Are your emails and attachments safe from prying eyes?
Unless you are using a secure email service that respects your privacy, the answer is probably no. Most large email providers, such as Gmail and Yahoo, do not respect the privacy of your inbox. For example:
- Google is adding ever more advertisements into your Gmail Promotions section. We’re also seeing reports that some people are finding ads interspersed between messages within their Gmail Inbox.
- Gmail was caught giving third parties full access to user emails and also tracking all of your purchases.
- Advertisers have been allowed to scan Yahoo and AOL accounts to “identify and segment potential customers by picking up on contextual buying signals, and past purchases.”
- Yahoo has been caught scanning emails in real time for US surveillance agencies.
In today’s digital age, securing your communications has become increasingly important as data breaches and privacy concerns are on the rise. With the average person spending more than five hours managing their work and personal emails daily, it’s essential to opt for the most secure email provider that prioritizes encryption and privacy. In this article, we present the top 10 secure email providers for 2024, along with essential factors to consider when choosing the best one for your needs.
Big-name email services put lots of money into security, but they are also large targets and not invulnerable. A while back, the big news was the ease with which hackers were able to compromise thousands of Microsoft Exchange email servers. You might well be safer using a smaller, less well-known email service.
On a positive note, there is a relatively simple solution for keeping your inbox more secure: switch to a secure email provider that respects your privacy.
Privacy Tip: When using email, be sure to also use a good VPN to hide your IP address and secure your internet traffic. We use and recommend NordVPN, one of the top services that has passed independent privacy and security audits. Get 74% off NordVPN here >
What is the best secure email service in 2024?
With so many different types of users, there is no single “best secure email” service that will be the top choice for everyone. While some may prioritize maximum security and strong encryption, others may want convenience and simplicity with user-friendly apps for all devices.
With that being said, here are our top recommendations:
- Proton Mail – Best all-around secure email service based in Switzerland [33% off coupon]
- StartMail – Private email hosted in The Netherlands with unlimited aliases [50% off coupon]
- Mailfence – Secure email for professionals and teams
- Tuta Mail – Secure Email for Any Device
- Mailbox.org – Affordable private German email service
- Posteo – Reliable anonymous email service
- Runbox – Private email in Norway
- CounterMail – Swedish email with strong security features
- Kolab Now: Swiss email, compliant with GDPR, HIPAA, and PCI
- Soverin – Basic private email service
We also have a guide on encrypted email services here.
Factors to consider when choosing the best secure email service for your needs
Here are just a few factors to consider when switching to a secure email provider:
- Jurisdiction – Where is the service located and how does this affect user privacy? Where is your data physically stored?
- PGP support – Some secure email providers support PGP, while others do not use PGP due to its vulnerabilities and weaknesses.
- Import feature – Can you import your existing emails and contacts?
- Email apps – Due to encryption, many secure email services cannot be used with third-party email clients, but some also offer dedicated apps.
- Encryption – Are the emails end-to-end encrypted in transit? Are emails and attachments encrypted at rest?
- Features – Some features you may want to consider are contacts, calendars, file storage, inbox search, collaboration tools, and support for DAV services.
- Security – What are the provider’s safety standards and policies?
- Privacy – In which ways does the email service protect your privacy? What data is being collected, for how long, and why?
- Threat model – How much privacy and security do you need and which service best fits those needs?
The goal of this guide is to help you find the best secure email solution for your unique needs.
Here are the most secure email providers in 2024 that will protect your privacy.
1. Proton Mail – Best all-around secure email service
| Based in | Switzerland |
| Storage | 15-500 GB |
| Price | $3.49/mo. |
| Free Tier | Up to 1 GB |
| Website | Proton.me |
Proton Mail is a Switzerland-based email service that enjoys a great reputation in the privacy community. It was started by a team of academics working at MIT and CERN in 2014. Shortly thereafter, it was promoted in media as “the only email system the NSA can’t access” – which was around the time Lavabit was shut down for not cooperating with the US government.
Looking at the service itself, Proton Mail has a lot going for it. It uses PGP encryption standards for email and stores all messages and attachments encrypted at rest on Swiss servers. Proton Mail has a unique feature for “self-destructing messages”, address verification, and full PGP support. Recently, it introduced Tracking Links Protection feature which removes tracking pixels from email links.
It also offers end-to-end and zero-access encryption for messages, which means that even the service providers themselves cannot access your content. This is a crucial feature for anyone who values their privacy and wants to ensure their communications remain confidential.
Proton Mail also has some additional tools that you may expect from a paid service.
- Proton Mail Bridge – allows Proton Mail to connect to other email services.
- Proton Calendar – easily manage your meetings and personal appointments.
- Proton Drive – store and share your important files via secure links.
- Proton VPN – a solid VPN is available by subscribing to Proton Unlimited plan. If you are intrigued, you may want to take a look at our ProtonVPN review.
- iOS and Android apps
See all Proton Mail features here >>
Proton Mail Encryption
Regarding encryption, it’s important to note that Proton Mail does not encrypt the subject lines of emails or certain metadata. Unfortunately, these are the inherent limitations of the PGP standard. Most of the email services we discuss here use PGP, but I wouldn’t count on any of them to protect me from the NSA or their counterparts in other countries.
Additionally, the Proton Mail search function can only search subject lines within your inbox, not the actual content of your emails. This is another functional limitation that comes from integrating more encryption and security into the service.
Proton Mail does offer some great apps for mobile devices (Android and iOS). You can also use Proton Mail with third-party apps through the Proton Mail Bridge feature (restricted to paid users).
Overall Proton Mail is a well-regarded email provider and should be a great secure email option for most users. Switzerland remains a strong privacy jurisdiction that is not a member of any surveillance alliances.
Note: Proton Mail is now integrated into the Proton suite of services. The full suite includes Proton Mail, Proton Calendar, Proton Drive, and Proton VPN. You can learn more about these products in our full Proton Mail review.
+ Pros
- End-to-end (E2E) and zero-access encryption for Email, Calendar, and Contact information
- Operates under Swiss jurisdiction
- All data stored on servers in Switzerland
- Apps for Android and iOS mobile devices
- Web client, encryption algorithms, Android and iOS code are all open source
- Support for custom domains
- Strips IP address from emails
- Can be used with third-party email clients through the Proton Mail Bridge feature
- Can import contacts and emails
– Cons
- Subject lines not encrypted
- May require personal information for verification of new accounts
Proton Mail Black Friday Deal is live:
Get 60% Off Proton Mail with two-year plans using the coupon below:
(Coupon is applied automatically; 30-day money-back guarantee)
See our Proton Mail review for more info.
2. StartMail – Private email hosted in The Netherlands with unlimited aliases
| Based in | The Netherlands |
| Storage | 10-20 GB |
| Price | $3.00/mo. |
| Free Tier | 7 day trial |
| Website | StartMail.com |
StartMail is a rising star in the secure email world. As an established email service founded in 2013, we can be confident that StartMail will be around for the long haul. Based in the Netherlands, StartMail’s servers are well-protected, and the service supports two-factor authentication for additional security.
One of the best features that StartMail offers is unlimited aliases here. This feature allows you to manage multiple email identities under a single account. You can easily create as many email aliases as you like, giving you maximum privacy over your main email address when signing up for services. You can also create time limits for your aliases, ranging from one-time use to forever.
This secure email provider is particularly suited for individuals and businesses that rely heavily on desktop computers for their daily operations. With its state-of-the-art PGP end-to-end encryption, StartMail ensures that your emails are secure from the moment you hit send until they reach the recipient. This level of encryption is particularly important in today’s digital age, where data breaches and cyberattacks are increasingly common.
StartMail can be easily used with other email clients like ThunderBird or mobile clients on iOS and Android. And unlike some other providers, such as Proton Mail, StartMail does not offer dedicated apps. You can use the webmail version or any email client with StartMail.
The Netherlands is a good jurisdiction for privacy and StartMail aims to keep as little data as possible to run their operations. Unlike most other secure email providers, StartMail handles encryption server-side, rather than in the browser – see their white paper explaining why.
StartMail allows users to utilize PGP encryption with emails also being encrypted at rest on their Dutch servers. The whole service is user friendly, and you can encrypt and sign your mail with just one click.
StartMail’s strong encryption features and unlimited email aliases make it a great option for those who primarily use desktop devices for their email communications. If you’re looking for a secure email provider that offers robust encryption and the convenience of managing multiple email identities, StartMail could be the perfect fit for you.
+ Pros
- Create unlimited email aliases
- PGP end-to-end encryption
- Easy contacts and email migration
- Organize your inbox with filters
- Minimalistic design
- No ads. No tracking. No spam.
- Flexible spam filter
- Anonymous cryptocurrency payments
- Use custom domain
- Compliant with GDPR
- 7 day free trial
– Cons
- No free version
- Lacks calendar, notes, and file storage
StartMail Exclusive Coupon:
Get 50% off ANY subscription plan with the coupon below along with a 7 day free trial:
(Coupon is applied automatically.)
See our StartMail review for more info.
3. Mailfence – Secure email for professionals and teams
| Based in | Belgium |
| Storage | 11 – 225 GB |
| Price | €2.50/mo. |
| Free Tier | Up to 1 GB |
| Website | Mailfence.com |
Mailfence is a fully-featured secure email provider offering calendar, contacts, file storage, and PGP encryption. It is based in Belgium, which is a solid privacy jurisdiction with strict data protection laws.
The core of Mailfence’s security is its powerful end-to-end encryption and digital signatures using OpenPGP. OpenPGP, or Open Pretty Good Privacy, is a non-proprietary protocol for encrypting email using public key cryptography. It is based on the original PGP (Pretty Good Privacy) software. This means that only you and the person you’re communicating with can read what is sent, and nobody else, not even Mailfence, can access your content. This is a crucial feature for anyone who values their privacy and wants to ensure their communications remain confidential.
Furthermore, Mailfence is based in Belgium, a country known for its strong data protection laws. The Belgian Data Protection Authority (DPA) is one of the most stringent in the European Union, which is known for its robust data protection framework. This geographical advantage provides an additional layer of security to Mailfence users. It’s like having a virtual safe for your emails, providing you with the peace of mind that your data is safe and secure.
While many secure email services sacrifice features and functionality for security, you can have it all with Mailfence. This makes Mailfence a great alternative to full email and productivity suites, such as G Suite or Office 365.
Mailfence supports all standard protocols like POP, IMAP, SMTP, WebDav. It also integrates a calendar, document storage, workspaces, and a chat which enable real time sharing of data and group collaboration, making it an ideal choice for professionals and teams.
While Mailfence does log IP addresses and some other data, it provides a user-friendly interface and accepts cryptocurrency payments for added privacy. The logging of IP addresses and some other data is part of Mailfence’s commitment to transparency. However, this information is only kept for a short period and is primarily used to maintain the quality and safety of the service.
