E-mail providers - which one to choose?

E-mail sucks but is a necessary evil for now. What should be taken into account while choosing a provider? The most important thing is their privacy policy - as in, what data do they collect and store, and for how long - as well as whom they share it with and under what conditions. Of course, privacy policies should not be automatically trusted - some red flags to watch out for are: too much secretiveness, too much privacy salesmanship, contradictory claims. Always search the Internet for possible breaches that the service in question might have had! Other criteria to consider are: whether the provider supports mail clients (webmail is terrible all around, and takes control out of your hands); the possibility of signing up through Tor / a VPN; and whether its free or paid (though a good paid one is better than a shitty free one; don't worry - the best ones in this report are actually free). In-built encryption I consider mostly an illusion - there are various ways of implementing it, but none as robust as PGP with your own keys. And, of course, all of those require webmail, while PGP can be used with mail clients (some, like Claws Mail, even have built-in support). Okay, enough of the introductory bullshit - let's move on to the actual providers!

Google, Yahoo, Outlook, Yandex

These are designed to collect as much of your information as possible, and are obviously unsuitable for everyday use. Not much more to say. So let's move on to the ones that are (or pretend to be) more private.

Tutanota

This was my first provider after I got concerned about privacy and dumped Gmail and friends. That was before I "dug deep" - needless to say, I don't recommend it anymore. It does not support mail clients; I used to think that's something dinosaurs use, but now I can't live without it. Encryption works only if you pre-shared a password with your recipients (unless they also use Tutanota, then it's automatic). At the end of the article I explain how the value of even that kind of encryption is not that great, though. There's also this worrying policy in regards to logging:

In order to maintain email server operations, for error diagnosis and for prevention of abuse, mail server logs are stored max. 30 days. These logs contain sender and recipient email addresses and time of connection but no customer IP addresses.

No IP addresses? Great! Except if you use a VPN or Tor - Storage only takes place for IP addresses made anonymous which are therefore not personal data any more. It's a genius excuse, isn't it? You've hidden your IP so it isn't personal...except if Tor or the VPN ever got compromised. Also, later you will learn how just the metadata (which Tutanota does store) can reveal much more about you than you'd ever guess.

Signing up is free, but you are limited to only one account if you don't pay. If you do, then prepare for this:

For the execution of credit card payments your credit card data will be shared with our payment service provider Braintree. This includes the transfer of personal data into a third country (USA)

Later they say that they have an "agreement" with this company that they will only use your data for the processing of the payment - but the value of these "agreements" is doubtful, in my opinion.

Summary: webmail only, stores your anonymized IP and metadata. Not terrible but not great either.

ProtonMail

The most popular "private" E-mail provider, and often the first choice of a person getting away from the three giants. But does that mean it is in fact quality? Let's start with the sign-up process - if you're signing up through Tor or a VPN, ProtonMail requires SMS confirmation, which they promise not to store, but that is impossible to prove. The way their "end to end" encryption works is by generating the encryption keys while you sign up - using your own is not allowed. Since the whole encryption process is done by JavaScript in the browser, nothing prevents them from sending you backdoored JS; the encrypted messages can also only be sent to other ProtonMail users, unless using the paid account. Mail clients are not supported except, again, through a paid feature called "Protonmail Bridge" - which still does not allow to use your own keys.

But let's move past the fluff and see which data does ProtonMail actually store and for how long. Quoting from their privacy policy (archive):

We employ a local installation of Matomo, an open source analytics tool. Analytics are anonymized whenever possible and stored locally (and not on the cloud).

So when you visit their website, this Matomo spies on you. But what data does it actually collect? From Matomo's website (archive):

All standard statistics reports: top keywords and search engines, websites, social media websites, top page URLs, page titles, user countries, providers, operating system, browser marketshare, screen resolution, desktop VS mobile, engagement (time on site, pages per visit, repeated visits), top campaigns, custom variables, top entry/exit pages, downloaded files, and many more, classified into four main analytics report categories – Visitors, Actions, Referrers, Goals/Ecommerce (30+ reports)

So that's the website. What about the e-mail service?

we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, message subject, and message sent and received times. [...] We also have access to the following records of account activity: number of messages sent, amount of storage space used, total number of messages, last login time.

