2.]

    Privacy-Friendly [edit: There's a range here from hardcore to "lawful". I'm not going to parse that.]

    Autistici/Inventati https://www.autistici.org/en/ [edit: They added a server in France. Not good :( ]
    Kolab Now https://kolabnow.com/ [edit: I forgot to add them in January. They've changed their name.]
    Mail2Tor http://mail2tor.com/ [edit: Recommended by krustytheclown2.]
    Neomailbox https://www.neomailbox.com/
    Posteo https://posteo.de/en [edit: Recommended by krustytheclown2.]
    Riseup https://help.riseup.net/en/
    RuggedInbox.com https://ruggedinbox.com/ [edit: Recommended by krustytheclown2.]
    runbox https://runbox.com/
    VFEmail https://vfemail.net/
    Vmail https://www.vmail.me/en/ [edit: Recommended by luciddream. Previously, they've had hosting problems.]

    Amusing

    C**kMail https://c**k.li/ [edit: Plus many other very amusing (or shocking) hostnames ;) ]

    Temporary

    Anonbox (CCC) https://anonbox.net/
    TempInbox http://www.tempinbox.com/

    P2P Messaging

    Bitmessage https://bitmessage.org/wiki/Main_Page
    ...Email gateway https://bitmessage.ch/

    Pond https://pond.imperialviolet.org/ [edit: This has been abandoned by the developer :( ]
    ...Email gateway https://pondgw.hoi-polloi.org/intro
     
    Last edited: Nov 6, 2015
  2. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
  3. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    687
    Mirimir, could I suggest you specify whether these options are paid or free?

    Edited to say: been trying tutanota free version. 1GBstorage. 20MB attachments per email allowed. Other than that its extremely basic. No bold/italics/underline text. No way to make folders.
     
  4. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    This is a good list. I use runbox, which you may or may not want to add on this list.
    It is not exactly a top of the line "we refuse to corporate with anybody" kind of service. They clearly state on their page that a valid court order has to be issued under Norwegian law for any emails to be shared with any government agency. Which is fair enough for me. If the government wants my emails they will get it one way or the other whether by hacking my computer, hacking the outgoing Internet or if they really want to put a camera and get your password that way.
     
  5. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    687
    Just got my invite from protonmail. Free account 500MBs and seems you have to have these browsers and respective versions:

    Protonmail.png
     
  6. DX2

    DX2 Guest

    Top list, only 1 out of the 4 work.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,024
    Last edited: Jan 18, 2015
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,024
    Sorry:oops: I've fixed the links.
     
  9. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    I would add runbox to a 3rd category of email providers that openly say they will corporate with government if required by law. In this category I would only recommand email providers that are based on more law abiding countries such as Iceland, Norway, perhaps Finland?
    I would not recommend email providers based in countries such as US, Germany, Russia, China, etc...

    I just think it would be useful to have email providers differentiated based on those who openly refuse to corporate by making it technologically difficult to hand out user data vs those that openly are okay with cooperating as long as court order is issue vs those that are not recommended either because they are based in a country that does not respect laws or have hidden laws/judges/courts.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,024
    @mattdocs12345

    OK, I'll address that issue.

    However, I don't pay much attention to language about cooperating or not. I make the worst-case assumption that they will cooperate, or be compromised. Then I look at how to remain as private and anonymous as needed.
     
  11. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    488
    Location:
    Earth .... occasionally
    How about -

    hushmail.com

    End-to-End Encryption ? - yes , definitely ;
    privacy and security ? - who knows ?
     
    Last edited: Jan 18, 2015
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,024
    They totally fail :thumbd:
     
  13. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    I think this raises another issue of how private and anonymous people want to be.
    1. Private from everyone
    - then use countermail, custom based linux, pre-1995 laptop and so on
    2. Private from PRISM (Five Eyes, 9 eyes, 12 eyes)
    - use email service that's not part of Prism in a country not based in one of the 9 eyes or 12 eyes and hope for the best
    3. Private from corporate/ad companies
    - use any paid email service in the United States.
    Personally, I fall somewhere between 2 and 3. For me runbox is an established service, reputable company that is unlikely to sell out my data to ad companies and Norway is not part of the Five eyes but it is part of the 9 eyes. So probably that service is more of a level 3.
    Anyways, my $0.02.
     
  14. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Great list, thanks!
    I guess you mean 14 eyes?
     
  15. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    Yes 14 eyes. Im loosing track of all those eyes.
    But pretty much this is intelligence alliance between allied democratic countries. In theory a pretty good idea, just a poor one from lack of any privacy supervision.
     
  16. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    I would add:

    posteo.de
    safe-mail.net
    unseen.is
    mail2tor.com (not encrypted by default)
    ruggedinbox.com
     
  17. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    I found the presentation at https://www.eff.org/secure-messaging-scorecard useful to analyse different services, although that list is oriented round messaging rather than email.

    I've looked at, though not used, Lavaboom; they also offer TFA based on Yubikey (I think ProtonMail and Tutanota are also looking at TFA for their paid-for/business accounts).

    Might also be worth noting decent clients as well (Mailpile, Enigmail etc).
     
  18. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    It's back up. Check it out.
     
  19. navigat0r

    navigat0r Registered Member

    Joined:
    Jan 8, 2015
    Posts:
    26
    TextSecure uses Google Cloud Messaging for message delivery, but that's not taken into account on this scorecard.
     
  20. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,024
    Thanks :) I may steal some of that, but with acknowledgement.
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,024
  22. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    And of course after the list is completed it would be nice to have a sticky that is updated every now and then.
     
  23. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,024
    It's not going to be just a list. I'm planning another how-to guide. I'll cover installing and configuring software, etc, etc. If y'all would like to collaborate, PM me.
     
  24. blaker

    blaker Registered Member

    Joined:
    Dec 21, 2014
    Posts:
    15
  25. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
Loading...