Encrypted Email Service Providers

[Tutanota]

Thanks for updating Tutanota on your list. Could you please also add the encryption: AES 128 and RSA 2048 (a red cross seems rather misleading here).

And a question: What is meant by 'Do not track'? We do not track our users, we do not log ip addresses. Could you put 'Yes' there? Or does it mean something else?

 

[EQ Admin]

Could you please also add the encryption: AES 128 and RSA 2048 (a red cross seems rather misleading here).

I think the fair thing to do here is go with the "industry standard" and everyone can comment in this discussion why they're ahead/behind as needed.

AES 128 - Everyone else is AES 256. It might not matter too much (independent source) but the fact that everyone else is 256 I think it makes more sense to match it than waste cycles trying to explain why 128 is almost as good.

RSA 2048 - Following the same logic, I'll drop this feature from 4096 to 2048 in the comparison, and @SCRYPTmail can list that they exceed by supporting 4096. The 4096 is an advanced/premium feature and not a feature for the free accounts, that's a second reason to change the listing. There is a comment from @kangas (LuxSci) that there isn't much difference between 2048 and 4096 bit keys, similar to the AES 128 vs. 256.

Amazon posted today about s2n & TLS, this might be interesting to some of the providers - awslabs/s2n · GitHub

Whiteout updated their storage from "bring your own" to 2GB this week. That update is reflected now too.

 

[EQ Admin]

RSA 2048 - Following the same logic, I'll drop this feature from 4096 to 2048 in the comparison

Here is an independent opinion on this topic - RSA Key Sizes: 2048 or 4096 bits? | DanielPocock.com

If any of the services support 4096 bit keys, by default, for free users, I'll update that line of the comparison table and set the new standard to meet

 

[EQ Admin]

What is meant by 'Do not track'

I added (EU Law) to the description. This feature originated from the EU version of the do not track requirements.

 

[SCRYPTmail]

I also would like to point into Zero Knowledge, and Encrypted Metadata in the Comparison Chart. As far as I know, sender and recipient considered to be a part of metadata(sometimes most important part of it). If it stored in database visible to system administrator, i.e you can point who is recipient of email, its not correct to have checked for Encrypted Metadata.

As well, if system/hacker/seizure can learn who communicate to who based on offline data, like backup - zero knowledge is also not applicable.

My best analogy would be: "We do not videotaping our visitors, so we don't know what they talk about. But we keeping log book of who they communicated with and their email addresses"

 

[EQ Admin]

LuxSci SSL Labs has been upgraded to an A

 

[EQ Admin]

I also would like to point into Zero Knowledge, and Encrypted Metadata in the Comparison Chart. As far as I know, sender and recipient considered to be a part of metadata(sometimes most important part of it). If it stored in database visible to system administrator, i.e you can point who is recipient of email, its not correct to have checked for Encrypted Metadata.

Do you think any of the services are marked with a green check that should be a red X?

 

[SCRYPTmail]

Do you think any of the services are marked with a green check that should be a red X?

Yes I do, but there is more to it. As it gets more features, it will take more time to maintain. Ideal solution would be to have option marked with required link to service blog/forum where it explained and people can have prof of advertised feature . Otherwise it may end up being just "list of statements".

 

[EQ Admin]

Anyone can feel free to start a new thread or reply to this discussion, or send me a private message if they want me to ask, and I can invite service providers to comment on questions as needed. For the service providers already registered here, tag them in the post using twitter style, such as @SCRYPTmail to nofify them of a question needing clarification. I can then continue to link to the posts from the comparison chart when more info is needed to describe a feature.

 

[kernelpanik]

Hi popowich!
I'd like to ask you if it's possible to add digitalenvelopes.email | Encrypted Webmail
to the list of resource page for Encrypted Email Service Providers

Looking forward to hear from you soon.
Have a nice day!