Great, even more metadata than Tutanota (if you trust Tutanota's claims that they collect as little metadata as they say they do). And then there's this gem:

When a ProtonMail account is closed, data is immediately deleted from production servers. Active accounts will have data retained indefinitely. Deleted emails are also permanently deleted from production servers. Deleted data may be retained in our backups for up to 14 days.

Read that again! Indefinite retention of data by the "private" ProtonMail! And 14 days for deleted data - enough for "them" to get you. At least there's disk encryption...

If you read their transparency report (archive), you will see quite a lot of requests for their data from governments all around the world. ProtonMail pretends to "require a Swiss court order" to cooperate - but you see that they often do that before receiving it - so don't expect that to protect you. One particularly egregious example is from May 2018, where they disabled an account because of terrorist allegiances - and we all know that's not just a convenient excuse these days, right? So, what we have here is a provider that does not support mail clients, spies on you on their website, stores your e-mail metadata forever and immediately gives it up whenever government knocks on the door and shouts "terrorism!". After all that it claims to be a champion of privacy...As we can see, ProtonMail is found out to be a paper tiger when examined deeper.

Hushmail

Everyone is entitled to their email privacy. Take back control of your data and experience a clean inbox with no advertising.

Okay, I'm in! Just give me a minute to check if the evidence supports your claims...

When you visit our website we may collect information about you, including your browser type, operating system and the Internet Protocol (“IP”) address of your computer. We use this information to facilitate your use of the website, gather market information and prevent abuse of our services.

No thanks. But wait, that's only the website - I could possibly deal with that if the actual mail service was private. But is it?

We take steps where possible to limit the personal information we collect.
Wow, thanks! So let's see just how limited those "limits" are:
As part of the account creation process your IP address will be recorded. We may request that you provide other information, such as a phone number, as well. We use this information to analyze market trends, gather broad demographic information [...]

Asking for my phone number is very "limited" indeed. And the market trends shit rears its ugly head again.

Information we record may include [...] account usernames, sender and recipient email addresses, file names of attachments, subjects of emails, URLs in the bodies of unencrypted email, and any other information that we deem necessary to record for the purposes of maintaining the system and preventing abuse.

So you're even snooping on the links in my messages! And any other information is an admission that they could possibly collect everything they imagine. But why pretend it's about preventing abuse? Just say you're in the business of gathering information.

We store sales, marketing, and customer care information with third-parties that support these business processes, which means that information such as your name, email address, phone number, and company name, as well as the history of communications related specifically to the sales or customer care process, may be stored there.

And now my name and phone number is being sent to whoever the fuck. Could this get any worse?

The records we keep of your activities are permanently deleted after approximately 18 months. Records that are stored for statistical purposes may be kept indefinitely.

...yes, it could in fact get worse. And that's not even the entirety of it (I don't want to write a book here!) - check out their privacy policy (archive) if you want to torture yourself further.

I forgot to mention that Hushmail actually wants money for all this abuse! And it doesn't even support mail clients. Taking all that into account, this is without a doubt the worst choice on this whole list. And they have the audacity to claim stuff like this:

Hushmail has been providing secure, private and encrypted webmail solutions since 1999. Here is why our customers trust our experience in the field.

Yeah sure - very trustworthy you are!

VFEmail

Requires solving a recaptcha, as well as giving your real name, to sign up. A lot of suspicious things in the user agreement; going over all of them would take a year, so I will discuss only the most important ones:

[...] VFEmail.net can terminate and/or change and/or modify your account [...]

Wait, modify my account? What the fuck? This can literally mean anything, including rewriting your mail, deleting contacts, or changing the password. Suspicious as fuck!

[...] VFEmail.net or its designee may disclose information to third parties about User and User's use of the Service [...]

Great! Prepare yourself for your privacy being ripped away and thrown around to advertisers and trackers.

User acknowledges and agrees that content, including but not limited to text, software, music, sound, photographs, graphics, video, or other material contained in sponsor advertisements or information presented to User through the Service or advertisers is protected by copyrights, trademarks, service marks, patents, or other proprietary rights and laws.

So you will be sent advertisements and can't even show them to anyone.

With a free account, you don't even get SSL encryption on your mail. So it is sent around in plaintext, completely visible to your ISP for example. You can pay to get some useless features, but the terrible TOS still applies. And to lighten up the mood...