The user-friendly interface of Mailfence ensures that even users who are not tech-savvy can navigate the platform with ease. The interface is clean, intuitive, and easy to use, making it easy to send, receive, and organize your emails. Moreover, Mailfence accepts cryptocurrency payments, which can provide an additional layer of privacy for users.
In order to further enhance the user experience, Mailfence has recently launched mobile apps for both iOS and Android platforms. This comes in addition to the Progressive Web App that was already available.
When I did an in-depth test for the Mailfence review, I found it to be very intuitive, sporting a slick interface with a tons of features. Its performance was smooth and I didn’t encounter any bugs. But, in case you experience any problems, you can always turn to their responsive email and phone support.
Note: Due to financial requirements imposed by Google, Mailfence has dropped support for POP/IMAP connections to Gmail servers.
+ Pros
- Offers end-to-end encryption and digital signatures
- Mobile app for iOS and Android
- Data is stored on Belgian servers
- Offers OpenPGP encryption
- Messages, Documents, Calendar, Contacts, and Groups
- Custom domains (paid plans)
- Password manager and 2FA
- SMTP, POP, and IMAP support
- Can synchronize with other email clients
- Supports password-protected messages with expiration time
- Removes IP addresses from mail headers
- OpenPGP user keystore
- Cryptocurrency payment options
– Cons
- Logging of IP address and some other data
- Code is not open source
See our Mailfence review for more info.
4. Tuta Email – Private and secure email in Germany
| Based in | Germany |
| Storage | 1 – 1,000 GB |
| Price | €3.00/mo. |
| Free Tier | Up to 1 GB |
| Website | Tuta.com |
Tuta (formerly Tutanota) is a Germany-based secure email service run by a small team of privacy enthusiasts, with no outside investors or owners. Although it is not as well known as Proton Mail, Tuta is a serious player in the secure email space. Its hybrid encryption system overcomes some of the drawbacks of PGP, and your privacy rights are protected by the GDPR and other pro-privacy EU regulations.
Note: Tuta claims that their encryption can be updated and strengthened if necessary against quantum-computer attacks.
Tuta’s Encryption System
All messages in your inbox, contacts, and calendar are encrypted at rest on servers in Germany. For sending encrypted emails with Tuta, you have two options:
- When emailing another Tuta user, all of your emails are automatically encrypted (asymmetric encryption).
- When sending an email to someone with another email provider, the user receives a link to the message and a password key for encryption/decryption purposes (symmetric encryption).
Tuta establishes an external mailbox for that particular contact, where all the exchanged messages are securely encrypted. This proves to be quite useful, especially if you are using it for business.
While Tuta uses high-end encryption and is arguably one of the most secure email providers anywhere, there are also some downsides. This includes no support for PGP, IMAP, POP, or SMTP. Additionally, you cannot import existing emails into your encrypted Tuta inbox.
To make up for the lack of IMAP support, Tuta has built open source desktop clients for Windows, Linux, and macOS. They also have offline mode, so you can open your emails, calendars, and contacts even when not having access to the web.
All in all, Tuta is a transparent, high-security email provider that just may take your privacy to a whole other level.
+ Pros
- Encrypted messages (including Subject lines) Address Book, Inbox Rules and Filters, Search Index, encrypted at rest and stored on German servers
- Can search body of encrypted messages
- Can send encrypted messages to non-users
- Strips IP address from emails
- Desktop, mobile, and web apps
- Open source code (including mobile apps)
- Encrypted calendar with iCard support
- Encrypted contacts
- Inbox rules with Spam filter
- Multiple email addresses (aliases)
- Support for custom domains
– Cons
- Does not work with PGP
- Currently no way to import existing emails
- Will not work with 3rd-party email clients
Website: https://Tuta.com
See our Tuta review for more info.
5. Mailbox.org – Affordable private German email service
| Based in | Germany |
| Storage | 2 – 100 GB |
| Price | €1.00/mo. |
| Free Tier | None |
| Website | Mailbox.org |
Mailbox.org is a german secure email service that you should definitely consider. It provides robust security for your email, but it also functions as an all-inclusive productivity suite, similar to Microsoft 365 (formerly known as Office 365). It offers a huge lineup of features, including Mail, Calendar, Address Book, Drive (cloud storage), Tasks, Portal, Text, Spreadsheet, Presentation, and Webchat. Impressively, Mailbox.org still has a user-friendly interface and sharp design.
When choosing a secure email provider, you often have to pick between features and security. With Mailbox.org, you can arguably get the best of both worlds. From the security and encryption side, it offers full PGP support and can easily encrypt all your data at rest on their secure servers in Germany. You can also use Mailbox.org with mobile apps and third-party email clients.
Lastly, Mailbox.org is very affordable, with basic plans starting at only €1 per month. You can pick up a free 30-day trial if you want to test-drive this privacy-focused email provider.
Note: Mailbox.org does receive requests for information from “public authorities.” In 2022, they received 55 requests for information, and ultimately rejected about 13% of them. They responded to the rest of them as required by law.
+ Pros
- PGP support (server-side or E2E through Mailvelope app)
- Company and servers located in Germany with strong privacy protections
- HSTS and PFS for messages in transit
- Protected against man-in-the-middle attacks
- Message and spam filters
- Virus protection
- Full text search
- POP, IMAP, SMTP, ActiveSync support
- vCard, CardDAV, CalDav support
- Messages are encrypted at rest
- Supports custom domains
- Mobile apps for some of the Office features
- Open source
– Cons
- No mobile email clients (but can be used with third-party email clients)
- Some tracking during registration
- PGP encryption leaves message subject and metadata exposed
Website: https://Mailbox.org/
Check out our Mailbox.org review for more details.
6. Posteo – Privacy-focused email in Germany
| Based in | Germany |
| Storage | 2 – 20 GB |
| Price | €1.00/mo. |
| Free Tier | None |
| Website | Posteo.de |
Posteo is yet another German email service. It provides strong privacy and security to its users, and in many ways is similar to Mailbox.org. Both are comprehensive email providers that employ PGP encryption. They even charge similar prices. However, Posteo distinguishes itself in a few significant aspects:
- It does not support custom domains.
- There is no designated spam folder (emails are either sent to the inbox or not accepted).
- There are no trial or free versions, which is somewhat offset by its reasonable pricing.
Posteo really makes an effort to protect the privacy of its users. IP addresses are automatically stripped from emails, no logs are kept, and they offer strong encryption standards. In short, this email takes security and privacy very seriously.
Posteo also supports anonymous registration and anonymous payments – even allowing you to send cash in the mail for no digital trail. This is a trend we’ve seen with VPN services as well. And if you pay with a credit card, PayPal, or some other digital method, they manually separate account details from payment info.
In short, Posteo is an affordable, customizable, and secure service that’s a good option for users on a budget.
+ Pros
- Mail, Calendar, Contacts, and Notes are encrypted at rest with OpenPGP on secure servers in Germany
- Configurable spam filter
- Migration service for moving from another email service to Posteo
- Subject, headers, body, metadata, and attachments are encrypted
- Includes Messages, Calendar, Contacts (Address Book), and Notes
- Completely Open Source
- Strong commitment to privacy, sustainable energy, and other social initiatives
- Self-financed; good track record (operating since 2009)
- No logs, IP address stripping, secure email storage with daily backups
- Allows anonymous (cash) payments
- Supports SMTP, POP, and IMAP protocols
– Cons
- Custom domains not supported; no “.com” options available
- No spam folder (spam emails are either rejected or delivered to regular inbox)
- No trial or free version
- Cryptocurrency payments not supported
Website: https://Posteo.de/
See the Posteo review for more info.
7. Runbox – Private and sustainable email in Norway
| Based in | Norway |
| Storage | 2 – 50 GB |
| Price | $1.66/mo. |
| Free Tier | 30 day trial |
| Website | Runbox.com |
Runbox is a Norwegian company that has been in the email business for over 20 years. Norway is a good secure-email jurisdiction, with a strong legal framework for privacy. All Runbox servers are located in secure data centers, running on clean, renewable, hydropower energy.
One unique feature of Runbox is that it gives you 100 aliases to use with your account. Secure file storage is also included, with different pricing tiers. Runbox fully supports SMTP, POP, and IMAP protocols and can be used with third-party email clients. They released Runbox 7 (still in beta) over a year ago, and are improving it all the time, with a massive number of updates taking place so far this year. So far, this is only a webmail service, so you won’t find any mobile or desktop clients.
Unlike some other secure email services, Runbox doesn’t have a built-in option for encrypting your entire mailbox. And while you can use PGP with Runbox, it is not yet fully integrated into the platform. Another drawback is that Runbox does not offer a built-in calendar, but this feature may be included when Version 7 gets released.
Runbox offers a 30-day free trial and makes importing your existing emails simple with the guides on their site. They also go the extra mile by giving you a 60-day money-back guarantee, so you can really get a sense of whether this service suits you before getting locked into a subscription.
+ Pros
- IP addresses stripped from messages
- Includes Webmail, Contacts, and Files
- Servers run on renewable energy
- Supports SMTP, POP, and IMAP protocols
- Synchronizes with other email clients
- GDPR compliant
- Norway has strong data protection laws
- 100 email aliases per mailbox
- Custom domain names on some paid accounts
- Numerous payment methods accepted (including cash and cryptocurrencies)
– Cons
- Browser-based; no desktop or mobile apps
- Not open source
- Data not encrypted within the Runbox system or at rest
- No business-specific features
Website: https://Runbox.com
Check out our Runbox review here.
8. CounterMail – Private and secure Swedish email service
| Based in | Sweden |
| Storage | 4 GB+ |
| Price | $4.83/mo. |
| Free Tier | 7 day free trial |
| Website | CounterMail.com |
Next up on our list is CounterMail, a secure email provider based in Sweden. CounterMail has been operating for over 15 years with a goal to “offer the most secure online email service on the Internet, with excellent free support.”
Note: Before we go any further, you should know that registering for CounterMail currently requires an invitation from a premium CounterMail user. If you don’t know someone who already uses this service, you are not welcome right now.
CounterMail uses OpenPGP encryption with 4,096-bit encryption keys. They protect their users from identity leaks and Man-In-The-Middle attacks with RSA and AES-CBC encryption on top of SSL. Unfortunately, they do not have their own mobile or desktop apps.
In order to ensure your privacy, they keep no logs and they store your mail on diskless servers. Countermail anonymizes email headers and also strips the sender’s IP address. All emails and attachments are stored encrypted at rest using OpenPGP on servers in Sweden. Although the base storage is relatively small (4GB), you can permanently upgrade this via one-time payment.
