Privacy-conscious email providers to keep your correspondence safe

Since Edward Snowden's revelations about American intelligence listening programs, the public has become aware that message confidentiality and privacy on the Internet are not guaranteed. While the debate was raging (should we improve security at the expense of privacy?), more revelations were made and bills were multiplying. Services to escape mass surveillance and preserve one's privacy developed. Why and how do you opt for a secure email service today? What offerings are available? Here's a list to help you make this choice.


  • ProtonMail

    Freemium Web Android iPhone iPad Website

    ProtonMail is an encrypted webmail service created in 2013 at the European Organization for Nuclear Research (CERN). The service distinguishes itself from other mail providers (such as Small Gmail iconGmail and Small Outlook.com iconOutlook.com) by allowing users to encrypt emails end-to-end. The service can be used via a web browser on a computer (via webmail) or via dedicated Small iOS iconiOS and Small Android iconAndroid applications. ProtonMail is managed by Proton Technologies AG, a company based in the canton of Geneva, Switzerland. Its servers are located at two locations in Switzerland, which is outside the jurisdiction of the United States and the European Union. As of December 2015, ProtonMail had 1 million users. Initially available by invitation only, the service has been open to all since March 2016. The service is also accessible through the Tor network.

    Location: Switzerland πŸ‡¨πŸ‡­
    Price: ProtonMail offers a free version and three paid plans from 5€ to 30€ a month.

     

    ProtonMail icon
  • Tutanota

    Free Personal Web Android iPhone iPad Website

    Tutanota automatically encrypts all data on your device. Your emails and contacts remain private. You can easily communicate with your friends through end-to-end encrypted emails. The subject and attachments of your emails are also encrypted. Tutanota uses open source encryption to secure your email account and is licensed under GPL v3 - essential for a security service. It being open source means that it allows security experts to verify the code that protects your emails.

    Location: Germany πŸ‡©πŸ‡ͺ
    Price: Tutanota offers a free version and a paid version at 1€ per month. You can also buy more storage and aliases.

     

    Tutanota icon
  • Posteo

    Commercial Web Website

    Posteo is an independent email provider for whom durability, security, data protection and ease of use are essential. Posteo operates entirely without advertising and 100% with the green energy provided by Greenpeace Energy. In the era of Internet surveillance, Posteo protects the privacy of its users with its innovative encryption and security concept.

    Location: Germany πŸ‡©πŸ‡ͺ
    Price: The service costs 1€ per month.

     

    Posteo icon
  • StartMail

    Commercial Web Website

    StartMail was launched in 2013 by Small StartPage iconStartPage / Small ixquick iconixquick, whose reputation is well known. Its "mission" is to ensure the confidentiality of its members by allowing them to communicate privately, without being spied on by governments. After a beta version on Invitation, StartMail is accessible to everyone in paid version.

    Location: Netherlands πŸ‡³πŸ‡±
    Price: For individuals and businesses, the service costs $ 59.95 a year.

     

    StartMail icon
  • Mailfence

    Freemium Web Android iPhone Android Tablet iPad Website

    Mailfence is a messaging company that favours the respect of privacy by encrypting communications between your computer and its servers via an SSL certificate issued by a European company. Storage of data and backups takes place exclusively in Belgium. There is no activity monitoring, no backdoors to your account, and there is total control over its servers. The service claims to provide full protection against the NSA and PRISM.

    Location: Belgium πŸ‡§πŸ‡ͺ
    Price: Mailfence offers a free version and two paid versions starting from 2€50 per month.

     

    Mailfence icon
  • Disroot

    Free Web Website

    Disroot is a project based in Amsterdam, that is maintained by volunteers and depends on the support of its community. They offer 4GB of free storage, accept Bitcoin, and offer built in encryption. Disroot is definitely a company worth checking out, as they have a great platform with a tremendous amount of options.

