Privacy-conscious email providers to keep your correspondence safe

Since Edward Snowden's revelations about American intelligence listening programs, the public has become aware that message confidentiality and privacy on the Internet are not guaranteed. While the debate was raging (should we improve security at the expense of privacy?), more revelations were made and bills were multiplying. Services to escape mass surveillance and preserve one's privacy developed. Why and how do you opt for a secure email service today? What offerings are available? Here's a list to help you make this choice.

Paul
Paul List by Paul , last updated 2018-08-07
  1. Proton Mail icon

    ProtonMail is an encrypted webmail service created in 2013 at the European Organization for Nuclear Research (CERN). The service distinguishes itself from other mail providers (such as Gmail and Outlook.com) by allowing users to encrypt emails end-to-end. The service can be used via a web browser on a computer (via webmail) or via dedicated iOS and Android applications. ProtonMail is managed by Proton Technologies AG, a company based in the canton of Geneva, Switzerland. Its servers are located at two locations in Switzerland, which is outside the jurisdiction of the United States and the European Union. As of December 2015, ProtonMail had 1 million users. Initially available by invitation only, the service has been open to all since March 2016. The service is also accessible through the Tor network.

    Location: Switzerland πŸ‡¨πŸ‡­ Price: ProtonMail offers a free version and three paid plans from 5€ to 30€ a month.

    • WebMail Provider
    • Freemium β€’ Open Source
    • Mac
    • Windows
    • Linux
    • Online
    • Android
    • iPhone
    • iPad
    • Tor
    • ...
    Proton Mail screenshot 1
  2. Tuta Mail icon

    Tutanota automatically encrypts all data on your device. Your emails and contacts remain private. You can easily communicate with your friends through end-to-end encrypted emails. The subject and attachments of your emails are also encrypted. Tutanota uses open source encryption to secure your email account and is licensed under GPL v3 - essential for a security service. It being open source means that it allows security experts to verify the code that protects your emails.

    Location: Germany πŸ‡©πŸ‡ͺ Price: Tutanota offers a free version and a paid version at 1€ per month. You can also buy more storage and aliases.

    • WebMail Provider
    • Freemium β€’ Open Source
    • Mac
    • Windows
    • Linux
    • Online
    • Android
    • iPhone
    • iPad
    • Self-Hosted
    • Flathub
    • F-Droid
    • ...
    Mail View
  3. Posteo icon

    Posteo is an independent email provider for whom durability, security, data protection and ease of use are essential. Posteo operates entirely without advertising and 100% with the green energy provided by Greenpeace Energy. In the era of Internet surveillance, Posteo protects the privacy of its users with its innovative encryption and security concept.

    Location: Germany πŸ‡©πŸ‡ͺ Price: The service costs 1€ per month.

    • ...
    Drag and drop
  4. StartMail icon

    StartMail was launched in 2013 by Startpage / ixquick, whose reputation is well known. Its "mission" is to ensure the confidentiality of its members by allowing them to communicate privately, without being spied on by governments. After a beta version on Invitation, StartMail is accessible to everyone in paid version.

    Location: Netherlands πŸ‡³πŸ‡± Price: For individuals and businesses, the service costs $ 59.95 a year.

    • ...
    StartMail screenshot 1
  5. Mailfence icon

    Mailfence is a messaging company that favours the respect of privacy by encrypting communications between your computer and its servers via an SSL certificate issued by a European company. Storage of data and backups takes place exclusively in Belgium. There is no activity monitoring, no backdoors to your account, and there is total control over its servers. The service claims to provide full protection against the NSA and PRISM.

    Location: Belgium πŸ‡§πŸ‡ͺ Price: Mailfence offers a free version and two paid versions starting from 2€50 per month.

