English

Looking for Something?

Get ExpressVPN Deal Today Advertisement

Secure Privacy Email Options 2018

In this article on secure privacy email options, I look at various ways to make your email more private. I pay particular attention to the new breed of end-to-end encrypted webmail services.

As a technology, email was not designed with security in mind. The need for such, in fact, never crossed the minds of the early pioneers of networking. So when it later became clear that internet consumers were unwilling to pay for the hugely expensive and complex technologies they use every day with hardly a second thought, email providers had an easy way to hand to monetize their services.

The most successful business model was developed by Google, which realized that an individual’s personal data is incredibly valuable. The more of it you collect, the more valuable it is. After all, if you have a good idea of what a person does and doesn't like, where they go, what their hobbies are, and who they hang out with, then it is easy to target them with products and services that they are likely to be interested in purchasing. Cha-ching!

In addition to using its search engine to track users’ interests, Google scans all emails sent via its Gmail service. Note that this means emails not only belonging to Gmail users, but any emails sent to Gmail users from other services!

Indeed, Google recently quietly removed its own self-imposed moratorium on combining data collected via search results and via scanning customers’ emails.

Government Spying

All other major players in the email marketplace now do the same as Google (if not quite so successfully). And what can be collected for advertising revenue is also incredibly valuable to “collect it all” security agencies such as the NSA.

Google cooperated with the NSA to spy on its users for years, and only stopped when caught with its pants down by Edward Snowden’s revelations in 2013. Or at least it claims to have stopped. Yahoo, on the other hand, continued to betray its users to the NSA right up until at least October last year.

Pay for It!

So what can those of us who value our privacy use instead? Although some of the options listed below are, in fact, free, the first thing we all need to do is lose our attachment to free services. As the old adage goes, “if you aren’t paying for a product, then you are the product.”

It costs a lot of money and time to run an email service, so you need to consider very carefully how that service is funded. Services such as RiseUp and Autistici are run by politically motivated activists, and are designed primarily to provide privacy for similarly-minded activists.

Such services are willing to run at a financial loss thanks to the political ideology of their founders. As such, they are small and not very well-funded. Users should certainly consider donating towards them if they can afford to do so.

PGP is free because OpenPGP is an open source technology, rather than a service that needs to be operated and maintained at cost. PGP-encrypted emails can be securely sent over any regular email service, but the simple reality is that very few of your contacts (if any) will also use PGP.

This means that you will still require a private email service for day-to-day use.

All Browser-based Encryption is Insecure

Webmail services are very convenient, as they can be easily accessed from within any web browser. Unfortunately, cryptography in browsers is implemented using JavaScript, and JavaScript cryptography in browsers is inherently insecure. This is because a compromised server or man-in-the-middle attack can push compromised encryption keys to both you and your recipient’s browsers.

Does this make webmail services useless? No. It all depends on your threat model. For most users, they are probably absolutely fine. But no webmail service is going to be anywhere near as secure as using PGP with a dedicated email client (although accessing such services via only their mobile apps goes a long way towards mitigating this issue).

Use Signal Instead

“I have recently come to the conclusion that e-mail is fundamentally unsecurable. The things we want out of e-mail, and an e-mail system, are not readily compatible with encryption. I advise people who want communications security to not use e-mail, but instead use an encrypted message client like OTR or Signal.Bruce Scheier.

Encrypted messaging apps are much easier to use than PGP (what isn’t?!), and are much more secure than any other kind of email. Signal, although not without its critics, is widely regarded as the most secure way to communicate with another person, short of actual in-person contact.

Although it does not hide your metadata, Signal is therefore the best solution currently available for keeping the actual contents of messages secure. OTR is also a good option for desktop users.

End-to-end (e2e) Privacy Webmail Services

ProtonMail

ProtonMail

Price: Free (500 MB/1 address), $5 per month (5 GB/5 addresses).

Features:
  • Based in Switzerland
  • Uses PGP encryption
  • Open source code has been audited
  • Can send (and receive) encrypted emails to non-ProtonMail users
  • Self-destruct emails
  • Apps for Android and iOS
  • Supports two-factor authentication (2FA)
  • Tor .onion address
  • Strips IP from sent emails
  • Attachments encrypted
  • Accepts payment in bitcoins
  • Can use own domain
  • Ad free
  • Can import contacts
  • No personally identifiable logs
  • Qualys SSL Rating: A+ with PFS
Downsides:
  • Free (not paid) users may be asked to verify identity
  • Subject line not encrypted
  • No PGP key management

ProtonMail was the first in a post-Snowden “new-wave” of e2e webmail services that aim to provide all the functionality of Gmail and its ilk, but which respect users’ privacy and provide full end-to-end encryption for emails.

