Looking for an email provider

30 replies [Last post]
serval
Offline
Joined: 09/04/2014

Since I'm not a whistleblower, I don't need an anonymous email. Besides, I don't think that complete privacy is possible with emails.
For example, even if I run my own server and even if I encrypt everything, what if the person I sent the mail to, decrypts it and forwards it to someone else?! Or what if his/her computer and email accounts gets cracked?!
Moreover, most people I know are using Gmail anyway and they are not going to start encrypting emails, even though now there's an easy to follow guide on emailselfdefense.fsf.org.
So, I just need an email provider that simply doesn't read and scan emails by default and one that isn't part of PRISM or any other surveillance program. In other words, I'm looking for the level of privacy that we all should have in our everyday lives.
Riseup, autistici/inventati and mykolab are recommended on prism-break and they're very good options indeed. However, riseup and A/I are mostly for activists, and mykolab is expensive - it starts from 61.8$ a year.

I did some research and found these providers:
1) openmailbox.org - has free accounts, but this is a new service and I don't know if it can be trusted; couldn't find enough info on their site either;
2) mailoo.org - free accounts, but the website is in French and I couldn't understand anything from it;
3) VFEmail.net - both free and paid accounts; looks good, but the servers are in the USA and I didn't like their ToS(terms of service) much;
4) protonmail.ch - free accounts; based in Switzerland, looks very nice, but it's in beta stage; on prism-break it was critisized for serious security lapses;
5) unseen.is - free and paid accounts; this one is also in beta; servers are in Iceland; looks like a very good provider, but I'm not sure;
6) hushmail - I know, I know. But still, its free account could be used for sending emails to people who are using gmail or yahoo for example, or for subscribing to mailing-lists;
7) posteo.de - paid; costs 1 euro a month, or 12 euros a year; based in Germany;
8) fastmail.fm - paid; 10$ a year, more expensive options do exist though.

So, I need your advice. If you are using the above email providers, I want to know what you could say about these services.

Mzee
Offline
Joined: 07/10/2013

I know someone who is using posteo.de and he seems to be quite happy with it. Sorry that I can't provide any deeper insight.

lembas
Offline
Joined: 05/13/2010

Good list, thanks for sharing. There's also http://en.wikipedia.org/wiki/Comparison_of_webmail_providers but these probably all have fat pipes going to NSA...

leny2010

I am a member!

I am a translator!

Offline
Joined: 09/15/2011

Some points:

- What's your problem with riseup and A/I user base mostly being
activists? That's not a good reason not to use them.

- $61.80 is _not_ expensive for an email service which even the
goverment where it is can't legally pry into. Two coffees a month -
come on!

- You can use GPG with gmail if you access it using a suitable MUA
like Thunderbird & Enigmail.

- With all these services but the Swiss based ones the Five Eyes
exposure at the server end is from an inadequate secret legal
process. This isn't the most significant part of the Five
Eyes/Snowden problem, it's the fact your email metadata is subject
to snooping using Traffic Analysis when it crosses international
boundaries. Which will happen regardless of where you have your
email server.

Further, in the UK and some other jurisdictions law enforcement have
access to the same data from ISPs and telcos under still weak in
terms of due process systems.

So IMO the net out of all the above points is - use whichever email
provider you like as long as you can use it with your own local MUA
and GPG. And use those all the time for personal email.

lloydsmart

I am a member!

Offline
Joined: 12/22/2012

I'd honestly look into getting a cheap single-board computer (like a Raspberry Pi, but that's problematic freedom-wise) and running your own mailserver from it. It's the best way really. There are even some nice webmail projects in the works - take a look at mailpile.is. It's beta at the moment but coming along nicely.

leny2010

I am a member!

I am a translator!

Offline
Joined: 09/15/2011

Running your own mail server on one of these

http://www.aliexpress.com/snapshot/6254519313.html

(i.e. a Lemote Yeelong at a <= singleboard price) is a more freeom
preserving proposition.

Leny

tonlee
Offline
Joined: 09/08/2014

Have you bought something from the webshop? Where do you get software for the Lemote Yeeloong 8089B 8.9? Do you know the power consumption?

leny2010

I am a member!

I am a translator!

Offline
Joined: 09/15/2011

> Have you bought something from the webshop? Where do you get software
> for the Lemote Yeeloong 8089B 8.9? Do you know the power consumption?

The link was given by someone else on this list/forum a little while
ago. I ordered one from there about a week past, it was marked
dispatched promptly and understandably I'm still waiting for it.

