Free email providers

27 replies [Last post]
talbers
Offline
Joined: 01/29/2017

Currently I'm using google's email service but I would like to move onto a provider that respected my freedom, but I do not know any alternatives, could you suggest some? The only requirement is that it has to be free (in cost) as I have no way of paying for it.

ivanB1975
Offline
Joined: 08/29/2017

Long time ago, I bought a raspberry pi for 35 dollars, and I installed on it citadel. At the same time for 50 dollars I bought my own domain name for 10 years and in a week I had my personal email set up on the pi. The best way to respect your freedom and pocket is to learn how to do things yourself :)

talbers
Offline
Joined: 01/29/2017

Yes, I had the same idea as I also wanted to have my own web page, the problem is, my internet really sucks (disconnects all the time) and I don't have an static IP either (I guess there are some alternatives to this point). Maybe it's time to talk with my internet provider ...

strypey
Offline
Joined: 05/14/2015

Hi Talbers, I hope the various responses to your query about freedom-respecting email providers were useful.

>> I also wanted to have my own web page, the problem is, my internet really sucks (disconnects all the time) and I don't have an static IP either (I guess there are some alternatives to this point). <<

You don't have to run the server on a box in your home to start learning how to self-host. There are various options for leasing server space for commercial datacentres.

If you're actually going to host private data on it, I would recommend leasing a full virtual server for production use. But if you just want a server to tinker and experiment with, it's usually cheaper to use a shared server, or a "cloud" host that only charges you for the resources you actually use. Many "open source" startups use AWS, but I suggest looking for more freedom-friendly hosts like Catalyst (https://catalystcloud.nz/), ideally one based in your own country, or somewhere nearby. Others on this forum may like to suggest other hosting options.

If you do want to experiment with running servers at home, I suggest trying a personal hosting distro like YUNOHost or FreedomBone (a fork of FreedomBox, that only includes free code software with no proprietary binary blobs). According to the FreedomBone documentation, a lack of a static IP can be resolved with DynamicDNS
https://freedombone.net/faq.html#orgf845f43

The intermittent internet connection is a tough problem to fix. Short of getting a better internet connection, I suggest starting your home hosting experiments with server packages that are designed to handle intermittent connections, such as PeerTube (a video-hosting server using BitTorrent/ WebTorrent), and Hubzilla (a federated blogging engine).

jxself
Offline
Joined: 09/13/2010

"The best way to respect your freedom and pocket is to learn how to do things yourself :)"

For sure. It's too bad that I can only upvote this once.

GrevenGull
Offline
Joined: 12/18/2017

One thing I don't understand about "buying" domain names is... who owns them in the first place?

Also.. what is raspberry pi? And citadel?

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

On 02/12, name at domain wrote:
> Long time ago, I bought a raspberry pi for 35 dollars, and I
> installed on it citadel. At the same time for 50 dollars I bought
> my own domain name for 10 years and in a week I had my personal
> email set up on the pi. The best way to respect your freedom and
> pocket is to learn how to do things yourself :)

I've considered doing this. I already have a domain name and a C.H.I.P. Have you managed to avoid getting blacklisted? I read here

https://mailinabox.email/guide.html

that this is a risk of using a server in your home.

s1lv3r
Offline
Joined: 10/29/2017

https://www.fsf.org/resources/webmail-systems you can find something here, sigaint is closed but the others are viable.
I think these two are the best you can find https://posteo.de (you have to pay a small fee for this one) or https://riseup.net/.
You can ask for an account on this site https://www.autistici.org/, autistici inventati is a famous site you probably already heard of it.
More info for your privacy here: https://prism-break.org/en/.
More email providers: https://prism-break.org/en/subcategories/gnu-linux-email-accounts/
Hope this is helpful!