    Location: Netherlands πŸ‡³πŸ‡±
    Price: Disroot is completely free

     

    Disroot icon
  • Kolab Now

    Commercial Web DAVdroid Website

    Kolab Now is another open-source email service with servers fully hosted and managed in Switzerland (just like Small ProtonMail iconProtonMail), so your private data is never read by any other party. The service targets small- and medium-sized enterprises, in particular those wishing to transmit privileged or confidential information by e-mail. Just like Small Posteo iconPosteo, Kolab Now makes money by billing its users directly and has two plans for an individual account. Other features include an integrated note-taking application, email tagging support, contacts and calendar, shared folders, and more.

    Location: Switzerland πŸ‡¨πŸ‡­
    Price: Two paid plans starting at $5 a month.

     

    Kolab Now icon
  • mailbox.org

    Commercial Web Windows Mobile Android iPhone Android Tablet ... iPad Kindle Fire Website

    Mailbox is a Germany-based provider of email messaging, calendars, storage space and document editing services. Document editing is a big plus: it replaces Small Google Drive iconGoogle Drive or Small Microsoft Office 365 iconMicrosoft Office 365's Microsoft Outlook.

    Location: Germany πŸ‡©πŸ‡ͺ
    Price: The service costs 1€ per month but offers a free 30-day trial version.

     

    mailbox.org icon
  • Runbox

    Commercial Web OpenPGP Website

    Runbox is an independent public company based in Oslo, Norway. The Runbox email service was launched in September 2000. The company in its present form was founded in March 2011 and is owned by employees and members of the Board of Directors (76.2% in 2014) and close associates. As a Norwegian public limited company, Runbox Solutions is regulated by strong Norwegian consumer and privacy laws.

    Location: Norway πŸ‡³πŸ‡΄
    Price: The service offers several packages starting from $19.95 a year.

     

    Runbox icon
  • Neomailbox

    Commercial Web Website

    Neomailbox is a fast, secure and reliable email service with IP anonymity, protection against spam and viruses, unlimited disposable addresses, and more.

    Location: Switzerland πŸ‡¨πŸ‡­
    Price: The service is charged from $49.95 per year (you can pay more for more storage).

     

    Neomailbox icon
  • OpenMailBox

    Freemium Web Website

    OpenMailBox is an online solution that offers the hosting of free e-mail addresses for a wide audience who want to benefit from a quality service driven by a free and independent philosophy. Protection of users' privacy is emphasized, which is why OpenMailBox makes every effort to guarantee the security of the data entrusted to them.

    Location: France πŸ‡«πŸ‡·
    Price: The service offers a free version as well as a paid plan at 4.99€ per month.

     

    OpenMailBox icon
  • CounterMail

    Commercial Web Website

    Countermail is another email service provider with several unique features. It uses the OpenPGP encryption protocol with 4096 keys to protect your data and also offers end-to-end encryption. It offers a secure USB stick option that makes it impossible to access your account without your USB stick being inserted into a USB port. CounterMail supports Linux, Mac OS X, and Windows. It also supports IMAP if you want to use your own email client.

    Location: Sweden πŸ‡ΈπŸ‡ͺ
    Price: You can try Countermail for free for a week, after which prices start at $6.33 a month.

     

    CounterMail icon
  • Riseup

    Free Web Website

    Riseup provides online communication tools for individuals and groups who advocate for liberating social change. It's a project to create democratic alternatives and practice self-determination by controlling your own secure means of communication.

    Location: USA πŸ‡ΊπŸ‡Έ
    Price: The service is completely free.

     

    Riseup icon

If you need a very high level of privacy in your email, all of the above services have a good reputation when it comes to protecting your data. One of the reasons they're so brilliant is that even if governments wanted to search you for whatever reason and companies had to transmit your information by law, it would be virtually impossible for them to get past their encryption systems.

