Safe E-Mail Provider

[turvarya]

Hi,

I am currently looking for a new E-Mail Provider.
I have used G-Mail for a while now, which is dumb, I know, but I am just a really lazy person sometimes.

Is there anything out yet, with a good client side encryption? Preferable not located in the US?

Thanks

[1715315134]

1715315134

[1715315134]

1715315134

[1715315134]

1715315134

[1715315134]

1715315134

[Vessko]

The short answer is "no". But it depends what you want to do and what your needs are.

For me, it is utterly important that the message is secure (which means only encrypting it myself on a computer I fully control) and the communication is compatible with other people like me (which means using PGP and not GnuPG, for instance). But I'm just a dinosaur.

If you don't care about backwards compatibility with PGP users like me, you can use Thunderbird with the Enigmail plug-in (which uses GnuPG) and any conventional e-mail carrier.

If convenience is more important than security and compatibility, you can use a web-based service like www.unseen.is. This is not an endorsement. I've tried them. They are both incompatible (can't import my PGP key and have failed to resolve the problem for months; their customer support sucks) - and insecure (JavaScript-based encryption? Really?!).

You do realize that if you use client-based encryption, you'll be able to communicate only with people who also use that encryption, don't you?

If you are looking for transparent and secure encryption of your e-mail that even your old aunt can use and cannot be spoofed by the e-mail carrier, you are SOL.

[QuantumQrack]

http://prxbx.com/email/

http://prism-break.org/en/categories/windows/#email-accounts

https://protonmail.ch/

I use countermail.com currently, but also have a protonmail account as well.

You can also use bitmessage, although it is experimental, and they are still working on problems with it.

https://bitmessage.org/wiki/Main_Page

[Jamie_Boulder]

Host your own mail & private smtp server (published externally of course)

This means you probably have to re-do the contract with your ISP though.

[Orangina]

You may wanna check out GMX eMail http://www.gmx.com/

[axel2078]

Check out tutanota.de

[Nextgen]

you can host your own domain and setup email service on this
your own private email setup

[shorena]

You may wanna check out GMX eMail http://www.gmx.com/

Freemail = you are the product. GMX is no better than gmail in that regard.

Focus on small providers like mykolab [1] (take bitcoin, located in switzerland) or posteo [2] (based in germany, do not require any data, you can pay cash if you wanted to).




[1] https://mykolab.com/
[2] https://posteo.de/

[Vessko]

1) The suggestion to run your own SMPT server/domain is plain ridiculous. If you do the encryption on your own computer (as you should, if you want security), then it doesn't matter where the server is and who owns it. It will see only encrypted messages anyway. So, as I said, if you don't care about compatibility with PGP users, just use Thunderbird+Enigmail+GnuPG and any e-mail carrier. I know that it will work with Yahoo! Mail. Maybe it will work with GMail, too - I just never tried configuring Thunderbird to use GMail.

2) Where the server resides is irrelevant. The Swiss cave in to US pressure and broke even their own bank secrecy laws - do you seriously think that a Swiss-based company will refuse to execute a man-in-the-middle attack (like Hushmail did) if the magic word "terrorism" is mentioned by men in suits? If you want security, choose a solution that does not require you to trust the server - not one that relies on the server being in a "trustworthy country". If you do your own encryption, it doesn't matter if the server is based in the USA or elsewhere. The worst the US authorities can do is cut your e-mail service.

3) Protonmail is a (bad) joke. It is even worse than Unseen.is.

4) I strongly advise you not to use BitMessage, unless you have bandwidth to burn and are willing to face ridiculous accusations like "carrying e-mail traffic for terrorists/child molesters". Establishing a good, secure e-mail communication line is a headache enough; you don't want the additional headache of carrying other people's encrypted communications.

5) GMX is just webmail; I couldn't find anything on their site that says the e-mail is encrypted on the client - or even on their server.

6) Tutanota doesn't work well with external recipients (i.e., who are not Tutanota users). You need a separate channel to convey them the encryption key, which is a hassle. But it is insecure even between Tutanota users. They keep your secret keys for you. Yet another "trust me" service.