 

[F4P]

Hello, sorry for my poor English. I'm trying to improve my everyday privacy, avoid government and commercial surveillance where possible and get some pseudonymity. I'm searching for email for registration on forums, shops and other services. So, E2E encryption is useless.

I think, requirements should be like this:

1. Servers in jurisdiction with good privacy laws
2. Minimal logs without IP and with short duration, deleted emails actually removes from server
3. IP and User Agent stripped from messages
4. Provider should be secure and trustworthy

There are many privacy focused providers, I like Tutanota. But the problem is that I wish to use DAE technique: separate email for each registration. So I need a way to get messages from all these email accounts in one place (main account or my local machine): pop3 or/and forwarding. Most privacy focused providers doesn't provide neither because of their E2E web-based encryption technologies™. OpenMailBox.org and VMail.me has pop3, but they are in France, where bad privacy laws, and they keep logs for a long time.

Can you give me some advice on combining DAE technique and strong privacy and security?

 

[EQ Admin]

Hi @F4P

Servers in jurisdiction with good privacy laws

Do you already have an opinion about which jurisdictions have good privacy laws?

Provider should be secure and trustworthy

Do you already have examples of email providers that you trust and what about them makes them trustworthy?

: separate email for each registration.

The number of email aliases is apparently an important requirement for you but wasn't listed in the requirements.

How many email aliases do you project you'll need to create and keep active during the next 12 - 36 months?

pop3 or/and forwarding

I don't expect you to find many encrypted email services that support POP3 or IMAP at this time, though more of them should support forwarding as time goes on.

Please note that forwarding your email from these services to a home mail server technically reduces your privacy?

Why? Email from the forums & stores to your encrypted account = no one should know your identity for that reason. Email from the service to your home IP = your home IP can be associated back to you.

How much do you care about that? Do you want to be anonymous to the forums but don't care if the gov't is peeking and figuring out you own the email address on the other side?

• Minimal logs without IP and with short duration, deleted emails actually removes from server

• IP and User Agent stripped from messages

Can you define your requirement for short duration?

 

[EQ Admin]

how about a row indicating paid plans prices?

I added this to the end of the comparison above the "get" links

 

[EQ Admin]

@saraf tracked down the sending limits. They have been added to the comparison. Compare - Encrypted Email Service Providers

 

[EQ Admin]

I made these charts easier to find by adding a navigation tab for them in the header.

 

[compleo]

Good job,much more convenient.

I made these charts easier to find by adding a navigation tab for them in the header.

View attachment 2147

 

[compleo]

Hi popowich!
I'd like to ask you if it's possible to add digitalenvelopes.email | Encrypted Webmail
to the list of resource page for Encrypted Email Service Providers

Looking forward to hear from you soon.
Have a nice day!

What is the criteria to make the list?

 

[EQ Admin]

What is the criteria to make the list?

Ultimately it's personal preference. These are short lists not wikipedia. I'm trying to compare services that have unique features that stand out against the others. Past participation (existing presence) in the forums helped some of the originals get listed.

Specific to Digital Envelopes, that's a tough one to categorize. It's open source web based email that supports PGP. It's closer to how the addons/plugins list works. Is there a special feature about it that would make someone chose that over the others listed?

Right now I think the big one that is missing and should be added is ZixMail.

 

[compleo]

Right now I think the big one that is missing and should be added is ZixMail.

Never heard of it so i checked the web site.They are Compliance with HIPAA email security rules & offers a plug in for Outlook.

To digress,IMO it is easier to use a e mail provider that's encrypted rather a e mail client to only have to install a plug in.I would rather avoid the middleman.

 

[EQ Admin]

Ultimately it's personal preference. These are short lists not wikipedia. I'm trying to compare services that have unique features that stand out against the others. Past participation (existing presence) in the forums helped some of the originals get listed.

That said, please feel free to start discussions and/or create a detailed Email Review for any service / plugin / etc that you think it worth a mention on the site