Email Service That Doesn't Read Your Email
Are your emails and attachments rubber from prying eyes?
Unless you are using a secure email service that respects your privacy, the respond is probably no. Near large email providers, such every bit Gmail and Yahoo, do not respect the privacy of your inbox. For instance,
- Gmail was caught giving third parties full access to user emails and also tracking all of your purchases.
- Advertisers have been allowed to scan Yahoo and AOL accounts to "identify and segment potential customers by picking up on contextual ownership signals, and past purchases."
- Yahoo has been caught scanning emails in real-fourth dimension for The states surveillance agencies.
While Gmail does permit users to opt out of some invasive features, the basic business model of these services revolves around information collection.
Big-name email services put lots of money into security, merely they are as well big targets and not invulnerable. In March, the big news was the ease with which hackers were able to compromise thousands of Microsoft Exchange e-mail servers. You might well be safer using a smaller, less well-known email service.
Another concern is where your email service is locatedand how this may touch on your data and privacy. Some jurisdictions have laws to protect data privacy (Switzerland), while others accept laws in place to erode information technology (the US and Australia). We'll encompass this in more than detail below.
On a positive note, at that place is a relativelysimple solution for keeping your inbox more secure: switch to a secure electronic mail provider that respects your privacy.
What is the best secure e-mail service in 2022?
With so many different types of users, there is no single "best secure email" service that will be the top choice for everyone.
While some may prioritize maximum security and strong encryption, others may want convenience and simplicity with user-friendly apps for all devices.
Here are just a few factors to consider when switching to a secure email provider:
- Jurisdiction – Where is the service located and how does this impact user privacy? Where is your data physically stored?
- PGP support – Some secure electronic mail providers support PGP, while others do not apply PGP due to its vulnerabilities and weaknesses.
- Import feature – Can y'all import your existing emails and contacts?
- Email apps – Due to encryption, many secure email services cannot be used with third-party electronic mail clients, but some besides offer dedicated apps.
- Encryption – Are the emails cease-to-end encrypted in transit? Are emails and attachments encrypted at rest?
- Features – Some features you may want to consider are contacts, calendars, file storage, inbox search, collaboration tools, and back up for DAV services.
- Security – What are the provider's security standards and policies?
- Privacy – How does the e-mail service protect your privacy? What data is being collected, for how long, and why?
- Threat model – How much privacy and security do you need and which service best fits those needs?
The goal of this guide is to help you lot find the all-time secure email solution for your unique needs.
This list is not in rank social club . (Choose the best secure email service for you based on your ain unique needs!)
Hither are the near secure e-mail providers that protect your privacy.
1. Mailfence – Fully-featured secure electronic mail in Belgium
| Based in | Belgium |
| Storage | 5-l GB |
| Price | €3.25/mo. |
| Complimentary Tier | Up to 500 MB |
| Website | Mailfence.com |
Mailfence is a fully-featured secure email provider offering calendar and contacts functionality, file storage, and PGP encryption support. It is based in Belgium, which is a expert privacy jurisdiction with strict data protection laws.
For those wanting full PGP control and interoperability, without plugins or add together-ons, Mailfence is a solid choice. Whether you are a personal user or y'all need a secure email solution for your business or squad, Mailfence likely has all the features and options yous'd want.
While many secure email services sacrifice features and functionality for security, you can take it all with Mailfence. This makes Mailfence a great alternative to full electronic mail and productivity suites, such as G Suite or Part 365.
In testing everything out for the Mailfence review, I found it to piece of work very well with an intuitive design, slick layout, and tons of features. Mailfence as well offers email and phone support, in addition to cryptocurrency payment options.