    • WebMail Provider
    • Freemium β€’ Proprietary
    • Online
    • Android
    • iPhone
    • Android Tablet
    • iPad
    • ...
    Mailfence screenshot 1
  6. Disroot icon

    Disroot is a project based in Amsterdam, that is maintained by volunteers and depends on the support of its community. They offer 4GB of free storage, accept Bitcoin, and offer built in encryption. Disroot is definitely a company worth checking out, as they have a great platform with a tremendous amount of options.

    Location: Netherlands πŸ‡³πŸ‡± Price: Disroot is completely free

    • ...
    Disroot screenshot 1
  7. Kolab Now icon

    Kolab Now is another open-source email service with servers fully hosted and managed in Switzerland (just like Proton Mail), so your private data is never read by any other party. The service targets small- and medium-sized enterprises, in particular those wishing to transmit privileged or confidential information by e-mail. Just like Posteo, Kolab Now makes money by billing its users directly and has two plans for an individual account. Other features include an integrated note-taking application, email tagging support, contacts and calendar, shared folders, and more.

    Location: Switzerland πŸ‡¨πŸ‡­ Price: Two paid plans starting at $5 a month.

    • Calendar App
    • Online
    • Software as a Service (SaaS)
    • DAVdroid
    • ...
    Kolab Now email
  8. Mailbox.org icon

    Mailbox is a Germany-based provider of email messaging, calendars, storage space and document editing services. Document editing is a big plus: it replaces Google Drive or Microsoft 365's Microsoft Outlook.

    Location: Germany πŸ‡©πŸ‡ͺ Price: The service costs 1€ per month but offers a free 30-day trial version.

    • ...
    Dashboard online office. Powered by Open-Xchange
  9. Runbox icon

    Runbox is an independent public company based in Oslo, Norway. The Runbox email service was launched in September 2000. The company in its present form was founded in March 2011 and is owned by employees and members of the Board of Directors (76.2% in 2014) and close associates. As a Norwegian public limited company, Runbox Solutions is regulated by strong Norwegian consumer and privacy laws.

    Location: Norway πŸ‡³πŸ‡΄ Price: The service offers several packages starting from $19.95 a year.

    • ...
    Webmail
  10. Neomailbox icon

    Neomailbox is a fast, secure and reliable email service with IP anonymity, protection against spam and viruses, unlimited disposable addresses, and more.

    Location: Switzerland πŸ‡¨πŸ‡­ Price: The service is charged from $49.95 per year (you can pay more for more storage).

    • ...
  11. OpenMailBox icon

    OpenMailBox is an online solution that offers the hosting of free e-mail addresses for a wide audience who want to benefit from a quality service driven by a free and independent philosophy. Protection of users' privacy is emphasized, which is why OpenMailBox makes every effort to guarantee the security of the data entrusted to them.

    Location: France πŸ‡«πŸ‡· Price: The service offers a free version as well as a paid plan at 4.99€ per month.

    • ...
    OpenMailBox screenshot 1
  12. CounterMail icon

    Countermail is another email service provider with several unique features. It uses the OpenPGP encryption protocol with 4096 keys to protect your data and also offers end-to-end encryption. It offers a secure USB stick option that makes it impossible to access your account without your USB stick being inserted into a USB port. CounterMail supports Linux, Mac OS X, and Windows. It also supports IMAP if you want to use your own email client.

    Location: Sweden πŸ‡ΈπŸ‡ͺ Price: You can try Countermail for free for a week, after which prices start at $6.33 a month.

    • ...
    CounterMail screenshot 1
  13. Riseup icon

    Riseup provides online communication tools for individuals and groups who advocate for liberating social change. It's a project to create democratic alternatives and practice self-determination by controlling your own secure means of communication.

    Location: USA πŸ‡ΊπŸ‡Έ Price: The service is completely free.

