Secure Privacy Email Options 2018 -

Secure Privacy Email Options 2018

Douglas Crawford

Douglas Crawford

March 6, 2017

In this article on secure privacy email options, I look at various ways to make your email more private. I pay particular attention to the new breed of end-to-end encrypted webmail services.

As a technology, email was not designed with security in mind. The need for such, in fact, never crossed the minds of the early pioneers of networking. So when it later became clear that internet consumers were unwilling to pay for the hugely expensive and complex technologies they use every day with hardly a second thought, email providers had an easy way to hand to monetize their services.

The most successful business model was developed by Google, which realized that an individual’s personal data is incredibly valuable. The more of it you collect, the more valuable it is. After all, if you have a good idea of what a person does and doesn’t like, where they go, what their hobbies are, and who they hang out with, then it is easy to target them with products and services that they are likely to be interested in purchasing. Cha-ching!

In addition to using its search engine to track users’ interests, Google scans all emails sent via its Gmail service. Note that this means emails not only belonging to Gmail users, but any emails sent to Gmail users from other services!

Indeed, Google recently quietly removed its own self-imposed moratorium on combining data collected via search results and via scanning customers’ emails.

Government Spying

All other major players in the email marketplace now do the same as Google (if not quite so successfully). And what can be collected for advertising revenue is also incredibly valuable to “collect it all” security agencies such as the NSA.

Google cooperated with the NSA to spy on its users for years, and only stopped when caught with its pants down by Edward Snowden’s revelations in 2013. Or at least it claims to have stopped. Yahoo, on the other hand, continued to betray its users to the NSA right up until at least October last year.

Pay for It!

So what can those of us who value our privacy use instead? Although some of the options listed below are, in fact, free, the first thing we all need to do is lose our attachment to free services. As the old adage goes, “if you aren’t paying for a product, then you are the product.”

It costs a lot of money and time to run an email service, so you need to consider very carefully how that service is funded. Services such as RiseUp and Autistici are run by politically motivated activists, and are designed primarily to provide privacy for similarly-minded activists.

Such services are willing to run at a financial loss thanks to the political ideology of their founders. As such, they are small and not very well-funded. Users should certainly consider donating towards them if they can afford to do so.

PGP is free because OpenPGP is an open source technology, rather than a service that needs to be operated and maintained at cost. PGP-encrypted emails can be securely sent over any regular email service, but the simple reality is that very few of your contacts (if any) will also use PGP.

This means that you will still require a private email service for day-to-day use.

All Browser-based Encryption is Insecure

Webmail services are very convenient, as they can be easily accessed from within any web browser. Unfortunately, cryptography in browsers is implemented using JavaScript, and JavaScript cryptography in browsers is inherently insecure. This is because a compromised server or man-in-the-middle attack can push compromised encryption keys to both you and your recipient’s browsers.

Does this make webmail services useless? No. It all depends on your threat model. For most users, they are probably absolutely fine. But no webmail service is going to be anywhere near as secure as using PGP with a dedicated email client (although accessing such services via only their mobile apps goes a long way towards mitigating this issue).

Use Signal Instead

“I have recently come to the conclusion that e-mail is fundamentally unsecurable. The things we want out of e-mail, and an e-mail system, are not readily compatible with encryption. I advise people who want communications security to not use e-mail, but instead use an encrypted message client like OTR or Signal.Bruce Scheier.

Encrypted messaging apps are much easier to use than PGP (what isn’t?!), and are much more secure than any other kind of email. Signal, although not without its critics, is widely regarded as the most secure way to communicate with another person, short of actual in-person contact.

Although it does not hide your metadata, Signal is therefore the best solution currently available for keeping the actual contents of messages secure. OTR is also a good option for desktop users.

End-to-end (e2e) Privacy Webmail Services



Price: Free (500 MB/1 address), $5 per month (5 GB/5 addresses).

