Now that TorMail has been compromised, we need more email alternatives #461

chovy opened this Issue Aug 5, 2013 · 99 comments


None yet
chovy commented Aug 5, 2013

MyKolab looked good except they require existing email and I think it costs money, could not tell.

Zegnat commented Aug 5, 2013

Please note that TorMail has already been off of PRISM Break’s list for over a month. It was removed on Appelbaum’s (@ioerror) recommendation.

MyKolab is not free, you are right. This should probably be made clear in some way. I filed an issue to rectify this. You do not need an existing email address to use them though, you even get a pick of 7 different domain names when signing up (6 of those are managed out side the U.S.).

If you have any ideas for solid free email services please open an issue to get them added.

btegs commented Aug 5, 2013

You should add Geary, which is free software under the LGPL 2.1:

hasufell commented Aug 5, 2013

Geary was already discussed. It is not a general purpose mail client and is in a relatively early stage of development. There are tons of things it does not support.

Zegnat commented Aug 5, 2013

This is a call for email services, please discuss email clients – like Geary – elsewhere.

chovy commented Aug 5, 2013

What about ? they seem pretty good.

Zegnat commented Aug 5, 2013

Please see #284, Lavabit seemed to do some heavy logging and be unsupportive of anonymity. I don’t think their terms have changed much since then.

I am interested to see where this is going. I haven’t been invited to Riseup yet and would love to see a similar service somewhere.

chovy commented Aug 5, 2013

Ok, well something web-based for the non-techies would be good.

haary commented Aug 6, 2013

In #157 was suggested. It was pointed out, that the interface is available in french only at that time. Now it is available in english as well (click "Langue").

Another one is Like openmailbox it runs completely on free software. Website available in english and french (registration is only available at the french page now). Offered protocols are SMTP, POP3, IMAP and their SSL variants. Subscribing is without personal informations. Quota is 1 GB.

greve commented Aug 6, 2013


About MyKolab: Yes, it costs money, because data centres and staff to develop and maintain a solution cost money.

A service that claims to be gratis should be treated with extreme caution.

If it is not you, then someone else is putting up the cash. Question is: Why are they doing it and can you rely upon them to continue doing it for the foreseeable future such that you can rely upon the service? There are sometimes well-meaning initiatives by enthusiasts, but these often die with the passion of their founders or get into trouble when the next set of hardware must be purchased - because without your own hardware, you have no access control, meaning you have no security.

As for the rest: If you're not paying for it, you're not the customer, you're the product being sold.

That is why MyKolab has a cost associated and takes great care to make transparent the terms of service and actual, guaranteed privacy users can actually rely upon today and in the future. That said, the business behind it is as hard core Free Software as they come, so money goes into the service and the development of more Free Software, which again improves the service. But we /never/ do proprietary software. Take a look at some of the people involved, or check out the #kolab IRC channel and you'll see why. :)

And the software that comes out of this for the general good is what most other web mail hosting providers use. So anyone using MyKolab is helping an entire ecosystem of Free Software providers. Which was part of the point.

As to the email address for registration: This is used for the password reset mechanism. If you have a better idea on how to do that in a way that does not require excessive manual labour, please let us know.

chovy commented Aug 6, 2013

MyKolab may be great, but my real identity will be tied to the payment to them. Not very anonymous.

greve commented Aug 6, 2013


We're working to provide more forms of payment, it's just that we had to start somewhere.

Mind if I ask you which would be your preferred way of payment? We'd like to know what people would like to see so we can prioritize developing further payment channels.

i2000s commented Aug 7, 2013

Sorry, guys. Just want to add some conditions for consideration: Is there any safe&open email service provider that combines email, calendar and maybe other services together? Is there any email service provider that can hide meta data in a safe way?

For the first condition (question), I and many other people usually use calendar to send email for reminders. Maybe there are also other combined usages needed. In this case, it is better to find a services provider that can combine the necessary needs together with email service.

For the second condition (question), I am thinking how to avoid leaking our meta data even the communication content is well-hiden. In case NSA or other organizations found the meta data, they can still know whom we are communicating with, even though we use open-source email service.

I personally don't know what satisfies those two extra conditions. Hopefully we can find good solutions!

greve commented Aug 7, 2013

@i2000s You are right, of course. There is no perfect solution.

FWIW, MyKolab combines Email, Calendar, Address Book, Tasks and Files in one service. So when communicating or collaborating with people within that service, no data is transmitted over the internet. More services will be added. Calendar data is directly transmitted to you over CalDAV/CardDAV or the mobile sync, and thus you do not depend on email reminders - your clients and devices remind you.

So it would seem to fit both conditions as best as I know how to in today's world.