If you do recieve mail between your last POP and the snapshot at 12am, it will exist on backup for a week - unless it's on Saturday night, then it's a year.

WTF? These guys must be trolling around here. Your mail is stored in a backup for a week...except on Saturdays! How random.

As for other data, you don't get told what gets stored and for how long. If you still didn't get the memo - get away from this crap! Honestly, it looks as if some jokers just slapped all the anti-user things they could think of, advertised themselves with bullshit like the Metadata Mitigator™ - for which of course you have to pay - and went around their merry way while raking in the cash. This might be worse than Gmail, which is more honest in regards to their (lack of) privacy and provides all its features for free.

Scryptmail

Free 7 day trial and then you have to pay. No mail client support. Claims to encrypt metadata and senders instead of just messages. Blog and support forum appear pretty dead; FAQ is also outdated - says Scryptmail is only a year old, but it's actually 4.

What about the privacy? Website uses Matomo analytics described in ProtonMail's section. And the mail? According to their privacy policy (archive), whenever two Scryptmail accounts communicate, only sent times metadata is stored. On the other hand, if someone using another provider sends an e-mail to your Scryptmail account, the collected data extends to this:

sender and recipient email addresses, the IP address incoming messages originated from, message subject, body and attachments and message sent and received times.

Other stored information includes: Last login time, IP address, User agent, API call. Though they claim that they have no ability to match an IP to a specific user account. Which appears to contradict the earlier claim, since they know when a certain account logged in, as well as with which IP address. It is possible they delete the information about the account which the data belongs to, but to say that they have "no ability" to connect them is a lie.

You should assume that your data will be stored pretty much forever. From the Data Retention section: Active accounts will have data retained indefinitely. What about deleted accounts?

Your personal data shall be deleted no later than at the end of the calendar year following the year of the termination of the contract unless in an individual case specific reasons to the contract apply. [...] Moreover, the deletion of inventory and billing data may be omitted provided that legal regulations or the prosecution of claims require this action.

In summary: paid, no mail client support, confusing and contradictory privacy policy, significant amount of data stored and never deleted. Avoid!

SAFe-mail (safe-mail.net)

Israel-based service established in 1999. Before I delve deep into the meat of the issues, let's look at the first impression. Namely, the site structure and grammar is something a chimpanzee would make - this makes getting any information from the site a puzzle in itself. Most of the stuff in there is ancient, and some sections contradict each other. They've had 20 fucking years to make a proper website but instead we get this abomination...but let's try to make sense of it anyway:

SAFe-mail pretends to be privacy-based but has no real privacy policy. The only thing is a snippet from 2008 saying:

Safe-mail.net is not using cookies and not collecting any data about users. Safe-mail.net does not transfer, sell, trade or oterwise exchange any data it might have about its users with any other company.

So it allegedly does not collect ANY data about its users. Why, then, do they bother to qualify it with a statement that they also don't sell the data? Wait, there's also this: (from the user agreement)(archive)

SAFe-mail Ltd. will not disclose information about you or your use of the SAFe-mail system, unless...

Okay, so you DO have data about your users after all...

You agree that SAFe-mail may access your account, including its contents, for these reasons or for service or technical reasons.

So now you admit that you can access even the contents of my account? Isn't this an admission that you read our mail?

Please note that your Internet Protocol address is transmitted with each message sent from your account.

No shit. But what we're interested in is whether that IP, or any other data, is stored by SAFe-mail, and for how long - and this information is not provided. Does this not sound suspicious? SAFe-mail spends a lot of time posturing on how privacy-based it is, yet seems strangely secretive about the kinds of data it collects; in fact, you have to read between the lines to realize that it stores anything at all. A clear indication of a honeypot to me.

The free account does not support sending mail through the mail client, only receiving. Other alleged privacy features like the SafeBox are also paid only. Of course, once you pay for the service, you are not anonymous anymore - they, again, don't accept bitcoins. Registration form asks for your real name and phone number; there is a manual approval of every account. I've tried to sign up through Tor while leaving the phone number field empty - but giving a real-looking name - and didn't receive the confirmation in two days. However, one reader has had a different result and was able to access his account in one day. Regardless, this seems like a honeypot and is NOT worth using.