+ Pros
- Offers end-to-end encryption and digital signatures
- Mobile and spider web apps
- Data is stored on Belgian servers
- Offers OpenPGP encryption
- Letters, Documents, Calendar, Contacts, and Groups
- SMTP, Popular, and IMAP support
- Tin can synchronize with other email clients
- Supports password-protected messages with expiration time
- Removes IP addresses from mail headers
- OpenPGP user keystore
- Great user interface (recently updated)
- Cryptocurrency payment options
– Cons
- Logging of IP address and some other data
- Code is not open up source
Website: https://Mailfence.com
Run into our Mailfence review for more info.
ii. Tutanota – Private and secure electronic mail in Germany
| Based in | Federal republic of germany |
| Storage | 1 – 1,000 GB |
| Cost | €i.00/mo. |
| Costless Tier | Up to 1 GB |
| Website | Tutanota.com |
Tutanota is a Germany-based secure email service run past a pocket-size squad of privacy enthusiasts, with no outside investors or owners. Although it is not as widely known as ProtonMail, Tutanota is a serious player among secure e-mail providers. Its hybrid encryption system overcomes some of the drawbacks of PGP, and your privacy rights are protected by the GDPR and other pro-privacy EU regulations.
Notation: Tutanota claims that their encryption can exist updated/strengthened if necessary against breakthrough-figurer attacks.
All messages in your inbox, contacts, and calendar are encrypted at remainder on servers in Germany. For sending encrypted emails with Tutanota, y'all have two options:
- Emailing another Tutanota user, which encrypts everything automatically (asymmetric encryption)
- Emailing an external (non-Tutanota) user with a link to the message and sharing a password central for encrypting/decrypting messages (symmetric encryption).
While Tutanota uses high encryption standards and is arguably one of the most secure email providers anywhere, it also comes with some tradeoffs. This includesno support for PGP, IMAP, POP, or SMTP. Additionally, you cannot import existing emails into your encrypted Tutanota inbox.
To explicate why Tutanota does not rely on PGP standards, Tutanota cofounder Matthias Pfau wrote this piece for Restore Privacy readers,Let PGP Die: Why Nosotros Need a New Standard for Email Encryption.
If you are looking for a transparent, high-security email provider run by a squad of privacy enthusiasts, Tutanota is a solid choice.
+ Pros
- Encrypted letters (including Subject lines) Address Volume, Inbox Rules and Filters, Search Alphabetize, encrypted at rest and stored on German servers
- Can search torso of encrypted messages
- Can send encrypted letters to not-users
- Strips IP address from emails
- Desktop, mobile, and web apps
- Open up source code (including mobile apps)
- Great apps for mobile devices
- Gratis accounts with 1 GB of storage
- Encrypted calendar with iCard back up
- Encrypted contacts
- Inbox rules with Spam filter
- Multiple email addresses (aliases)
- Support for custom domains and other price+ features
- Discounts and additional support for non-profits
- Publishes regular Transparency Reports
– Cons
- Does not piece of work with PGP
- Currently no mode to import existing emails
- Based in a 14 eyes country (Frg)
- Simply accepts credit card or PayPal; no cryptocurrency payments
Website: https://Tutanota.com
See our Tutanota review for more than info.
iii. ProtonMail – Secure email in Switzerland
| Based in | Switzerland |
| Storage | five-20 GB |
| Price | $four.00/mo. |
| Free Tier | Upward to 500 MB |
| Website | ProtonMail.com |
UPDATE: ProtonMail was forced by a Swiss courtroom to log user IP addresses for a specific criminal complaint. Get more info in our article on the ProtonMail logging case here.
ProtonMail is a Switzerland-based email service that enjoys a great reputation in the privacy community. It was started by a squad of academics working at MIT and CERN in 2014. Presently thereafter, it was promoted in American media every bit "the just email system the NSA can't access" – which was around the time Lavabit was shut downwardly for not cooperating with the US government.
Looking at the service itself, ProtonMail does a lot of things correct. It utilizes PGP encryption standards for e-mail and stores all messages and attachments encrypted at rest on Swiss servers. ProtonMail has a unique feature for "self-destructing letters" and they take likewise added address verification and full PGP back up.
Regarding encryption, still, it's important to note that ProtonMail does non encrypt subject lines of emails or certain metadata, inherent limitations of the PGP standard. Most of the email services we discuss here use PGP, but I wouldn't count on any of them to continue me rubber from the NSA or their counterparts in other major countries.
Additionally, the ProtonMail search function can only search field of study lines within your inbox, but not the actual content of your emails. This is another functional limitation that comes from integrating more than encryption and security into the service.
ProtonMail does offer some neat apps for mobile devices (Android and iOS). You can also use ProtonMail with third-party apps through the ProtonMail Bridge feature (restricted to paid users).