All of this is part of Kolab, as well, so you can get the same by setting up your own server for your group of people. Kolab as a concept is distributed, and the Kolab client can aggregate & integrate an unlimited amount of servers and services into one information picture for you. But that data only comes together on your device.

As it is all fully Open Source, you are free to run with it.

rev22 commented Aug 7, 2013

E-mail is the single most important personal service for Internet users, and is often used for critical personal communications and to register to websites.

An ideal solution in my opinion would comprise:

  • https web interface
  • access through common encrypted protocols, like SMTP and POP3
  • adaptive spam filtering
  • commitment to privacy (no data retention or logging of traffic)
  • commitment to provide long-term services to users
  • transparent funding
  • only using captcha or other basic intelligence tests to discourage service abuse (instead of monetary fees, or requesting of personal information like cellphone number, real name or documents)

.. all based on Libre software

Useful extra protocols for the open Web:

  • OpenPGP
  • OpenID
  • WebFinger
chovy commented Aug 7, 2013

@greve as for payment, i think the obvious choices are PayPal, CreditCard and Bitcoin.
I would only use bitcoin from Tor network to remain truly anonymous. The other two (paypal/cc) I would use for personal use.

greve commented Aug 7, 2013

@chovy PayPal is currently the default option.

The other option would be bank transfer, which can be anonymized at the cost level and only needs to map to a customer id, which has no mapping to the email address/account, so the bank won't know who this is.

Direct acceptance of credit card is not quite so simple, you need a merchant account and a couple of other factors. And then it'll typically put some restrictions on where you can accept them from at least at the beginning. But we're working on that.

Bitcoin might be another option. Because it is not so far spread and seems to have some issues, we have not prioritized that very highly.

chovy commented Aug 7, 2013

@greve You can integrate with BitPay. Should be pretty simple, and they convert your BTC to USD right away so you don't play the investing game with your earnings.

greve commented Aug 7, 2013

@chovy Thanks, we'll look into that.


I have updated all the "black" points #157

nylira commented Aug 8, 2013

Lavabit shuts down:

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.

HN discussion:

chovy commented Aug 8, 2013

It looks like is a good one.

Zegnat commented Aug 8, 2013

Riseup seems very good, yes. I haven’t met anyone who could invite me yet so I can’t speak out of personal experience but it looks like some good and trustworthy people back it. Still an American service though, which is something you will have to consider. (It helps that they aren’t an actual company running it.)

If you get into Riseup, go for it.

chovy commented Aug 8, 2013

It requires an invite?

Zegnat commented Aug 8, 2013

If you want to get an account immediately, yes. 2 codes even, if I understand the form right. Else you will have to leave a plea and get approved by one of the system operators:

If you do not use the invite method, please tell us about your activism. Do not include acronyms or personally identifiable information. This information will be destroyed as soon as your account is approved.

This is why most of the currently advised services are hard to get into: Riseup needs you to know others who use it, A/I needs you to get approved as well (see below), and MyKolab is pricey for your average freedom fighter.

That’s why I am hoping to see more interesting services come by here on the site. Something like Posteo – for just 1 EUR/month – would be sweet for those of us who do not wish to set-up their own mail servers. And I am constantly on the look-out. Just haven’t found it yet.

A/I will have you fill out a form:

Please tell us why you would like to request a service from Autistici/Inventati. We would also like some information about what you would like to do with it (for public services only, of course).

greve commented Aug 8, 2013

@Zegnat FWIW, Freedom Fighters get a special deal on

But if you want to actually provide privacy beyond pure marketing claims, there are a couple of decisions involved that drive up the cost of providing the service. Especially if you also want to do right by society at large in terms of the technology you use and the contribution to Free Software you would make when doing this properly.

But then we're always talking in the realm of the value of a pizza or 2 beers or some such in most places.

Question is: Is privacy worth that?

Too many people got too used to offers that seem to be "zero" cost. That has shifted the perception of what one might pay for such services. Only that the cost was never actually zero.


t I've been lookking for you're E-mail service. For 1 year SFR 120.- is quit some money for a private E-mail.
But oke I was willing to pay, and went to the sign-up page. I had to fill in my family name and my E-mail adress and then I just stopped.

I'm a grown man and I do not need you to take care of me, if I loose my password, thats my responsibility. I also did not like that you need my family name.

After the signing-upp, you can give a number, that need to be put on the payment, with the payment details how to pay. And you're administartion throws away that number to the E-mail reference after the payment is received and the E-mail service is running.