  • Based in Switzerland
  • Uses PGP encryption
  • Open source code has been audited
  • Can send (and receive) encrypted emails to non-ProtonMail users
  • Self-destruct emails
  • Apps for Android and iOS
  • Supports two-factor authentication (2FA)
  • Tor .onion address
  • Strips IP from sent emails
  • Attachments encrypted
  • Accepts payment in bitcoins
  • Can use own domain
  • Ad free
  • Can import contacts
  • No personally identifiable logs
  • Qualys SSL Rating: A+ with PFS
  • Free (not paid) users may be asked to verify identity
  • Subject line not encrypted
  • No PGP key management

ProtonMail was the first in a post-Snowden “new-wave” of e2e webmail services that aim to provide all the functionality of Gmail and its ilk, but which respect users’ privacy and provide full end-to-end encryption for emails.

Users can send anyone an encrypted email, to which they can also respond securely.

ProtonMail is based in Switzerland, which has strong privacy laws and is outside the NSA and GCHQ’s direct area of influence. Being based there is therefore usually considered a strong feature of the service. Newly passed government surveillance laws are a little worrying, but should have minimal impact on most ProtonMail users.

Although messages are encrypted using OpenPGP, there is currently no way to import PGP keys into ProtonMail. This prevents the service from being interoperable with other PGP users.

Visit ProtonMail »



Price: Free (1 GB/1 address), $1 per month (1 GB (expandable)/5 addresses).

  • Based in Germany
  • Uses 128-bit AES with 2048-bit RSA handshake encryption
  • TLS connection with DANE and PFS
  • Can send (and receive) encrypted emails to non-Tutanota users
  • Self-destruct emails
  • Apps for Android and iOS
  • Strips IP from sent emails
  • Attachments encrypted
  • Accepts payment in bitcoins
  • Can use own domain
  • Ad free
  • Qualys SSL Rating: A+ with PFS
  • No PGP support
  • No contact import
  • Logs kept for five days
  • No 2FA

Similar in many ways to ProtonMail, Tutanota is based in Germany. This has strict privacy laws, but also practices widespread surveillance of its own, provides the base for the NSA’s extensive European operations, and is known to collaborate with the NSA. But all emails are stored encrypted, so this shouldn’t matter.

Tutanota encrypts messages with an AES-128 cipher and 2048-bit RSA handshake, rather than using PGP. This enables it to encrypt email subject lines when sent to other Tutanota users, but means the system is not interoperable with “regular” PGP users. It has also led to vulnerabilities in the past.

Visit Tutanota »



Price: €2 per month (expandable)

  • Based in Germany
  • Calendar
  • Supports 2FA
  • Open source code has been audited
  • Server hard drives encrypted with AES (bit size unspecified)
  • Uses 100% green energy
  • Anonymous signup and payment
  • Strips IP from sent emails
  • Supports 2FA
  • Ad free
  • Contact import
  • e2e support via OpenPGP and S/MIME within browser
  • Qualys SSL Rating: A+ with PFS
  • No mobile apps
  • Logs kept for seven days
  • Cannot use own domain name

Also based in Germany, Posteo is a somewhat different beast to Tutanota and ProtonMail. It is a secure email service that encrypts its server connections with TLS (using DANE and perfect forward secrecy), and stores all emails on AES-encrypted hard drives.

By default, Posteo is not an e2e service. e2e email encryption is supported, however, via “one-click” OpenPGP and S/MIME support within the browser. Recipients must have the same kind of encryption software installed on their computers (OpenPGP or S/MIME, whichever is used), but need not be Posteo users.

Posteo also runs its own PGP key directory, which is more private than conventional PGP key servers. The Roundcube web interface works well inside mobile browsers, but Posteo has no dedicated mobile apps.

In 2013 this service proved its privacy chops by successfully resisting demands by the police for the identity of a Posteo account holder who was thought to be using the service for illicit purposes. The fact that it does not store any data on its customers’ identities made handing over such information impossible.

