| I am looking for a new email provider - one that offers me more "privacy" than gmail, outlook, yahoo etc., I have been looking quite a bit and have yet to find something decent, so am coming to you all for advice. Partly this is my small act of defiance/revenge for large internet companies collusion with the NSA et al. and partly because I would like to increase my level of "privacy."
Requirements: 1. Webmail
2. pop3/imap
3. Free for the above
4. Privacy friendly jurisdiction (or perhaps just a jurisdiction unlikely to comply with U.S. requests) Optional, but preferred:
1. English interface
2. Encrypted (i.e. the service provider can't read my mail even if they wanted to) Logic:
As I mentioned part of this is moral/activist motivation, but a large part of this is motivated by the old saw about "not having to outrun the bear, just having to outrun you!" Weirdly I believe that my email correspondence is no one's business but my own, and therefore I'd like to ratchet up that "hassle factor" of invading my privacy. I suppose I am not completely opposed to paying, but would prefer the option of maybe having a completely anonymous account as well. Also I should say I have neither the will nor the desire to get overly complex about this (running my own mail server etc.) I'd just like to be able to not be the feudal serf of google/yahoo/microsoft/etc. From a threat assessment standpoint:
A. Specific targeting by government agency (NSA etc.): I'm screwed - so not going to worry about it.
B. Bulk Collection/Dragnet Surveillance: Would like to increase the burden of "collecting" my information.
C. Criminal/Civil Investigations: Jurisdiction should be effective impediment.
D. Hackers: want a robust provider, not fly by night. Any thoughts would be appreciated, even if you think I'm missing the forest for the trees. |
However forget about the second optional requirement. The way the SMTP works, means that at some point your email messages must be read and processed by the server, if you can't trust it, you already lost. The only way to be "safe" in that regard is to encrypt the payload with GPG as already suggested.
Furthermore, server-side encryption of your stored emails is indeed possible, but it will render impossible for the provider to offer basic functionalities like search in the web ui.
If you're really concerned about privacy issues and really want all your email encrypted you might be better off self hosting your own mail server, but be warned if you don't know what you're doing and you don't take proper care of it, you'll end up in a situation that is even worse than using something like gmail.