While CounterMail is a bit more expensive than some other secure email providers, they explain this price difference comes from using only high-quality servers and implementing strong security measures. It may not have all the frills, but CounterMail is a serious security-focused email provider with a 15+ year track record.
+ Pros
- Supports cryptocurrency payments
- Secure, built-in password manager
- All emails and attachments stored encrypted on no-logs, secure servers in Sweden
- Custom domain support
- Message filter and autoresponder features
- Uses RSA, AES-CBC, and SSL encryption to protect against leaks and MITM attacks
– Cons
- Design and UI feels outdated
- More expensive than other secure email options
- Now requires an invite to register
https://CounterMail.com
9. Kolab Now – Fully-featured Swiss email
| Based in | Switzerland |
| Storage | 5 GB+ |
| Price | $5.47/mo. |
| Free Tier | 30 day trial |
| Website | KolabNow.com |
Based in Switzerland, Kolab Now is a private email service offering lots of features and full email suite functionality. A Kolab Now subscription includes email, contacts, calendars, scheduling, collaboration/sharing tools, and cloud file storage. Right now they are also running a public beta of their voice and video conferencing system. All of these features make Kolab Now an excellent choice for business users, teams, and privacy-focused individuals.
The service does have a stylish and intuitive interface that makes it easy to organize yourself. There’s also a strong cross-platform support, so you can use Kolab Now on your computers, tablets, and smartphones. It can work in tandem with other email services, like Apple mail, Outlook, and Thunderbird.
While Kolab Now does offer numerous features and support for all major operating systems and devices, it does not provide the highest levels of security. End-to-end encryption for emails is available via Perfect Forward Secrecy and they are stored encrypted at rest.
The price is also on the higher end, especially if you want access to all features and unlock more storage. However, for those wanting a feature-rich email suite hosted in Switzerland, Kolab Now may be a good fit.
+ Pros
- Accepts cryptocurrency payments
- Full support for POP, SMTP, and IMAP
- Switzerland jurisdiction with strong privacy protection
- Full email suite with numerous features to replace Gmail, Office365, etc.
- Support for custom domains, teams, and business users
- End-to-end (E2E) encryption is available, but not built in
– Cons
- Email not encrypted at rest (but stored in high-security Swiss data center)
- Expensive
Website: https://KolabNow.com
10. Soverin – Basic private email in the Netherlands
| Based in | The Netherlands |
| Storage | 25 GB |
| Price | €3.25/mo. |
| Free Tier | No |
| Website | Soverin.net |
Focusing on user privacy and data protection, Soverin offers a straightforward private email service. With end-to-end encryption and a user-friendly interface, Soverin is an excellent choice for users who want a simple and secure email service. As a user, you get to enjoy the peace of mind that comes with knowing your emails are shielded from prying eyes. Moreover, Soverin’s user interface is designed to be intuitive, making it easy for both tech-savvy users and those less familiar with digital technologies to navigate their email accounts with ease.
While Soverin may not offer numerous advanced features compared to some competitors, its focus on privacy and simplicity make it a top choice for users seeking a basic private email service. This means that while you might not get all the bells and whistles that come with some other email services, you get a no-nonsense, secure platform that prioritizes your privacy and makes email management a breeze. For those who value simplicity and security over a plethora of features, Soverin is a solid choice.
+ Pros
- 25 GB of data storage for all plans
- Data protected under Dutch privacy laws and GDPR
- Can be used with third-party email clients
– Cons
- No custom mobile apps
- Not open source
- No built-in encryption options
Website: https://Soverin.net
Email jurisdiction and data privacy
Did you know that the jurisdiction in which your email service is located can seriously impact the security of your data? Depending on your threat model, this could be a major consideration. For an in-depth overview of jurisdiction and privacy, you may want to read our article on the Five/9/14 Eyes surveillance alliances.
Here are some reasons why you should pay attention to jurisdiction.
Surveilance in the United States (leading member of the Five Eyes)
Tech companies in the US can be forced to give government agencies direct access to their servers for “extensive, in-depth surveillance on live communications and stored information” – as explained in the PRISM surveillance program. Data requests can also be accompanied by gag orders, which forbid the company from disclosing what’s going on (see also National Security Letters).
Several instances have been reported where American email service providers were compelled to surrender information. In a notable case, Lavabit chose to shut down the business instead of disclosing user data. Riseup, another email service provider in the US, was forced to hand over data to law enforcement agencies.
After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization).
There was a “gag order” that prevented us from disclosing even the existence of these warrants until now. This was also the reason why we could not update our “Canary” [warrant canary that warns users about these events].
State of privacy in Europe
Politicians in Europe are frequently trying to find an excuse to limit or ban the use of encryption by their people. This time, the argument is that encryption must be banned to fight child abuse. Once again it is up to email services like Tutanota and Mailfence to protect the privacy rights of their users. In April, a group of tech companies sent an open letter to the European Parliament arguing against the mass surveillance that the elimination of encryption would be meant to enable.
How this will turn out is unclear, but the possibility of the EU banning encryption casts doubts on the viability of any secure email service based in the EU.
We’ll let you know what happens with this.
All email providers must comply with the law
While these examples may seem alarming, the truth is that all email providers must comply with legal requirements in the country they are operating in. For example, Proton Mail, a Switzerland email provider, has also been forced to log IP addresses and disable accounts by valid court orders, as they disclose in their transparency report.
All in all, some jurisdictions are much better than others, so choose wisely. As a general rule, I’d still avoid email services in the US, and other Five Eyes jurisdictions.
Want secure email? Pay for it.
The unlimited “free” email business model is fundamentally flawed. It offers a free service, which is used to collect data and thereby monetize the user and make money on ads. With these privacy-abusing “free” services, you are actually paying for the product with your data.
In contrast, here we recommend privacy-friendly, secure, ad-free email services. While some of these email services offer limited free subscriptions, you will need to upgrade to a paid plan for more storage and premium features (the freemium business model).
Fortunately, you can “vote with your dollars” by supporting these privacy-respecting businesses and upgrade to paid accounts. This will help email providers to grow, improve, and serve more people with an ethical business model that does not rely on exploiting their users’ data.
Secure email shortcomings and PGP flaws
Most secure email services mentioned in this guide use PGP for end-to-end encryption. PGP, which stands for Pretty Good Privacy was invented back in 1991 by Phil Zimmermann.
PGP Flaws – While PGP is considered a trustworthy, secure encryption method, there have been some flaws in implementing PGP that have made headlines recently. And lets not forget about EFAIL vulnerabilities.
While the news did attract lots of attention, the “flaws” were mainly tied to the incorrect implementation of PGP by third parties. To my knowledge, this did not affect the secure email providers mentioned in this guide.
Limited Use – Another fundamental problem with adopting secure email is that few people are willing to go through the hassle of PGP key management, encryption, decryption, etc. However, there are some solutions to this, and by some measures encrypted email usage continues to grow.
Many providers address this issue by making encryption automatic and seamless. Tutanota, for example, uses built-in AES encryption that automatically encrypts emails between Tutanota users, including headers, subject line, body, and attachments. They also provide a secure, two-way communication contact form called Secure Connect.
Vulnerabilities – Even when using a secure browser, there are still weak points to consider with using browser-based email clients. Phil Zimmermann gave an interview highlighting some of these shortcomings:
“The browser is not a terribly safe place to run code. Browsers have a large attack surface,” he said. Wherever encryption and decryption take place, though, it’s a vast improvement on no encryption. But even encrypting messages may not be enough, depending on the threat model. The very nature of email makes it vulnerable.
“Email has an enormous attack surface,” Zimmermann said. “You’ve not only got cryptographic issues but you’ve got things like spam and phishing and loading images from a server somewhere that might have things embedded inside.”
On a positive note, there are many options for securing your browser – see the secure browser and Firefox privacy guides. Furthermore, most secure email providers offer protection against these attack vectors by blocking email images by default and utilizing virus filters.
However, you should keep in mind that desktop email clients can also be problematic. They can potentially reveal unique information about your operating system, your IP address, and location.
Regardless of these limitations, using a secure email provider will help you keep large tech companies from extracting your email data for third parties.
Secure email vs secure messaging apps
Depending on your threat model, you may also want to consider using secure messaging apps, which do not have all of the vulnerabilities discussed above.
We have tested many different services and compiled a list of our favorites. Here are a few reviews of some of the best apps we’ve tested:
Encrypted messaging apps generally offer a higher level of security than email services. Plus, they are much easier to use than PGP email encryption.
Finally, encrypted messaging apps are also convenient for back-and-forth conversations, document sharing, and collaboration with others. For more information, check out our roundup guide on the best secure messaging apps.
Use a premium VPN with email
One fundamental problem with email is that it can expose your IP address and location to third parties, by design.
While some secure email services strip IP addresses and conceal metadata, many others do not. And as we saw with the Proton Mail logging case, email services may be forced to log user IP addresses by valid court orders, without disclosing any information to the user. We’ve seen this with email providers in the US, Germany, and even Switzerland.
Finally, there’s also the fact that many email services keep logs for security. This may include user IP addresses, connection times, and other metadata. Of course, whenever you have logs, there’s a risk that this data could end up with third parties, for various reasons.
To effectively conceal your IP address and location, you will need to use a good VPN (Virtual Private Network). Popular VPN services, such as ExpressVPN and NordVPN, offer VPN clients (apps) for all major operating systems and devices.
A VPN creates a secure tunnel between your device and a VPN server, encrypting your traffic and concealing your real IP address and location. This will improve your privacy and security, all the while you carry on with business as usual. Larger providers, such as NordVPN and Surfshark, have huge server networks all around the world, so you can use them everywhere.
Because a VPN offers significant privacy and security benefits, it’s a smart idea to use one whenever you’re online. Internet providers in many countries are recording user browsing history by logging DNS requests. Depending on local laws, this information could then be sold to advertisers or handed to government agencies in countries with mandatory data retention laws. With a VPN, your DNS requests are encrypted and handled by the VPN server and unreadable to your ISP or other parties.
At the time of publication, our top VPN recommendations right now are NordVPN, which also comes with a 74% off coupon here. For the latest VPN rankings and tips, see our guide on the best VPN services.
Benefits of Open Source in Secure Email Providers
When considering secure email providers, open source software offers a multitude of benefits. By allowing users and developers to access and review the source code, open source software ensures transparency and enables the verification of its security and trustworthiness. This public scrutiny helps identify any potential security vulnerabilities and ensures that the software is regularly updated and improved.
Another advantage of open source software is community-driven development, a collaborative approach that allows a community of developers to work together to improve the software. This leads to faster development and more reliable and secure software, as potential issues are identified and resolved more quickly.
In summary, choosing a secure email provider that utilizes open source software is advantageous in terms of security and reliability, as it allows for public review and verification of its encryption protocols and privacy protections.