Teknik

Requires an invite code to register. Supports mail clients. Has a nice feature of (I assume) displaying your public PGP key to others if you provide it. The privacy policy does not say much, however:

We use Piwik to track user interaction with the site. We keep it hosted on the server locally, so no analytic data is leaving the server.

Piwik has changed its name to Matomo recently, so just read ProtonMail's section to know more about it.

Dates - When you perform an action (ie: register an account), the date of the action will be recorded.

I assume this goes for all actions? Then it's absolutely terrible. What comes next?

Emails - Any email you send or receive with your Teknik.io email address is stored locally onto the server. These emails are not read.

Thanks for not reading my mail...and that's it for Teknik's privacy policy! No mention of whether the deleted e-mail is actually deleted, if there are any backups, what kind of data is shared and under what conditions. Nothing whatsoever! Pretty suspicious if you ask me. IMO, it's not even worth bothering to get an invite code for this, when better alternatives exist that don't require it. NOTE: The webmail can conflict with the LinkBot extension if you use it, so disable it for this website.

Cock.li

Sounds good at first glance - supports mail clients, does not ask for personal information, allows registration and usage using Tor and other privacy services, and is run by "some dude", not a business. I've confirmed it does actually support Tor - however, a proxy extension I've been using did not work. Claws Mail could not automatically detect the settings, but manual configuration is still possible. So is this the service to use? For that, we will have to see what data does it collect, as usual:

IMAP and SMTP logs include: When an E-mail is sent, the username, destination e-mail address, and information about the connection (like IP address, quota information) When you connect to IMAP, what IP address and username (if any) you are logging in with, and if that login was successful

These, according to cock.li's privacy policy, are stored for 48 to 72 hours. When you visit their website, cock.li stores this information: HTTP access logs containing your IP address, user agent, and type/location of your requests. They say it's not related to your account, but it would be trivial to connect them.

Cock.li's privacy policy is a little unclear on that point, but it seems that you can delete all your data manually - aside from registration information - and it will be gone immediately. Removing the latter requires erasing your account, but even then, that data will be kept for 30 days.

Cock.li has to be commended on its honesty. Privacy policy and TOS are short and straight to the point. It admits it can read your mail and that it cooperates fully with law enforcement; transparency and donation reports are also available. There's one other thing you might want to know about though...

https://arstechnica.com/tech-policy/2015/12/cock-li-e-mail-server-seized-by-german-authorities-admin-announces/ (archive).
"That means that SSL keys and private keys and full mail content of all 64,500 of my users, as well as hashed passwords, registration time, and the last seven days of logs were all confiscated and now are in the hands of German authorities,

Yeah...I mean, could this have gone any worse? The victims of this breach were probably wishing they never cared about this "privacy" stuff and still kept using Gmail, haha. Also, forget about having a normal domain name with this guy - they are all shitty jokes about cocks, rape, memes like blazeit and others you'd rather not show to most people. All things considered, this is a pretty good choice - but you will see how some later ones outclass it still.

Safe-Mail (safe-mail.nl)

Let's move straight to the meat of the issue:

The Safe-Mail Team are a bunch of nerds with a clear vision about privacy. And we want to give others the opportunity to protect their privacy. With a Safe-Mail community we want to let the world know that privacy is a legal right and we are ready to fight for it.
Great, and yet...
The provider does not check on messages or any other content stored on Safe-Mail.nl unless bound by law to do so (this means only when we get a court order!!).
So you can check on messages? Anyway, they will not fight court orders. So much for the privacy is a legal right posturing.
We do not hold any user information accept for the information you give us at the registration.
Unfortunately, that information includes my real name and city (I guess I can give a fake one, but still...).

Safe-Mail.nl does not have a true privacy policy, so all we have to go by is the above snippets plus a section from their FAQ - What do you log? - which says:

The whole Safe-Mail system is using different log files which we need to access when there are problems with the system. It's called maintenance and important for the health of our Safe-Mail system. We totally understand that it feels uncomfortable by the idea that you aren't really anonymous then, but we also cannot say that we log nothing. But we are convinced that log files older then 7 days does not have any value to us. Especially when it contains maintenance value. So we decided that all logs with "specific" information are being deleted from the server after 7 days. Log files only takes up space and we want to save that for more important matters. That does not mean you can abuse the system. There are rules and our guess is that all of you know what those rules are. We fight for privacy here, but we condemn illegal activities. Please, think wise and twice when you use the Safe-Mail system.

