Pinterest Stumbleupon Whatsapp
Advertisement

In 2013, Edward Snowden confirmed what many had suspected Hero or Villain? NSA Moderates Its Stance on Snowden Hero or Villain? NSA Moderates Its Stance on Snowden Whistleblower Edward Snowden and the NSA's John DeLong appeared on the schedule for a symposium. While there was no debate, it seems the NSA no longer paints Snowden as a traitor. What's changed? Read More : governments around the world are spying on you. They eavesdrop on your communications and build profiles of your online habits. Sadly they aren’t the only ones. From hackers to criminals there are many people looking to snoop on our personal communications. Perhaps unsurprisingly, free email providers often surreptitiously use software to mine information from your emails and contacts to sell you ever more targeted advertising.

If you are fed up with companies trying to force more adverts on you, and malicious characters — potentially including your own Government –gaining access to some of your most personal communications then it might be worth choosing a secure, privacy focused, and most importantly, encrypted email provider.

ProtonMail

Price: Free. Premium accounts available.
Storage: 500MB as standard. Up to 20GB for Premium accounts.
Country: Switzerland

ProtonMail started in 2013 from some very impressive beginnings. Originally developed by researchers in CERN, a successful crowdfunding campaign saw the open source, encrypted email provider exit beta in March 2016. ProtonMail uses end-to-end encryption How Does Encryption Work, and Is It Really Safe? How Does Encryption Work, and Is It Really Safe? Read More so that messages are encrypted at your end, and can not be unencrypted by the company — or anyone else for that matter.

As ProtonMail predominantly provides free accounts, it is reasonable to consider how they will sustain the service. In a comment posted to Reddit, ProtonMail made it clear that they have a Defence Fund which would sustain the service for up to a year without any other revenue.

Advertisement

Why ProtonMail?

All data is stored on the company’s servers in Switzerland — a country well known for its tough stance on privacy and data protection. Importantly ProtonMail is open source What Is Open Source Software? [MakeUseOf Explains] What Is Open Source Software? [MakeUseOf Explains] "Open source" is a term that’s thrown around a lot these days. You may know that certain things are open source, like Linux and Android, but do you know what it entails? What is open... Read More . This is a huge plus for privacy and security advocates. Closed or proprietary software methods cannot be tested or validated by anyone, meaning that you have to place your trust in the company. Open source means that, should you want to, you can verify the security of the platform yourself.

Although emails to and from other ProtonMail users are end-to-end encrypted, if you communicate with unencrypted services like Gmail, ProtonMail will scan these emails to protect against spam. However, theses messages are scanned in memory, meaning that they aren’t kept and will be overwritten in very little time. As soon as the email has been scanned it is then encrypted.

According to their Privacy Policy, IP logging is disabled by default, although options exist to turn this on if you wish. This is a benefit to your privacy because it protects your location, and prevents linking of data using your IP address. ProtonMail also doesn’t store any of your data once it’s deleted. If you delete an email — it’s really gone. The only exception is when the data has been stored in a backup, in which case it may take up to 14 days to be fully removed.

ProtonMail also doesn’t require any personal information in order to sign up for the service, although you may add a third-party email address for recovery purposes. If the ephemeral messaging that companies like Snapchat Send Self-Destructing Risqué Photos & Videos With Snapchat [iOS & Android] Send Self-Destructing Risqué Photos & Videos With Snapchat [iOS & Android] So you want to text someone a private flirty or goofy photo or video of yourself, but you know that images and videos can be shared and circulated on the Internet very quickly. Well it... Read More and Telegram Telegram Provides A Secure & Fast-Growing Alternative To WhatsApp Telegram Provides A Secure & Fast-Growing Alternative To WhatsApp Read More have implemented is your thing, then you’ll be pleased to know that ProtonMail has a similar feature for email.

Download: ProtonMail for Android | iOS | Web (Free)

TutaNota

Price: Free. Premium accounts available.
Storage: 1GB as standard. Upgradable.
Country: Germany

Germany’s own Tutao GmbH launched Tutanota in 2011 as a freemium, encrypted webmail service. The name gives clues to their beliefs, coming from the Latin “tuta nota” meaning “secure message”. The service’s servers are also based in Germany, making them subject to Germany’s rigorous Federal Data Protection Act. However, privacy advocates may not be agreeable to their data being stored in Germany, after it emerged that Germany’s Federal Intelligence Service had collaborated with the NSA in their surveillance programs.