Overall ProtonMail is a well-regarded electronic mail provider and should be a bang-up secure electronic mail option for most users. Switzerland remains a strong privacy jurisdiction that is not a fellow member of any surveillance alliances.
In add-on to email, the aforementioned team also offers a VPN service, which we have tested for the ProtonVPN review.
+ Pros
- Cease-to-end (E2E) and zilch-access encryption for Email, Calendar, and Contact information
- Operates nether Swiss jurisdiction
- All data stored on servers in Switzerland
- Apps for Android and iOS mobile devices
- Web customer, encryption algorithms, Android and iOS code are all open source
- Back up for custom domains
- Strips IP address from emails
- Tin can be used with third-party email clients through the ProtonMail Span characteristic
- Can import contacts and emails
– Cons
- ProtonMail does not encrypt electronic mail subject area lines
- Sometimes requires personal information for verification of new accounts
- To a higher place-average pricing
- Incredibly long beta test cycles
- May be forced to log user IP addresses by court club
Website: https://ProtonMail.com/
Come across our ProtonMail review for more than info.
4. Mailbox.org – Individual e-mail in Germany
| Based in | Germany |
| Storage | 2 – 100 GB |
| Price | €one.00/mo. |
| Gratis Tier | None |
| Website | Mailbox.org |
Another Germany-based secure email provider worth considering is Mailbox.org. Not only does information technology protect your e-mail with top-stop security protocols, Mailbox.org is a total-featured email and productivity suite, similar to Office 365. Information technology offers a huge lineup of features: Postal service, Calendar, Address Volume, Drive (cloud storage), Tasks, Portal, Text, Spreadsheet, Presentation, and Webchat. Despite all the features, the layout and design of Mailbox.org still manages to be user-friendly.
When choosing a secure electronic mail provider, y'all oft take to choose between features and security. With Mailbox.org, you can arguably get the best of both worlds. From the security and encryption side, Mailbox.org offers total PGP support and options to hands encrypt all your data at remainder on their secure servers in Germany. You can also use Mailbox.org with mobile apps and third-party electronic mail clients.
Lastly, Mailbox.org is very affordable, with basic plans starting at only €1 per month and going upwardly for more than storage and features. You tin can pick up a costless 30-day trial if you desire to examination-drive this privacy-focused email provider.
+ Pros
- PGP support (server-side or E2E through Mailvelope app)
- Company and servers located in Deutschland with strong privacy protections
- HSTS and PFS for messages in transit
- Protected against human-in-the-middle attacks
- Bulletin and spam filters
- Virus protection
- Full text search
- Pop, IMAP, SMTP, ActiveSync support
- vCard, CardDAV, CalDav support
- Letters are encrypted at rest
- Supports custom domains
- Mobile apps for some of the Office features
- Open source
– Cons
- No mobile e-mail clients (only can be used with third-party e-mail clients)
- Some tracking during registration
- PGP encryption leaves message subject and metadata exposed
Website: https://Mailbox.org/
Bank check out our Mailbox.org review for more details.
five. Posteo – Privacy-focused email in Federal republic of germany
| Based in | Germany |
| Storage | two – 20 GB |
| Price | €1.00/mo. |
| Free Tier | None |
| Website | Posteo.de |
Posteo is withal some other German language email provider that offers a high level of privacy and security for its users. In some respects, it has much in common with Mailbox.org. Both are fully-featured electronic mail providers that utilize PGP encryption standards, with similar prices. But in a few fundamental areas, Posteo is a bit unlike:
- Custom domains are not supported.
- There is no spam folder (all emails are either delivered to your inbox or rejected).
- In that location's no trial or free tier (but nonetheless quite affordable).
In terms of privacy, Posteo really makes an effort to protect the privacy of its users. IP addresses are automatically stripped from emails, no logs are kept, and they offer strong encryption standards. In short, this email takes security and privacy very seriously.
Posteo also supports completely bearding registration and bearding payments – even assuasive you to transport cash in the mail for no digital trail. (We see this trend with VPN services every bit well.) And if you pay with a credit card, PayPal, or some other digital method, they manually split up account details from payment info.