Not many specifics - remember, secretiveness is a red flag - but "specific" data (whatever that means) allegedly stays around for only 7 days.

Free account does not support mail clients. They do accept bitcoins so theoretically, you can have an anonymous account with mail client support. Even in the free account, you can upload an S/MIME certificate to have end-to-end encryption, however, unlike PGP, this relies on trusting a certificate authority - similar to SSL.

Maybe I'm a little too harsh on this one - but if FREE services with mail client support are available - that also don't ask for your real name - and will ACTUALLY stick their heads out for your privacy - then those should be used.

Mailfence

We believe that online privacy is a fundamental human right which can no longer be taken for granted so we decided that it was time to offer a service which is fully dedicated to email privacy.

I've heard that before. Let's see how this claim stacks up with your privacy policy (archive)...

We implement a local instance of Matomo [...]

This crap again. Read ProtonMail's section to see just how vile it is.

We collect IP addresses, message-ID's, sender and recipient addresses, subjects, browser versions, countries and timestamps.

Already a red flag here...but let's check out how long does this data stay there:

We retain backups of deleted messages and documents for 45 days.

Very private you are. And then comes this excuse:

This is for the purpose of restoring data in case of accidental deletion by users. After 45 days, data will be permanently deleted from all our systems.

Yeah sure - it's always "for the user's good". In the end, your deleted mail will stay on the servers for 45 days, regardless of justification. And if that wasn't enough...

Should you close your account, all data will be permanently deleted 30 days after the legal expiration date (i.e. the Belgian law imposes 365 days after account closing).

So you have to wait for over a year for your "deleted" account to be actually deleted. Nice privacy you've got there.

Mailfence makes a big deal about being protected by strong Belgian privacy laws - but not only has this been refuted above, but the relevance of these laws is doubtful anyway (archive) - scroll down to the Location section.

Sign-up form requires JavaScript and asks for your real name - but you can give a fake one; there is no waiting period for approval. Mail client support is paid only; they do accept bitcoins though. Allows importing your PGP keys but it's still all done in-browser. All in all, no free mail client support and a disappointing privacy policy despite lots of posturing - forget about this one.

Neomailbox

Paid only - 50$ per year; bitcoins accepted. Mail client support. TOS forbids you from badmouthing the service (lol) - not publish or post false, malicious, defamatory or libelous comments about Neomailbox or Neomailbox Customer Support in any form online of offline. What about the privacy? Not much is mentioned except:

We maintain logs of SMTP traffic for 60 days for performance analysis and abuse prevention. Anonymous surfing logs are wiped every 10 minutes.

And in another part of the website:

We keep no logs or customer data other than what is absolutely necessary for performance tuning and security monitoring of our servers. Your IP address is not saved in our logs. All logs are deleted every 7 days.

But wait, that contradicts the earlier quote. So they didn't explain themselves clearly - that's a red flag; as if they didn't want you to know what exactly do they store. You should assume the worst - namely that all your mail content and metadata is saved for 60 days. There is also this:

The following statement is true on October 1st, 2018: Neomailbox has never released any customer data to any government agency or other entity.

That's nice. However, the fact is - not only do you have to pay for getting your data stored for 60 days, but cannot even say a bad word about them. At least they have disk encryption and disposable addresses...regardless, for a paid service Neomailbox is pretty bad; there are free ones that thoroughly outclass it.

StartMail

Free 7 day trial with limited features. Paid version has mail client support, disposable e-mail addresses (a'la airmail) and OpenPGP encryption. But as usual, the most important issue is their data collection policy. Do they actually follow their Privacy. It’s not just our policy. It’s our mission. slogan? Let's find out. First, their website:

The data that's collected and processed by their website include: your IP address, browser and operating system type and version, browser language settings, country, date and time, origin of your visit, as well as clicked links and visited (parts of) pages of their website. Hmm, the latter sounds suspicious. Wonder how do they justify it? to help us get an idea of which of our pages appear to be effective to inform our visitors. How about the origin of your visit? to assess the success of our search engine optimization and information outreach efforts. And the country? to know in which countries and at what moments our marketing efforts appear to be effective. Sounds like good old tracking to me. They claim this data is then "deleted or anonymized", but whatever. I don't know about you, but I don't want to be apart of their "marketing" and "information outreach" experiments - anonymized or not. How about the mail service?