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

I can only recommend two: riseup and cock.li (the latter has several domains if a mail with cocks does not fit your standards)

talbers
Offline
Joined: 01/29/2017

I checked riseup's site but I don't know how to get an invitation ticket :/

GrevenGull
Offline
Joined: 12/18/2017

I encourage the person who downvoted this comment to explain why said person downvoted.
I upvoted to somewhat spread the balance, but I would very much like to upvote again.

edit: typo

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

I've learned that the voting system is silly and up/down votes shouldn't be read into too much. The appropriate use of downvotes is to flag posts that are inappropriate. If you see a post that has been downvoted even though it does not violate community guidelines, you can do exactly as you did here and cancel it out.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>I don't use email, it is too dangerous

Why is email dangerous?

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>a system with many potential attack vectors.

Care to elaborate?

Jodiendo
Offline
Joined: 01/09/2013

Why is email dangerous?
THE ANSWER IS
'HEYJOE"
lack OF INTEGRITY AND TOTAL RELATIONSHIP OF A DISHONEST PERSON.

Abdullah Ramazanoglu
Offline
Joined: 12/15/2016

[heyjoe]
> Option 2: stay with whatever you use, communicate using end-to-end encryption (if your recipients know how). Then it doesn't matter much who the carrier is. The caveat still remains.

I think the same. Regardless of which SAAS service is used, backbone routers and fiber-optics are still owned. So it does't matter at all whether you use a PRISMed server or a home brewed server, unless you *encrypt* your communications.

As for the caveat, if a correspondent doesn't use encryption, then there's nothing that can be done. Again it doesn't matter if you've secured yourself or not. So my suggestion would be using any mail service pragmatically convenient, and then using encryption whenever possible.

[SuperTramp83]
> Why is email dangerous?

I believe J Assange doesn't trust in encryption as well. He may have a reason for that.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

Edit: I misread.

quantumgravity
Offline
Joined: 04/22/2013

> The question is: which online service provider runs on RYF hardware with FOSS firmware and software?

No, that's not at all the question.
It's always the same thing: once you send data to other peoples computers, you gave away control over this data anyway and it doesn't matter at all what
software this other computer claims to run.
It's not *your* computer but theirs, and so asking for an email provider that runs only free software on their servers is actually being concerned about *their* freedom.
You already gave away control over your data anyway and can never be sure what software the mail provider really runs.
Even if he does run only free software, he could still mistreat you by copying your mails, reading them, selling your data etc (just examples here).

Now, don't get me wrong: we have to give away control over our data to some extent in order to do certain jobs.
For instance, I can't search the web with my own computer alone. I have to connect to a search engine and transmit my query.
There are other examples were I *could* do the job on my own computer, and if I still send the data to some server in order to get processed, it's called
"Service as a software substitute":
https://www.gnu.org/philosophy/who-does-that-server-really-serve.en.html

Note that in the case of "service as a software substitute", it's not important what kind of software actually runs on the server, since you don't own it.

An email provider that "respects your freedom" is most likely one that allows you to use his service without the need of proprietary software.
I think this holds for all providers I know of.
An email provider that "respects my privacy" is a separate question, since freedom and privacy are two distinct yet connected topics.
It's always a matter of trust... unless you use encryption.
After all, this whole "we will not log anything and won't read your mails" is nothing but a promise.
As others have pointed out, running your own email server is the best but inconvenient way.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

The email provider does NOT run only free software. NO computer in this world does that as of today. I wonder why it is so difficult for most people here to understand this.

I wonder why it is so difficult for you to understand that it is *not* quantumgravity's point. He even started his reply to your question ("which online service provider runs on RYF hardware with FOSS firmware and software?") with "No, that's not at all the question". The central point of his reply is:

Even if he does run only free software, he could still mistreat you by copying your mails, reading them, selling your data etc (just examples here).

quantumgravity
Offline
Joined: 04/22/2013

Did you even read my post?
It almost feels as if you're replying to somebody else... you completely missed my point.

dsj19
Offline
Joined: 12/05/2013

> The question is: which online service provider runs on RYF hardware with FOSS firmware and software?