+ Pros
- Mail, Calendar, Contacts, and Notes are encrypted at remainder with OpenPGP on secure servers in Frg
- Configurable spam filter
- Migration service for moving from some other electronic mail service to Posteo
- Subject, headers, torso, metadata, and attachments are encrypted
- Includes Messages, Calendar, Contacts (Address Book), and Notes
- Completely Open Source
- Strong delivery to privacy, sustainable energy, and other social initiatives
- Self-financed; good rail record (operating since 2009)
- No logs, IP address stripping, secure email storage with daily backups
- Allows anonymous (greenbacks) payments
- Supports SMTP, Popular, and IMAP protocols
– Cons
- Custom domains not supported; no ".com" options bachelor
- No spam binder (spam emails are either rejected or delivered to regular inbox)
- Germany is a xiv Eyes country
- No trial or free version
- Cryptocurrency payments not supported
Website: https://Posteo.de/
See the Posteo review for more info.
half-dozen. Runbox – Private and sustainable email in Kingdom of norway
| Based in | Norway |
| Storage | i – 25 GB |
| Price | $1.66/mo. |
| Complimentary Tier | thirty day trial |
| Website | Runbox.com |
Runbox is a long-running private e-mail service in Kingdom of norway that has been operating for over 20 years. Norway is also a good jurisdiction with a stiff legal framework for privacy. All Runbox servers are located in secure Norwegian information centers, running on clean, renewable, hydropower energy.
One unique characteristic of Runbox is that it gives you 100 aliases to utilize with your business relationship. Secure file storage is also included, with different pricing tiers. Runbox fully supports SMTP, Pop, and IMAP protocols and can be used with third-party email clients. This year they released Runbox 7, which is a webmail customer, but they practise not offer custom mobile or desktop clients.
Different another secure e-mail providers, Runbox does not accept a congenital-in option for encrypting your unabridged mailbox. And while you lot can use PGP with Runbox, it is not yet congenital into the platform. Some other drawback is that Runbox does not offer a congenital-in calendar, merely this feature may be included in Version 7 (when released).
Runbox offers 30 solar day free trials and makes importing your existing emails simple with the guides on their site.
+ Pros
- IP addresses stripped from messages
- Includes Webmail, Contacts, and Files
- Servers run on renewable energy
- Supports SMTP, POP, and IMAP protocols
- Synchronizes with other email clients
- GDPR compliant
- Norway has strong data protection laws
- 100 email aliases per mailbox
- Custom domain names on some paid accounts
- Numerous payment methods accustomed (including cash and cryptocurrencies)
– Cons
- Browser-based; no desktop or mobile apps
- Non open source
- Data not encrypted within the Runbox system or at rest
- No business-specific features
Website: https://Runbox.com
Check out our Runbox review here .
7. CounterMail – Private and secure Swedish e-mail service
| Based in | Sweden |
| Storage | 4 GB+ |
| Price | $four.83/mo. |
| Gratuitous Tier | seven day free trial |
| Website | CounterMail.com |
Next up on our list is CounterMail, a secure electronic mail provider based in Sweden. CounterMail has been operating for over 10 years with a philosophy to "offer the most secure online email service on the Internet, with excellent free support." CounterMail uses OpenPGP encryption with 4,096-bit encryption keys. CounterMail also protects users from identity leaks and Man-In-The-Middle attacks with RSA and AES-CBC encryption on top of SSL.
They also proceed no logs and store your mail on diskless servers to protect user privacy. Countermail anonymizes email headers and too strips the sender'southward IP address. All emails and attachments are stored encrypted at residual using OpenPGP on servers in Sweden.
While CounterMail is a bit more expensive than some other secure e-mail providers, they explain this price difference comes from using merely high-quality servers and implementing strong security measures. It may non take all the frills, but CounterMail is a serious security-focused email provider with a ten+ yr track record.
+ Pros
- Supports cryptocurrency payments
- Secure, built-in countersign director
- All emails and attachments stored encrypted on no-logs, secure servers in Sweden
- Custom domain support
- Message filter and autoresponder features
- Uses RSA, AES-CBC, and SSL encryption to protect against leaks and MITM attacks
– Cons
- Design and UI feels outdated
- More expensive than other secure email options
https://CounterMail.com
8. CTemplar – An "armored e-mail" service in Iceland
| Based in | Iceland |
| Storage | ane-l GB |
| Price | $6.00/mo. |
| Free Tier | Up to one GB |
| Website | CTemplar.com |
CTemplar is a secure e-mail service based in Iceland, a country with splendid privacy laws. They are worth a test drive, particularly if you lot can notice yourself a free version invitation code. That free version, with its ane GB of storage, may be all you need. If non, a paid program should get the job done.