Conclusion on secure and private email services in 2024
Regardless of your circumstances, switching to a secure and private email service will improve your privacy. Major email providers like Gmail, Yahoo, and Microsoft don’t always prioritize user privacy, so you have to look after it yourself. Paying for one of these secure email services means you won’t be paying with your privacy by using “freebies”.
Once you switch to one of these email services your private communications will be much more secure. Then, all you need to do is avoid non-technical attacks, like classic email scams that never seem to go away.
See the main privacy tools guide for other privacy and security essentials.
We also have a guide on encrypting email.
If you want more info on these secure email providers, you could check out our in-depth reviews below:
- Proton Mail Review
- Tuta Review
- Mailfence Review
- Mailbox.org Review
- Hushmail Review
- Posteo Review
- Fastmail Review
- Runbox Review
- StartMail Review
Have you used one of these secure email providers? Feel free to leave your feedback/review of the service below.
This secure email guide was last updated on June 13, 2024.
At a digital safety presentation I went to recently the presenter recommended having multiple email addresses for different purposes eg family & friends, online shopping, government and financial etc. This article recommends the same – https://www.forbes.com/sites/forbestechcouncil/2020/02/13/why-every-person-needs-at-least-four-email-accounts/?sh=26d6a1157006. I had thought to use an alias but this doesn’t seem to achieve the objective of fully separating the online roles an individual has. Do you have any comments about aliases vs accounts and also having multiple accounts for different purposes? Also, if I set up multiple email accounts would you recommend they all come from the same provider, or from different providers? One thing I’m wondering is if I start using a Proton account (say) for things like government websites it telegraphs to them that I may have something to hide! I guess, my concern about my privacy should override any concern about what I think the government thinks about me. What do you think? Thanks.
All good Mail questions with no experts ready to weigh in here I’m thinking? But let’s try simple reasoning on a few things not so clearly thought out in your questions. How does the e-verse see us, log us and retain our data? What remnants are then stuck to us by ways of our browser, our device and any user profiles – yes even our OS systems and Sims we carry around?
Goal being to – use multiple email addresses for different purposes – with or without – achieving the objective of fully separating all the online roles an individual has, verus maybe then any enployable aliases and/or VPN tools.
Would you not need to have a dedicated device for each perceived persona your wishing to emulate? How futile is it to replace (software) as hardware to perform the same tasks?
To me they have dope on us like down to our DNA level somehow in and with all the means we interact with the e-verse. To achieve the seperation you mentioned becomes a great task for law biding Digital Citizens when any Cyber Civics rules lack being acknowledged nor established for the e-verse.
Again to me the use of a trusted – proven encrypted mail service, user enabled encryption for the various parts of that service. Serves us well from just one service instead of having multiple mail accounts for different user purposes. As for seeing my suggeted as having all your eggs in one basket yes it is, but I’m doing nothing illegal and then again nothing is 100% dititally safe. Relying on the record of the mail service and it’s encryption as my user benefit. But I use ZOHO so what do I know?
What is your opinion on Sekur Private Data (former GlobalX Data) email/messaging service based out of Switzerland?
We have not tested it for a review yet.
Hi,
I am interested in finding a more secure, or rather more private email service that will not bombard my inbox with junk mail. I am totally and absolutely fed up with gmail selling my email to an unspeakable amount of advertisers, inundating my inbox , forcing me to go through them to avoid deleting important mails, spending countless hours cleaning my inbox on a regular basis.
I am looking for a paid service that will not have a vested interest in selling mailing list to advertisers, and the lists of servers are not telling me clearly who to choose here in the US, most of them are in Europe, which is fine, but I would like more guidance or direct recommendation as to who would serve an individual better with a basic email need, perhaps less than 50 mails a month, approx., and cannot over emphasize that my main goal is to NOT receive unwanted mails from commercial and political interest groups.
Can you help me find one?
Thank you in advance
I’ve been using Fastmail (Australia) for years–no problems based on your stated concerns. Sven doesn’t like it because of concerns about snooping by Big Brother. Otherwise, if you’re not that concerned about that, it may meet your needs, and the cost is reasonable as far as I’m concerned.
I am looking for a paid service that will not have a vested interest in selling mailing list to advertisers, and the lists of servers are not telling me clearly who to choose here in the US…recommendation as to who would serve an individual better with a basic email need…
These are US based but for – recommendation as to who would serve an individual better with a basic email need, they might be structured weird but usable once you learn their mail system’s that’s part of much more thats offered in each. These are offering a free tier at links.
https://skiff.com/individual-plans
scroll down to Forever Free Plan almost 1/2 page underneath the redbox TRY NOW
https://www.zoho.com/mail/zohomail-pricing.html?src=ft
ProtonMail does not support POP/SMTP without use of their Bridge appliance. https://proton.me/support/imap-smtp-and-pop3-setup
Mailfence also does not support POP/SMTP for their free accounts.
The Proton information needs to be updated:
Price: $4.99/mo (annual and bi-annual plans reduce this to $3.99/mo and $2.99/mo respectively)
Storage: 15-500 GB
Free Tier: Up to 1 GB
Website: proton.me (protonmail.com is no longer their primary domain)
Good catch, I made those corrections. There is a Black Friday sale going on now, so the price is even lower at $3.33 per month.
Sven Sir don’t you think Gmail has some security advantages too despite not being privacy friendly. Like Gmail provides great protection against spam and phishing and other targeted attacks. And phishing is a great threat to user security. Gmail has resources to provide such high level of security. And this service is likely to stick around for a long time compared to small providers whose long term prospects are doubtful. What do you think?
Yes, Gmail is secure, but certainly not private. As for email phishing and spam, common sense is the best protection (don’t click on questionable things in your inbox).
In the short summary of CyberFear it mentions: offshore servers (Poland) while their website states offshore servers are off the USA
So where are they actually located?
@Carrot not sure. CyberFear may be down or working on improvements. Their Reddit page hasn’t been updated in almost a year since the host posted some changes were coming. It may be taking longer than he thought.
https://www.reddit.com/user/cyberfear_com/
But WEBrate says they are online:
https://webrate.org/site/cyberfear.com/
Maybe worth a new modern look – –
There is a lot of legalese or there was some years back when checked ZOHO but that was, as it seemed because of their headquarters. Zoho Corporation is an Indian multinational technology company that makes web-based business tools. It is best known for the online office suite offering Zoho Office Suite. The company was founded in 1996 by Sridhar Vembu and Tony Thomas and has a presence in seven locations with global headquarters in Chennai, Tamil Nadu, India, and corporate headquarters outside of Austin in Del Valle, Texas. Radha Vembu, Sridhar Vembu’s sister, owns a majority stake in the company. https://en.wikipedia.org/wiki/Zoho_Corporation
AS YOUR PERSONAL ELECTRONIC MAIL today,
Take control of your data with Zoho Mail, at Zoho Mail, your privacy is always their foremost priority. Their service is constantly evolving to better fulfill their commitment to your privacy. By employing industry standard privacy practices, they ensure the confidentiality of your data. With Zoho Mail, you’ll never have to look over your shoulder.
Access to your data is restricted:
Customer data is heavily guarded at Zoho Mail, even from our employees. In very rare cases, employees will require a certain level of access to data to resolve requests or complaints raised by customers. This access to obfuscated data or meta data is only given to few employees who have cleared security checks, and is tightly controlled by dedicated teams. Employees accessing such data are tracked and monitored in real-time.
https://www.zoho.com/mail/privacy.html?src=dd
FAQ:
Mail Only plans (Mail Lite and Mail Premium) are already available at a discounted price. If you’re a non-profit or a charitable organization, we have special pricing for you. To know your discount, please contact us at sales@zohocorp.com.
Since we already respect user privacy, we have a set of clear rules and strategy on how to process personal data. Over the years, we’ve demonstrated our commitment to this by consistently exceeding industry standards. We have no need to collect and process users’ personal information beyond what is required for the functioning of our products, and this will never change. We have a privacy-conscious culture here and GDPR is an opportunity for us to strengthen this even further.
Zoho Mail complies with HIPAA. You can read more details https://www.zoho.com/mail/hipaa.html?src=mailpricing
The Health Insurance Portability and Accountability Act, HIPAA (including the Privacy Rule, Security Rule, Breach Notification Rule, and Health Information Technology for Economic and Clinical Health Act), requires Covered Entities and Business Associates to take certain measures to protect health information that can identify an individual.
MAIL LITE $1/User /Month billed annually – 5 GB per user
MAIL LITE $1.25/User /Month billed annually – 10 GB per user
Service has the following to the MAIL LITE accounts:
Mail =
Email hosting for multiple domains
Domain aliases
Email routing
Email and Folder sharing
Streams – Collaboration tool
Offline access
NewSecurePass email
Email recall
eWidget and Developer Space
Tasks, Notes and Bookmarks
IMAP/ POP access in email clients
Huge Attachments upto 250 MB
Exchange Activesync
Mobile apps for iOS and Android
Calendar =
Shared calendars
Group Calendars
Appointment Scheduling
Calendar Sync
Calendar on mobileAccess your calendar from the Zoho Mail mobile application.
Brought in my own Namecheao domain and I seem to like everything so far with ZOHO’s MAIL LITE plans. I signed up for the MAIL FREE plan and it offers email hosting for a single domain.
You have to look for it as FREE but it’s found easy with the following title.
Forever Free Plan
Up to five users, 5GB/User, 25MB attachment limit.
Web access and free mobile apps*.
Email hosting for single domain.
So far Zoho beats my mail account @swisscows.email without a domain added there in swisscows.
Stylish, accessible, and secure: Zoho Mail’s newest features and enhancements
https://www.zoho.com/blog/mail/stylish-accessible-and-secure.html?src=lpbanner
https://youtu.be/gCL2-thhSy8
Any info on Sekur? They offer both email and messaging app. I think they came out in 2020 but I can’t find much on them outside of their website, sekur.com/en. (NB: I posted this question to the messaging app review too).
The article ignores a very important security issue – the responsiveness and friendliness of the support service. Everyone has problems, if they are solved – this is 90% of success. And vice versa – even the best service without an adequate support service will be problematic.