Why Tutanota?

However, aside from server location, Tutanota makes a very compelling secure service. In many ways, their feature-set largely mirrors that of ProtonMail. They use end-to-end encryption to ensure that no mail is viewable on their servers. If you email an account that isn’t encrypted like Gmail, then Tutanota sends a link to a temporary account where the recipient can view the encrypted message.

Tutanota is also open source, with the code available on Github for inspection. Currently they do not encrypt the metadata associated with any stored mail, like sender, recipient, and date. However, their FAQ states that they are looking into the possibility of adding this in the future.

Tutanota uses 2048 bit RSA and 128 bit AES encryption methods. However, they do not currently support PGP, although they are hoping to develop an API to allow users to communicate with anyone using PGP encryption PGP Me: Pretty Good Privacy Explained PGP Me: Pretty Good Privacy Explained Read More . They do collect logs but only for technical information, warning and error messages. It is worth noting that Tutanota says that none of the logs contain personal information, and are only kept for 14 days.

Tutanota is a freemium provider, offering free accounts alongside paid Premium accounts which add functionality. If you opt for a Premium account it is 1€ per month. A Premium account allows you to add up to five aliases, use your own domain, and set inbox rules.

Download: TutaNota for Android | iOS | Amazon | Web (Free)

Mailfence

Price: Free. Premium accounts available.
Storage: 200 MB of emails, 250 MB of documents as standard.
Country: Belgium

From the creators of ContactOffice, the virtual office provider, comes Mailfence – an encrypted and free privacy focused webmail client. Following the Snowden revelations in 2013, the founders of ContactOffice believed that there was a need for a secure, privacy minded email platform. As with many other European countries, Belgium has strong privacy laws which favour the consumer rather than the company. Unlike many other countries there is little evidence to suggest that Belgium collaborated in the NSA surveillance schemes.

Why Mailfence?

ContactOffice was started in 1999, so they have experience in growing a service, which should provide some reassurance that they won’t abruptly close down. This experience leads to one of the standout features of Mailfence. It doesn’t only focus on email privacy, but the service also includes calendars, contacts, and document storage. Although they offer Premium accounts, they make most of their money by licensing their email and collaboration software to companies and universities. Sadly, Mailfence is not open source so by using the service you are forced to trust that the claims they make on their website are correct.

Taking a stand for your principles is admirable in itself, but alongside that ContactOffice donates 15% of the income from their Pro plans to the privacy organisations the Electronic Frontier Foundation (EFF) and the European Digital Rights Foundation (EDRi). Belgium’s privacy laws dictate that if a judge issues a court order then Mailfrence must comply. However, any outside authority has no right to impose orders or access data.

Mailfence is end-to-end encrypted and supports OpenPGP. You can generate a key on your computer which is then encrypted using 256 bit AES and stored on Mailfence’s servers. They also support two-factor authentication to prevent unauthorized access to your account.

One of the major downsides to Mailfence is that there is currently no mobile application. Although they have stated app development is a priority for 2017. However, if you want to sync to a mobile device then the only option is to use Microsoft’s Exchange ActiveSync. If you choose to upgrade to a Pro account then you can also use POPS, IMAPS, and SMTPS.

Download: Mailfence for Web (Free)

Keep It Secret, Keep It Safe

Many free email providers either do little to protect your privacy, or even take steps to erode it for you. Finding a secure, safe, and encrypted service is a move worth making. You should judge a provider on their encryption methods, how they finance the service, and where the servers are located.

Of course, no online service is entirely secure, no matter the ethics of the provider. There will always be hackers and surveillance agencies looking to build their ever-increasing databases. Of course, if you want to minimize the risk further, you could always run your own email server 5 Reasons Why You Should Make Your Own Server 5 Reasons Why You Should Make Your Own Server You've probably heard at some point that servers aren't only for those that have a lot of money. In fact, anyone who has a spare box sitting around somewhere in their house can have their... Read More .