7) MyKolab does not provide encrypted e-mail. They suggest that you use Thunderbird+Enigmail:

https://en.wikipedia.org/wiki/MyKolab#Email_encryption

8) Posteo is some German-language crap without even an English user interface. My knowledge of German is limited but it seems to be yet another "trust me" service.

As I said, the short answer to your question is "no". But maybe your requirements are less strict than mine.

[newIndia]

Hi,

I am currently looking for a new E-Mail Provider.
I have used G-Mail for a while now, which is dumb, I know, but I am just a really lazy person sometimes.

Is there anything out yet, with a good client side encryption? Preferable not located in the US?

Thanks

If u r looking for Disposable Temporary E-Mail Address, u might like to try guerrillamail.com.

[deepceleron]

The "good encryption" is encryption that is located on your computer. You also need to obtain the public encryption key of the recipient in a way that you can confirm that it has been unaltered.

Encryption is not hard to do, but finding other parties that also can send and receive encrypted email is the harder part. You also must communicate with people who have the sense to decrypt and read the message where it can't be intercepted.

You can send and receive encrypted email with any provider, but it is much easier if they have POP/IMAP access so you can run your own client software instead of cutting and pasting the message to decrypt. Also note that the "metadata" of email transit and the sender/receiver info that spy agencies claim to have the warrantless right to intercept cannot be masked.


https://securityinabox.org/thuderbird_encryption

[franky1]

.... bitmessage...

[2double0]

gmx?

[lordbaltimore]

Www.yandex.com dutch company servers located in a secret building in Moscow.No probs in 2 yrs

[shorena]

1) The suggestion to run your own SMPT server/domain is plain ridiculous. If you do the encryption on your own computer (as you should, if you want security), then it doesn't matter where the server is and who owns it. It will see only encrypted messages anyway.

... and metadata. It actually makes sense to choose a provider that at least tries to protect your privacy for a number of reasons.
#1 While no company can deny a judicial requested they should instist on one.
#2 Freemailproviders in general generate data on their own because thats their bussiness model. Thus it makes sense to pay for the service which gives your provider less incentive to profile you and sell it via the marketing department.
#3 not everyone you contact might use encryption
#4 while any mailprovider should use SSL, e.g. GMX did not for ages.

So, as I said, if you don't care about compatibility with PGP users, just use Thunderbird+Enigmail+GnuPG and any e-mail carrier. I know that it will work with Yahoo! Mail. Maybe it will work with GMail, too - I just never tried configuring Thunderbird to use GMail.

GnuPG (same as PGP) is independent of the provider you use. They might not support it on their website, but one should not do encryption on a remote server anyway.

2) Where the server resides is irrelevant. The Swiss cave in to US pressure and broke even their own bank secrecy laws - do you seriously think that a Swiss-based company will refuse to execute a man-in-the-middle attack (like Hushmail did) if the magic word "terrorism" is mentioned by men in suits? If you want security, choose a solution that does not require you to trust the server - not one that relies on the server being in a "trustworthy country". If you do your own encryption, it doesn't matter if the server is based in the USA or elsewhere. The worst the US authorities can do is cut your e-mail service.

While you are correct that the location may not be relevant in certain cases, for actual law enforcement (not those creating a surveilance state hunting "torrorists") juristiction does matter. Besides OP specifically asked for providers outside the US.

7) MyKolab does not provide encrypted e-mail. They suggest that you use Thunderbird+Enigmail:

https://en.wikipedia.org/wiki/MyKolab#Email_encryption

Encryption can not be provided by a remote server in a meaningfull way. What are you talking about here?

8) Posteo is some German-language crap without even an English user interface. My knowledge of German is limited but it seems to be yet another "trust me" service.

I like that you think something is crap when you dont understand a word about it, makes you look like a very intelligent person.

On a more serious note, I actually thought they had an english UI by now.

[grouper fish]

any thoughts on hushmail?