I still think SFR 120/year is a lot of money, I only need the E-mail-services. Maybe it is possible to start with just E-mail and upgrade if you need other services you provide. (by upgrading the price rises)

At Lavabit I payd $18/year for 8GB for just the E-mail service.
If you're willing to make the changes and can give me a good offer I'll subcribe.

greve commented Aug 10, 2013

@Parcival09 The service provides a whole lot more than email. And in comparison to similar offers in Switzerland, it's actually quite cheap. But yes, with the Swiss Franc being as overinflated as it is, I understand that Swiss pricing is currently high for the rest of the world. Think of it this way: This is the price of the universal Berlin currency, a Doner Kebap per month, in Geneva.

As to the name & email requirements, these are primarily ways to reduce support overhead.

Because the majority of people want invoices. And their name on them. If they haven't filled them, that's another 10 minutes someone has to spend in support. Multiply by a couple of thousand and you can perhaps see how that might become an issue. Same for password resets, which is the number one support request. Even just in beta period we often had several of them per day. It is commendable that you do not require or desire this level of service and hand holding. But that makes you unusual.

Either way: If you wanted to provide the name of Santa Claus, provide North Pole as your place of residency, and use a discardable email address for the sign-up, the system would still sign you up. We felt that people who did not want to provide this kind of information simply would choose to go down that route.

But yes, it's also been an internal debate. The problem is not trivial though. If someone puts a lot of data into the service and lose their password - which happens surprisingly often - then you need to have some way that is not so easily socially engineered to give them access again. Name & Email establish a certain minimum level that is already pretty low and easily circumvented for those who do not want it.

As to the "smaller" package for service, that is indeed something we should be considering.

It won't reach the same pricing as Lavabit, though, as the US are an extremely low-cost hosting country, while Switzerland is the extreme opposite. Our costs are in Swiss Franc, and so the pricing needs to be. The only way to avoid that would be to move the servers to a different country. But then you'd lose a primary advantage of the service. So Swiss level privacy will always have to come with Swiss level pricing, unfortunately.

nylira commented Aug 10, 2013

All email messages "leak metadata" they say. That information includes data about who you are talking to and where you are. That info is visible even if the message itself is encrypted.

"E-mail as we know it today is fundamentally broken from a privacy perspective," Callas says. That's a pretty strong statement coming from this particular guy.

Read more:

Instead of email service alternatives perhaps we need email protocol alternatives. It may be worth reinstating Bitmessage with a warning to use randomly generated UUIDs. #465

Zegnat commented Aug 10, 2013

FWIW, Freedom Fighters get a special deal on

That’s really good news!

As to the "smaller" package for service, that is indeed something we should be considering.

I will be looking out for that too. As an unemployed student I cannot justify spending a day (possibly more) worth of food for 1 GB of email. Like @Parcival09, I do not actually need the full Kolab package.

You might also want to take a look at Riseup’s registration, they have made second email addresses (for password resets) optional on sign-up. People who really want privacy can then chose not to enter one.

All email messages "leak metadata" they say. That information includes data about who you are talking to and where you are. That info is visible even if the message itself is encrypted.

You could limit these things a lot, and Silent Circle could have invested in this. Take a look at Riseup:

  • Riseup offers any number of aliases, and it seems MyKolab will be rolling out ‘identities’ too.

    Normally Alice and Bob would both email me at, but when Alice contacts me at 3fAYkhyxkvw1BWH@riseup and Bob at aoTzSHn6vTV2vie@riseup there is no meta-data that links them together. If everyone knows me by a different alias ([randomstring]@riseup) it becomes impossible for surveillance to find out who is emailing me or do ‘social network’ analyses.

  • Riseup strips meta data like your home IP address when sending an email:

    We do not include your home IP address in the headers of your outgoing mail.

Using TorBirdy will try to route your email through Tor and anonymise it further. It also tries to strip other identifiable information from your email headers, such as your time zone. (Currently the later feature is in limbo, see #9131.)

Email can be as anonymous as you want, it just takes work. In the end I think people are more likely to put in this work than to learn to use under-development solutions like Bitmessage. (Although I fully believe Bitmessage shouldn’t have been removed in the first place.)

@greve, does MyKolab do any anonymisation of out-going email message headers?


"Because the majority of people want invoices" ==> If the family-name is optionel (with registration), then make it optional. The name shows already up, when the client pay\s, wouldn't it? So my idea works, by giving the registration number, the registered gives that number with payment, then you're admin looses that connection. The name on the invoice will be the name that PayPal shows.(invoice after payment will be no problem)
If the E-mail is optionel (with registration), then make it optional, (with the explanation that you can't service them when lost password. "The child-registration" :-)

You're the owner, so on what time-base could you implement the "the get less, then pay less" option? ("The get less, then pay less" option is © Parcival09)
On what time base you think you can offer the more identeties, with 1 E-mail supscription?