Do you use any of these secure email providers? Have we convinced you? Or do you think there is no need to change? Let us know in the comments below!

Image Credit: bluebay via Shutterstock.com

  1. Timothy
    January 29, 2017 at 6:53 am

    How about guerilla mail?

  2. Zhong
    January 23, 2017 at 2:56 am

    Tutanota is still early in accessing full features as they cannot retrieve your password if you forgot or typed it wrong when you changed it.

  3. Matza
    January 23, 2017 at 12:06 am

    There's also Unseen: https://unseen.is/

  4. onlineemailaddress
    January 22, 2017 at 3:27 pm

    Please throw some light on "Posteo"?

  5. Stillsearching
    September 11, 2016 at 6:39 pm

    Not much here. The only one really is Hushmail who handed over everything when asked.

  6. R N
    August 6, 2016 at 7:13 pm

    Thanks for the article Christ. Is a new article that is more current forthcoming? One that considers the pay options as well and points out all the pros and cons?

  7. StephDRX
    July 30, 2016 at 12:52 am

    I see I'm not the only one using mailfence :) I have been using it for a month now and am very satisfied. Service is excellent as well, real pros.

  8. selecia
    July 11, 2016 at 1:04 am

    why is hushmail here? Hushmail has been known to give away personal information.

  9. Mick
    April 6, 2016 at 4:37 pm

    Indeed an informative list – but a short list that do not include some of the other remarkable players, that does everything on the client-side and truly provides end-to-end encryption (which by far is the only way that can ensure one’s online data confidentiality and integrity during transit).
    Following are two of those outstanding services.
    > https://mailfence.com/ (a pure end-to-end encryption service – that does not only provide confidentiality and integrity but also authentication via the capability of digital signatures, based on OpenPGP – it provides user full control over their keys and does it all in a very user-friendly manner)
    > https://scryptmail.com/ (another nice end-to-end service – that provides great reliability and hot features like disposable email addresses etc, based on OpenPGP and has a nice descriptive interface)
    > https://riseup.net/ (one of the most famous group of people who are not only providing great privacy solutions, but also helping like-minded people to grasp their OpenPGP understanding in a better and effective manner)
    Now, the ultimate tool when it comes to OpenPGP and end-to-end encryption – is always have been GnuPG, though the reason it never really get lifted up is due to its complexity in terms of usability from a typical user standpoint (however, implementations like Gpg4Win, GPGSuite, Seahorse does come in handy).
    Lastly, the article is not bad at all, the only loose-end is not mentioning some of the key players. Nevertheless, it always drops down to one’s preferences and requirements (I personally use mailfence which is free, interoperable, without ads, completely locally hosted and provides an entire collaboration suite i.e. messages, contacts, calendar, documents, polls, tags ….)
    Again, its a matter of personal preference and the extent to which one understand end-to-end encryption technologies (OpenPGP, S/MIME etc, which most of the people don’t) – that contributes in the rightness and wrongness of their online privacy decisions.

  10. Vickie
    March 12, 2016 at 5:23 am

    What is best for someone who is not very computer savvy and not always communicating with people who I would be able to exchange passwords with as easily?

    Hushmail sounds like the best option for that? Thanks.

  11. talat kabal
    February 15, 2016 at 8:45 am

    I personnaly use http://www.mailfence.com ! The reason why I decided to choose it instead of others private email, it's because mailfence are based in Belgium, and benefits a real data privacy compared to their competitors that are based often in USA and where the gov spy everything of your private life. I'm really satisfied.

  12. Drew
    February 10, 2016 at 10:11 pm

    WHO THE HELL KEEPS OBTAINING ALL OF MY PERSONAL ONLINE DATA AND USING IT ONLINE TO POST THIS GARBAGE HERE??

  13. James
    February 9, 2016 at 2:34 pm

    There is also MailFence on the market of "secure mail". It's nearly the same concept. When I come to choose a secure mail, I have hesitated which to choose. But finally I have choosen MailFence because it's really easy to use. I recommend it for all!

  14. Linleya
    November 14, 2015 at 12:35 am

    I found Invmail to be more secure when i compared against all etc its also they use 4096 bit RSA’s https://www.invmail.io they are in open beta, they also offer private solutions as well as Video/Voice Calls, and Messaging over encryption channels.