Visit Posteo »



Price: Free (500MB/1 address + 500MB documents storage), €2.50 per month (5 GB/5 addresses), €7.50 per month (20 GB/5 addresses)

  • Based in Belgium
  • e2e via integrated PGP support
  • Compatible with other PGP users
  • Calendar
  • Import contacts
  • 2FA support
  • Open source cryptography app (JavaScript) has been audited
  • Strips IP address from sent emails
  • Supports POPS, IMAPS, and SMTPS
  • Supports custom domains
  • Collaboration suite (shared calendars, shared documents, shared calendars, …)
  • Chat (for group members, not encrypted)
  • Qualys SSL Rating: A+ with PFS
  • Front end is not open source
  • Email metadata not hidden
  • No mobile apps

Mailfence is based in Belgium, a country with strong privacy laws, no track record of cooperation with the NSA and GCHQ, and little government surveillance of its own to speak of.

Mailfence uses easy “one-click” OpenPGP encryption to secure emails, and encrypted emails sent to other Mailfence users do not leave Mailfence’s servers. Emails to non-members can be sent unencrypted, sent unencrypted but signed with your digital PGP key, or sent fully encrypted and signed. Note that users must manually generate or import PGP keys before sending encrypted emails, and are always given the choice whether to send an email encrypted or not.

And because Mailfence uses a standard implementation of OpenPGP with full key management available, the service is interoperable with “regular” PGP. Mailfence runs its own key server. PGP keys are generated in the browser and stored on Mailfence’s servers using an AES-256 cipher.

It is often said that Mailfence is not open source because its front end (web interface) is not open source. This is true, but its browser-based JavaScrypt cryptography code is open source, and has been audited by Cure53. Since mail is e2e-encrypted/decrypted in the browser, it shouldn’t really matter that the server-side software is not open source.

Indeed, as I have already discussed, if the server becomes malicious in some way, it can compromise browser-based encryption anyway.

Deleted messages are kept for two weeks for backup purposes. A big draw for this service is that it provides secure and exportable calendars, and secure document storage.

Unfortunately, Mailfence does not currently offer any mobile apps, although messages can be synced to iOS and Android devices using Microsoft Exchange ActiveSync.

Visit Mailfence »

Price: Free (10 Mb/1 address), $99 for life (10 GB (2 GB per account)/5 premium email accounts)

  • Based in Iceland
  • e2e via integrated PGP
  • Full PGP key management
  • Secure chat with other users
  • Strips IP address from sent emails
  • Qualys SSL Rating: A+ with PFS
  • Chat uses insecure encryption
  • Shady business practices?

(Note that not a huge amount of information is available about the features offered by this provider, even after you sign up for the service).

This Iceland-based privacy email and chat provider is not well-regarded in the security community. The main issue is that it uses a self-rolled proprietary encryption algorithm (xAES) to secure chat between members.

Self-rolled encryption is a big no-no in the security world, because doing encryption well is hard. Very hard. And if it is closed source as well, there is no way to check it for weaknesses. Emails are protected using OpenPGP, and are also stored (premium users only) encrypted with xAES.

Combined with a number of other poor security decisions, this has led some to heavily criticize the service’s competence. This is a situation compounded by reports that’ CEO and sister businesses have been involved in some very shady business practices.

On the plus side, Iceland has very strong privacy laws, and is not believed to cooperate with the NSA and its ilk. This makes it an ideal location to base a privacy email service. With so much controversy surrounding the service, however, I would probably recommend picking another one for you secure email needs.

Visit »



Price: Free (while in Beta, donations accepted)

  • Full PGP key exchange support, plus AES-256 encrypted storage
  • Can send (and receive) encrypted emails to non- users
  • Support for 2FA
  • Disposable email addresses
  • Attachments encrypted and sent as link
  • Unencrypted emails deleted from server upon receipt
  • Tor .onion address
  • Qualys SSL Rating: A+ with PFS
  • PIN system would be a pain in the ass to use (and could be more secure)
  • No mobile apps
  • Based in the US

This one-man, US-based service has been in beta for the last two years or so, but has some interesting features.