Were is the check-box with registration for Freedom Fighters ("get a special deal on")
My paid-Lavabit accounts are closed, so make it quick else I'm gone. While I need fast a good payable E-mail server.


Update about Lavabit
"What happens to your customer's e-mails and data?
Levison: I'm looking into setting up a site where users can download their data and set up a forwarding [e-mail] address, but that may take a week or two to set up. That's all I can do until I feel confident that I can resume the service without having to compromise its integrity. "
"I will make it clear that I don't plan to use any encryption for that site. [People] should only use it if they feel comfortable with the information being intercepted. And yes, I do plan to have that disclaimer on the site. "
" Unfortunately, what's become clear is that there's no protections in our current body of law to keep the government from compelling us to provide the information necessary to decrypt those communications in secret.

I'm still looking at seeing if that's even logistically feasible -- there's half a billion messages [sent in the 10 years Lavabit operated]. By shutting down the service, I will be losing the infrastructure that I used to support all those people."

greve commented Aug 10, 2013

@Zegnat & @Parcival09 Please forgive me for wrapping answers into one.

Firstly, I published an article last night that was trying to explain some of the thinking behind and the rationale and motivation for starting it. You'll find it at

Secondly, on packages & smaller pricing: We'll look into that. I cannot give you a time when that will be available, nor for what price it would be available.

And chances are you would still find it expensive. The reason for that is simple. Switzerland is an expensive country. Hosting, including space, security, electricity, bandwidth, labour all are expensive because the country has enjoyed hundreds of years of stability and security. That's also the upside, by the way. For hosting data, security, stability, reliability are all desirable. So is the privacy legislation. But with things being what they are and the Swiss Franc being overinflated at close to 30%, chances are that "privacy services done right" (see article above for what that would mean) might still end up too expensive for unemployed students in other countries.

Pricing could certainly never be what the US services offer, especially when they don't have an upstream commitment. The aspect of that it delivers its own escape hatch along with the service is unique, as far as I know, and is part of the sustainability of the service, in my book. But sustainability is hardly ever free.

So I wonder: If that account then costs something like 6 CHF / month, would you get it?

On freedom fighter discount: Just sign up & send email to telling our staff "My account is X and I am active contributor to A, B, C. Can you please give me a freedom fighter discount?" and see what happens. ;)

On the subject of privacy vs pseudonymity vs anonymity. The three are actually not the same thing. Privacy and a solid level of pseudonymity is what we can provide, so that's what we promise. Not more.

True, sustained anonymity is close impossible to have on the internet and there is a lot of snake oil out there.

Some of what riseup is doing - besides it being in the US and that causing the obvious concerns - looks a lot like that. Because you only need to use the same random alias with the same person a couple of times (if that) and traffic analysis will have identified them to originate from the same person.

Patterns of when emails are sent, typing patterns, languages, way of quoting emails, people you communicate with, subjects of conversation, all these things make you unique very quickly. IIRC, you needed a shopping bill of 7 items from a supermarket to identify people almost perfectly, although I can't find the reference for that particular study right now. Any email will typically contain a lot more clues as to your identity than a list of 7 items from your supermarket.

Stripping IP addresses for relayed mail by properly authenticated users on the other hand sounds rather useful. It's on the list. So are aliases / identities in general, not because we think they add much in terms of anonymity, but because they are very useful and can be rotated occasionally as and when it makes sense without having to change your primary email address. Expect them to become available within 3-6 weeks.

There are a couple of other things that will help maintain pseudonymity on the list, as well.

As to the idea to track payment by nonce, that sounds nice but how much does it really add. The bank records will still list the nonce and their date of payment. Which means you have a small time window for application of the nonce, a name, and an amount to match a certain service period and parameter. Even in a very large installation that ought to be enough for a third party that has lawfully gained access to your records to narrow it down to a handful of people, at most. Usually it should be easy to identify you simply by when your account started becoming active on the system, which you can tell from the IMAP store itself.

So you'd need to randomize periods and pricing to some level, ideally add cash transactions into the mix and avoid money laundering provisions as you are doing this. All of this is going to make the service more expensive. So how much more are you willing to pay to put all of this in place even though it will always be imperfect? If reviewed critically, I don't see how this adds more than allowing random names and one-time email addresses, which achieve much the same thing, but at a much lower cost.

Please also see our FAQ on some of the other typical questions about what others are providing and which we sometimes have deliberately chosen not to do because the value is often purely for marketing.

But look at it this way: At least we're not trying to bullshit you.


You'know what you\re talking about and I think you stand behind you're philosophy.

"Pricing could certainly never be what the US services offer, especially when they don't have an upstream commitment. The aspect of that it delivers its own escape hatch along with the service is unique, as far as I know, and is part of the sustainability of the service, in my book. But sustainability is hardly ever free.