Finally, note that an e-mail sent in clear text to or from Small Gmail iconGmail (or any other unsecured email service) may be stored securely by ultra-secured mail, but it will remain stored on Gmail servers if the receiver is using it. To be truly secure, exchanges must be secure from end to end.



Comments on Privacy-conscious email providers to keep your correspondence safe

spectrumsss
· 11 days ago · Helpful Not helpful 4 Helpful Report as spam

It makes sense that a lot of these companies are Swiss-based since Switzerland is out of the 14 eyes and is not a member of EU.

reply

jasonbrown1965
· 3 days ago · Helpful Not helpful 1 Helpful Report as spam

As pointed out by @anonsubmitter, US-based services are a concern, so RiseUp should be added to the list of risky picks for those with state-level interests.

There is a so-called "canary" warrant, of sorts, with some rather bizarre omissions, according to this self-published question on their canary page:

" Q: Why does the new Canary not mention gag orders, FISA court orders, National Security Letters, etc?

" A: Our initial Canary strategy was only harming users by freaking them out unnecessarily when minor events happened. A Canary is supposed to signal important risk information to users, but there is also danger in signaling the wrong thing to users or leading to general fear and confusion for no good reason. The current Canary is limited to significant events that could compromise the security of Riseup users. "

I am also less than impressed with RiseUp's "About Us" page, which does not give any real names for its "alumni", presumably staff. Nine identities are given under "the collective", and but under cutesy bird names, in Latin. Only one gives a contact method, via a GPG key. Given the recent exposure of GPG and other related crypto tools as fundamentally flawed, this suggests a rather casual approach to privacy.

See, https://motherboard.vice.com/en_us/article/3k4nd9/pgp-gpg-efail-vulnerability

A Crunchbase profile on RiseUp gives Micah Anderson as the founder, a rather shy individual who is alone among fellow directors over at privacy-focused Calyx Institute in not having a board photo. Makes sense for a privacy guy .. I guess?

See https://www.calyxinstitute.org/about/board

Finally, there are questions raised about RiseUp operating a TOR exit node, here .. https://arxiv.org/pdf/1803.05201.pdf .. PDF may take a moment or three to load. Search ctrl+F to search for RiseUp.

reply

carmelapedinni
· 11 days ago · Helpful Not helpful Report as spam

Fantastic and insightful list, also very timely. Thank you, POX!

reply

isomorphisms
· 8 days ago · Helpful Not helpful Report as spam

cock.li is another http://vc.gg

he seems to be a privacy / security focused kid (and probably a 4channer)

reply

lavabit is another; they claim to be the first

The guy who runs cock.li is an American citizen, so even though he has moved to Romania, cock.li still follows US laws. There was a recording that he operator of cock.li posted in one of his transparency reports that pretty much shows that cock.li is within jurisdiction for US gag orders (though he found a workaround for now by having him take the call about the subpoena and gag order while he was live on Mumble and broadcasted it to everyone on his Mumble server). And if it's under US jurisdiction it's also vulnerable to National Security Letters.

There is also a small amount of logging: https://cock.li/privacy
The IP logging isn't a deal breaker for me, but the email service technically being under American jurisdiction is.

Lavabit is based in the US and is thus vulnerable to National Security Letters and gag orders. A National Security Letter is a legal demand from a law enforcement agency, for example "give us backdoor access to your online service". A gag order means that disclosing information about a specific law enforcement request is illegal for the website operator. Both of these were experienced by Lavabit and led to them having to shut down in the first place.

Cock.li and Lavabit are not bad email services, quite the opposite. They are however under an extremely bad legal jurisdiction.


MoKosh
· 9 days ago · Helpful Not helpful -2 Helpful Report as spam

You forgot Yahoo! :))

reply

No I didn't forget. Yahoo is not what you would call a secure and privacy-conscious email provider. :)

Wooooosh!
(The ":))" indicates that it was a joke!)

I wasn't sure but I figured it was a pun. :)


Sign up to comment, it's simple!