Topmail Reviews

about Topmail · · Helpful Not helpful Report as spam

Sending and storing email in an encrypted format is infinitely preferable to using "normal" email. The contents of emails that are sent and stored in a properly encrypted way cannot be revealed to a) your email service provider, b) subpoenad by your government, c) read even by hackers who successfully breach the email provider's servers. Encryption therefore protects your privacy and security, and prevents online snooping and profiling.

Nowadays there are a decent number of services that offer this. They include Protonmail, Posteo and Tutanota. Each of these is, additionally, open source (and therefore trustworthy). For reasons of security and privacy they are infinitely preferable to the likes of Gmail, Yahoo and Outlook.com, who store and send your emails an unencrypted format, can read your emails and can give it away or lose it to others.

Yahoo, in fact, was found to have had every one of their email accounts hacked, failed to notify their users and, seperately, wrote code for the FBI to trawl through user emails looking for keywords/phrases. Gmail, which is a larger service, can be assumed to have complied in similar ways under US law. Gmail's business model relies on trawling through your personal data, so it's a treasure trove for government surveillance anyway.

So the question is whether Topmail's encrypted email offering is the best possible one if you're going to make the smart move and leave the likes of Gmail, Yahoo and Outlook.com. And the answer is no.

Topmail isn't open source. They are based in Canada, which has worse privacy laws than Switzerland (Protomail) or Germany (Posteo, Tutanota). Topmail claim not to store your encryption keys (a good thing), and that therefore they don't have access to your emails (a good thing). But their privacy policy clearly states that there exist circumstances under which they would give out your unencrypted data to authorities and, in fact, be forced not to even tell you about it (a consequence of Canadian law):

> The account data we disclose may include data in an unencrypted format. Because such orders generally state that we are not permitted to disclose the existence of the order to a user, we will not disclose to any user the existence, or nonexistence, of any order we may have received.

By this they mean the data they have on you that's not encrypted (e.g. name, contact details, etc.), rather than email contents. But another piece of data they admit to keeping is the IP address you login from (which reveals your location, unless you're using a VPN) and a time stamp of when you login. That's far from an ideal concession for a privacy protecting email service to make, and it's unnecessary because, e.g. Protonmail doesn't have that problem (legally or technically).

Topmail also don't say anything about 2-factor authentication (2FA) - using a phone app, Yubikey, SMS message, etc. to strengthen the security of logging in. That is a disgrace; Topmail claim to have years and years of experience in internet security and 2FA is nowadays a very necessary feature. They don't even mention it, let alone promote it.

Don't get me wrong: Topmail is infinitely preferable to Gmail, Yahoo and Outlook.com (or Web.de, Zoho and so on). But it's far from the best choice you could be making if you want to use an encrypted email service.

There are no other features (security or usability-related) for which I can recommend Topmail above their competitors. Go with Protonmail, Posteo or Tutanota.

reply