Note that CTemplar is still a relatively immature service, with some features still under development. In particular, they are still working on encrypting your metadata and don't withal have IMAP/SMTP support for 3rd-party clients working.
+ Pros
- Strong encryption standards (4096-bit RSA) with born back up for end-to-end encrypted emails (using OpenPGPjs)
- 100% open source code
- Based in Republic of iceland, with some of the strongest privacy laws in the globe
- Passwords protected past "Zero Cognition Password" technology
- Nada logs; IP accost stripped from emails
- Anonymous signup options (no telephone verification)
- Bearding payment option using Monero
- Self-destructing emails and Dead Human being's Timer
- Tin send encrypted emails to not-CTemplar users
- Custom email domains
- Desktop, mobile, and browser apps
- xiv 24-hour interval money-back guarantee
– Cons
- Email Bailiwick line but encrypted in paid plans
- Above-average prices
- No support for IMAP/SMTP and third-party email clients (work in progress)
Website: https://CTemplar.com
Cheque out the CTemplar review to encounter how this service did in our tests.
9. Kolab Now – Fully-featured Swiss e-mail
| Based in | Switzerland |
| Storage | 2 GB+ |
| Price | $five.47/mo. |
| Gratuitous Tier | 30 day trial |
| Website | KolabNow.com |
Based in Switzerland, Kolab Now is a private e-mail service offering lots of features and full email suite functionality. A Kolab At present subscription includes email, contacts, agenda, scheduling, collaboration/sharing tools, and cloud file storage. Right now they are running a public beta of their voice and videoconferencing organisation. All of the features and options make Kolab Now an excellent choice for business users, teams, and privacy-focused individuals.
While Kolab now does offer numerous features and support for all major operating systems and devices, it also does not offer as much encryption for those who want the highest levels of security. Stop-to-finish encryption for emails is not built-in and emails are not stored encrypted at balance.
The price is also on the higher end, especially if you lot want access to all features and more storage. However, for those wanting a characteristic-rich e-mail suite hosted in Switzerland, Kolab At present may exist a good fit.
+ Pros
- Accepts cryptocurrency payments
- Full back up for POP, SMTP, and IMAP
- Switzerland jurisdiction with stiff privacy protection
- Full email suite with numerous features to replace Gmail, Office365, etc.
- Back up for custom domains, teams, and business organization users
- End-to-end (E2E) encryption is bachelor, but not congenital in
– Cons
- Email not encrypted at balance (but stored in high-security Swiss data center)
- Expensive
Website: https://KolabNow.com
ten. StartMail – Private email hosted in The Netherlands
| Based in | The Netherlands |
| Storage | ten-xx GB |
| Price | $v.00/mo. |
| Free Tier | 7 mean solar day trial |
| Website | StartMail.com |
StartMail is a secure e-mail service brought to you lot by the team behind Startpage, a private search engine based in the netherlands. While at that place was surprising news well-nigh System1 investing in Startpage, StartMail is its own unique entity under StartMail B.5. – a company operating nether Dutch law in The Netherlands.
The netherlands is a skilful jurisdiction for privacy and StartMail aims to continue as little data as possible to run their operations (see privacy policy). Unlike most secure email providers, StartMail handles encryption server-side, rather than in the browser – see their white paper explaining why.
StartMail allows users to utilise PGP encryption with emails also being encrypted at remainder on their Dutch servers. I absurd feature with StartMail is they give you the ability to create temporary, dispensable email addresses "on the fly" to use with different services. IMAP and SMTP are too supported if you want to employ StartMail with 3rd-party apps such as Thunderbird.