I am now choosing an alternative to Gmail and reading reviews on Trustpilot – Proton responds with standard phrases, this worries me.
addendum: ProtonMail Features & Customer Service sucks! I was a “Professional Account Holder for many Month and paid €8,00 per Month, for “Priority Support” as they state; which is non existing! When I had problems as Professional Account holder I emailed support several times I even put “PROFESSIONAL ACCOUNT HOLDER” in the subject line to stand out… the reply is generic not individual service and takes several days to even reply…. they are arrogant and unfriendly and still did not fix the issues… on being persistent; they even admitted that Customer Service cannot differentiate between Profession or Free users wow !! To create a Signature & Confidentiality Notice is a nightmare it never gets it right it never puts things in one line it scatters the text! To do a copy and paste while in working mode messes up your entire text and it cannot be fixed you best be typing in word first than copy & paste every over! Their printing feature sucks too, as it never prints out the entire email but it cuts if off a page 3 and page 1 is always empty. COMPARE that with Gmail: it is probably spying or prying but at least all their features & pritning work excellent!! daaa what kind of “PROTON” software designers are at work there? Why don’t they at least match the standard of Gmail? We can only hope that – aprat from the Subject Line – protonmail is fully-enrcypted but who knows? I am only using protonmail because it is allegedly 100% encrypted if you communicate with another protonmail user, but why is the Subject Line not encrypted beats me as it is a giveaway and can be changed by design! Another concern is that they are funded by the EU, hello…. they claim to be a Swiss Company under Swiss jurisdiction, why do they take money (over 1-Million) from the EU which is against privacy, and we all know anyone investing in a company will have a word in what is going on etc… Also they use a “.com” and not a “.ch” and all .com are under US-jurisdiction no ifs or butts, daaa, I made several complaints and intelligent oriented solutions to the BOARD of DIRECTORS, they don’t really care they hide; they never answer; if they answer it is BOBOTIC; they could be making millions more if they would only listen to some real smart people. Since I never got Service worth the money I paid for Professional I cancelled and went back to a free version it is the same thing only limited MB storage so i had to delete tons of data. I wonder how many customers they lose because their Professional Service sucks? CONCLUSION: the above should be carefully considered and I can back everything up to be true! I do continue to use protonmail in good faith hoping that they do what they claim and because i have friends who also use protonmail, but as an Entrepreneur & Lawyer, i dislike it immensely when good people & profitable proposals are completely ignored, as that is unethical-business-conduct to say the least. bona fide by i: anonymous Entrepreneur & Lawyer; sui juris, without prejudice; all rights worldwide reserved.
Lot’s of good information provided and discussed which is greatly appreciated. I like the basis of Telios discussed in the comments as a first choice. Can anyone confirm reliability vs Mailfence as asecond choice ?
To me has great claims but yet falls back on saying still in a beta release as usual excuse to many questions-comments. I prefer 80% being usable before anything is marketed wanting my money.
Can you make a list of the best private/secure emails from companies NOT based in Europe? I realize that there are good reasons why Europe has some of the more well-known privacy centric email providers, but surely there are other countries in the world that provide some alternatives?
Check out Gold Comet
Good one, based in USA, the leading 5 Eyes country.
Rob – noone
So being a US citizen and using a privacy secured email (encrypted) service. HQ in the US is a good thing and actually better on users. Because just as any other online business in most certainly another country that has to abide by that countries laws. Here the US citizens, we are able to fight in the country that set in motion the enforcement of any digital crime we be accused of.
You can’t use anything digital and the hive of web2 networks without a trail so generated by doing so. Mostly outside of any advertising networks (as others & 14 governments monitors all), for you and the others to earn the target on your back(s).
So yes any government can stifle and hurt locker you. Whatever the union/agreement with the US they have is not of concern – if the US wants you they have or influence the power in bringing you to answer for the deed.
WAKEUP Call. . .The Web must be looked at and seen as a river running across the globe connecting many, but as well it’s being monitored to give precedence of enforcing laws with teeth. Like laws there of a country against global money laundering, counterfeiting, and human slavery to name some. If not then there couldn’t be prospering counties all doing business altogether.
The digital circle is a lot small as technology advances, I see you call out but don’t give any better suggestion. It is looking as if your prejudice about something?
So why would you suggest choosing an email service in the leading 5 Eyes Country, where the Prism program, the NSA and many other interlopers abound?.
@JMO (there’s no Reply button for his post). Dude it’s REEEEALLY time for you to WAKE UP, **ALL** the crimes you mentioned are being committed by the puppeteers who own our politicians, the politicians who are at work to implement Klaus Schwab’s promises, “by 2030 you’ll own nothing”, “by 2030 privacy will be a luxury good”. They constantly accuse others of their own crimes, e.g. they censor top level scientists and spread disinformation while accusing others to spread disinformation. Money laundering?! _Banks_ themselves have always being doing it for our beloved politicians, their masters OWN all major banks (and are now openly and illegally using them as a weapon, see the seizing of funds of bitchute.com). Once in a while they get caught, e.g. J.P.Morgan. got a fine for money laundering just a few months after accusing cryptocoins to be a tool for money laundering, when the total market cap of all cryptoassets was a tiny fraction of the smallest firm quoted in Wall Street, absolutely insufficient for their needs of drug+organs+children+weapons trafficking. They are even trying to enforce the idea that the State has the right to impose “sanitary treatments”, and push to us these lethal jabs for something which can be treated in hours with economic, safe, effective drugs, all the contrary of this jabs. So, our politicians and their masters are the ones who REALLY need to be watched (behind bars if they don’t get hung for crimes against humanity), not common citizens.
Gold Comet is US based company! Us is member of 14 eyes alliance!!!
I Would Reccomend Trace Add On For Mozilla Firefox
Just get tutanota with custom domains for your company. Pick a name you like. The info is on their website. If you care enough to spend a few minutes…..maybe you’ll spend them before you badmouth tutanota any more, eh?
I use Protonmail and Mail2Tor on Tor.
I tried to reset my Proton email password recently and due to my error had to use an alternative email account to access my proton account. The result was that my emails were encypted as a precautionary measure. Decryption is achived in theory by using the previous password. This turned out not to work even though the password used was correct. Proton help were not very helpful and within days Proton sent all users a message apologising for service disruption.
I’m currently selecting my new email service provider.
That sounds familiar. Quite a number of years ago I chose Protonmail for its exceptional encryption. A little over a year ago Protonmail kicked me out of the app on iOS and requested I log back in. No problem, I logged in again, using the same password used previously, but was denied access. Attempts to seek support were futile. They basically told me that when I find my password I will have access to your former emails. The password was never found. As I see it there are two possible reasons why this event occurred:
1) An intruding party gained access to my account and altered my password.
2) I lost the password … (NO. The password worked previously and it was stored in a password storage secure area on my iPhone where passwords are carefully noted and free from access.)
Lesson Learned: Do not use Protonmail! They do not permit password recovery without loss of access to previous months or years of email. They are NOT RELIABLE!!!
Have you got 2:33 minutes?
May you understand then how the web is broken to your privacy as well as your precious personal data. Data that you wish to keep and the ability to censor an access of…
https://www.youtube.com/watch?v=NjfIOc_5drU
The only email client that you control your privacy without need of centralized servers networks.
The team behind the desktop email client Thunderbird will be committing time and financing improvements in the mobile email client K-9 Mail. Doing so will essentially make K-9 Mail the Thunderbird client for mobile devices.
https://arstechnica.com/gadgets/2022/06/email-client-k-9-mail-will-become-thunderbird-for-android/
Here is K-9 Mail’s website link: https://k9mail.app/
Though K-9 is limited mainly to Android, a terrific mobile and desktop client for iOS users is: Canary Mail. Best of all, Canary Mail can also be used on Android and even Windows:
https://canarymail.io/
I forgot to mention, another good email client and is the one I use: FairEmail. All of the email clients I mention are open source and come with or support encryption.
https://email.faircode.eu/
“FairEmail adheres to the Google API Services User Data Policy….” GOOGLE? REALLY? Congrats….
@noone where on the website or on FairEmail’s terms of service does it say that?
I prefer Telios Secure email after CTemplar shuts down. Telios gives you complete ownership of your data by encrypting and storing everything on your local devices. No third party, government, or even Telios can read your unencrypted data. The only way to access your unencrypted data is by using a memorized master password on your physical device. The service was designed to use external servers as little as possible and know next to nothing about each user. Your devices have absolute control over how your data is shared, encrypted, and stored and will default to using the peer-to-peer network whenever possible.
You definitely have control over your data
Sargin – Sounds great, I prefer Telios Secure email after CTemplar shuts down!
Seems the Metadata is encrypted, with a better understanding to peer-to-peer seen here [https://docs.telios.io/email]
I can overlook it being in the USA. But just as any online business in most certainly another country, that has to abide.
Telios Law enforcement is found here [https://docs.google.com/document/u/1/d/e/2PACX-1vTIL7a6NbUhBDxHmRy5tW0e5H4YoBWXUO1WvPseVuEATSLHMIemVAG6nnRe_xIJZ-s5YYPh2C05JwKR/pub]
Going to the second link, also see –
Security of Your Personal Data
Telios explains it best as I’ve ever seen.
The only con that is a slap in the face to me is- next heading after ‘Security of Your Personal Data’..
See then…
“By using Our Service, You agree to the Privacy Policies of any Service Provider We use.”
These are outside businesses third-party vendors.
But isn’t that the personable human cost of being a business online today. Interactions of a business must have facts to be in validation of running a business upright as well in all legal terms of doing commerce.
Any users here of Telios?
Thanks, we should look into this more.
Watch this:
https://www.youtube.com/watch?v=NjfIOc_5drU
Seems like Telios is just starting to take off. While offering this service as a subscription base it has a free tier as well.
Importantly you can lock in a deal to a tiers lifetime service by the sites banner shown.
That means spending upfront on 11 months @ $5. or 14 months @ $8. and be subscribed on that tier for life – – no further cost.
Texas is where Telios is based.
Looks promising, thanks for sharing.
Telios is US based company. US is member of 14 eyes alliance!!!!! Good luck!
So being a US citizen and using a privacy secured email (encrypted) service. HQ in the US is a good thing and actually better on users. Because just as any other online business in most certainly another country that has to abide by that countries laws. Here US citizens, we are able to fight in the country that set in motion the enforcement of any crime we be accused of.
You can’t use anything digital and the hive of web2 networks without a trail so generated by doing so. Mostly outside of any advertising networks (as this & 14 governments monitors all), you and others that to earn the target on your back(s). So yes any government can stifle you. Whatever the union/agreement with the US they have is not of concern – if the US wants you they have or influence the power in bringing you to answer for the deed.
The Web must be looked at and seen as a river running across the globe connecting many, but as well being monitored to give precedence of enforcing laws with teeth. Like laws there of a country against global money laundering, counterfeiting, and human slavery. If not we couldn’t have prospering counties doing business altogether.
A comment here mentions-
“There are many examples that prove the real-world risks associated with privacy-focused companies operating in Five Eyes jurisdictions.”
Further mentions of the privacy-focused service(s) talked about-
“service, was forced to collect user data for government agents and was also hit with a “gag order” to prevent any disclosure to their users. (They also could not update their warrant canary.)”