  15. reb444
    August 23, 2015 at 8:43 pm

    One thing to be mindful of--in any free or paid email server--is to never use active web-based links within the email or signature line...while the raw text of your emails may be secure depending on your chosen server (those noted here and below)...be mindful that any hacker (read: government) can follow "leaked links" that go outside the boundary of the email you send or receive. They DO leak.

    for example, "Beautiful . com" should read "beautifuldotcom"

    always use basic raw text only in secure emails. IMHO

    • Steve
      January 2, 2016 at 8:37 pm

      Thanx for the post. This is one of those issues that many people might deem trivial. However, this is very sound advice.

  16. Irene
    May 20, 2015 at 5:54 am

    I have Hushmail. The only problem is with the 'passphrase". If you forget what it is, too bad! Part of the Hushmail security premise, is that only the user knows what the passphrase is.
    I like to think that I keep a very careful record of my user names, and passwords. But, I did it, changed the phrase and now I am locked out. I have gone over 30 days since logging in, so now even if I remember my passphrase, I have to buy the premium email, to get my account back.
    Be extremely careful! I really thought that I had been, but...

    • reb444
      August 23, 2015 at 8:30 pm

      I had the same issue, Irene...several times...but, as an annual subscriber, they are able to "recover" email from probably three weeks prior. Ask nicely. when I asked them how they could deliver it w/o me knowing my passphrase (password), I had to recreate my account. The best way you can do retrieval in the future is to download and save your emails to a desktop/laptop arrangement (like Thunderbird without the add-ons and geo-locators)

      Once there, I scan the emails for malware, trojans etc, and only then UPLOAD the emails (TB export/file folder) to Dropbox or similar "somewhat" secure cloud server. I do this because I do not trust Hushmail, and in the event of laptop breakdown, I have some sort of immediate access to recreate my emails and files in a day or two.

      I say "do not trust Hushmail" because now they want to install cookies which narrows your geo-location. Like many other on-line or web corporations (such as Go Ogle, Yahoo/Peekaboo, Hulu+NBC, etc.), Hushmail does not like VPN servers (virtual private networks) which bounce one around the world for privacy reasons).

      For ex., my VPN might locate me in Seattle, but the Hushmail cookie relocates me a mile from my home. Not cool. Time to move on, hence why I am here.

      Also, while Hushmail can and does AUTOMATICALLY encrypt/decrypt at both ends if the intended recipient also does so with a hush account, I had been doing this for several months....all of a sudden, Hushmail started asking for the encryption key or question/answer where it hadn't before--meaning that it was beginning to read all supposedly encrypted emails just prior to that point;

      Countermail uses Java which is another geo- locator. The updated Javascript can never be erased from your system once downloaded (like Windows 10--which saves and reports your every move).

      I figure if these un-private corporations want to run my computer away from me, they mind as well refund the money I used to buy the machine in the first place.

      Me? I'm leaving and going to Linux and Protonmail. I'm definitely NOT doing, or intend on doing anything illegal, I just want ALL privacy, not just "some" privacy.

      • reb444
        August 23, 2015 at 8:34 pm

        CounterMail is also in Ontario, Canada, as is Hushmail, subject to Canadian court order.

        • reb444
          August 23, 2015 at 8:50 pm

          sorry, I meant CryptoHeaven for Ontario---look for location in terms of service and governing law.

        • Sal
          October 16, 2016 at 9:46 am

          I would avoid using ANY mail or vpn providers based or linked in any way to the US and its defacto territories:Canada and UK .

  17. CryptoCat
    May 14, 2015 at 8:51 am

    STAY AWAY FROM HUSHMAIL!

    THEY TURN OVER PEOPLE, THEY SNOOP ON YOU!!!

  18. Anon
    April 20, 2015 at 12:32 pm

    About the counter mail option. That's not mandatory to leave some "paper trail" once you have options to pay anonymously for the service.

    And yes, hushmail does seem to be insecure, even if they say the contrary. Something is not secure if they for any reason has a way to give your information to agencies or whatever. Or even if they can see it. If the service can do these things they are insecure and their main concern is not just provide you a great service. But make money only.

