Hunting for an email service with extreme wishlist for privacy and security?

The wishlist of requirements included being a secure email service that encrypts, one that supports anonymity, is not-based-in-the-US for easy surveillance, supports Tor, and is free. This was my hunt for such a service.

Being a big privacy supporter, and after considering a list of requirements/restrictions, it can be a bit challenging when looking for a new email service. My wishlist of requirements included being a secure email service that encrypts, one that supports anonymity, is not-based-in-the-US for easy surveillance, supports Tor, and is free. This was my hunt for such a service.

When people question the reasons for anyone wanting to be anonymous, as if backing former Google CEO Eric Schmidt's infamous quote, "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place," then I kinda want to kick them hard. While there are legitimate reasons to require some sort of identity verification for email services, not everyone who values their privacy and wishes to stay anonymous is a spammer, scammer, or up to illicit online activities.

One of the first big flaws to make-or-break an email service is a restriction in being anonymous. Anonymity-busting activation procedures are common, like requiring another email to activate the account or by paying for an email service since that is tied to revealing your real name. Of course, you can get around activation requirements via another email by setting up other "anonymous" email accounts (in which you mostly are not really anonymous) or using a free service that allows temporary email accounts. Keep in mind that IF a service is located within the United States, then law enforcement can request your info.

Although not necessarily labeling their email services as disposable, there are a ton of temporary email services and others that provide free and theoretically anonymous email accounts like Hide My Ass, Dead Address, TempEMail, AnonymBox, Anonymouse, GuerrillaMail, and mailinator to name but a few. Send Email claims to not record email addresses or messages so people can send anonymous emails. However SendAnonymousEmail makes no bones about it; if you send something illegal then your IP address will be published as well as banning you from the site. While NOT Sharing My Info obscures your email address, it's not about privacy and makes it quite clear that your info will be shared with law enforcement when required. And it can be required like at myTrashMail which had to discontinue its free anonymous and fake email services. TheAnonymousEmail is not so anonymous since you must give your name and billing address and Anonymizer Nyms is not free.

Of course, you could use a remailer to "hide" behind anonymity, but it's a bit tedious. I read somewhere that people were using it without encrypting the message, but why bother? Punk Rocker has a nice how-to about anonymous remailers, how-to find and import a public PGP key, or you can go here to read how-to chain two remailers and encrypt the message.

Countermail is based in Sweden, but like other secure and anonymous yet offshore email services that encrypt such as AnonymousSpeech, MuteMail, NeoMailbox, Securenym, TrilightZone  - they are subscription-based and not free.

Privat DE Mail is a free offshore secure service that maximizes privacy while strongly opposing data retention. You need a client. "We recommend Mozilla Thunderbird, also plugin Enigmail so your mails remains "for your eyes only." For Enigmail you need also GnuPG." Remember, if you store email on your PC, you should also consider keeping it on a Truecrypt volume. The site states, "Most people do not want to be subjects of unlimited surveillance, so Privat DE Mail offers a solution to protect privacy of e-mail communication." It also says that email to or from Israel is not possible, so I'm not sure what that implies about services like Safe-Mail which is based in Israel. But sign up on Safe-Mail was fast, requires no verification, encrypts mail yet only offers 3MB of storage.

Here's some other free email services which support encryption, can be setup with Tor, and came highly recommended on the basis of privacy and security:

MailVault was fast, easy, and seems very secure. It required no verification and offers 4MB of storage. You setup your passphrase to generate a PGP Keypair. Don't forget your passphrase or else there is a $25 charge to revoke your old key and create a new one. The fact that MailVault believes and states that privacy is a right and is located offshore may have influenced how much I'm liking the service.

Lavabit offer two types of free encrypted email accounts. The 128MB of storage has no advertising, while the 1,024MB of storage does. Signing up was fast, easy and required no email verification, but the company is based in Texas meaning your email is only private so long as the government doesn't want to see it

RiseUp starts right off by stating, "There is a problem with email. The U.S. government practices 'full pipe monitoring' and association mapping, which gives them the ability to build a detailed map of how our social movements are organized." Although the Riseup Collective is located in Seattle, the About page states, "We will actively fight any attempt to subpoena or otherwise acquire any user information or logs." You are allowed 25MB of storage. You either need an invite code from an existing user or must request an email account. I skipped over the part where it asked for an alternate email address, applied for an email account, and was issued a "ticket." It remains to be seen if by leaving no way to contact me, that an email account can be created via the ticket. While this is good for any activist, it is a serious drawback for immediately setting up an account.

Zoho offers many apps and has a free and encrypted email service with no advertising. It's located in California though, which means Johnny-Law-Officer can get access to your account. The free version offers a maximum of 3 users with 1GB of storage per user, but the first step is to verify your account with another email address.

FastMail has a free version that includes advertising but when signing up for "non-paying" accounts, you are required to activate the account via another valid current email address. There goes your privacy.

HushMail is meant to protect users against eavesdropping and government surveillance, but it can be compelled "under an order enforceable under the laws of British Columbia, Canada, to treat a user named in an order differently, and compromise that user's privacy."

These email issues, the search for anonymity, privacy and security, are addressed on Hidden Wiki, but an initiation to swim in the "Deep Web" is a deep subject that includes many things that once seen, cannot be unseen. Another time perhaps.

Like this? Here's more posts:

  • Wham Bam Google Ban: No Pseudonyms on Google Plus Profiles
  • Cyberwar Strategy: Will Dual-Hatted NSA Plug Holes in Leaky Pentagon?
  • DHS: Imported Tech Tainted with Backdoor Attack Tools
  • They ARE Listening: Law Enforcement Wiretapping Jumps 34%
  • Anonymous, Hackers, Citizens: Know Your Rights!
  • Project PM Leaks Dirt on Romas/COIN Classified Intelligence Mass Surveillance
  • Former FBI Agent Turned ACLU Attorney: Feds Routinely Spy on Citizens
  • Anonymous, Hackers, Citizens: Know Your Rights!
  • In this digital age, what the heck happened to the Constitution?
  • The problem with weak passwords and hijacked Hotmail: 'My friend's been hacked!'
  • Microsoft patent may ruin Skype, may make VoIP spy and pry easy for gov't

Follow me on Twitter @PrivacyFanatic

Copyright © 2011 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)