Emails to non-users can be encrypted using OpenPGP, and the system is inter-operable with regular PGP users.  When you send an encrypted email, a five-number PIN is generated, which the recipient requires in order to decrypt it.

A potential problem with this system is that you must somehow securely communicate this PIN number to the recipient, although once communicated, the PIN for that contact will be remembered. A simple question-answer format can be used to simplify PIN transmission (for example, the email subject could read “Please enter the last 4 digits of your phone number to open email,”) but this is still far from ideal as an adversary might be able to easily obtain your phone number.

Email attachments are sent as links, and are stored encrypted on SCRYPTmail’s server for two weeks. Unencrypted emails are deleted from the server as soon as they are marked read, while encrypted emails are stored with an additional AES-256 layer of encryption. Deleting unencrypted emails is great for security, but being able to access old emails can be damn handy sometimes!

Probably the biggest issue facing SCRYPTmail is that it is based in the United States. This makes it subject to NSA spying, PEN letters (with accompanying gag orders), FISA and Patriot Act-mandated technical assistance orders, yadda, yadda….

Visit SCRYPTmail »

Editor’s note: StartMail should also be included in this e2e webmail services section, and will be added when I have the time.

Non-e2e Private Webmail Services

These are much more conventional email services than the e2e ones listed above. They will not track you, spam you, nor scan your emails in order to target ads at you, and generally undertake to protect your privacy. Most of them will not show you any ads.

Emails are secured in transit using TLS encryption, and are usually stored encrypted on the provider’s servers. But in all such cases the provider holds the encryption keys, so you need to trust the provider. As with any email service, of course, you can e2e encrypt emails using PGP.

There are too many such services to give full consideration to here. I discuss many of these in an older article, “Free privacy conscious webmail options,” including:

The following non-e2e privacy webmail services are also well-regarded:

Other Options

Pretty Good Privacy (PGP)

PGP was developed as a protocol for securely encrypting emails, and although the original standard is no longer open source (it is now the property of Symantec), the Free Software Foundation has taken up the open source banner in the form of the (100% interoperable with PGP) OpenPGP standard.

PGP_diagram smallerThe most traditional (and still the most secure) way to use PGP is GNU Privacy Guard (also known as GnuPG or just GPG) with a standalone email client such as Claw-Mail or Thunderbird. GnuPG is available for Windows, OS X and Linux.

Although the basic program uses a simple command line interface, more sophisticated versions are available for Windows (Gpg4win) and Mac (GPGTools). I have a guide to securing your email with Gpg4win elsewhere. It may well be worth reading through it to help understand how OpenPGP works.

Note that with PGP, the metadata – email addresses of sender and recipient, date and time of sending, and email subject line – are not encrypted, just the body and any attachments. Any service that wishes to be compatible with PGP will necessarily suffer the same limitations.

Another problem with PGP is that it does not use perfect forward secrecy (PFS). So once keys for one encrypted email are broken, all other emails encrypted using the same keys will also be compromised. This is an area where e2e PGP email web services shine, because use of Diffie-Hellman or ECDH key exchanges in their TLS connections introduces PFS.

Making PGP Easier

Even a casual glance though my Gpg4win guide will amply demonstrate why PGP has not caught on with the general public. It is complex to the point of being confusing, and is hard to get right. Most of the e2e webmail services listed above use PGP, but aim to make it as user-friendly and “idiot-proof” as possible.

In this, they are largely successful, but at a price in security. As already discussed, browser-based cryptography is deeply flawed. A third option exists, however, that provides something of a “middle-way.”

Mailvelope is an OpenPGP browser add-on that is much easier to use than the more traditional setup (although not as easy as “one-click” webmail solutions). Although it does suffer from the same weakness as other browser-based cryptography, it mitigates this by allowing you to validate a key pair by comparing fingerprints with the sender.

This does not completely solve the problem if the developers of Mailvelope start to push out malicious updates, but does go a long way towards it. So in theory, Mailvelope allows secure and easy(ish) email PGP encryption within your browser, even when using services such as Gmail.