    The real best service will want to make money, but not at the cost of the privacy of the client. Then again people can talk about criminality if a service is totally secure. Well, criminals exists even inside companies and governments unfortunately. That's no point, for that the core of the society should change. The way human beings see the world and life should change. So there' s no point their either.

    I do respect all the opinions. But I am stating verifiable facts here. That's worthy. Thanks a lot for the opportunity. I am not divulging any service here. Any option that you find that is really secure you can use. One good thing is to go away from certain countries when it comes to the way certain services are handled because of their privacy policies, because in some countries privacy actually doesn't really matter to the so called authorities! That are not really concerned about people most of the time! So choosing providers where privacy is better is an option. But if someone is able to maintain a great service inside a country, whichever it is, where not even the company can access your data. Then there is nothing authorities will be able to do when it comes to "ask" for data. If they want data all they'll have will be encrypted data.

    That's not about anything else but the right to privacy. To not be tracked and receive tons of ads, you already pay for your internet access and surely you'll help in all legal and ethical ways those who provide good content, no need for intrusion and illegal activities just to make money. Or to only do it because you think you can. Some agencies and those responsible for such lines of thought should be ashamed of how they do things, their money could be better used to improve humanity.

    Anon

  19. Jerry
    March 21, 2015 at 11:16 am

    A question for Chris, if he's still monitoring this thread.

    I use Thunderbird email app exclusively in my business. If I were to install Enigmail, using Open/PGP and S/MIME protocol (which I gather is the technology), shouldn't it be possible for my recipients to be able to open and read the emails using any other compliant Open PGP mail app that also uses S/MIME? Presumably all OpenPGP apps have ways of sharing Public keys with one another, no matter who writes the code and what the product is called?

  20. purplerebel
    March 10, 2015 at 11:52 am

    Any take on ProtonMail?

    • fiddle2
      March 20, 2015 at 3:38 pm

      purplerebel, I have ProtonMail. Once you finally get your account it's smooth to work with. Like TylerD says, hands down the best!

      • reb444
        August 23, 2015 at 8:32 pm

        Corredct Fiddle...it took me about three weeks to get endorsed--also, use an alias while on there

  21. JD
    February 24, 2015 at 1:38 am

    Well now great info...
    1. Hushmail will turn over email accounts with a Canidian Court order, just so you know. So if you just have to use it.... download ALL the emails as you get them.
    2. Then there is vfemail.net which is free for 49.5 (+ or - a meg or so. I download most of my "private law" info as I receive it, as their servers are in the USA. Their paid version is real cost effective if you are not totally on a "fixed" allowance.

    So just a bit of an update for you!
    Thanks!

  22. MR. G. NOYB
    February 17, 2015 at 6:45 am

    Startmail

  23. TylerD
    February 5, 2015 at 7:51 pm

    Protonmail is the best hands down! It's so good that they have a waiting list for an email account because they ran out of room on their servers. The company is based out of Switzerland, which is probably the last country left that actually honors peoples privacy. They based it here specifically for their privacy laws. I'm not a computer whiz but from what I understand the complete email process is encrypted and only you have the key. The owner said in an interview that even if the federal government would demand access to accounts they would have no means to provide it to them because they have no access to the keys.

  24. Anony Mos
    December 24, 2014 at 5:19 am

    Hushmail should never be advertised as anything secure IMHO.

    TutaNote lacks certain features but is very secure, free, based in Germany (good privacy laws), and well programmed. tutanota.de

    • Django
      February 5, 2015 at 3:45 am

      Tutanota.de is 404.

  25. Jimmy
    June 21, 2012 at 5:11 pm

    Hushmail isn't safe. The NSA has real-time access to their servers. Plus their backdoor that they grant to US law enforcement.

    I've been using Countermail and Neomailbox.net for years. I think Countermail is the absolute best.

    • smadha danyew
      August 6, 2012 at 2:30 pm

      Not only that, but if you do not log in to Hushmail regularly, they lock you out and charge to reopen it... totally crappy!

    • thanks for the theme!
      April 28, 2015 at 8:00 pm

      smadha danyew: exactly the same problem... would like to deactivate/delete my account now - no access to do it.