When you delete an email, it is immediately deleted from our production servers, unlike what happens with many other webmail providers. Only on the off-site backups (which are fully encrypted, of course) a copy will remain for the maximum retention period of three days. Your Account will be stored for as long as our Agreement remains in force. When an Agreement is fully terminated, all data contained in the Account, including all emails, will be deleted permanently.

No issues here, really. How about sharing the data?

We will not comply with requests from any authorities other than Dutch authorities. If we receive a request from any foreign government, we will refuse to comply and will instead refer the requestor to place a formal request to the Dutch authorities for mutual assistance.
StartMail will never cooperate with any voluntary surveillance programs. Under the strong current laws that protect the right to privacy in Europe, European governments cannot legally force service providers like StartMail to implement a blanket spying program on their users. Should that ever change, we will use all methods at our disposal to resist.
We will not comply with any requests from private third parties to provide information about our Users, unless we would receive a valid Dutch court order to such effect.

So, third parties can't get your data and government needs a valid Dutch court order; they will also resist blanket spying programs. Not bad, I guess. There's one more thing you might want to know about, though. Since the service is paid, and they don't accept bitcoins, you won't be anonymous. And they keep payment information for 7 years - We store invoices for 7 years, or whichever period may be prescribed under applicable tax law. And, according to Wikipedia, invoices contain personal data, such as your name. Quite a stain on an otherwise decent policy. Still, this is one of the better choices here - but if you really want a paid service, the one below is probably slightly better.

Posteo

Their privacy policy (archive) starts off very promising:

we strictly do not save any IP addresses that could be traced back to customers. [...] This was independently confirmed in an audit report by the German Federal Commissioner for Data Protection. This was independently confirmed in an audit report by the German Federal Commissioner for Data Protection.

The audit is in German so I can't confirm what was actually checked, but it's great that they bothered to do it. A slight hiccup here though:

In the communication between email servers via SMTP, we come to know the IP addresses of other email servers (for example IP addresses from GMX and Gmail servers). The IP addresses of the servers are logged in the logfiles and deleted after 7 days.

So your own IP isn't stored, but the one of your recipients is for 7 days. How about the mail contents?

When you delete content data, it's deleted immediately. We save all content data daily in a security backup and keep this data for a duration of 7 days.

So you can delete your mail anytime, and it's gone except for the backup. Not bad; you can encrypt the backup as well:

Additionally, we offer the possibility to encrypt all emails, notes, contacts and calendar entries that are saved at Posteo individually with the password of the account (AES-encryption).

Posteo is a paid service (1 EUR per month), though it alleges that the payment data is anonymized (as in, not connected to your account); you can read more about this here (archive). However it is unclear what is actually saved - on one hand, they say that Despite the change in the law, we still do not save any of our customers' user information; and on the other - For PayPal payments: The time and date of a payment, the amount, and the name of the payer. The data is stored for 10 years; they say it is not connected to the user's account, but you will have to take their word for it. Cash payment is also available.

No tracking shit on their website, unlike StartMail. No IP storage, e-mail deleted immediately upon your action and only stored in a backup encrypted with your password. No personal information collected ever; payment data anonymized as well, so even when the government comes knocking, they get nothing. All in all, if we take all of what Posteo says as it is, we have ourselves a great service - probably the best you can get from a corporation - but you will see how some free ones are even better.

Dismail

Best "sign up and go" service if you trust its privacy policy. Well, there is a slight hassle in having to send them an XMPP message first - but the e-mail activation appears to be automatic, so it isn't a real problem. Signing up requires no personal information. Supports mail clients. There is disk encryption:

All emails you send and receive while using our email platform, as well as all contacts, are stored on an encrypted file system.

Good. This means that if anyone seized the server, they would get only encrypted data. According to Dismail, they haven't ever gotten requests from the government (but would they tell you?). But let's say someone got the server anyway and managed to decrypt the data - what would he get?