Self-hosted Email

A more extreme option to all the above is to self-host your own email server. This can either be done on your own PC, or on a rented server. This pretty much guarantees that Google and the like will not be snooping on your emails (at least directly – they will still be able to read unencrypted emails sent to users of their services).

Setting up and maintaining your own email server, however, is a non-trivial job for even the more technically inclined. Ensuring that it is secure is even harder. In fact, if not done right, running your own email server can be dangerous, as it provides a false sense of security.

That is not to say it is impossible, and there are certainly privacy fanatics out there who swear by self-hosting their email. Indeed, this is a subject I may write a guide to at some point in the future!

Software such as Mail-in-a Box and Mailcow make the job easier by automating the process, but for maximum security you should build your own server from scratch (so to speak). Great tutorials on how to do this can be found here and here.


Honorable mention goes to Lavabit, which is currently in the process of being relaunched. This service was famously used by Edward Snowden, and owner Ladar Levison became an internet privacy hero in 2013 when he shut Lavabit down rather than hand over users’ SSL keys to US law enforcement.


The new service uses fully open source code, and will offer end-to-end encryption later this year. At present, a complex SSL-key storage system aims to make it impossible for its admins to hand over users’ SSL-keys. But this is a temporary solution. In future, it will even be possible to run the open source code in “paranoid mode” to create your own email server.

All emails sent using Lavabit will benefit from Dark Mail, a feature designed to hide email metadata. It is impossible to recommend or assess the security of this service until all features have been rolled out and subscription is available to the general public. But it is certainly very interesting, and I intend to keep a close eye on developments.

Existing historical Lavabit users can now register for the revamped service, while new users can pre-register. Edward Snowden has stated that he will reinstate his old account, “if only to show support for their courage.”

Privacy Email Conclusion

When it comes to privacy, email is fundamentally broken. To keep online conversations as private as possible you should use an app such as Signal instead. Email remains very useful, however, and it is not practical to transition away from it completely.

PGP is very good, but it is hard to use well.  And let’s face it, most of your friends and colleagues will not join you in using it, which makes the entire exercise rather pointless for most of us.

All the webmail services listed in this article will do a much better job at protecting your privacy than Google, Microsoft, Yahoo, and suchlike. If used properly, e2e encryption will also prevent your emails being read even when you send them to users of those services.

Just always bear in mind the limitations of such services. They are unlikely to protect you against a targeted attack by a powerful and determined enough adversary…

Image credit: wk1003mike/
Image credit: xaedes & jfreax & Acdx, PGP diagram, CC BY-SA 3.0
Douglas Crawford
March 12th, 2018

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

17 responses to “Secure Privacy Email Options 2018

  1. helloop says:

    I hesitate between mailfence or a self-host (cheap).
    – does mailfence inform the users in case of request from a court/govt/abroad ?
    – can you trust the e.u. ?
    is email fundamentally broken even builting from scratch his own server (self-host)?

    a- the email can be sent in pgp encrypted mode in perfect transparency _ clicking on an icon: (startmail from ixquick company propose that).
    b- open one account and share it with your friends : ; all can be encrypted:decrypted by yourself by your own pgp keys ; your friends will do the same (on the draft folder & using copy/paste e.g).
    c- : this project could maybe change your mind.

    – i do not like signal/call/iphone/android etc. (expensive model & bill).
    – when the brexit was announced publicly , internet was shut down and call by phone too during several days.
    – otr is like im ; you need to be online.
    – gmail could redirect e-mail to another member of a group so you could think communicate with the same person but it is another who should reply – forgery is a trick often used by gmail user.

    pgp cannot be used between unknown persons – the risk that these persons divulge in clear text (in a public area e.g like a blog/mailing-list) an encrypted pgp message is great – so you must manage/create your web of trust – trust of first use.
    PGP is that it does not use perfect forward secrecy (PFS) : ? _ you can set a short time life & create several pgp key for each of your contact (In almost all the countries, it’s a criminal offense to refuse to surrender keys to the police.).
    is pgp overly complex for what little it accomplishes ?
    nitrokey (avoid yubikey) or smartcard could help.