    Be aware that β€œServices based in the United States are not recommended because of the country’s surveillance programs, use of National Security Letters (NSLs) and accompanying gag orders, which forbid the recipient from talking about the request. This combination allows the government to secretly force companies to grant complete access to customer data and transform the service into a tool of mass surveillance.” – PrivacyTools.io

    • ...
    Riseup screenshot 1

If you need a very high level of privacy in your email, all of the above services have a good reputation when it comes to protecting your data. One of the reasons they're so brilliant is that even if governments wanted to search you for whatever reason and companies had to transmit your information by law, it would be virtually impossible for them to get past their encryption systems.

Finally, note that an e-mail sent in clear text to or from https://alternativeto.net/software/gmail/ (or any other unsecured email service) may be stored securely by ultra-secured mail, but it will remain stored on Gmail servers if the receiver is using it. To be truly secure, exchanges must be secure from end to end.


This list was created by Paul Mar 1, 2018 and was last updated Aug 7, 2018. The list has 13 apps.

You can create your own lists from our large database of apps either for your own sake or if you want to share some great apps with other people.


Comments

coralinecastell
Comment β€’Aug 25, 2019

So, do you plan on adding Librem Mail icon Librem Mail ?

The reason I ask is because the whole Librem suite seems pretty new. Saw it 'advertised' on your Twitter and I'm wondering what the word on the street about them is, given that their website honestly seems barren of important info regarding their products.

At $7.99/monthly for the whole suite -- mail + VPN + social network + chat -- they seem like a really great option, if only I knew more!

So, POX, any thoughts? Thanks in advance for all the contributions you make to this community.

EDIT: while we're on the subject: how the H do I get in touch with someone from the Librem One team? I can't see a contact e-mail ANYWHERE on their website. Cheers!

[Edited by coralinecastell, August 25]

2 replies
Paul

I haven't used Librem One with Librem Mail yet, but yes I might add it to this list if it's proven to be a good secure and privacy-focused email service. I think you can contact them on their website.

Reply written Aug 26, 2019

If this reply contains spam or other abuse, notify admins about it.
coralinecastell

Thank you so much, POX! I somehow missed that section.

Reply written Aug 27, 2019

If this reply contains spam or other abuse, notify admins about it.
Show entire comment and 2 replies β–Ύ
0
Ariana
Comment β€’Aug 21, 2018

Thanks @Pox for the overview. Just noticed that Tutanota is now also available on F-Droid, which is great if you want to move away from Google: https://tutanota.com/blog/posts/open-source-email

1 reply
Paul

Yes it's great, we recently tweeted about that. :)

Reply written Aug 21, 2018

If this reply contains spam or other abuse, notify admins about it.
Show entire comment and 1 reply β–Ύ
0
jasonbrown1965
Comment β€’Jul 12, 2018

As pointed out by @anonsubmitter, US-based services are a concern, so RiseUp should be added to the list of risky picks for those with state-level interests.

There is a so-called "canary" warrant, of sorts, with some rather bizarre omissions, according to this self-published question on their canary page:

" Q: Why does the new Canary not mention gag orders, FISA court orders, National Security Letters, etc?

" A: Our initial Canary strategy was only harming users by freaking them out unnecessarily when minor events happened. A Canary is supposed to signal important risk information to users, but there is also danger in signaling the wrong thing to users or leading to general fear and confusion for no good reason. The current Canary is limited to significant events that could compromise the security of Riseup users. "

I am also less than impressed with RiseUp's "About Us" page, which does not give any real names for its "alumni", presumably staff. Nine identities are given under "the collective", and but under cutesy bird names, in Latin. Only one gives a contact method, via a GPG key. Given the recent exposure of GPG and other related crypto tools as fundamentally flawed, this suggests a rather casual approach to privacy.

See, https://motherboard.vice.com/en_us/article/3k4nd9/pgp-gpg-efail-vulnerability

A Crunchbase profile on RiseUp gives Micah Anderson as the founder, a rather shy individual who is alone among fellow directors over at privacy-focused Calyx Institute in not having a board photo. Makes sense for a privacy guy .. I guess?