So I wonder: If that account then costs something like 6 CHF / month, would you get it?"

Maybe it's a language problem from my side, but you're lowest level is 120CHF on the subsribe page. (12 times 6 makes CHF72)
To answer you're question, or I would get it for 6 CHF / month: Yes! Show me how.
If I subscribe this weekend and make the PayPal payment for 72CHF/1024MB/ per year, do you then "Oké it" with you're administration? (about no bullschitting, I wrote per year, for every subsequent year )

greve commented Aug 10, 2013

@Parcival09 Like also explained on the pricing section of the FAQ, we fully understand that living realities are not the same for everyone. And some people also contribute to Free Software and a free society in other ways.

So if at all possible, I'd love for you to help us develop the system further. If you can code, please consider joining the Kolab community (see If you cannot code there are still many things that need doing, starting from spreading the word about Kolab and MyKolab, and continue your work on activities such as PRISM Break, because this kind of community based activism is essential.

If you think you can do that, please sign up and then drop a mail to giving them your account.

I'll ask them to provide you with a "freedom fighter++" rebate, just link to this post. :)


Is it okay with you that I sign-up and login-in with, I'll send you're administration a mail with this website-link, they send me the payment-link for PayPal to my Kolab, I pay. (don't bother about an invoice)
And you get you're money and I'll surely spread the word.
Or else I can call you guys.

Pffff please KIS

@privacyd ?

  • Free 500Mb storage
  • Webmail
  • Spam protection
  • Secure browsing (HTTPS)
  • No targeted advertising
  • Email forwarding
  • IMAP & POP

greve commented Aug 11, 2013

@Parcival09 I'm not sure I fully understand, to be honest.

Ultimately, if you want a MyKolab account, someone will need to set it up. And unless you want someone else to know your password or be able to reset it, that should be you. Also, someone will need to activate that account.

Just let me know how within the current setup I can assist you in doing this in a way you feel comfortable with.

Zegnat commented Aug 11, 2013

@privacyd, I would not recommend a service unless it is fully fleshed out. doesn’t seem to have an English terms of use page, they also say they will ‘collect personal data for security reasons’ but do not elaborate on what exactly they will be collecting. (This may or may not be clarified in their French ToS, but I failed high school French.)

ksl89 commented Aug 14, 2013

What do you have to say about ?
It's been talked about before here and it seems a good free alternative to most commercial email services.

"By registering, here's what you have:

  • A powerful antispam
  • A powerful virus treatment
  • Unlimited disk space
  • A secure connection to all our services
  • You support the free software community"
chovy commented Aug 14, 2013

Biggest problem I have with that one is its all in French. Sure, the signup you can do in English, but once you login, you need Google Translate to read the email interface. Not really wanting to give Google access to my inbox.

I like (validate w/ a small Bitcoin payment, or $1 in snail mail, you can do paypal too I think -- its also a shell) is another good one that doesn't require any kind of email or payment.

ksl89 commented Aug 15, 2013

Actually you're wrong about the language issue. The web interface uses roundcube and supports all languages that roundcube does, French is just the default. To change it to English or any other language just click on the cogwheel at the top right corner (tooltip reads 'Paramètres'), then on Section click 'interface utilisateur' and on Langue choose English or any other language you prefer. I will admit it's weird that they make French the default for all users, but I'm sure that can be easily changed.
So far I haven't seen any other alternative coming close to the's features (unlimited disk space, free, doesn't require an email address or payment, etc.)

i2000s commented Aug 15, 2013

Hash: SHA1

I even think we should open sluts for different languages, and let
alternative software and services evenly distributed in countries
speaking various languages. Limiting our official language of
prism-break can only raise our risk of falling into another big trap of
being spied, or limit our users in a large community. If
or any other software is a good choice, we can nominate them and label
them with what languages are used in the interface.

On 08/14/2013 06:09 PM, kongshaolong wrote:

Actually you're wrong about the language issue. The web interface uses roundcube and supports all languages that roundcube does, French is just the default. To change it to English or any other language just click on the cogwheel at the top right corner (tooltip reads 'Paramètres'), then on Section click 'interface utilisateur' and on Langue choose English or any other language you prefer. I will admit it's weird that they make French the default for all users, but I'm sure that can be easily changed.
So far I haven't seen any other alternative coming close to the's features (unlimited disk space, free, doesn't require an email address or payment, etc.)

Reply to this email directly or view it on GitHub:
#461 (comment)

Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -


Zegnat commented Aug 15, 2013

In regards to this and that. The only one of the points I made in those threads that has been addressed thus far seems the language.