Vikings [1] will soon lunch their librehosting service and I asked them at FOSDEM when they will be ready to deliver. They said that they would start in April 2018 with email hosting first and afterwards continue with the librehosting service.
They run on free hardware [2] (Talos 1 and Talos 2) + FOSS software

[1] https://vikings.net/
[2] https://www.raptorcs.com/TALOSII/

GrevenGull
Offline
Joined: 12/18/2017

protonmail?

Jodiendo
Offline
Joined: 01/09/2013

i USE PHOTON MAIL ,IS FREE BUT iF YOU HAVE TO PAID FOR IT IS A DIFFERENT STORY.

Abdullah Ramazanoglu
Offline
Joined: 12/15/2016

[TIC]
I believe email security is generally exaggerated to no extent. It shouldn't be quite so difficult to achieve reasonable security in terms of email messaging (ignoring other uses of internet for the sake of discussion).

If you simply merely...

* Use only pure libre and audited hardware
* Use only pure libre and audited software
* Encrypt your emails with GPG
* Ensure that there is no back doors to the encryption algorithm you use
* Ensure that your keys are safe
* Ensure that all of the above also true for your correspondents

...then you can expect to have reasonably good email security and privacy.
It's quite as very simple as that!
It is beyond me why people make a fuss about it.
[/TIC]

Abdullah Ramazanoglu
Offline
Joined: 12/15/2016

> What you list is only valid if all the nodes in the network have the qualities you listed.

I had addressed it with;

>> * Ensure that all of the above also true for your correspondents

Node B is one of your correspondents.

> That's the big fuss (to my mind).

[TIC]
Oh no, ensuring encryption-suitability of your correspondents is not so difficult that you seem to think. All you have to do is prepare a simple checklist, send it to your correspondents in plain text while you're exchanging public keys. And decline exchanging encrypted mails if one of the requirements in the checklist is not met by your correspondent.

In order to make things easier for non-tech people, this checklist should *not* ask questions like "[ ] Is your hardware comprised of only pure libre and audited parts?" That's a tough question for the casual user. Some people may not know what "pure and libre parts" means. Each question regarding encryption suitability (that I have given in my previous message) should be translated into much easier sub-lists, such as;

For hardware:
[ ] Is your CPU Shakti? (if not, please give its name and model)
* What is the name and serial number of your BIOS? [__________]
* What is the name and model of your GPU? [__________]
* What is the name and model of your NIC? [__________]
* What is the name and model of your WiFi? [__________]
* What is the name and model of your modem? [__________]
* What is the name and model of bluetooth adapter? [__________]
[ ] Are your USB connectors stuffed with glue? (silicon gum or the like would also do)

A plain and easy sub-list similar to the above should be prepared for each of hardware, software, GPG usage, algorithm security, and key security. Shouldn't take more than a couple of minutes of your correspondent. Given the stakes involved, what's a minute?

A small utility might be written, even, to streamline the process. For me, I would have found it most helpful if Debian main repository included such a package. Then all I would have to do would be, quite simply, asking my correspondent "Please run freedom-police and pass me the output".
[/TIC]

Abdullah Ramazanoglu
Offline
Joined: 12/15/2016

> What is TIC?

Tongue in cheek. :)

Abdullah Ramazanoglu
Offline
Joined: 12/15/2016

> The bullet lists you show are still only for experts. I can't imagine doing it with clients who use iMac/iPhone and are utterly proud of it and closing one's source of income because of that would be insanity.

Exactly.

With [TIC] paragraphs I was indirectly saying that true email security is practically out of reach for the time being. Non-existent (yet) libre CPU, non-existent libre GPU, non-existent libre networking hardware, pure libre audited software, ensuring that all the parties are the same...

Abdullah Ramazanoglu
Offline
Joined: 12/15/2016

> So there is not a perfect method.
> How difficult is it?

I am afraid there is no *perfect* method, but there are *good* methods. I sctratched the surface of it in the other thread you started. (Is there a perfect method to guard our communication?)