SMTP logfiles: Sender, recipient, message ID, and size of every sent and received email. [...] IMAP logfiles: Which account has logged in when from which IP address.

Hmm, that's quite a lot of metadata - which can be pretty revealing, as I describe later. They claim they delete it after 3 days, which is better than most other providers rated in this report. Though the ideal would of course be no storage of metadata.

Neither the email content nor its subject line are stored.

This is the big one which makes Dismail better than the other hassle-free services. Your most important information - the mail content itself - is 100% protected.

Okay, time for a small recap. Among free providers so far, the competition for the first place is between Dismail and Cock.li - they collect and store a similar amount of information and for near the same amount of time. Both support mail clients and Tor / VPN registration. However, they still store an amount of data I consider significant. And they have another issue - both are run by a single guy; what happens if they get bored or...anything else happens to them? The service probably dies. From the paid ones, the only one worth getting over these two is Posteo - which seemingly stores very little data - and what it does store can be immediately deleted and remains only in an encrypted backup.

So why did I decide to break the article up here? Well, because I wanted to save the best for last! What's coming next are three providers that leave both Dismail and Cock.li in the dust. Even Posteo cannot compare - despite them being free. So what makes these three so different? Have a comfortable seat and read on...

Disroot

Disroot is a platform providing online services based on principles of freedom, privacy, federation and decentralization. **No tracking, no ads, no profiling, no data mining!

Now, I'm sure you've heard this speech many times before, so I understand if you are distrustful at first. But this time, these claims are actually true. If you read their essay on their About Us page, you will notice how different it is to what you can see on the usual corporations' or "free" providers' sites. Finally, it is regular people speaking to us, instead of soulless businessmen. Some quotes:

Our tools should be open, decentralized, federated and respectful towards freedom and privacy.
We want to encourage people to break free of the walled gardens of popular software and turn to open and ethical alternatives,
Together we can form a network that is truly independent, focused on the benefit of the people rather then the exploitation thereof.
We are accustomed to being analyzed, blindly accepting terms and conditions for "our own good", trusting authorities and multi-billion dollar companies to protect our interest, while all along we are the product in their 'people farms'.
The less we, as admins, know about your data, the better :D.

There is much more - it is worth it to read the whole About Us page (actually the whole site). Now think - decentralization, freedom, openness, respect, independency...How often do you see providers using those words? Even better - how often do you see them speaking against corporations, walled gardens, or being the product? Or admitting they don't want to know anything about you? This stuff is straight from the heart - you can't fake it. Disroot people are your friends - they're one of you. Okay, enough of the praise, let's check out their privacy policy (archive) to confirm all this.

We store logs of your activity for period no longer then 24h

Okay, so regardless of what is stored, it will be gone after at most 24 hours. With just this, Disroot already outclasses all other providers mentioned so far - but wait, it gets better:

We use disk encryption on all data to prevent data leak in cases where servers are stolen, confiscated, or in any way physically tempered with.

So you're safe even in case of a breach. But it doesn't even matter since nothing is actually collected! Look:

IP addresses of currently logged in user via IMAP/POP3 protocol are stored as long as the device is logged in to the server. (per each device logged in)

IP only for the duration of the session - so it's not logged.

We do not collect any data other then what is needed to provide you the service.

I assume stuff like e-mail metadata does not qualify as essential for providing the service. Even if it did - all logs are, again, gone after 24 hours maximum.

Disroot allows signing up through a VPN or the Tor network. Mail clients are supported - but you can use the RainLoop webmail as well, which supports PGP encryption - but they tell you not to rely on it and instead encrypt your shit locally (as I've been saying all throughout this report).

Nevertheless, we encourage you to always be cautious when using email communication, and to make use of GPG encryption to ensure your correspondence is safer.

Signing up for Disroot requires filling a "Your Story" section. Earlier, they've used ReCaptcha to deal with the spam problems they had - but - due to privacy reasons - dumped it and had to come up with something else, so there it is. For that, you get not only a private e-mail account but also cloud storage, pastebin and other services. There is also a forum that you can post on.

That's it for the first out of three community-run platforms. I hope you see what makes these different to all the ones I've wrote about earlier. So lets's check out the other two!