(Sorry, I am on the move and can’t write a big comment.)

ksl89 commented Aug 16, 2013

About the strange wording on the privacy issue, if my French doesn't fail me, a correct translation would be "The emails are stored in our server in a directory under your name. No one, not even the administrators have access to it". (Les mails sont stockés sur notre serveur dans un répertoire à votre nom. Personne ni même les administrateurs ne peuvent y avoir accès.) Which makes me think your guess is accurate in that the email aren't in any way encrypted.

In any case, I sent them an email with the questions you mentioned before, since they still seem the best alternative I've seen to commercial services.

ksl89 commented Aug 17, 2013

I got a reply from Pierre from This is what he had to say:
"1.Yes, the servers are located in France.
2. You can't send messages prohibed by the french law.
3.The mails isn't encrypted."

So I guess this is it for openmailbox. I'm still not happy with the current options, though. Until a good easy-to-register, free service comes along, there just isn't a good alternative for most people.

Zegnat commented Aug 20, 2013

I don’t have time to look into these right now, so my sharing the following services here is not me vouching for them. But it sounded interesting enough that I would like to ask for comments here. Last week ExtremeTech published a piece on ‘Lavabit alternatives’ mentioning:

  1. CounterMail [ExtremeTech], and
  2. Neamailbox [ExtremeTech].

The comments also talk about some services:


Last time I wrote my comment to the wrong topic. So here is what JAP/Jondo recomend as secure email providers:

I think email providers can't be open source. So Posteo shoud be re-added.

greve commented Aug 22, 2013

@alex-fischer-70 Actually, yes they can be:

It's just that many of them choose not to be. Which damages those that do things right.

So choosing a provider that does not participate in the upstream is not only unsafe, it will also ensure less Open Source gets written - to everyone's detriment.


@greve does provide a readonly public access to the servers to check if the codez from the upstream have been altered or not?

greve commented Aug 22, 2013

@bitterskittles That would compromise the system security. So no. We also do not provide physical access to the servers so you can check we haven't modified the firmware somehow, FWIW.

You can download the sources for the AGPL modules directly in the web interface, though.

But look at who is providing the upstream contribution on key parts of the service. We are the upstream. Why would we modify the packages - adding cost, insecurity, effort without any benefit - especially since doing so would in several cases constitute breach of Copyright law, something that we could ill afford. Also, given that our core competency is in the realm of security and personal integrity, what would be the motivation for violating that?

It's a bit like asking "How can I be sure the cook did not chop off his own hand and served that to me in the casserole?" - the answer might be: "Because the cook still has two hands."


The (ex-) users of mainstream services used to trust the providers of these services at one point too.

It was acceptable for the users that GMail scans the emails since it provides better spam/phising/virus detection through machine learning or human assisted methods, while costing money to Google in the process. But the catch was Google was pushing personalized ads in your GMail Inbox using the contents of the emails, so in the end they were monetizing their email scanning efforts.

Yet, they still do not admit handing out private data to 3rd parties outside the legal procedures.

hence, the correct analogy would be "How can I be sure the cook did not pee into my casserole?"

greve commented Aug 22, 2013

@bitterskittles Swiss law is perhaps the strictest in the world on penalties for data abuse, and our Terms of Service are fairly clear and strongly in favour of the user, while users essentially grant GMail wide liberties with their data and the applicable legislation is not reliable.

See Do cloud right: Four critical steps to selecting the provider for you for some context. And for that same reason we also provide strongly transparent privacy information.

Naturally could assume we all have a secret wish for jail time. But you'd be wrong. ;)


Two questions:

  1. Did anyone look through this list:
  2. Why not (I'm currently deciding between and Neomailbox)? [I see it mentioned 2x above]

ps. my adventures into moving away from google are here:

cr1pt0 commented Aug 27, 2013

Also had a look at Neomailbox at some point.

Looked like a custom proprietary development from India:

And the company running this seems to be a one-person business:

So hard to assess reliability & security.

Zegnat commented Aug 27, 2013

@timatron, that list looks real nice. Might be worth adding to the notes.

On your blog you write:

I asked the folks why they don’t recommend My only guess is because it isn’t based on a fully open-source stack. We will see if an answer comes back.

Note that there are no ‘ folks’. If there are, that would include you. We are all just people posting comments here on GitHub. As you said: is not (yet) recommended by the list, however it has not been rejected either.

Services are added when someone brings them up and other people have checked them out and commented. (This is also how services are removed: people comment with their worries and links to material about vulnerabilities.) was first mentioned just 6 days ago by @alex-fischer-70, along with 7 other email providers. Nobody checked them out yet.

