Email provider: riseup.net OR disroot.org?

7 replies [Last post]
freesoftware
Offline
Joined: 02/16/2015

I try to find a free software email provider. Is riseup.net running 100% free software? Is disroot.org trustable?

Thanks!

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

See that recent thread: https://trisquel.info/forum/free-email-providers (heyjoe's messages were removed; that is why, sometimes, the sequences of messages apparently makes little sense).

loldier
Offline
Joined: 02/17/2016

The other thread is too convoluted now that the troll messages have been removed.

Riseup.net's "radical server" list.

https://riseup.net/en/security/resources/radical-servers

"Is riseup.net running 100% free software?"

Does it matter? It's not "cloud computing" per se.

If they run something else, it's on their consciense and to their detriment, which shouldn't concern us if we cannot change it (it's their computer). Users should be concerned with privacy and security and concentrate on what they run on their own computer.

ADFENO
Offline
Joined: 12/31/2012

Just an addendum, no objection to anything.

> their computer). Users should be concerned with privacy and security
> and concentrate on what they run on their own computer.

... and that also includes what kind of client-side JavaScript gets
automatically executed. :D

--
- https://libreplanet.org/wiki/User:Adfeno
- Palestrante e consultor sobre /software/ livre (não confundir com
gratis).
- "WhatsApp"? Ele não é livre. Por favor, veja formas de se comunicar
instantaneamente comigo no endereço abaixo.
- Contato: https://libreplanet.org/wiki/User:Adfeno#vCard
- Arquivos comuns aceitos (apenas sem DRM): Corel Draw, Microsoft
Office, MP3, MP4, WMA, WMV.
- Arquivos comuns aceitos e enviados: CSV, GNU Dia, GNU Emacs Org, GNU
GIMP, Inkscape SVG, JPG, LibreOffice (padrão ODF), OGG, OPUS, PDF
(apenas sem DRM), PNG, TXT, WEBM.

Aristophanes
Offline
Joined: 10/05/2017

Disroot's privacy policy states that all emails, unless encrypted (with gpg for example), are stored on their servers in plain-text.

Is this common practice and/or acceptable?

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

It is common practice. Whether it is acceptable is up to you.

If you do not use end-to-end encryption (typically GPG), the email provider can read your emails. Some providers propose to store your emails encrypted: see https://posteo.de/en/site/encryption for instance and notice (a completely different point) that Posteo's webmail does not rely on any proprietary JavaScript according to https://www.fsf.org/resources/webmail-systems

That makes a difference if the police/justice asks for your emails: a provider such as Posteo cannot possibly give them. Depending on the legislation, the provider may actually be forbidden to to not be able to give your emails. It is not the case of Germany's legislation (Posteo is located in Germany). Storing encrypted emails (that can only be decrypted through the password of the user) makes a difference if the server is cracked too.

gd_scania
Offline
Joined: 09/13/2017

I've also just now signed up in Disroot and GuoMedia and these are quite nice for people like me enough to nonfree fkb00k and nonfree g00g1e. Just for legacy reasons I can't quit fkb00k, g00g1e, WhatsApp, those are the final nonfree services I'm still using them.

strypey
Offline
Joined: 05/14/2015

As mentioned in the other thread, the FSF maintains a list of email hosts but it's rating them *only* on whether 100% free code can be used at the client end (including account registration):
https://www.fsf.org/resources/webmail-systems

The bottom line is there's only so much you can trust any hosted service run by strangers. RiseUp have pointed this out themselves. If you personally know and trust all the people with root access to a hosted service's systems (and anyone with physical access to the boxes hosting them), *maybe* you can trust it. A UNIX greybeard and fellow activist I've know for years has always insisted that if you don't want something known to the wrong people, don't ever talk about it on an internet-connected computer.

That said, I've "met" some of the RiseUp folks through my work with the Indymedia network (on mailing lists and in IRC meetings), and I do trust them, even though they say I shouldn't ;) I'm also a Disroot user, and I'm impressed by the range of free code packages they've made available, many of them under a unified set of login credentials (secure SSO is the holy grail of free code FarceBook killers). I'm looking forward to them releasing their playbooks so that other groups can duplicate their services. This is where libre services needs to go IMHO, neither mass hosting by strangers or individual self-hosting (although these too have their niche), but small-to-medium self-hosting cooperatives/ collectives like Social.coop or digiLife.com.