  26. BL
    April 7, 2012 at 4:00 pm

    Do recipients of emails sent using Enigmail have to have Enigmail installed as well? How does the key exchange process work?

  27. BL
    April 7, 2012 at 4:00 pm

    Is Enigmail transparent to the recipient if they don't have the tool? How does the key exchange process work? Will they need to install something on their end?

    I'm trying to look for free options that allow me to send / receive encrypted emails but my recipient has certain restrictions on the tools that she can download.

    • Chris Hoffman
      April 8, 2012 at 2:43 am

      Enigmail isn't transparent to the end user. They'll need Enigmail installed, too.

      The other options in the article can be sent to a user without a special email account or software, though.

      • BL
        April 8, 2012 at 5:31 pm

        Which service would you recommend the most? I was leaning towards the free version of Vaultlet Mail but it does not provide me with the attachment size limits that I need. Enigmail is not an option for me as my recipient won't be allowed to download anything.

        Would Hushmail be secure enough to transfer files of sensitive nature to another person?

        I've also read a little bit about eCrypt Me, but I guess is free to try but has a monthly fee subscription of $8.

        • Chris Hoffman
          April 9, 2012 at 12:43 am

          I'd lean towards Hushmail, if it has the file-size limits that work for you. Some people are paranoid about Hushmail, but I dealt with the concerns about it in the post.

          I haven't used any paid options, so I can't really comment on those. But it was hard to find enough free options to round out the article.

        • BL
          April 9, 2012 at 12:59 am

          Thanks a lot!

        • Henry
          May 15, 2012 at 2:49 pm

          CryptoHeaven http://cryptoheaven.com works similarly to Hushmail, but offers more features. It does have a free option although it is not advertised on the website. When creating new account, leave the "activation code" blank and it will create a free account with limited storage.

        • Chris Hoffman
          May 16, 2012 at 12:16 am

          Very interesting! I might have included CryptoHeaven if they advertised that.

          Thanks for chipping in.

  28. Michel
    April 1, 2012 at 10:40 am

    The most secure email service is Countermail. It covers some of the vulnerabilities and limitations that Hushmail has.

    Some differences:
    * CM does not log IPs. Whatsoever.
    * CM has 100% MITM-protection.
    * CM has the ability to use double authentication.
    * CM stores all incoming and outgoing mail encrypted.

    Your solution in the article above to use Enigmail and so on has some huge limitations. For instance, enigmail does not provide good protection if the attacker has physical access to the computer (ie search & seize order) and depending on mail provider used with Enigmail the ip-address is revealed to the recipient.

    • Chris Hoffman
      April 1, 2012 at 10:59 am

      Thanks for sharing, Michel. That sounds like a great service.

      It costs money after the first month, though, and we try to focus on free services. That made writing the post hard -- I had to pass up some high-quality options.

      Still, if you really need encrypted mail, it may be a good idea to shell out some cash. (Then again, doesn't that create a paper trail? That could also be a concern.)

      • smadha danyew
        August 6, 2012 at 2:32 pm

        actually, if you dont log in to hushmail on a regular basis (they say 3 weeks, but it is more like a week) they lock you out and charge you to reopen it... CRAPPY!!

        • Chris Hoffman
          August 7, 2012 at 7:36 am

          Wow, really? That really sucks.

  29. blonde
    March 11, 2012 at 11:39 pm

    I always email my prescription and never had any problem with it.  ;)

  30. Chris Hoffman
    February 21, 2012 at 12:09 am

    Thanks for the recommendation. We tried to focus on free services, which is why many couldn't be included.

  31. Chris Hoffman
    February 21, 2012 at 12:08 am

    That's a good point. It isn't free, though. These services are.

  32. Anonymous
    February 16, 2012 at 5:22 am

     Good to know about the  3 Most Secure & Encrypted Email Providers Online.

  33. Matt
    February 16, 2012 at 5:00 am

    Enigmail is GREAT! I have used it for years. It definitely takes the pain out of using GnuPG. Thanks!

    • Chris Hoffman
      February 16, 2012 at 9:14 pm

      You're welcome! I definitely knew I had to include Enigmail.

Leave a Reply

Your email address will not be published. Required fields are marked *