One would have to think of the personal account sought after by law enforcement and causing the company to stifle itself on the issue at large. Being results of that countries judicial actions with merits. Just as any unlawful merits (broken law(s) have to catch the scrutiny in multiple tiers of law enforcement/government departments in which the person owning the personal account in question surfaced. Made not only these watchdog radar screens but a bulls-eye’s target in that specific country’s local in the overall world-wide fight against internet crime.. Crime is big business to a lesser developed countries law/governmental enforcement departments. Mostly for the US MLAT and spur agreements which give unto the helping country some % of the criminals sold off assets.
I ask you with the current events of today along with in how the world did become bridged together since the internet age came on stage. As realistic of the last ten years of giving a web voice majority against a wrong in the world. Where the people as the world over and their country inhabited at, are or can be as close as your street neighbors, though still miles/borders apart. Calling out a country’s relationship of the 5,9,14 eye’s-nations has duly passed and becomes a list now for what privacy tops what country specific and then what the countries are that specifically campaign on or against internet crime from their nation actively.
Now to my point, if your a criminal element your time is counting down of when you get caught.
Unless a nation is dead set against the USA your toast most part anywhere else in the world. If your dealing with a country as such against the USA what’s the point of living here outside it? Put the USA down for what you declare as not being privacy oriented but given our privacy laws in place and a secure home turf to challenge from than anywhere else in the world having that same same equal benefit. I choose the USA before privacy overall for national security and settle for what privacy I get. I’m not a criminal nor do illegal activity.
Advertiser’s and Ad networks are something altogether different than national security but why is my information so free to them. To gather information on a human subject against their will and to make money doing so is totally wrong. Just like copy rights and patens laws are to protect why can’t we get laws against our users human profile online that singles us out of the vast internet? The majority of us are not criminals!
I left out big tech from this now that I think about it.
Advertiser’s and Ad networks to Big Tech Co.’s are something altogether different than a need to know for our USA governmental national security reasons. But why is my information so free to them outside the Gov. who profit from our use of the internet?
Every time your online someone other than our Government watches to make money from us all as that’s the Web 2.0 experience we have now. A Web 2.0 is the Internet of corporations and monopoly, as an Internet honed by them of giant TECH in making as much money as possible and making use of as much data as possible!
From my gathering on this decentralized Web 3.0 planned at the end of the last century. It will cost you in the form of owning a connection device for one, and then the annually subscription to run the device with for the second, to gaining a decentralized Web3.0 experience. Probably on top of an Internet ISP subscription as you have now. Web 3.0 only seems to be decentralized layer pulled or utilized off the Internet we know now.
I see it said:
Only with emergence of blockchain the whole puzzle of Web3 came together. Blockchain is a paradigm shift that allows us to create systems which run “on their own”, by the protocol agreed before their launch. We can construct decentralized systems which can become that layer on which you don’t have to give up on control over your data, where all your data belongs to you.
YEAH RIGHT
Scrap pile the Internet cause in reason to the lack of human security and privacy that needs to be in the foundation roots of this type of an electronic commence system.
So is Web 3.0 more-less a what price is freedom to you or do you see it as a band-aide as I think that’s all it amounts too.
An Add-On is Not the answer, but making our Government listen to us and impose laws on Human Rights in an electronic era is a major step towards good than throwing money at a bottom-less problem….
https://www.skiff.com/mail
Using a – wallet-based login process. Interesting.
This integration is technically groundbreaking and provides all Ethereum wallet-holders access to privacy-respecting, end-to-end encrypted, and decentralized collaboration. Internally, Skiff already functions a lot like a crypto wallet – safeguarding keypairs and other sensitive information for your dhttps://skiff.org/blog/log-in-with-metamaskocuments, identity, and team.
Thought maybe Sven would do a review of Skiff Mail. As I see mentioned in likes of, the first-ever end-to-end encrypted productivity suite, But then in the PP 06/06/2022 it says,
Supplemental Notice for Nevada Residents:
If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise this right by contacting us at hello@skiff.org with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A.
In 2022 on web privacy how can any end-to-end encryption (zero knowledge) as a business still consider saying something like – ” we do not currently sell your Personal Information as sales are defined”?
But wait my information is understood as being trapped limited as possible and to be encrypted on top of everything. Oh or it’s my device(s) with it’s trails and string tail ends that never get mentioned in the PP call outs properly. Sweep under the “Doing Business or Bringing/Supplying you the Business” banner? Swap it, trade it or lend it, it’s still part of the e2e encrypted zero knowledge model and should not be used!
This makes the SKIFF PP and TOS messy to understand beyond the legalese where a real meaning is trapped within.
If you wondered is Skiff a US company in Nevada no, but yes, it’s a US company that reads,
10. Dispute Resolution.
“the exclusive jurisdiction for all Disputes (defined below) that you and Skiff are not required to arbitrate will be the state and federal courts located in the County of New York, New York”.
No not it’s headquarter is in New York, but San Francisco Bay Area, West Coast, Western US Area.
[https://www.crunchbase.com/organization/skiff-402f]
*note-got the link mixed in with the texts in my last Bronco reply- drop the “d” use then up to the comma.
“Personal Information We Collect
Skiff’s highest priority is to safeguard the privacy of the users on our platform. While you are on our platform, we collect only a minimal amount of data needed to provide you with our services. However, we may collect additional types of information when you visit our website or communicate with us via other channels, such as email or social media. We explain the types information we collect in each of these mediums ”
Why they collecting anything? They receive money and provide email services! Stop BS people!
What are you talking about? Did you read this?
I’ve been wanting to switch from email provider for a while now but I keep postponing it. I’m getting sick and tired of all these companies tracking you and collecting your data. Currently I am using hotmail from Microsoft and I’m thinking of switching to either: Mailfence, ProtonMail, Tutanota or Riseup (not mentioned in this article: https://riseup.net/en/email). Bottom line is I can’t choose and would like some advise from you guys. I prefer a provider that is the most private and stores the least amout of (sensitive) data and is the easiest to use. Futhermore support for a mobile app is a must as I’m planning to use it on my smartphone most of the time. All replies are welcome. Thanks in advance!
Riseup is based in the United States and has previously been forced to collect data for government agencies, as they admitted on their blog site. Due to the privacy risks, we do not recommend using an email provider in the US. There are many examples of US-based email and VPN services that have been forced to log data, see our guide on the 5 Eyes here for discussion and exmaples.
Sven, I’m with you 100% !
Stop procrastinating please making the move to a zero knowledge service is best. Basically with it’s own spun or offers OpenPGP public key encryption within. But you want easy to use – own spun encryption so look at. With an app like you want or a service with IMAP offered to use a 3rd party email client with pulls of your emails to a device of yours.
Run through the list above with these I’ve mentioned as some kind of outline to weed from all.
I don’t know if sven mentions what services works best in what mobile platform. Believe it’s mentioned if an service does offer a mobile app of all he’s listed. Posteo.de is a private respected service or was, and it’s cheap but you have to add any encryption from the guide on it they offer. It may be good if you end up splitting up your contacts to different service’s for the most paranoid.
Not a one of any business online of any kind is going to give you a 100% secure relationship.
Breaches are real and then only encryption helps there. But what all gets encrypted see Tutanota for the most encryption of categories in your mailbox done with ease. Just do it…
The autonomous Riseup tech Collective?
I’m surprised Riseup.net isn’t mentioned here. Only for your good friends, of course.
The safest and most trusted for over 20 years for Mail, VPN, Pad & more. Of course, everything is also available as a Tor hidden service. Tor Project, eff.org & Riseup work closely together for digital privacy & free speech.
Notes for E2E encryption:
GnuPG supports ECC and most email clients can fetch keys from a Web Key Directory (WKD).
This is what I’ve found on one of their other pages. That’s probably why they didn’t include it:
There are many examples that prove the real-world risks associated with privacy-focused companies operating in Five Eyes jurisdictions. Here are just a few that we’ve discussed before on RestorePrivacy over the years:
Riseup, a Seattle-based VPN and email service, was forced to collect user data for government agents and was also hit with a “gag order” to prevent any disclosure to their users. (They also could not update their warrant canary.)
(source: https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/)
Do check out ‘onmail, modern and private email’. But some logging kinda, in a way. Its based in us tho.
Never herd of it. Especially HERE!
Founded in 2011, Edison Software is a company that has spent the last ten years building products to help you combat the most common and needless problems with email. Our team has launched two consumer email products — Edison Mail and OnMail. These two products can work together, but are not interchangeable. [https://medium.com/changing-communications/should-you-use-edison-mail-or-onmail-or-both-b067fc3b5e52]
Didn’t catch much fallout on reddit from a year to a month ago but of note there:
“For example: “We partner with third party marketing, security, and analytics services like Bitdefender*, ZecOps, Microsoft, Mailchimp, Facebook Analytics, Kochava, AppsFlyer, and Google Analytics” “By linking our Services to your email or other internet accounts, you authorize us to collect, process, and retain information, including personal information, from those accounts”
Onmail is advertised as privacy focused but if this means privacy focused I’m out.
Sure you can opt out analytics. But are they stupid and greedy – selling an subscription service up to 199 Euro/y and maybe selling user data’s to data brokers, too?”
I see ONMAIL PP has a date of Jan 5 2022
2. Information We Collect
Information You Provide to Us Directly. You directly provide Edison with personal information when you:
Create an account. By registering for an Edison or an OnMail account, you may provide us with information including your name, username and password, photo, and email address. We may also collect preferences and demographic information from you.
Interact with the Service. When you use the Services, we may collect information you enter through the Services.
Contact us. When you contact us for customer service or other purposes, we may collect information such as your name, email address, and phone number, and any other information you provide in your communications with us.
Otherwise provide information to use. If you complete a survey, submit an online form, or otherwise provide information to us, we will collect it and use it as described in this Policy.
Information We Collect from the Services. We collect the content you create, upload, or receive when using our Services. This may include, for example, the email messages you send and receive. We also collect information from Commercial Messages (“Commercial Data”). “Commercial Messages” are emails you receive (including those you set up to auto-forward from another email account) from businesses related to commercial activities such as subscriptions, sign-ups/cancellations, account requests and confirmations, purchases, travel, reservations, event tickets, boarding passes, promotions, bills, and package shipments.
We also collect information from Internet accounts other than email that you connect to the Services (for example, an account you have with a social media network or an online retailer). For example, you can connect certain other Internet accounts to Edison Mail to access select information from those accounts in Edison Mail (including order details).
Information We Collect From Third Parties. We may collect information about you from third parties, including social networks, business partners, marketers, and data compilers. This information may include demographic information, information about how you have interacted with the third party providing the information to us, and interest information.
Information We Collect Automatically. We collect some information automatically when you use the Services, such as information on the type of device you use, operating system version, certain device identifiers (for example, IDFA), internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics), operating system, date/time stamp, and/or clickstream data.