    1. Douglas Crawford says:

      Hi helloop,

      – Mailfence will comply with a court order valid in Belgium (you can expect all providers to obey the laws of the jurisdictions in which they operate). If emails are encrypted with PGP, however, their contents will not be accessible, regardless of this.

      – The EU has some pretty strong privacy laws, but it all depends on your threat model.

      – As Hilary Clinton learned to her cost, running a private mail server securely is very hard to do. Also, unless you use PGP anyway, your emails can be read the services used by people your correspond with. So whenever someone with a Gmail account sends you an email, or you email someone with a Gmail account, Google will read it.

      – Signal is very secure, is easy to use, and is free. Another option is to use Pidgin OTR on your desktop. Of course you need to be online, so I don’t understand your point.

      – Re. Brexit… um… where? This certainly did not happen here in the UK, and I have not heard anything about it elsewhere (why would it).

      – Sure, but unless you only communicate with other people who share your personal mail server, this is always going to be a risk.

      – Many PGP users upload their public PGP keys to key-servers, publish them on their web pages, etc. This allows you communicate with strangers via PGP. You can also simply email people in plantext and request that all future communications be performed using PGP. The trust issue is a human issue.

      – There are certainly ways around the PFS issue with PGP (as you describe), but they are a pain in the butt to implement.

      – Is PGP too complex? I think for most people, yes. But it depends on your threat model.

      – Physical 2FA could help in some circumstances, but this is not practical for most email users.

  2. Ervin says:

    Signal is good but it can only be installed via Google Play and Google knows you are using it. You register only by using a phone number and a phone number can be enough to identify you. Not to mention the power that PlayServices have on an Android device, the tracking of mobile phones and mobile phone vulnerabilities, especially modem firmwares which are always proprietary and full of exploitable bugs. Almost no phone can be trusted for secure communications as a device. Have you looked into other open source communication programs such as Telegram, Linphone, Pidgin and Zom with the XMPP protocol? Or Kontalk, Silence, Conversations Android Apps? They don’t Google to run and some of them can run on the desktop independently such as Telegram and Linphone. And an XMPP account can be used with both Pidgin with OTR on the desktop and Zom on the phone. Telegram has the same security as Signal but much more usable and many more features.
    In regard to email I advise having three accounts.
    One for insecure communications such as to a girl you met on a dating site or friends and family who are not tech savy. Vfemail would be great for that, not Google or Outlook.
    One unadvertised email address such as for secure and sensitive communications.
    And a hidden Tor email service for really private things where you not only need to encrypt but also avoid letting anyone know it was you who sent it.
    The sign up process is also important. Google for instance does not let you sign up without giving a lot of info about yourself and your phone number.
    Ultimately avoid the internet completely if you can in your communications. Also phones

    1. Douglas Crawford says:

      Hi Ervin,

      >Signal is good but it can only be installed via Google Play and Google knows you are using it.

      This is no longer true. A version of Signal that does not requires Gapps can now be downloaded as an .apk from the Open Whisper Systems website.

      I have a review of Pidgin here. Telegram is mot well-regarded within the security community becasue it does not enable e2e encryption by default. I do like your 3-fold approach to email security, however.

  3. FREE says:

    I accidentally noticed that the government is spying on my emails (a long and ridiculous story, I’m not a terro rist) and the worst thing is that I noticed it in a gmail account (which usually has good security). Everything working with Thunderbird.
    I’m doing a crash course in security and your site is the most complete and clear I found on the internet (even though English is not my language).
    I write from a VPN (which I chose thanks to you) and Tor together.
    1- If I use any of the first two encrypted services that you name in this article and that allow to use them from Tor + VPN … It is still insecure ?.
    2- Do you usually they intercept specific ports ?. (110, 567, etc.).
    3- This information is not encrypted by the VPN + Tor combination.
    4 – When they ask for information to the company ISP: They redirect all my traffic? Or only about email?
    I ask alternatives to communicate with ordinary people who do not use PGP encryption.
    It is ridiculous that they to waste resources on myself. This country is a joke. I pay the internet for ISP to do this …
    I want to communicate with associations of freedom in Internet, but if they intercept to me what I do …
    Sorry for my bad English and thanks for your great work. Sincerely.