+ Pros
- Can create temporary, dispensable email addresses
- Accepts cryptocurrency payment
- IMAP and SMTP back up; tin use custom domains
- Headers and IP address stripped from all emails
- Accounts come with 10 GB file storage
– Cons
- No custom mobile apps
- Not open source
- College prices
Website: https://www.StartMail.com
xi. Soverin – Basic private email in Netherlands
| Based in | The netherlands |
| Storage | 25 GB |
| Price | €3.25/mo. |
| Free Tier | No |
| Website | Soverin.net |
Soverin provides a basic and individual email service at a reasonable toll. Plans come with 25 GB of storage and custom domains are supported. All data is stored on servers in Frg. Soverin strips IP addresses from headers while besides using strong encryption standards, although e-mail is non stored encrypted at rest by default.
For those wanting a basic private electronic mail with lots of storage that is protected past European privacy laws, Soverin may be a proficient choice. It tin can also be used with third-party email clients and importing old emails is relatively elementary.
+ Pros
- 25 GB of information storage for all plans
- Information protected under Dutch privacy laws and GDPR
- Tin be used with 3rd-party email clients
– Cons
- No custom mobile apps
- Not open source
- No built-in encryption options
Website: https://Soverin.net
12. Thexyz – A fully-featured private email service in Canada
| Based in | Canada |
| Storage | 25-100 GB |
| Toll | $two.95/mo. |
| Free Tier | No |
| Website | www.Thexyz.com |
Another privacy-focused email service worth noting is Thexyz. It is a secure e-mail and web hosting business based in Canada that offers solutions for businesses and private users. The email arm of Thexyz has been operating since 2009, as explained on the about page. While Canada may not be the best jurisdiction for privacy (Five Eyes), this may not be too concerning depending on your needs and threat model.
Thexyz does offering some great privacy and security features. Accounts come with encrypted deject storage equally well every bit contacts, agenda, and team collaboration tools. All emails are stored encrypted at residue using AES 256-bit encryption, with double geo-location redundancy. With a bones account, you get unlimited aliases and 25 GB of storage (upgradable to 100 GB). Even with all the perks and features, Thexyz is still very affordable at $ii.49/mo with the premium webmail program.
+ Pros
- Great applications and user interface
- Electronic mail encrypted at residual with 256-scrap AES
- Subscriptions include calendar, contacts, chat, and encrypted cloud storage
- Unlimited aliases; emails can include up to 50 MB attachments
- Support for custom domains
- Autoresponder, spam filters, and incoming electronic mail filtering
- Apps for iOS and Android
- Accounts come up with 25 GB of email storage (upgradable to 100 GB)
– Cons
- Based in Canada (not the best privacy jurisdiction)
- Support for end-to-end e-mail encryption is non congenital-in
Website: https://www.thexyz.com
Worth mentioning
Aside from the secure email services we discussed in a higher place, nosotros are as well keeping our eye out for new services emerging into this niche.
CyberFear Anonymous Email
CyberFear is an bearding electronic mail service in Poland that has caught our attending. It does not serve ads or log IP addresses, while also offer full encryption on par with our other recommendations. Hither is an overview of CyberFear:
- End-to-end encryption of emails and metadata
- At rest, all of the following email elements are encrypted: e-mail body, subject line, attachments, sender accost, recipient address
- Bearding registration with merely username and password
- No IP logs
- Offshore servers (Poland)
- Cryptocurrency payments supported
- TOR support (Onion address is cyberfear4hlcsac.onion)
- Disposable aliases
- Custom domains supported
- No external scripts nor captchas
- PGP back up
- Sending encrypted emails outside (will require password to decrypt)
- Pick to host CyberFear frontend on your own estimator
- Push notifications
- Open source frontend (and backend coming shortly)
And so far, CyberFear is looking expert. You tin learn more on their website here.
Electronic mail jurisdiction and data privacy
Where your electronic mail service is located (jurisdiction) tin seriously touch the security of your data. Depending on your threat model, this could exist a major consideration. For an overview of jurisdiction and privacy, yous may desire to read our commodity on the 5/9/fourteen Eyes surveillance alliances.
Hither are some reasons to pay attention to jurisdiction.
United States (leading fellow member of the Five Eyes)
Tech companies in the US tin can be forced to give government agencies direct access to their servers for "extensive, in-depth surveillance on live communications and stored information" – equally explained in the PRISM surveillance program. Data requests can besides exist accompanied by gag orders, which forbids the company from disclosing what'south going on (run into also National Security Letters).