RiseUp and Autistici

Anarchist mail servers. These don't work like businesses, but for the benefit of the community, so if you can trust anyone, it's these guys. And in fact, you cannot get better service than from RiseUp's mail. Full disk encryption, no personal info required to sign up, no ads, mail client support, NO IP LOGGING, Tor services available. Autistici is much the same. The problem with those services is that one requires an invite, and another a written justification. But if you manage to get these, they are the best ones on this list.

However it does not mean they are perfect. RiseUp has once complied with two sealed warrants from the FBI. They also tried to justify it:

Extortion activities clearly violate both the letter and the spirit of the social contract 1 we have with our users: We have your back so long as you are not pursuing exploitative, misogynist, racist, or bigoted agendas.
The government also forbade them from telling you that -
There was a “gag order” that prevented us from disclosing even the existence of these warrants until now. This was also the reason why we could not update our “Canary” 2.
However, to be fair, after this fiasco they've started encrypting the e-mails on their servers, so this situation shouldn't happen anymore. You can read more about this here: https://riseup.net/about-us/press/canary-statement (archive)

As for Autistici, they were compromised once in 2004 - however they DID NOT COMPLY WITH ANYTHING. It was their host that let the police copy whatever data they wanted and didn't tell Autistici. You can read more about this here: https://www.autistici.org/ai/crackdown/ (archive). There were also two (archive) hacks (archive) in 2017. However in all three situations, Autistici reacted swiftly and appropriately - dumping the bad host in the first one and resetting passwords plus fixing the vulnerabilities in the latter two. They also told the users what has happened, and were clear that they should take a more proactive role in their security. Also, since 2015, France has a law that allows the government to live capture the traffic of French hosts, and one of Autistici's mailservers is French. Make of that what you will.

Summary

It is very worrying how many providers pretend to be privacy based but turn out to be anything but - even actively trying to compromise it. No matter, there still exist a few good guys such as Riseup, Disroot and Autistici. Right after them comes Dismail - even though it has simpler registration and a privacy policy just (or almost) as good. So why is Dismail inferior? Well, it comes down to trust - the former three are anarchist in nature, so they'd likely rather pull the plug than work with the government. From https://riseup.net/en/about-us/press/canary-statement (archive) -

Q: Are you compromised by law enforcement? A: No. We have never permitted installation of any hardware or software monitoring on any system that we control; law enforcement has not taken our servers; does not, and has never had access to them. We would rather stop being Riseup before we did that.
And from Autistici -
- We guarantee that we keep no logs, that we won’t ask for personal data to grant access to any of our services, and that we will do everything we can to keep our anonymous remailer, anonymizer and everything else that ensures the privacy and confidentiality of your communications running and safe.
However, Dismail is still great if you cannot get into the former three. All others are not worth bothering with IMO. And to reiterate - there is no perfect e-mail provider, especially when dealing with nation states. As RiseUp themselves say - Nothing online is 100% secure. If you have something very sensitive to say, do it offline. Refreshing honesty, and something to keep in mind. Trust No One.

On encryption

As I said in the introduction - I do not consider the various webmail encryption methods worth much. It is all about PGP - but beware of putting too much trust into that as well. Even though it is the strongest link in security systems - the possibility of it being cracked is still there. Someone could also take control of your private key and decode all your shit (if he is able to crack or steal the password as well). PGP, also, does not encrypt the headers - this includes the subject, sender, recipient and others - you can see all the headers in your mail client; it is all the stuff above the actual message. There have been analyses done (archive) on just how much information can be revealed without even knowing the message contents - the results should astonish you.

But we see that even our not very sophisticated, DIY methods, enabled us to create a deep and clear image of someone’s habits and activities, using information extracted from ‘only’ email metadata. Although our investigation primarily discovered relations, patterns and anomalies of someone’s work life, it still gave us an insight into that person’s habits that border with private life.
But this is not even necessarily required, since an actual attack on PGP called EFAIL (archive) has recently surfaced - which needs the attacker to have
access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers.
All this is why it is important to only use services that will not keep your data stored for too long (or at all!) and will resist sharing it with nosy "requesters". And that you can expect only from community services, not corporations - which is why they are my top three recommendations.

Last updated: 18 / 11 / 2018

Click here to go to the main page