Beware other stuff on the site might be cheap dodgy electronics when
it comes to things like non-branded graphics cards (or at least that's
the reputation of stuff from Hong Kong sites). The site has an 'as
described' guarantee so I'm hoping branded stuff will be OK. But as
always the proof of the pudding is in the eating. Maybe the original
poster will comment.

The Lemote Yeelong 8089B is supported by gNewSense and Parabola
GNU/Linux both GNU FSDG / FSF approved distros like Trisquel.
gNewSense is the other .deb approved distro, Parabola is bleeding edge
and considered a quite technical install.

The power consumption is listed here[1] as 20W. And no I couldn't
justify buying one at those EU prices. :-)

Leny

[1] http://www.tekmote.nl/epages/61504599.sf/nl_NL/?ObjectPath=/Shops/61504599/Products/CFL-004-2

Michał Masłowski

I am a member!

I am a translator!

Offline
Joined: 05/15/2010

Parabola for the YeeLoong is not "bleeding edge", it's unmaintained with
mostly broken and obsolete packages. gNewSense is the only FSF-endorsed
distro with "current" support for MIPS.

In my experience, YeeLoong 8101B used ~12W of idle power. Several ARM
single board computers will use much less total power at 100% CPU use
(with much lower idle power: they have good power management).

leny2010

I am a member!

I am a translator!

Offline
Joined: 09/15/2011

> Parabola for the YeeLoong is not "bleeding edge", it's unmaintained with
> mostly broken and obsolete packages. gNewSense is the only FSF-endorsed
> distro with "current" support for MIPS.

Thanks - I haven't read the appropriate trees yet :-) gNewSense will
be quite good enough for me.

> In my experience, YeeLoong 8101B used ~12W of idle power. Several ARM
> single board computers will use much less total power at 100% CPU use
> (with much lower idle power: they have good power management).

Yes, naturally, IIUC lower chip count. I'm looking forward to the Mali
reverse engineering making it to mainline (which debian-arm reports as
close). Then with Freescale documenting everything else for some of
their SoCs we might see something from the community. Maybe even an
arm64 box (just wishing mainly).

[edit 2014/11/5] That'll teach me to take Trisquel forum links on trust and not do due diligence. The price if you want to actually get one was $100, not that person.

serval
Offline
Joined: 09/04/2014

I tried the demo version of mailpile and I liked it to be honest. If my ISP won't mind it, I'll try running a mail server as soon as I find an extra computer.

lloydsmart

I am a member!

Offline
Joined: 12/22/2012

Your ISP shouldn't mind, so long as you're not providing email facilities for other people. If it's for personal use, you should be fine.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

Here is a recent interview of Brennan Novak, a Mailpile developer: http://files.curiouskids.co/podcast-onetoone-01-20140705-Brennan-Novak.mp3

It is a French podcast but the only presenter of this episode is Italian and the interview is in English (only a few seconds of French at the beginning).

lembas
Offline
Joined: 05/13/2010

I believe the main difficulty with running your own is to get the recipients to accept mail from you. I think this would make a nice wiki page if somebody has the experience to make one.

leny2010

I am a member!

I am a translator!

Offline
Joined: 09/15/2011

If your ISP/webhost runs an outbound mail server then you can use a 'Internet Site with Smarthost' type set up which avoids this problem[1]. Then for inbound use something like fetchmail (but not it - unfixed vulnerabilities according to /usr/share/doc/fetchmail/*) to get the contents of a POP/IMAP mailbox, deliver it internally to your email server, then delete them from the remote server afterwards. If you pick an email domain host for this who is not in your own legal jurisdiction then effectively you have a situation almost as good as running your own SMTP port setup from the point of view of law enforcement access to your emails. Plus of course you've not opened an SMTP port to your own network and are therefore somewhat more theoretically secure.

I used to have this setup and am currently building a Belenos system to do it again. For remote access an ssh tunnel configured for known key only access and the ssh port rate limited with a firewall like ufw is sensible. But ssh tunnelling limits your choice of MUAs.

[1] The Trisquel default MDA Postix is not necssarily the best for this, but it does OK.

leny2010

I am a member!

I am a translator!

Offline
Joined: 09/15/2011

Oh, and I forgot to mention - testing all the email setup variants in order to make the wiki page accurate would be beyond most people's resources (different types of ISP / email server setup). So a wiki page would always be less good than STFW for your own particular setup.

serval
Offline
Joined: 09/04/2014

Thanks for sharing your opinions, people.

leny2010, I have no problem with riseup and A/I. They've been defending freedom and privacy of their users for years now and I have huge respect for them. However, there might be some people in the world, who need riseup and A/I accounts more than I do - whistleblowers, real activists/hacktivists, journalists revealing government corruption, people resisting state oppression etc. I think I'd be wasting their limited resources, if I started using either riseup or A/I for ordinary staff. That's why I started looking for other options.