Users can send anyone an encrypted email, to which they can also respond securely.

ProtonMail is based in Switzerland, which has strong privacy laws and is outside the NSA and GCHQ’s direct area of influence. Being based there is therefore usually considered a strong feature of the service. Newly passed government surveillance laws are a little worrying, but should have minimal impact on most ProtonMail users.

Although messages are encrypted using OpenPGP, there is currently no way to import PGP keys into ProtonMail. This prevents the service from being interoperable with other PGP users.

Visit ProtonMail »

Tutanota

Tuntanota

Price: Free (1 GB/1 address), $1 per month (1 GB (expandable)/5 addresses).

Features:
  • Based in Germany
  • Uses 128-bit AES with 2048-bit RSA handshake encryption
  • TLS connection with DANE and PFS
  • Can send (and receive) encrypted emails to non-Tutanota users
  • Self-destruct emails
  • Apps for Android and iOS
  • Strips IP from sent emails
  • Attachments encrypted
  • Accepts payment in bitcoins
  • Can use own domain
  • Ad free
  • Qualys SSL Rating: A+ with PFS
Downsides:
  • No PGP support
  • No contact import
  • Logs kept for five days
  • No 2FA

Similar in many ways to ProtonMail, Tutanota is based in Germany. This has strict privacy laws, but also practices widespread surveillance of its own, provides the base for the NSA’s extensive European operations, and is known to collaborate with the NSA. But all emails are stored encrypted, so this shouldn’t matter.

Tutanota encrypts messages with an AES-128 cipher and 2048-bit RSA handshake, rather than using PGP. This enables it to encrypt email subject lines when sent to other Tutanota users, but means the system is not interoperable with “regular” PGP users. It has also led to vulnerabilities in the past.

Visit Tutanota »

Posteo

Posteo

Price: €2 per month (expandable)

Features:
  • Based in Germany
  • Calendar
  • Supports 2FA
  • Open source code has been audited
  • Server hard drives encrypted with AES (bit size unspecified)
  • Uses 100% green energy
  • Anonymous signup and payment
  • Strips IP from sent emails
  • Supports 2FA
  • Ad free
  • Contact import
  • e2e support via OpenPGP and S/MIME within browser
  • Qualys SSL Rating: A+ with PFS
Downsides:
  • No mobile apps
  • Logs kept for seven days
  • Cannot use own domain name

Also based in Germany, Posteo is a somewhat different beast to Tutanota and ProtonMail. It is a secure email service that encrypts its server connections with TLS (using DANE and perfect forward secrecy), and stores all emails on AES-encrypted hard drives.

By default, Posteo is not an e2e service. e2e email encryption is supported, however, via “one-click” OpenPGP and S/MIME support within the browser. Recipients must have the same kind of encryption software installed on their computers (OpenPGP or S/MIME, whichever is used), but need not be Posteo users.

Posteo also runs its own PGP key directory, which is more private than conventional PGP key servers. The Roundcube web interface works well inside mobile browsers, but Posteo has no dedicated mobile apps.

In 2013 this service proved its privacy chops by successfully resisting demands by the police for the identity of a Posteo account holder who was thought to be using the service for illicit purposes. The fact that it does not store any data on its customers' identities made handing over such information impossible.

Visit Posteo »

Mailfence

Mailfence

Price: Free (500MB/1 address + 500MB documents storage), €2.50 per month (5 GB/5 addresses), €7.50 per month (20 GB/5 addresses)

Features:
  • Based in Belgium
  • e2e via integrated PGP support
  • Compatible with other PGP users
  • Calendar
  • Import contacts
  • 2FA support
  • Open source cryptography app (JavaScript) has been audited
  • Strips IP address from sent emails
  • Supports POPS, IMAPS, and SMTPS
  • Supports custom domains
  • Collaboration suite (shared calendars, shared documents, shared calendars, ...)
  • Chat (for group members, not encrypted)
  • Qualys SSL Rating: A+ with PFS
Downsides:
  • Front end is not open source
  • Email metadata not hidden
  • No mobile apps

Mailfence is based in Belgium, a country with strong privacy laws, no track record of cooperation with the NSA and GCHQ, and little government surveillance of its own to speak of.

