I would like to be smarter about who does all that network transmission of my email.
Threat model: I do not want to give up my personal behaviour data too cheaply to train someone else’s algorithm. My behaviour data is a resource that I will charge a premium for as long as I am allowed to. Hence for me, no gmail.com, no outlook.com, no yahoo.com, no hotmail.com. Google mail exists and is free, but that is effectively selling my personal data to faceless foreign corporations. Given that I have the privilege of income, I will happily pay a premium to not be a data point for them. In practice, many my contacts insist on using gmail, so I am not entirely depriving Google of my delicious data by opting out, but I will hopefully reduce their prying, and facilitate other opting out.? Also why not reward companies with less icky business models by voting with my dollar? Good, done.
Alternatives: If I had time I could host my own encryption-happy mail server, but life is short and I am not THAT passionate. Middle ground: Pay a reputable email provider in a good jurisdiction to provide my email services for a reasonable price. To that end, here are some reasonably-reputable 3rd party email providers offering a selection of different trade-offs in price and privacy.
What exactly secure email might be is complicated, but long-story short, do not use email for political dissidence; Governments can usually get at at least one party for any email. That said, there are degrees to awfulness.
- Favourable jurisdiction. I favour options who in principle won’t give up my email without telling me because of legal protections.
- GPG encryption of messages to people in my chain of trust. I am unconvince this is worthwhile and despite having all the tools to send GPG mail I have yet to find anyone who wants to correspond that way. That is enough decades of waiting.
- Host-proof encryption: The host cannot see my emails in storage. I think this is possibly worthwhile, although whether the email hosts can be trusted truly handle that mail without ever snooping is a question of trust and law.
Recently the environment has continued to deteriorate, and I’m revising my priority for encryption upwards. I am now prepared to pay more to make it less convenient for mass surveillance, using host-proof encryption providers such as tutanota and protonmail. The trigger here is that the EU appears to be sliding into mass mail interception and surveillance. See Chatcontrol.eu for background on that.
protonmail in principle can’t give up your email because they never see your unencrypted data: This is less convenient than a standard host in that you cannot use a class mail client to access mail directly, but in certain worlds might be fun/useful tools, especially in a post chatcontrol world. Annoyingly, as with all the host-proof email providers, these folks do not interoperate with other host-proof encryption systems.
tutanota is similar to protonmail. Since they are domiciled in Germany, inside the EU, they may now, or soon, suffer from a legal requirement to spy on their customers. I wonder if the technical barriers they have erected in this case will be sufficient?
GANDI is a french DNS host which has diversified into other server stuff. If you already host your domains with them it is convenient to host email as well. The service is full featured and obviously supports custom domains. It is missing one or two things that would be nice (catch-all addresses and CalDAV) but is perfectly functional AFAICS, and extremely cheap. They will likley soon be implicated in mass surveillance of mailboxes, however, because of being in the EU.
eclipso is another German provider, so once again in a (previously?) relatively favourable jurisdiction. They have lots of features, suspiciously many features really, including, weird unique ones (email-fax gateway, email-physical mail gateway…). Custom domains are only available on the “business” plan at EUR6/month which is fine, but actually I just freaked out at how service-packed they are and ran away.
fastmail is easy to set up and simple. A potential is that they are run out of Australia, whose respect for privacy and due process is on a downward slide. Since I am not trying to conduct illegal business by email, this is not a dealbreaker per se, but all else being equal, why jump aboard a sinking ship when there are similarly priced alternatives in better jurisdictions without such grim disregard for transparency and due process? There would need to be some serious compensating virtue which I cannot see right now.
Maybe Gohosting would provide such a compensating virtue, such that it would be worthwhile to use an Australian host. They are a local operation who are small enough to have the virtue that I can phone them up and complain to a real person if anything happens that I get sad about. I could be persuaded that the personal relationship of a small scale local provider mitigates some of the nastiness of the bulk surveillance economy. HT Luke Snarl for mentioning these folks, and thereby being the exemplar of a trustworthy recommendation.
On that note, Hey promise a radical redesign of the email experience and promise much fancy eye candy. Sadly, they are in a terrible jurisdiction (USA) but maybe the value add is good. Is it good enough to justify keeping your email in the NSA browsing library? Not sure, did not try.
Kolabnow is a Swiss provider of email and groupware services, with a reasonably favourable jurisdiction and they wave the flag for privacy a lot. I was using them for a long time, but no longer. Reason: I got locked out of my email for a crucial 3.5 days due to a UX fail followed by a server glitch on the Christmas holiday. I have switched mail providers now, to GANDI, which is not as primo, but is cheaper. Service before that was excellent, so this may have been unfortunate timing rather than a preventable cockup but … too late now! By the time I got the explanation out of the service contact my email was all in France and I cannot be bothered moving it back.
Running my own email server