In that location are a few known cases of US email providers being forced to surrender data. In one prominent example, Lavabit decided to close downwardly the concern rather than surrender user data. Another US email provider, Riseup, was also forced to give up data to authorities.
After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would take resulted in jail fourth dimension for Riseup birds and/or termination of the Riseup organization).
There was a "gag order" that prevented the states from disclosing even the beingness of these warrants until now. This was likewise the reason why nosotros could not update our "Canary" [warrant canary that warns users almost these events].
Germany (member of the fourteen Optics)
While Germany has long been a rock-solid jurisdiction for privacy-focused tech companies, I've noticed some troubling trends recently:
- In January 2019, a German court ruled that Posteo must log IP addresses if required by a valid court society. Posteo explained they would not modify their system to log all users' IP addresses, but would comply for specific users, if ordered past a High german court.
- In November 2019, a High german court ruling forced Tutanota to provide real-fourth dimension access to unencrypted emails for specific users targeted by a court order. As Tutanota explained, only unencrypted messages sent after the court order was received would be affected.
Europe in Full general
In one case again politicians in Europe are trying to find an excuse to limit or ban the apply of encryption by their people. This time around, the argument is that encryption must be banned to fight child abuse. Once again it is up to tech companies including Tutanota and Mailfence to protect the privacy rights of the populace. In April, a group of companies sent an open up letter to the European Parliament arguing against the mass surveillance that the elimination of encryption would be meant to enable.
How this will plough out is unclear, simply the possibility of the European union banning encryption casts doubts on the viability of any secure e-mail service based in the European union.
We'll let you know what happens with this.
All email providers must comply with the law
While these examples may seem alarming, the truth is that all email providers must comply with legal requirements in the land they are operating in. For case, ProtonMail, a Switzerland electronic mail provider, has also been forced to log IP addresses and disable accounts by valid court orders, as they disclose in their transparency written report.
(Notation: If you lot are concerned about your e-mail service logging your IP address, and so simply use a good VPN service.)
Considering everything, some jurisdictions are much meliorate than others, so choose wisely. As a general rule, I'd nevertheless avoid email services in the U.s.a., and peradventure other Five Eyes jurisdictions.
Want secure electronic mail? Pay for it.
The unlimited "free" email business concern model is fundamentally flawed. Information technology offers a free service, which is used to collect information and thereby monetize the user and make money on ads. With these privacy-abusing "free" services, you are actually paying for the product with your data.
In contrast, hither we recommend privacy-friendly, secure, ad-free electronic mail services. While some of these individual e-mail services offering limited free subscriptions, you will need to upgrade to a paid plan for more storage and premium features (the freemium concern model).
Support good privacy businesses
Fortunately, you can "vote with your dollars" past supporting these privacy-respecting businesses and upgrade to paid accounts. This will aid secure email providers to grow, better, and serve more than people with an upstanding concern model that does not rely on exploiting their users' data.
Secure email shortcomings and PGP flaws
Most secure email solutions mentioned in this guide utilize PGP for cease-to-end encrypted e-mail. PGP, which stands for Pretty Good Privacy and was invented back in 1991 by Phil Zimmermann.
PGP flaws – While PGP is considered a trustworthy, secure encryption method, there have been some flaws in implementing PGP that have made headlines recently – see too the EFAIL vulnerabilities.
While the news did attract lots of attention, the "flaws" were mainly express to the incorrect implementation of PGP by third parties. To my knowledge, this did not affect the secure email providers mentioned in this guide.
Limited Use – Some other cardinal trouble with adopting secure email is that few people are willing to get through the hassle of PGP key direction, encryption, decryption, etc. In that location are some solutions, to this, nonetheless, and by some measures encrypted email usage continues to grow.
Many providers address this issue by making encryption automatic and seamless. Tutanota, for example, uses born AES encryption that automatically encrypts emails between Tutanota users, including headers, subject line, body, and attachments. They as well provide a secure, two-way advice contact form called Secure Connect.