Well, in my opinion, mykolab is the best paid email out there. Plus, it seems they support free software movement as well. That said, 61$ might not be 2 coffees a month in all countries and for everyone. ;)

I'll definitely start encrypting my emails from now on. Actually, I've already tried using Thunderbird with gmail, but it showed me "password incorrect" error. I discovered that gmail was blocking Thunderbird and after I went to my account and allowed it, the error was gone. Later I found out that gmail calls Thunderbird a "less secure app" and this is absolutely ridiculous. Apparently Google tries to make people stop using Thunderbird.

leny2010

I am a member!

I am a translator!

Offline
Joined: 09/15/2011

If you think about it, leaving riseup & A/I to activists fingers them for attention from the authorities if there aren't a good number 'ordinaries' to bulk the user base out.

I appreciate $61 p.a. isn't two coffees for everyone, everywhere. Back in the early 90s a colleague who'd worked in China said it $6 pcm was a basic living there.

OTOH presently I approximate 'minimum living income' here in the UK - and if I am careful things like this are affordable. (Helped by spreadsheeting my finances once or twice a week.) But I know a lot of people on much more, 'supertax' even, who think things like secure / private email _must_ be gratis - so it was addressed to that audience. Nothing personal I don't know your circumstances.

onpon4
Offline
Joined: 05/30/2012

The FSF has a list of email providers that don't require non-free JavaScript:

https://www.fsf.org/resources/webmail-systems

Personally, I have a Riseup.net account and an OpenMailBox.org account.

serval
Offline
Joined: 09/04/2014

Thanks to FSF for creating that page, there are some good services mentioned on it. But mail.ru shouldn't be there. It's just a Russian equivalent of Gmail and as far as I know it was also a target of NSA's XKeyscore program.

onpon4
Offline
Joined: 05/30/2012

The FSF's only criterion for listing email providers is that they have to be usable without any non-free software, and for that mail.ru qualifies. Perhaps mail.ru snoops on your emails, but if your emails are unencrypted, that can be true of any provider. That's why you should use end-to-end encryption, no matter what.

Jabjabs
Offline
Joined: 07/05/2014

Personally I run on Fastmail.fm, it is fairly decent service (great interface) and I haven't had any issues to deal with so far. Yes it is paid but it seems fairly capable as far as I can tell, also offers very basic web hosting (no scripting) on the $40 plans if that interests you.

Forna
Offline
Joined: 01/12/2014

Hey did you take a look at A/I?

http://www.autistici.org

serval
Offline
Joined: 09/04/2014

After reading your posts I changed my mind. I decided to send an account request to either riseup.net or A/I.

Leny is right, email can't be gratis. So private email providers, those that don't "sell their users", are either paid or at least ask for donations. I prefer donating to riseup or A/I and supporting them somehow.

If the request doesn't get approved though, then I'll consider signing up at either posteo.de or fastmail.fm. They both seem to be very good options, thanks to Mzee and Jabjabs for suggesting these providers. Unfortunately, I really can't afford mykolab right now.

I'll start encrypting my emails as well. Running a mail-server should be the next step on the path to email privacy.

Forna
Offline
Joined: 01/12/2014

Great, I'm glad to read this.

leny2010

I am a member!

I am a translator!

Offline
Joined: 09/15/2011

+1

MrBuggles (not verified)
MrBuggles

I have used openmailbox.org for a bit less than a year and for webmail it does its job well and provides enough storage that I haven't had to pay for added storage yet. They also provide Owncloud, but I don't use this.

The only issue I have had is that I can't get their jabber server to work. But of course that has nothing to do with email.

Telinome

I am a member!

Offline
Joined: 08/13/2013

I have tried on multiple occassions to sign up for OpenMailbox, but each and every time, after registering, I can't log in. I would love to use a service, but it has to actually work for me.

davidnotcoulthard (not verified)
MrBuggles

If memory serves me having "-"s in the account name made it impossible for me to register. Perhaps you're having a case of just that.

alimiracle
Offline
Joined: 01/18/2014

I wish to change my email
But it seems impossible
because I have a lot of programs
Containing in the source code and in the Binary version my email
Greetings and respect
ali abdul ghani

greenman
Offline
Joined: 12/03/2013

I use Runbox. They're based in Norway, which gives a better legislative framework than many countries, and their servers run on renewable hydro energy.
https://runbox.com/ and https://runbox.com/why-runbox/email-privacy/ for privacy info.