We (and third parties) may automatically collect technical information about your device through cookies and similar technologies when you interact with the Services and email messages or other communications we send you. Some of these technologies (such as cookies) involve storing unique identifiers or other information on your browser or device for later use. As we and our Service Providers (defined below) adopt other technologies, we may also gather information using other methods.
Information about your browser or device. We may automatically collect certain information about your browser or device when you use the Services, such as:
Your user, system, or device settings (for example, time zone, language, and permissions status)
Cookie identifiers
Mobile advertising identifier (MAID)
Other device or online identifiers (such hashed IDs or other pseudonymous IDs used by us or our partners)
Browser or device information (for example, the name and version of your device and the operating system it is running)
Information stored on your device or made available through your device’s services (for example, we may access your calendar or your contacts when you give us permission through your device settings)
In some cases, credentials (in an encrypted format)
Information about how you use our Services. We collect information regarding your use of the Services, such as:
Your activities and transactions in using the Services
Information about the links you click, the types of content you interact with, and the frequency and duration of your activities
Information about your online activity directly preceding or following your use of the Services, such as whether you were “referred” to the Site through another website or shared link
Other information about how you use our Services
Information about your internet connection. When you interact with the Services from an internet-connected device (for example, when you use our mobile app or web platform), we collect information about your Internet connection including MAC address, Internet protocol (IP) address, Internet service provider, and mobile carrier.
Location Information. We may collect location information, including your approximate location derived through your device settings or IP Address, when you use the Services. We may also collect billing and/or shipping addresses through the Services.
[https://www.edison.tech/privacy]
HOW IS THIS P R I V A C Y ?
😃 Well , that sums it up.
I’ve been a Mailfence customer for a few years now but I’ll be moving on to something else due to them eliminating email aliases. To be more precise, you can no longer delete aliases your previously created or create new aliases. That was the main reason I chose them. Also, Mailfence doesn’t have any “real” mobile apps that I can find on any app store. You can create so called responsive web apps (basically just a shortcut) but that’s a BS way by them to not have to make an actual app.
Oh wow you are right: https://kb.mailfence.com/kb/how-to-install-the-mailfence-app/ That’s indeed kinda lasy but I guess it’s alright if it works just fine and might even track less of you than a regular app would? However they should be listing this as a con though in the article.
I have been using Startmail because of the unlimited aliases. They have had a DDOS attack. It is up and running now but when checking it says the website is down. My question: is a Distributed Denial of Service attack harmful to me? Should I change my password? Sorry for my ignorance — does this mean that my info/account is compromised or been hacked? since I mainly use this for aliases should I delete this account?
Thanks for all you do for us!
Babe define harmful? Since an attack was focused at StartMail the service and not you personally, and you say this account is for all your aliases. Just see it as a pain to you trying to login when the service has been attacked. Truth be known the people behind the Start things haven’t been truthful nor forth coming in the past and lost followers. I would think this their prime offering of the two that they charge to use is pretty safe.
Fishing up a memory now, wasn’t Startmail doing your login pw/paraphrase encryption off their own servers and not your through browser as something that’s different of all the other like services that use of Javascript through a browsers possible vulnerability.
[see Privacy notes: [https://support.startmail.com/hc/en-us/articles/4411999318685]
You spent the money use it for what you intended it to be just don’t renew the subscription as an option.
FYI:
This is DDoS, or Distributed Denial of Service, which is a malicious network attack that involves hackers forcing numerous Internet-connected devices to send network communication requests to one specific service or website with the intention of overwhelming it with false traffic or requests. This has the effect of tying up all available resources to deal with these requests, and crashing the web server or distracting it enough that normal users cannot create a connection between their systems and the server.
Websites sometimes “crash” due to an incoming flood of legitimate traffic, like when a highly anticipated product is released, and millions of people visit the site at once trying to buy it. DDoS attacks attempt to do the same.
Thanks lelow for your thoughtful reply.
Regarding: see Privacy notes: [https://support.startmail.com/hc/en-us/articles/4411999318685]
I don’t know how to find this. Can you resend it so that I can click on it? Or if not just paraphrase the important part?
Sure, at the time I answered as now, this is the only reference I found. Seems my recall was they had played it up big to woo peoples attention over the java-script vulnerabilities with webmail systems.
Did you used the link without the brackets?
That referenced of “Privacy notes” read:
Using JavaScript doesn’t mean you’re being tracked. Modern browsers and privacy extensions will ensure that. Our webmail will work in Firefox with Enhanced Tracking Protection turned on.
The Javascript resources used are served from our own servers, evading the use of CDNs. On some pages we use external resources, for instance for the integration with our payment platform. See External scripts on some pages for more information about this.
Seems now startmail opened for business around 01/2020 if I go by their Blog entry of their Release notes. Compared to a Posteo account (1. EUR-month) still to say both compared in a startmail service were high of cost even then. But since two years ago there has been a lot of dirt and carnage of peoples information from businesses proclaiming to safeguard the same. But yet of a last 20years in e-industry advances of business over brick-n-mortar has troves in loss for comparison of peoples information stolen that was electronically breached since.
Kind of sickens one thinking of the web internet and an ocean as being one of a threating abyss. Predators of the deep stock schools of prey. Hackers stock schools of data. Is the realm of the two all that much different to where we are not always the prey?
Some senior Brexiteers in Great Britain had their ProtonMail accounts hacked and email exchanges they had were released.
https://news.yahoo.com/exclusive-russian-hackers-linked-brexit-150654015.html
A word of caution, CyberFear Anonymous Email is flagged by Norton Safe Web as a known dangerous webpage;
https://safeweb.norton.com/report/show?product=ask.com&action=info&source=&version=&ulang=eng&url=cyberfear.com
Threat Report
This is a known dangerous webpage. It is highly recommended that you do NOT visit this page.
Also, FairEmail, the privacy-oriented email app for Android, was recently flagged by Google as spyware;
https://email.faircode.eu/
Thanks for the heads-up
I tried cyberfear and paid the 18. and it s_ck_ on desktop and mobile by views and functions.
Never had such a time trying to find readily the delete button for any message!
The drab interface stays the same across both my devices.
At least for my money I find this option available,
Delete Account:
All data including: emails, history of your account will be permanently destroyed. You will lose access and ability to receive new emails.
Available balace will be lost, as any record regarding your account will be destroyed. All existing email addresses will be held for retention to protect your privacy and prevent someone registering same email and receiving emails that may be addressed to you.
Strange it misspelled BALANCE above, and it uses FETCHING your data as a term when you login.
Here’s more, their tech said.
Free account comes with 50MB storage space.
Premium account has 1GB.
Free account sending limit is 2 per hour, premium account is unlimited.
It also comes with 1 Alias, are you able to add it?
Page: [https://cyberfear.com/index.html#settings/Disposable-Aliases]
Lots of add-ons for additional costs or a-la-carte features.
Swisscows.email has a free tier which looks better and the interface functions better.
My financial institution and ID verification service Id.me to access my VA account allows the use of a .email domain. It’s usable and somewhat trustworthy of my choices. Two things I dislike, you have one login handle for all Swisscows offers people, and the mail offers a web version log-in. But you access it from here [https://swisscows.email/en/] all the time – I guess logging into your SC mail account only?
Hi Sven
Can you tell us about some open source e-mail clients like Fair email, PEP, etc. ?
Is these worthy to use ?
Please let us know.
Regards
Been using FairEmail for a number of years on Android and like it. Free or paid (not much) versions. Easy setup or very complete, more secure and private setup. Somewhere in the middle seems about right. Used Email (nee Edison mail) previously until it became typical phone culture bloat tracker crap with travel reservations, restaurants, etc. In an email client? Whatever.
A previous poster mentioned his @swisscows.email as being rejected as not being a valid email for a financial account – is this a regular problem for these “secure but obscure” email account names?
While the services themselves are/may be wonderful and welcome by users, one definitely notices the names are truly awful pretty much across the board. Mailfence / Mailbox / Countermail / Protonmail and Startmail all sound like disposable email services like Guerillamail or Tempmail so I can see businesses routinely rejecting them out of hand as not valid (not fair granted, but easy to see why).
Runonce kind of sounds like an infection waiting to happen, while Tutanota, Kolabnow, Thexyz and the rest are just so visually and phonetically unappealing to have as ones personal, and worse yet, as business identifying email domain – I couldn’t sign up to use one even if they were FREE services. Eek lol.
I know that sounds mean right? But seriously, if any of my contacts happened to switch over without sending me a heads up that their new email address was @one-of-those-domain-names they’d all have been marked and pitched to spam/junk without even opening them…
I really want to switch off our isp named email because what if we dump the isp right? and our yahoo/gmail accts. for the obvious reasons that led me to this article, but yikes. yuck. lol 🙂
No offense to the Companies, or their service(s), they all have swell packages/offerings it looks like, but if I’m going to be identified with it for the next 10 years or more (22+yrs on our current ones) it can’t have the same charm and appeal as a fart in jar 😀
More cause of the dot email ( .email ) being the swisscows domain they used, not for any reasons you brought up. Your personal business accounts (banking, utilities, etc.) to live life in 2022 prefer a top level domain such as ,com and haven’t adapted to the newer pool of domains released to leverage a uniqueness in the domain name market of a business.
Some of the services you judge by their names but don’t see any potential to adapt it to yourself.
I do get your point I wouldn’t want rottonapples@dotbuggar nor anything unpleasant to associate with. But you have two choices one mostly free or one steps of cost to be pleasant sounding.
1) use something like the private and encrypted swisscows.email which has a free tier.
2) use one of seven’s list which has a paid tier and tote your own domain over which you paid for a set term period before you have to renew it. YOU GET THE FEATURES OF THAT EMAIL SERVICE with your preferred email address and the domain you want to use.
With e-commerce as business today it not a name@address of your email used that hurts it being accepted it’s the domain the address is tied too that’s rejected. Remember I’m using for personal use as I’m not a business not associated to one.
Will this raise any questions as I don’t hear real answers?
Hello Everyone,
My name is Paul, and I am the owner of CTemplar.
Some of you have asked why we’re shutting down. There are several reasons, but I will suggest one of them to you. When we created this service, we made a promise to ourselves that we would shut down the email service if we couldn’t guarantee our security claims to our users. That day has come, and we would rather shut this service down than make security changes that would have been harmful to you.
We will continue issuing refunds until May 26th. However, please be patient with us because I have had to lay off most of the team due to lack of funds and our support team response time is reduced. Some of you have asked about an option to make donations to the employees who lost their jobs. If your interested in this, you can send btc to this address: ‘deleted’. Or with a credit card by clicking this. However, please feel no pressure to do this.
I don’t know most of you, but I have always viewed you as if you were members of my own family, and I will miss you. Some of you have asked me for my recommendation of an email service you can use instead of CTemplar. I personally know the owners at Mailfence and I like & trust their service. However, Protonmail & Tutanota are also good services. I suggest you review the services available and make the best choice based on your needs. Ultimately, the most important thing is that your privacy and security is protected, so I don’t recommend switching back to an email service that doesn’t care about your privacy & security.