    1. Douglas Crawford says:

      Hi FREE,

      Gmail has excellent security, but terrible privacy. Not only does it scan your emails itself for advertising purposes, but it will also also usually accede to government requests for users’ data.

      1. Using Tor or a VPN (or both together) does not improve the security of your emails, becasue your data must leave the VPN/Tor network before connecting to the email server. The weak point is still that your email is being encrypted in your browser.

      2. If “they” do this, then it will almost certainly be TCP port 443 (used for HTTPS connections). But as long as the handshake authentication is strong (e.g. RSA-2048), connections should remain secure. Even if the connection _can_ be intercepted (unlikely), the actual content of messages are also protected by PGP (ProtonMail) or AES-128 (Tutanota) encryption.

      3. All information is encrypted by VPN then Tor until it leaves the Tor exit node.

      4. Your ISP directs traffic between your computer and the VPN sever. It cannot then see what you get up to on the internet. Your ISP cannot see your emails (if using a third party provider), and the only thing it knows is that you have connected to a VPN server.

      That is what privacy email services are for. But as I note in the article, using an Instant Message app (i.e. Signal) is a more secure solution.

      1. FREE says:

        Thank you very much for your complete answer. Seen and analyzed several times. It is a pleasure to have such a productive and useful feedback for me and your readers.

        I suspect that answer number 1 refers to security in general terms, but the 4 specifically says that they can not read my emails in case they use Tutanota / Protonmail (Autistici with Thunderbird as they recommend?) because these email services allow to be used with VPN / Tor and (using both Services together) what I send or receive in them is out of reach of my ISP because (as you say) “they” only direct the traffic to my VPN (encrypted) and do not know what comes out of it.
        Instead gmail will not let me use a VPN or Tor because if I try it sound all the alarms and security confirmations blocking my account.
        I understood (one) of the most important differences well ?.

        If I get a “secure” email I’ll write some extra detail (in private) of my Orwellian journey … :-p

        1. Douglas Crawford says:

          Hi FREE,

          You are welcome!

          – The fact that your ISP cannot read emails sent via a secure email service (or even Gmail, for that matter) has got nothing to do with either VPNs or Tor. The use of HTTPS encryption will prevent it from reading your emails. Your email provider, on the other hand, can read your emails, unless they are e2e encrypted – which is what these privacy email services offer. E2E encryption ensures that no-one can read your emails except yourself and the intended recipient.

          – For what its worth, I always connect to my legacy Gmail account over a VPN, and have never encountered anything more than the occasional warning about an unknown device trying to log into my account.

          – As I say, secure email is not really about using Tor and VPN. If you pay for a privacy email service using properly mixed bitcoins, and only connect to it using VPN + Tor, however, then the VPN service will not know your true IP or anything else about who you are. This will meaningfully improve your anonymity.

          I look forward to hearing your adventures!

  4. FirstToAskLastToKnow says:

    Typo under heading – Other Options>Making PGP Easier>Mailvelope, (2nd sentence)>Although it does from suffer from the same weakness / = I’m thinking you only meant one “from” to be used here?
    When you got time and update your listings here can you look into adding some insight to this logic, a professor at the Illinois Institute of Technology in Chicago, since 1987, his name is Francisco Ruiz. One of his interests is cryptography, he’s made some programs of which PassLok is one. PassLok is an app that runs equally well on your computer and your smartphone. PassLok Privacy, its standalone version, performs public-key cryptography functions from a simple graphical interface.

    PassLok for Email is even simpler: you click an icon on your email program, write your message, then click a button to encrypt or decrypt.