Mailfence uses easy “one-click” OpenPGP encryption to secure emails, and encrypted emails sent to other Mailfence users do not leave Mailfence’s servers. Emails to non-members can be sent unencrypted, sent unencrypted but signed with your digital PGP key, or sent fully encrypted and signed. Note that users must manually generate or import PGP keys before sending encrypted emails, and are always given the choice whether to send an email encrypted or not.

And because Mailfence uses a standard implementation of OpenPGP with full key management available, the service is interoperable with “regular” PGP. Mailfence runs its own key server. PGP keys are generated in the browser and stored on Mailfence’s servers using an AES-256 cipher.

It is often said that Mailfence is not open source because its front end (web interface) is not open source. This is true, but its browser-based JavaScrypt cryptography code is open source, and has been audited by Cure53. Since mail is e2e-encrypted/decrypted in the browser, it shouldn’t really matter that the server-side software is not open source.

Indeed, as I have already discussed, if the server becomes malicious in some way, it can compromise browser-based encryption anyway.

Deleted messages are kept for two weeks for backup purposes. A big draw for this service is that it provides secure and exportable calendars, and secure document storage.

Unfortunately, Mailfence does not currently offer any mobile apps, although messages can be synced to iOS and Android devices using Microsoft Exchange ActiveSync.

Visit Mailfence »

Unseen.is

Unseen.is

Price: Free (10 Mb/1 address), $99 for life (10 GB (2 GB per account)/5 premium email accounts)

Features:
  • Based in Iceland
  • e2e via integrated PGP
  • Full PGP key management
  • Secure chat with other users
  • Strips IP address from sent emails
  • Qualys SSL Rating: A+ with PFS
Downsides:
  • Chat uses insecure encryption
  • Shady business practices?

(Note that not a huge amount of information is available about the features offered by this provider, even after you sign up for the service).

This Iceland-based privacy email and chat provider is not well-regarded in the security community. The main issue is that it uses a self-rolled proprietary encryption algorithm (xAES) to secure chat between Unseen.is members.

Self-rolled encryption is a big no-no in the security world, because doing encryption well is hard. Very hard. And if it is closed source as well, there is no way to check it for weaknesses. Emails are protected using OpenPGP, and are also stored (premium users only) encrypted with xAES.

Combined with a number of other poor security decisions, this has led some to heavily criticize the service’s competence. This is a situation compounded by reports that Unseen.is’ CEO and sister businesses have been involved in some very shady business practices.

On the plus side, Iceland has very strong privacy laws, and is not believed to cooperate with the NSA and its ilk. This makes it an ideal location to base a privacy email service. With so much controversy surrounding the service, however, I would probably recommend picking another one for you secure email needs.

Visit Unseen.is »

SCRYPTmail

SCRPTmail

Price: Free (while in Beta, donations accepted)

Features:
  • Full PGP key exchange support, plus AES-256 encrypted storage
  • Can send (and receive) encrypted emails to non- users
  • Support for 2FA
  • Disposable email addresses
  • Attachments encrypted and sent as link
  • Unencrypted emails deleted from server upon receipt
  • Tor .onion address
  • Qualys SSL Rating: A+ with PFS
Downsides:
  • PIN system would be a pain in the ass to use (and could be more secure)
  • No mobile apps
  • Based in the US

This one-man, US-based service has been in beta for the last two years or so, but has some interesting features.

Emails to non-users can be encrypted using OpenPGP, and the system is inter-operable with regular PGP users.  When you send an encrypted email, a five-number PIN is generated, which the recipient requires in order to decrypt it.

A potential problem with this system is that you must somehow securely communicate this PIN number to the recipient, although once communicated, the PIN for that contact will be remembered. A simple question-answer format can be used to simplify PIN transmission (for example, the email subject could read "Please enter the last 4 digits of your phone number to open email,") but this is still far from ideal as an adversary might be able to easily obtain your phone number.

Email attachments are sent as links, and are stored encrypted on SCRYPTmail’s server for two weeks. Unencrypted emails are deleted from the server as soon as they are marked read, while encrypted emails are stored with an additional AES-256 layer of encryption. Deleting unencrypted emails is great for security, but being able to access old emails can be damn handy sometimes!

Probably the biggest issue facing SCRYPTmail is that it is based in the United States. This makes it subject to NSA spying, PEN letters (with accompanying gag orders), FISA and Patriot Act-mandated technical assistance orders, yadda, yadda….