It looks like Neomailbox is a good provider, enjoying the same Swiss securities as MyKolab. I can’t find any information about what software they are running however. So when they write about providing OpenPGP encryption in their ‘alternate webmail system’ there is no way to be sure about the effectiveness of that. Or whether there might be problems with it.

That’s one of the reasons PRISM Break prefers to link to those who build upon open-source solutions (ignoring the fact that you still don’t know their exact code). Of course this is not always possible when it comes to services such as email.

Personally, I think looks to offer a solid alternative to MyKolab. I would’ve liked if the people (and company) behind it were a little more transparent though. For example: searching for Georg @Greve (MyKolab) online will net you many resources and articles about internet freedom and the importance of Open-Source software, searching for Stefan Metzeler (Amadeus IT Solutions, behind Neomailbox) gets me some online network accounts (Twitter, LinkedIn) and very little else.


Thanks Zegnat for the clarification about folks (look at me now mom, part of something big)!

So one of the reasons I was interested in was in their news section on March 1, 2013 (pre-snowden), they got all of their servers out of the US.

We have been increasingly concerned about the alarming erosion of online privacy rights in the USA over the past decade that we've offered Secure Email services hosted in the USA.

To offer our customers an alternative to hosting their email in the USA, in 2004 we began offering Offshore Secure Email service hosted in The Netherlands, and in 2010 we moved all Offshore Secure Email accounts to servers hosted in Switzerland, which affords some of the strongest legal privacy protections for customer email messages stored on our servers.

As the conditions for online privacy continue to deteriorate in the USA, we believe the time has come to completely eliminate our customers' exposure to the US's privacy-hostile environment. So effective as of 12AM UTC on 2nd March 2013, all US hosted Neomailbox email accounts will be moved to servers in Switzerland. No customer email data will be preserved on any servers located in the USA.

Given that they were ahead of the curve and have been around for ten years, it seemed like a reasonable service to try out.

Yesterday I signed up. They sent a few emails back and forth with me and setup my accounts. Easy peasy, though not automated, it all runs through a human (kinda nice in this day and age).

I'll update you guys as I move forward on this.


I wonder what are the implications for a US citizen inside the United States using an email service hosted outside the United States (Neomailbox, MyKolab, etc). For example, does the NSA consider that "communicating with a foreign person" and therefore become allowed under their own rules to indiscriminately surveil your email traffic? Does it make one "suspect" and subject to greater surveillance attention in general? Is this better or worse from a privacy point of view than using a US provider?

Since international communication seems to be one of the main targets of PRISM, maybe this is something US citizens should consider.

Zegnat commented Aug 28, 2013

@bthomson, in short, I expect the answer to your question is: yes. IANAL – in any country – but the way I have interpreted most surveillance laws any and all connections that cross the border are seen as foreign communications.

E.g. Sweden has the FRA law (Wikipedia) which allows the government to ‘warrantlessly wiretap all telephone and Internet traffic that crosses Sweden's borders’. If you can read Swedish, VPN provider Mullvad has a good descripiton of what it does. This means that most emails sent will be captured simply because all mayor email providers are off shore (Microsoft, Google, etc), even when sent between Swedes!

The problem is, the only way you can keep away from these sort of catch-alls is by limiting your internet 100% to your own country. Do not send emails to people using off-shore mail servers, do not visit websites hosted outside the U.S. Do not (accidentally) link to an off-shore IP address through P2P networks such as I2P, Tor, or services such as RetroShare, BitMessage, or TorChat. You might want to tweak your firewall to only allow connections to the U.S. IP-range.

Now you know. Using off-shore email providers to send messages to email providers in the U.S., Sweden, or similar countries will get your email flagged as foreign and analysed/stored/read. However, using email providers within these countries might be just as bad. At least using a service like MyKolab will protect your email while on their servers. Using a service within the U.S. the provider can become target of overreaching court- and gag-orders, using a service within Sweden could make you subject to the data retention laws, need I go on?

@greve put it best:

Put frankly, in these matters, legislation trumps technology and even cryptography.

There is no right answer, but I would personally feel safer under certain jurisdictions and less under others.


Lavabit reopens temporarily for e-mail recovery, via

Press release:

At first Lavabit gives the opportunity to change the password, does that make any sense?

Zegnat commented Oct 15, 2013

At first Lavabit gives the opportunity to change the password, does that make any sense?

It does, as Engadget says:

The password change is in response to information that the company's SSL certificates have been compromised by the investigation.

Somewhat simplified:

With the old SSL certificate compromised there is a chance third parties now have access to passwords that have been sent to Lavabit in the past. If Lavabit would allow you to just download all email right now with your old password a third party could potentially do this. Instead they urge you to change your password first, through a new SSL cert. Then when they open the back-ups no third party will have your new password on file.

chovy commented Oct 18, 2013

I recommend --- you can get a free email account there.