Vulnerabilities – Fifty-fifty when using a secure browser, there are withal vulnerabilities to consider with browser-based e-mail clients. Phil Zimmermann gave an interview highlighting some of these shortcomings:
"The browser is not a terribly condom place to run code. Browsers have a large set on surface," he said. Wherever encryption and decryption accept place, though, information technology'south a vast improvement on no encryption. But even encrypting messages may not be enough, depending on the threat model. The very nature of email makes information technology vulnerable.
"Email has an enormous attack surface," Zimmermann said. "You've not only got cryptographic issues but you've got things like spam and phishing and loading images from a server somewhere that might have things embedded inside."
On a positive note, however, at that place are many options for securing and hardening your browser – come across the secure browser and Firefox privacy guides. Furthermore, most secure electronic mail providers offering protection against these attack vectors by blocking email images by default while also utilizing virus filters.
Keep in mind, however, that non-browser email clients can also exist problematic – potentially revealing unique information about your operating system (user agent) as well as your IP accost and location.
Regardless of these limitations, using a secure email provider will assistance keep big tech companies from harvesting your email information for third parties.
Secure email vs secure messaging apps
Depending on your threat model, you may too want to consider using secure messaging apps, which practise not have all of the vulnerabilities discussed above with email.
We have tested many dissimilar encrypted and secure messaging apps and compiled a list of our favorites. Here are a few reviews of some of the best options nosotros've tested:
- Indicate review
- Wire review
- Wickr review
- Threema review
- Keybase review
- Session review
- Telegram review
Encrypted messaging apps generally offer a higher level of security over e-mail, plus they are much easier to use than PGP electronic mail encryption.
Finally, encrypted messaging apps are also convenient for back-and-forth conversations, document sharing, and collaboration with others. For more data, check out our roundup guide on the best secure messaging apps.
E'er use a good VPN with electronic mail
One key problem with email is that information technology can expose your IP accost and location to third parties, by design.
While some secure e-mail services strip IP addresses and conceal metadata, many others do not. Fifty-fifty the popular Enigmail encryption plugin, which is used with Thunderbird, was found to be leaking user IP addresses. Some email services may exist forced to log user IP addresses past valid court orders, without disclosing whatsoever information to the user. We've seen this with email providers in the Us, Germany, and even Switzerland.
Finally, in that location's also the fact that many email serviceskeep logs for security, which may include user IP addresses, connectedness times, and other metadata. Of class, whenever you accept logs, this data could end upwardly with third parties (for various reasons).
To effectively muffle your IP address and location, you can but utilize a good VPN service.
A VPN creates a secure tunnel between your device and a VPN server, encrypting your traffic and concealing your real IP address and location. The VPN will encrypt and anonymize your cyberspace traffic, while you lot carry on with business organisation equally usual. Some of the larger providers, such as NordVPN and Surfshark, offering apps for all major devices and big server networks around the world.
Due to the security and privacy benefits a VPN offers, it's a smart idea to use i whenever y'all're online. Internet providers in many countries are recording user browsing history by logging DNS requests. Depending on local laws, this information could then be sold to advertisers or handed to government agencies in countries with mandatory information retention laws. With a VPN, your DNS requests are encrypted and handled past the VPN server and unreadable to your ISP or other parties.
For more info, run into these best VPN services.
Conclusion on secure and private email services
Any your situation is, using a secure and individual email provider is a smart step to protect your data. Gmail, Yahoo, Microsoft, and the other big email players do not place the highest priority on your privacy. Paying for a skilful email service that values privacy ensures you aren't paying with your personal information.
In one case you lot switch to i of these email services y'all will be much more secure. Then all you need to do is avoid non-technical attacks, like the typical email scams that never seem to go away.
Meet the chief privacy tools guide for other privacy and security essentials.
We too have a guide on encrypting electronic mail.
And if you want more info on these secure email providers, you could check out the reviews below:
- ProtonMail Review
- Tutanota Review
- Mailfence Review
- Mailbox.org Review
- Hushmail Review
- Posteo Review
- Fastmail Review
- Runbox Review
- CTemplar Review
Accept yous used ane of these secure e-mail providers? Experience costless to exit your feedback/review of the service beneath.
This secure email guide was last updated on January iii, 2022.
Source: https://restoreprivacy.com/email/secure/
0 Response to "Email Service That Doesn't Read Your Email"
Post a Comment