Visit SCRYPTmail »

Editor's note: StartMail should also be included in this e2e webmail services section, and will be added when I have the time.

Non-e2e Private Webmail Services

These are much more conventional email services than the e2e ones listed above. They will not track you, spam you, nor scan your emails in order to target ads at you, and generally undertake to protect your privacy. Most of them will not show you any ads.

Emails are secured in transit using TLS encryption, and are usually stored encrypted on the provider’s servers. But in all such cases the provider holds the encryption keys, so you need to trust the provider. As with any email service, of course, you can e2e encrypt emails using PGP.

There are too many such services to give full consideration to here. I discuss many of these in an older article, "Free privacy conscious webmail options," including:

The following non-e2e privacy webmail services are also well-regarded:

Other Options

Pretty Good Privacy (PGP)

PGP was developed as a protocol for securely encrypting emails, and although the original standard is no longer open source (it is now the property of Symantec), the Free Software Foundation has taken up the open source banner in the form of the (100% interoperable with PGP) OpenPGP standard.

PGP_diagram smallerThe most traditional (and still the most secure) way to use PGP is GNU Privacy Guard (also known as GnuPG or just GPG) with a standalone email client such as Claw-Mail or Thunderbird. GnuPG is available for Windows, OS X and Linux.

Although the basic program uses a simple command line interface, more sophisticated versions are available for Windows (Gpg4win) and Mac (GPGTools). I have a guide to securing your email with Gpg4win elsewhere. It may well be worth reading through it to help understand how OpenPGP works.

Note that with PGP, the metadata - email addresses of sender and recipient, date and time of sending, and email subject line - are not encrypted, just the body and any attachments. Any service that wishes to be compatible with PGP will necessarily suffer the same limitations.

Another problem with PGP is that it does not use perfect forward secrecy (PFS). So once keys for one encrypted email are broken, all other emails encrypted using the same keys will also be compromised. This is an area where e2e PGP email web services shine, because use of Diffie-Hellman or ECDH key exchanges in their TLS connections introduces PFS.

Making PGP Easier

Even a casual glance though my Gpg4win guide will amply demonstrate why PGP has not caught on with the general public. It is complex to the point of being confusing, and is hard to get right. Most of the e2e webmail services listed above use PGP, but aim to make it as user-friendly and “idiot-proof” as possible.

In this, they are largely successful, but at a price in security. As already discussed, browser-based cryptography is deeply flawed. A third option exists, however, that provides something of a “middle-way.”

Mailvelope is an OpenPGP browser add-on that is much easier to use than the more traditional setup (although not as easy as “one-click” webmail solutions). Although it does suffer from the same weakness as other browser-based cryptography, it mitigates this by allowing you to validate a key pair by comparing fingerprints with the sender.

This does not completely solve the problem if the developers of Mailvelope start to push out malicious updates, but does go a long way towards it. So in theory, Mailvelope allows secure and easy(ish) email PGP encryption within your browser, even when using services such as Gmail.

Self-hosted Email

A more extreme option to all the above is to self-host your own email server. This can either be done on your own PC, or on a rented server. This pretty much guarantees that Google and the like will not be snooping on your emails (at least directly – they will still be able to read unencrypted emails sent to users of their services).

Setting up and maintaining your own email server, however, is a non-trivial job for even the more technically inclined. Ensuring that it is secure is even harder. In fact, if not done right, running your own email server can be dangerous, as it provides a false sense of security.

That is not to say it is impossible, and there are certainly privacy fanatics out there who swear by self-hosting their email. Indeed, this is a subject I may write a guide to at some point in the future!

Software such as Mail-in-a Box and Mailcow make the job easier by automating the process, but for maximum security you should build your own server from scratch (so to speak). Great tutorials on how to do this can be found here and here.

Lavabit

Honorable mention goes to Lavabit, which is currently in the process of being relaunched. This service was famously used by Edward Snowden, and owner Ladar Levison became an internet privacy hero in 2013 when he shut Lavabit down rather than hand over users’ SSL keys to US law enforcement.

Lavabit

The new service uses fully open source code, and will offer end-to-end encryption later this year. At present, a complex SSL-key storage system aims to make it impossible for its admins to hand over users’ SSL-keys. But this is a temporary solution. In future, it will even be possible to run the open source code in “paranoid mode” to create your own email server.