    URSA encryption – Simple, secure, free symmetric encryption for email and texting. It costs us nothing to make URSA available to users, so why not make it free? URSA is a tool for freedom, my friend. And this is not our only free tool. There is also PassLok, mentioned above, and SeeOnce, which makes self-destruct emails and doesn’t involve any servers, so your data remains private.

    Then one last question are the email clients for Windows all but dead in 2017?
    Thanks . . .

    1. Douglas Crawford says:

      Hi FirstToAskLastToKnow,

      – Typo fixed, thanks (pesky typos!)

      – Thanks also for those links. I will look into them when I have the time (which I am afraid is somersetting in rather short supply at the moment). After a quick scan, though, I cannot see anything saying that Passlok is open source (?).

      – Well… stand-alone email clients such are Thunderbird and Claw-Mail are still available, and remain by far the most secure way to do PGP encryption. But their interfaces are now looking very old and clunky, and in 2017 they very much serve a niche market. Unfortunately (in many ways) webmail is just so much more convenient.

  5. Guy Haiar says:

    Why wasn’t Runbox included?

    1. Douglas Crawford says:

      Hi Guy,

      Because I missed it. I do not claim this list to be exhaustive. But I will try to add it in when I have the time.

  6. StartMail says:

    Hi Douglas. Thank you for mentioning Note that we DO support e2e encryption through IMAP.

    We agree with your conclusion that “All Browser-based Encryption is Insecure” and designed StartMail for server-side encryption. Here is a link to our whitepaper that details our design and security choices:

    StartMail makes PGP email truly user friendly. After a quick guided setup, it takes just one click to send a PGP-encrypted email–even to users without StartMail accounts. We offer other privacy and convenience features, as well, like Q&A encryption for when correspondents don’t have their own encryption set up, and disposable email addresses.

    We’d love for you to test StartMail for yourself. Just let us know, and we’ll send you a link for an evaluation account.

  7. unfairdoug says:

    > that is a trick for sending an e-mail without meta :
    or you take an account on ip2 or you open an e-mail account (see the article above , using tor pls & a good vpn) sharing the same account; you write your encrypted message using the draft feature : one account (you copy your encrypted message from gedit or mail envelope and paste it) for all your closed friend and for yourself.
    >> a lot of persons are using pgp and it is up to you to be in this movement ; it is very easy & safe.
    *the argument of doug are coming from bad faith – he does not like to be wrong.

    1. Douglas Crawford says:

      Hi unfairdoug,

      Yes, but the fact that you sent an email to that recipient at a specific time is still viable, regardless. You might know people who are willing to jump through all these hoops, but I don’t. And I really do not mind being wrong – I am just expressing my view on the situation.

  8. mistutausa says:

    *i am not speaking about cell-phone/tablet/iphone & windows/android users
    I read that somewhere : ‘how you can detect if your webmail account has been hacked into ; the theory is simple, send yourself an HTML encoded MIME email, attach a reference to an image, and when the image is called you know someone has read that email.’
    Privacy sounds like a gold key that intellectual deficiency cannot use : it begins by trust and finish by educated people.
    Taking a free version do not transform you in a product like using webmail protects you against a targeted attack by a powerful and determined enough adversary… : pgp is your friend.
    e-mail is an easy way to communicate safely – yes, it was not designed security in mind but it has been improved since – ; it is not fundamentally broken – yes, some vulnerabilities are discovered but dev work on it –
    In fact there so few people who understand the value/sens of “privacy” & “adversary” … and the quality of the human being is less good than 50 years ago (e.g).

    1. Douglas Crawford says:

      Hi mistutausa

      That’s a nice trick with the image. When it comes to privacy, I would say that email is fundamentally broken. PGP is hard to use properly, and the reality is that almost no-one actually uses it becasue of this. And even if you do use it properly and can find another person on the planet who will also use it to communicate with you, it leaks a ton of metadata…

Leave a Reply

Your email address will not be published. Required fields are marked *