See https://www.calyxinstitute.org/about/board

Finally, there are questions raised about RiseUp operating a TOR exit node, here .. https://arxiv.org/pdf/1803.05201.pdf .. PDF may take a moment or three to load. Search ctrl+F to search for RiseUp.

2 replies
Paul

Thank you. I added a warning about RiseUp and any other US-based service.

Reply written Aug 7, 2018

If this reply contains spam or other abuse, notify admins about it.
jasonbrown1965

Update: As might be expected, there are several rabbit holes to dive down into.

In the interests of fairness, here is an article claiming to debunk the last link from Arxiv: https://dustri.org/b/debunking-osint-analysis-of-the-tor-foundation-and-a-few-words-about-tors-directory-authorities.html

The debunker criticises the many spelling and grammatical errors, but as the lead author is French I found that less interesting than the fact that the debunker article does not make any reference to Micah Anderson (mentioned in my comment above).

For those wanting to read more - and whether or not they should trust RiseUp and its involvement with TOR nodes, see author Yasha Levine at: https://surveillancevalley.com/blog/internet-privacy-funded-by-spies-cia

For a bit more back and forth on Levine's book: https://caucus99percent.com/content/concerning-yasha-levine%E2%80%99s-%E2%80%98fact-checking-tor-project%E2%80%99s-government-ties%E2%80%99

Reply written Apr 30, 2019

If this reply contains spam or other abuse, notify admins about it.
Show entire comment and 2 replies β–Ύ
1
isomorphisms
Comment β€’Jul 7, 2018

cock.li is another http://vc.gg

he seems to be a privacy / security focused kid (and probably a 4channer)

2 replies
isomorphisms

lavabit is another; they claim to be the first

Reply written Jul 7, 2018

If this reply contains spam or other abuse, notify admins about it.
Tim_B

The guy who runs cock.li is an American citizen, so even though he has moved to Romania, cock.li still follows US laws. There was a recording that he operator of cock.li posted in one of his transparency reports that pretty much shows that cock.li is within jurisdiction for US gag orders (though he found a workaround for now by having him take the call about the subpoena and gag order while he was live on Mumble and broadcasted it to everyone on his Mumble server). And if it's under US jurisdiction it's also vulnerable to National Security Letters.

There is also a small amount of logging: https://cock.li/privacy The IP logging isn't a deal breaker for me, but the email service technically being under American jurisdiction is.

Lavabit is based in the US and is thus vulnerable to National Security Letters and gag orders. A National Security Letter is a legal demand from a law enforcement agency, for example "give us backdoor access to your online service". A gag order means that disclosing information about a specific law enforcement request is illegal for the website operator. Both of these were experienced by Lavabit and led to them having to shut down in the first place.

Cock.li and Lavabit are not bad email services, quite the opposite. They are however under an extremely bad legal jurisdiction.

Reply written Jul 8, 2018

If this reply contains spam or other abuse, notify admins about it.
Show entire comment and 2 replies β–Ύ
0
MoKosh
Comment β€’Jul 6, 2018

You forgot Yahoo! :))

3 replies
Paul

No I didn't forget. Yahoo is not what you would call a secure and privacy-conscious email provider. :)

Reply written Jul 6, 2018

If this reply contains spam or other abuse, notify admins about it.
MoKosh

Wooooosh! (The ":))" indicates that it was a joke!)

Reply written Jul 11, 2018

If this reply contains spam or other abuse, notify admins about it.
Paul

I wasn't sure but I figured it was a pun. :)

Reply written Jul 12, 2018

If this reply contains spam or other abuse, notify admins about it.
Show entire comment and 3 replies β–Ύ
-3
coralinecastell
Comment β€’Jul 5, 2018

Fantastic and insightful list, also very timely. Thank you, POX!

Show entire comment β–Ύ
0
spectrumsss
Comment β€’Jul 4, 2018

It makes sense that a lot of these companies are Swiss-based since Switzerland is out of the 14 eyes and is not a member of EU.

Show entire comment β–Ύ
5
Gu