All emails sent using Lavabit will benefit from Dark Mail, a feature designed to hide email metadata. It is impossible to recommend or assess the security of this service until all features have been rolled out and subscription is available to the general public. But it is certainly very interesting, and I intend to keep a close eye on developments.

Existing historical Lavabit users can now register for the revamped service, while new users can pre-register. Edward Snowden has stated that he will reinstate his old account, “if only to show support for their courage.”

Privacy Email Conclusion

When it comes to privacy, email is fundamentally broken. To keep online conversations as private as possible you should use an app such as Signal instead. Email remains very useful, however, and it is not practical to transition away from it completely.

PGP is very good, but it is hard to use well.  And let’s face it, most of your friends and colleagues will not join you in using it, which makes the entire exercise rather pointless for most of us.

All the webmail services listed in this article will do a much better job at protecting your privacy than Google, Microsoft, Yahoo, and suchlike. If used properly, e2e encryption will also prevent your emails being read even when you send them to users of those services.

Just always bear in mind the limitations of such services. They are unlikely to protect you against a targeted attack by a powerful and determined enough adversary…

Image credit: wk1003mike/shutterstock.com
Image credit: xaedes & jfreax & Acdx, PGP diagram, CC BY-SA 3.0

Written by: Douglas Crawford

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

26 Comments

  1. michelle
    on June 24, 2018
    Reply

    I have had the neighbours from hell in the north of the UK, hacking all my emails for 4 years. They have been harassing me to death, stalking me at home and leaking all my personal information they get from my emails. It doesn't really help to pay for an encrypted email services if your Dell/Intel computer and Bill Gates team have granted a back access to let hackers target your laptop daily.

  2. Pooter
    on June 8, 2018
    Reply

    I am considering Startmail, I just want to clarify concerns about their .com domain. It was mentioned somewhere that in theory the u s a could seize the domain - what in effect does that mean, and if they did seize it could they do so without us Europeans knowing it had been seized? I just want an email service which stays in Europe, not spied on by those other people. Just my sense of privacy, not interested in pgp etc.

    1. Douglas Crawford replied to Pooter
      on June 9, 2018
      Reply

      Hi Pooter, Seizing the domain would simply mean that you would not be able to access the service using the domain name startmail.com. It would in no way affect the service itself, and would not compromise it in any way. Europeans would know because they would not be able to access the service on that domain. In such a situation it would be easy enough for Startmail to setup an alternative domain that is not under US control(for example .eu or.nl).

    2. Pooter replied to Pooter
      on June 10, 2018
      Reply

      Thanks, that's partly reassuring. Can I complicate the question - some email providers only offer the main address as .com, but allow several aliases with choices of .de, .nl etc. Could one then safely avoid the hazard by only using the aliases, even if all emails received by these aliases go into the same inbox, which is the main .com one, if that makes sense?

      1. Douglas Crawford replied to Pooter
        on June 11, 2018
        Reply

        Hi Pooter, Not if the aliases simply redirect to the main .com domain. As I say, though, this is not a major problem because StartMail (or any other company) could simply use another domain if needed. This is exactly what happened for years with infamous torrent site The Pirate Bay - its domains kept on being seized (including .com), but it kept on just switching to new domains without any interruption to its service. Indeed, its enemies seem to have given up seizing its domains (for now) as even though it was seized in the past, it has kept its current .org domain for quite a while.

    3. Pooter replied to Pooter
      on June 13, 2018
      Reply

      If you sign up for posteo using the Deutsch page you will get a .de account!

  3. Shane
    on June 5, 2018
    Reply

    Another provider that I have found with a good privacy focus is thexyz. Although they are based in Canada I like their stance on privacy with no ads, trackers etc. I have also found it to be very reliable with solid spam filtering.

  4. Alan
    on April 29, 2018
    Reply

    Hi Douglas I just found your site via Google I'm torn between posteo or tutanota Really like the look of posteo but it doesn't come with an android app. Im sure both services have had major updates since your review. Which of the 2 services above you choose for privacy in 2018? Id really appreciate your input Thanks :)

    1. Douglas Crawford replied to Alan
      on April 30, 2018
      Reply

      Hi Alan, They are both good services, so you just need to decide which features maters to you more. True e2e messaging, self-destruct emails and great mobile apps? Choose Tutanota. A simpler and more conventional (but privacy focused) email service with integrated “one-click” OpenPGP? Choose Posteo. For me the Android app swings in Tutanota's favor, but it is a close call.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.