Kind Regards,
Paul M
Big QUESTION
Given, that we would shut down the email service if we couldn’t guarantee our security claims to our users.
Followed by, we would rather shut this service down than make security changes that would have been harmful to you.
What say Mailfence, Protonmail & Tutanota with the likes of many others mentioned here.
Are 100% free of not being harmful to you of their offered security. Ctemplar boasted 4-wall protections.
We feel CTemplar is the most secure email service because it has the strongest features. Here are the “4 Walls” we do best.
Wall 1: Encryption Protection:
We support encrypted Content, Contacts and Subjects
We are the only secure email service that is working on encrypting your metadata (Work in progress).
Wall 2: The Only “Zero Access” End-to-End Encryption:
“End-to-End Encryption” using javascript has flaws. The CTemplar team was the first to solve the flaws making our End-to-End encryption the very first “Zero Access” email platform.
Wall 3: Strongest Legal Protection: Iceland has no data retention laws that apply to webmail. When you press “delete” it’s instantly deleted.
Iceland legally allows us to offer total anonymity.
Iceland is outside the “14 Eyes” and has no US MLAT Treaties.
We require an Icelandic court order to turn over your data. If we turn over your data, it will only be encrypted information.
Wall 4: Company: We formed the company in Seychelles because it gives the maximum protection for company records in the world.
We do not record or list any of our user’s data for corporate reasons, and our Seychelles corporation legally allows this.
We are owned by those that built the site. No global corporations. No secret government sponsors.
Scrapped for cash or one of the 4 walls has become a breach point. Accounts at Ctemplar had lost data in part or all that accounts data.
I use several email accounts for various purposes. My question is about the privacy of email clients. My favourite would be Spark, but I have no idea what information they pull from emails. I have more confidence in Apple Mail, and perhaps, Outlook.
Any thoughts on the security of email clients or apps that can use multiple email accounts?
Been awhile since I looked, but there are some third party email clients that offer encryption.
TheBat! protects your information through multiple encryption streams, with the option to keep all information encrypted on your disk, and to protect emails during communication using end-to-end encryption (E2EE).
eM Client Boasts encryption
Thunderbird has options of Privacy and security plugins which may allow encryption
If encryption is under usability in your placement of need see
[[https://www.techradar.com/sg/best/best-email-clients]]
I have been using Duck Duck Go as my default browser. Is this a very good/secure one in your opinion? Thanks!
Both…..Duckduckgo and Startpage use only Google search engine, so they both are limited to ONLY what Google allows you to see!
Metager.org based in Germany, is a whole lot better at doing more advanced, and more detailed searches!
And is not backed in the USA, which is again, another positive!
Dear DrJon
Metager.org & By using MetaGer you retain full control over your data.
Our anonymizing proxy keeps you protected even when you continue surfing.
Our algorithms are transparent and available for everyone to read. Our source code is free.
What are your thoughts here seeing this?
Mine are the Ad Networks are big and leach your information whichever way that works in their advantage.
Metager PP says the following,
In addition to donations and membership fees, we must finance our operation through non-personalized advertising on the results page. To receive this advertising, we give the first two blocks of the IP in connection with parts of the so-called user agent to our advertising partners
Not knowing enough I see possible Con’s like this.
Lets say Metager is honestly trying to deliver on their printed knowledge that’s seen.
Being the search feature algorithms are transparent and readable for all, their source code free and the Guaranteed Privacy claim.
Aspects of the anonymizing proxy are great as could be breached or circumvented, then what
protection or guartees has one?
When tad bits of knowledge are mined they’re recorded and referenced later, then later more tad bits build a fuller image of you.
PP again says, we store the full IP address and a timestamp for a maximum of 96 hours. If a noticeable number of searches are performed by an IP, this IP is temporarily stored in a revocation list (maximum 96 hours after the last search). Then the IP is deleted.
Last thought, the web, cloud is a network of ground servers pushing data to one another, bound by the country laws it relates to as home.
Anonymizing and algorithms are far from the strength of an encrytpion key you hold in your data of your use & searches.
Where this stops short may make it easy for others to pick up and connect all the dots to everyone’s searches.
DDG does not use Google. Read the explanation of where they get search results on the DDG site.
If you can get Metager to work away from Germany. It’s equivalent to Brave search in my locale, not so hot. Wish it was better.
EXACTLY.
email not search engines is this pages topic.
search for DDG user complaints and founders background to answer yourself
No. DDG is OK as a default search engine but their “browser” is a skin on Chredge or Chromium, don’t remember which, difference is trivial really.
Choice of browsers are:
Firefox
Chromium
Safari
Others are mods of first two.
Yes, 100% reliable. They have protected me in so many ways. They are contracted by apple.
Duck Duck Go is 100% reliable. If you’ll be using it, I suggest that you ask for an email address too. I have been using it for a while now, and I trust DuckDuckGo
Please note DuckDuckGo has nothing to do with Google. One thing I can say is that
Google can’t stand DuckDuckGo. They are competitors. Others use it with Google. For me, DuckDuckGo is my search engine and browser too.
Rose, you are 100% right. I’m with you.
Lavabit.com is up , you can sign up for emails and all now, lavabit has encrypted procy (no logs) so they claimed. Pls read the privacy policy carefully with a vpn before use.
Thanks
Yes, but they chose to remain in the United States, which was the problem back in 2013.
Yes, well, even protonmail got rogue in a way, which is in switzerland, lavabit atleast shutdown before, instead of handling logs ( if that was the case) , yeah ,not saying “murica” is good , but atleast they didnt hand away. Well too point for thei honestly instead of proton mail.
So to with any other email service of another country is bound by that countries criminal laws. just the same as the criminal laws here are enforced in the good ole USA. *****
Don’t see a connection point of your reply as encryption is and was being used on Lavabit and his prior offering.
The US has great personal privacy laws, it’s all the crime, terrorism, laundering which gives access to the authorities when your the focus point. Encryption is only as good as a lock, many locks can be opened, bypassed, broken. There is no safe place for any personal data as data is mined in movements and at rest. Encryption just makes it harder to access it but not impossible. Think air as the medium for the most secure personal data shared being in person alone with each other.
YES!!! I’m with you!
I’m another that is not tech savvy & have Ctemplar for now. I just signed-up with Panz Mail, which is
rather basic & nowhere to delete account. Anyone familiar with Panz Mail?
Swisscows now have an email service which also includes a free tier.
https://swisscows.email
I’m sure readers of this review would like your views about swisscows.email if you decide to update this page.
The reason I choose protonmail is that they claim your email account will never expire even if not used for a long period of time. Tutanota also made that claim when they were fairly new but have since ceased that feature. The reason I like “never expire” email accounts is that I can use them as recovery email accounts for other email services that include that option.
Thanks.
You’ll find out maybe as I did here that [____@swisscows.email] for a financial account of mine was rejected as not being a valid email address. Bummer otherwise their tech is working to cure the issue this presents for my main email’s use. Wondering about rejections of my gov and vet accounts I have.
_ _ _ _ = my user title
Proton and Tutanota…..hahahah.
Great post, wonderful reserarch.
I have a question regarding browser “opened” email vs client based: What is the real danger of using a browser (besides the info shared with goog/microsft…)? password can be leaked alongside the cookies? The content also if not encrypted?
What about using a browser that forgets cookies once is closed? (And only using if for the mail, which pass is remembered by the password manager/brain). Is this setup better than a “everyday forever glued into windows” email client like thunderbird? Or not?
Clients also “force” you to have a VPN if want a all around security due to ip leak?
I value security over privacy, if there were a clear line between those.
And i have this idea: If worried about losing control over an email account, may consider using on your daily basis an User email account instead of an Admin email account (proton and tuta offer this feature with their own domain) so you can always reset user pass from admin account if ship happens.
Is this correct?
Thank you a lot
…as Scientist/E-Engineer and Pro-grammer(14 languages) , Analytics and Biz person, having secure email and certain pertinent features is mucho important to me. This article ( along with the dozens of other articles , websites, University and Industry Techies I’ve conferred with}, has given me excellent information and refined criteria to help base my decisions upon. For a myriad of reasons, I chose CTemplar( over a year ago).
I recently received noticed that they CTemplar is closing down end of May 2022. Ugh!…. anyway Ive started my arduos search again for another excellent email provider. SecureMyEmail, Pre Veil, CyberFear and Runbox seem promising to me.
Thank you for this great article.
I’m definitely getting a really good VPN to use along with my secured email provider.
I am very angry! CTemplar is good product, open source, in Iceland and on F-droid. I don’t trust Switzerland anymore because of the terrorism law last year. Anyone can be considered as terrorist by the Swiss authorithies. So ProtonMail, no thank you!
I hope Ctemplar will move in another country because this story stinks of government… But for the moment, I think I will change for Tutanota.
Today, I tried to create an account at Tutanota. It’s impossible with a VPN or TOR. On Android, the app doesn’t work because Android System Webview is not updated… Privacy with Tutanota? HAHAHA!
Mailfence not open source; Mailbox with some tracking; Posteo no cryptocurrency payment; etc. All the email services above are liars about privacy. Only with CTemplar, I didn’t have those problems!!!
I am not tech savvy, but I do try to avoid email as much as possible and stick with Signal as my message app of choice, sadly emails appear to be a necessary evil and in the spirit of compartmentalization I like to have a few email accounts
Whilst my threat model doesn’t include any govt agencies I still want to avoid mass surveillance. I am looking for an email service to compliment Disroot and Tutanota, since the upcoming closure of CTemplar.
Protonmail seems the obvious choice, however I have 1 question that I am hoping someone smarter than me can answer. Whilst the service is based in Switzerland, which is a great country for privacy, I am of the understanding they have offices the USA. So my question is, does the location of these offices bind Protonmail to USA jurisdiction.
I know its on the cards and I am interested in the deep dive of Swisscows email when you get around to it
Keep up the good work, this site is a wealth of knowledge
“So my question is, does the location of these offices bind Protonmail to USA jurisdiction”
Answer: No, ProtonMail only falls under Switzerland jurisdiction, where it legally operates, although it (and any other company) can have offices and employees around the world, without affecting the company’s jurisdiction.
Thank you kindly
Why is CTemplar shutting down?
I don’t know why and it does not appear that they have provided any clear answers, other than announcing they will be closing down. Here is the official announcement and discussion on reddit:
https://old.reddit.com/r/ctemplar/comments/uc9hfi/closing_notice/
Flashback to 2013: The owner/operator of Lavabit email abruptly shut down the service after getting pressured by the US gov to hand over encryption keys.
https://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email