[shogdite]

any thoughts on hushmail?

http://www.wired.com/2007/11/encrypted-e-mai/     

Would not use Hushmail, there are much better email providers out there.

[Vessko]

It will see only encrypted messages anyway.

... and metadata.

True, that. It's a problem of most e-mail communications - you can encrypt the message body but not things like the recipient's address, the subject line, the date and so on. If having that stuff visible is a problem, there are solutions to it (anonymous remailers, etc.) but they are an even bigger hassle than simple e-mail encryption. So, to re-iterate, if you want transparent, secure e-mail that can be used by anybody easily, you are simply out of luck.

GnuPG (same as PGP) is independent of the provider you use.

GnuPG is most adamantly not the same as PGP. GnuPG is a humongous, buggy, incomprehensible, incompatible pile of horse manure. Chances are, you won't be even able to compile it on your average Windows machine, while PGP will compile on just about everything that has a C compiler (probably even on a smartphone) and you can understand how it works in about an afternoon.

While GnuPG will understand anything PGP can output (because, you know, PGP is compatible and stuff), the output of GnuPG is often incompatible with PGP (and I mean - impossible to make compatible) and in other cases it is simply too cumbersome to use when communicating with a PGP user. Here it is in more detail:

The good:

- Anything PGP produces, GnuPG can handle (although it will complain about some things when processing them).
- Symmetric encryption, asymmetric encryption-only, clearsigning and detached signatures produced by GnuPG can be made understandable by PGP, although you are forced to use weird options in GnuPG, like --pgp2, --rfc1991, --cipher-algo, --digest-algo, --compress-algo, etc., etc.

The bad:

- encrypting a message with asymmetric encryption and signing it in a way understandable by PGP 2.x involves invoking five separate commands (I kid you not), 4 of which are GnuPG invocations and one is a file copying command. And if you are a *nix aficionado, don't even think about using GnuPG as a filter to have all these commands on a single line - PGP wouldn't be able to understand the result, because GnuPG is too lazy to put there some needed information like the size of the compressed packet.

The ugly:

- There is no way (as in no f*king way!) of only signing a binary message (clearsigning and detached signatures are fine) with GnuPG in a way that would be understandable by PGP 2.x. This is because the signing of GnuPG follows the OpenPGP standard and not the RFC1991 standard that PGP 2.x uses. Yeah, even if you use the --rfc1991 option of GnuPG, that won't result in PGP-compatible output. In fact, the result won't be compatible even with GnuPG itself.

So, if you have to communicate with a PGP user, forget the GnuPG crap. If such a compatibility is not an issue, GnuPG is fine.

7) MyKolab does not provide encrypted e-mail. They suggest that you use Thunderbird+Enigmail:

https://en.wikipedia.org/wiki/MyKolab#Email_encryption

Encryption can not be provided by a remote server in a meaningfull way. What are you talking about here?

Somebody above suggested MyKolab as a solution to the OP problem. I explained why it is not. I fully agree that you must not trust the e-mail server to do the encryption for you and you should do it on your own machine. Once you do that, what e-mail service you use is irrelevant.

8) Posteo is some German-language crap without even an English user interface. My knowledge of German is limited but it seems to be yet another "trust me" service.

I like that you think something is crap when you dont understand a word about it, makes you look like a very intelligent person.

If you don't read carefully what other people write, that doesn't make you look like a very intelligent person. Nowhere did I say that Posteo is crap because it is in German. I said that it is German-language crap.

To begin with, any site that aspires to international business must have an English-language interface. The fact that this site does not tells you how professional its owners are.

That aside, my knowledge of German, while limited, is not non-existent. I did skim through their description. Nowhere did I see a clear and unambiguous explanation of how exactly they ensure the security of the e-mail service they offer. It is certainly possible that I have missed it because of my limited knowledge of German. But if it is indeed absent, it tells you even more about how "trustworthy" the service is.

That said, I readily admit that my own requirements for e-mail security are probably too strict for the average person. For instance, it is well-known that Snowden used the now-defunct Lavabit - while I would have never trusted such a service.