Encrypted Email Service Providers

Discussion in 'Email Discussions' started by popowich, Jun 4, 2015.

  1. Tutanota

    Tutanota Email Service Provider

    Joined:
    Jun 15, 2015
    Messages:
    6
    Likes Received:
    5
    Thanks for updating Tutanota on your list. Could you please also add the encryption: AES 128 and RSA 2048 (a red cross seems rather misleading here).

    And a question: What is meant by 'Do not track'? We do not track our users, we do not log ip addresses. Could you put 'Yes' there? Or does it mean something else?
     


  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    I think the fair thing to do here is go with the "industry standard" and everyone can comment in this discussion why they're ahead/behind as needed.

    AES 128 - Everyone else is AES 256. It might not matter too much (independent source) but the fact that everyone else is 256 I think it makes more sense to match it than waste cycles trying to explain why 128 is almost as good.

    RSA 2048 - Following the same logic, I'll drop this feature from 4096 to 2048 in the comparison, and @SCRYPTmail can list that they exceed by supporting 4096. The 4096 is an advanced/premium feature and not a feature for the free accounts, that's a second reason to change the listing. There is a comment from @kangas (LuxSci) that there isn't much difference between 2048 and 4096 bit keys, similar to the AES 128 vs. 256.

    Amazon posted today about s2n & TLS, this might be interesting to some of the providers - awslabs/s2n · GitHub

    Whiteout updated their storage from "bring your own" to 2GB this week. That update is reflected now too.
     

  3. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    Here is an independent opinion on this topic - RSA Key Sizes: 2048 or 4096 bits? | DanielPocock.com

    If any of the services support 4096 bit keys, by default, for free users, I'll update that line of the comparison table and set the new standard to meet :)
     
  4. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
  5. SCRYPTmail

    SCRYPTmail Email Service Provider

    Joined:
    May 6, 2015
    Messages:
    167
    Likes Received:
    35
    I also would like to point into Zero Knowledge, and Encrypted Metadata in the Comparison Chart. As far as I know, sender and recipient considered to be a part of metadata(sometimes most important part of it). If it stored in database visible to system administrator, i.e you can point who is recipient of email, its not correct to have checked for Encrypted Metadata.

    As well, if system/hacker/seizure can learn who communicate to who based on offline data, like backup - zero knowledge is also not applicable.

    My best analogy would be: "We do not videotaping our visitors, so we don't know what they talk about. But we keeping log book of who they communicated with and their email addresses"
     
    popowich likes this.
  6. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    LuxSci SSL Labs has been upgraded to an A
     
  7. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    Do you think any of the services are marked with a green check that should be a red X?
     
  8. SCRYPTmail

    SCRYPTmail Email Service Provider

    Joined:
    May 6, 2015
    Messages:
    167
    Likes Received:
    35
    Yes I do, but there is more to it. As it gets more features, it will take more time to maintain. Ideal solution would be to have option marked with required link to service blog/forum where it explained and people can have prof of advertised feature . Otherwise it may end up being just "list of statements".
     
  9. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    Anyone can feel free to start a new thread or reply to this discussion, or send me a private message if they want me to ask, and I can invite service providers to comment on questions as needed. For the service providers already registered here, tag them in the post using twitter style, such as @SCRYPTmail to nofify them of a question needing clarification. I can then continue to link to the posts from the comparison chart when more info is needed to describe a feature.

    :thanks:
     
  10. kernelpanik

    kernelpanik digitalEnvelopes

    Joined:
    May 3, 2015
    Messages:
    7
    Likes Received:
    0
  11. F4P

    F4P New Email

    Joined:
    Aug 19, 2015
    Messages:
    1
    Likes Received:
    0
    Hello, sorry for my poor English. I'm trying to improve my everyday privacy, avoid government and commercial surveillance where possible and get some pseudonymity. I'm searching for email for registration on forums, shops and other services. So, E2E encryption is useless.

    I think, requirements should be like this:

    1. Servers in jurisdiction with good privacy laws
    2. Minimal logs without IP and with short duration, deleted emails actually removes from server
    3. IP and User Agent stripped from messages
    4. Provider should be secure and trustworthy
    There are many privacy focused providers, I like Tutanota. But the problem is that I wish to use DAE technique: separate email for each registration. So I need a way to get messages from all these email accounts in one place (main account or my local machine): pop3 or/and forwarding. Most privacy focused providers doesn't provide neither because of their E2E web-based encryption technologies™. OpenMailBox.org and VMail.me has pop3, but they are in France, where bad privacy laws, and they keep logs for a long time.

    Can you give me some advice on combining DAE technique and strong privacy and security?
     
  12. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    Hi @F4P

    Do you already have an opinion about which jurisdictions have good privacy laws?

    Do you already have examples of email providers that you trust and what about them makes them trustworthy?

    The number of email aliases is apparently an important requirement for you but wasn't listed in the requirements.

    How many email aliases do you project you'll need to create and keep active during the next 12 - 36 months?

    I don't expect you to find many encrypted email services that support POP3 or IMAP at this time, though more of them should support forwarding as time goes on.

    Please note that forwarding your email from these services to a home mail server technically reduces your privacy?

    Why? Email from the forums & stores to your encrypted account = no one should know your identity for that reason. Email from the service to your home IP = your home IP can be associated back to you.

    How much do you care about that? Do you want to be anonymous to the forums but don't care if the gov't is peeking and figuring out you own the email address on the other side?

    Can you define your requirement for short duration?
     
  13. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    I added this to the end of the comparison above the "get" links
     
  14. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
  15. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    I made these charts easier to find by adding a navigation tab for them in the header.

    EQ Charts.jpg
     
    compleo likes this.
  16. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    320
    Likes Received:
    61
    Good job,much more convenient.

     
    popowich likes this.
  17. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    320
    Likes Received:
    61
  18. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    Ultimately it's personal preference. These are short lists not wikipedia. I'm trying to compare services that have unique features that stand out against the others. Past participation (existing presence) in the forums helped some of the originals get listed.

    Specific to Digital Envelopes, that's a tough one to categorize. It's open source web based email that supports PGP. It's closer to how the addons/plugins list works. Is there a special feature about it that would make someone chose that over the others listed?

    Right now I think the big one that is missing and should be added is ZixMail.
     
  19. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    320
    Likes Received:
    61
    Never heard of it so i checked the web site.They are Compliance with HIPAA email security rules & offers a plug in for Outlook.

    To digress,IMO it is easier to use a e mail provider that's encrypted rather a e mail client to only have to install a plug in.I would rather avoid the middleman.
     
  20. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,992
    Likes Received:
    143
    That said, please feel free to start discussions and/or create a detailed Email Review for any service / plugin / etc that you think it worth a mention on the site :)
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...