I'm considering self-hosting my own mail server at home, but since mi ISP provides only dynamic IPs, many recipients mail servers will reject my email. So I need a "smarthost" for outgoing mail.

Possible options:

  • purchase stmp relay service (recommendations?)
  • purchase a tiny vps only for smtp delivery (recommendations?)
  • raspberry pi hosting/colocation (recommendations?)

Thank you.

chovy commented May 23, 2014

I don't know if it will work for email, but try

I replaced with it just to map back to my home machine. Since
dyndns kept asking me to click a link every 30 days and i missed one.
Pooof. Gone!

On Fri, May 23, 2014 at 1:21 AM, scastillobib notifications@github.comwrote:

I'm considering self-hosting my own mail server at home, but since mi ISP
provides only dynamic IPs, many recipients mail servers will reject my
email. So I need a "smarthost" for outgoing mail.

Possible options:

  • purchase stmp relay service (recommendations?)
  • purchase a tiny vps only for smtp delivery (recommendations?)
  • raspberry pi hosting/colocation (recommendations?)

Thank you.

Reply to this email directly or view it on GitHub

Anthony Ettinger
+1 (831) 406-1123

ghost commented May 26, 2014

I'm still wondering why isn't openmailbox included. It uses open source software, gives you 1GB owncloud space, does not log your ip and your data is encrypted. Ditched gmail yesterday and created account there after a subtle research.

ksl89 commented May 26, 2014

As you can see above (#461 (comment)), I contacted directly to ask about their privacy protection and they themselves claim the emails aren't in any way encrypted and they implied they will give their (your) data to authorities in case they get asked to do so ("You can't send messages prohibed by the french law.") Thats not better than gmail.
Openmailbox looks great and would be great they actually protected their users privacy.

ghost commented May 26, 2014

The mark sign for Encrypted Data Storage appears in

cr1pt0 commented May 26, 2014

France indeed has some pretty bad law when it comes to communication privacy. You should expect all communication to be monitored when hosted on a French service. And I think another reason they were not listed was that it wasn't clear how Open Source they really are, or what they do to contribute to it.

ghost commented May 26, 2014

I see. Can you recommend me some email service provider ? I became paranoid after the disclosure of built-in backdoors in my router and wifiextender firmwares.

ksl89 commented May 26, 2014

I don't know why it says they encrypt the mail on, but it's probably do to the the strange wording they used to have on the site ("mails sont stockés sur notre serveur dans un répertoire à votre nom. Personne ni même les administrateurs ne peuvent y avoir accès.") At they probably thought openmailbox keeps their data encrypted but they were clear in their reply to me that they don't.

To be honest I think until a decent free alternative shows up, there is no real secure alternative for gmail and the like. You can make it secure by using PGP encryption on your emails. If you are willing/able to pay for your email service, prism-break already has a couple of good options.

ghost commented May 26, 2014

I'm willing to pay for email service provider, but I'd wish to try it first. 'Riseup' is listed in prism-break page but in they say:

Be wary of services with servers hosted in:
the United States (yes, even Riseup)

So I'll give bitmessage a try and if it fails will deploy mine email server with subdomain.

Thank you for the tips guys :}

Dablim commented Jul 23, 2014

I found a really interesting service, actually in beta:

cr1pt0 commented Jul 23, 2014

Proprietary. Also, apparently written by amateurs who have no idea how to write secure applications:

Given how they advertise themselves, adding a "do not use" warning might be a good idea.

Dablim commented Jul 24, 2014

@cr1pt0 In your same article:
"The ProtonMail security team has reviewed the video released by Mr Roth and confirmed that this particular security issue is not present on the live version of ProtonMail. Mr Roth's video appears to be using an earlier development release of ProtonMail that was originally released on May 10th, 2014 for public testing. We are supportive of all efforts to improve the security of ProtonMail and security inquiries can always be directed to"

cr1pt0 commented Jul 24, 2014

@Dablim They would say that, wouldn't they? The same security researcher is on record he found other vulnerabilities but does not know how to proceed with these since their security response is so poor.

But you're missing the main point, it seems. This particular issue was such an amateur mistake it shows these people have about 10 years more of learning to do before they should work on security sensitive architectures. If they made this big a mistake, the whole code base is going to be rife with 0day exploits.

And it confirms the doubts about their outlandish claims, namely that they could not intercept the user pass phrase used to encrypt data. Not only do they rely blindly on sand box security in browsers, which is known to be imperfect. Of course they (or a capable third party) could inject code to read that pass phrase and decrypt all data. And given their legal status, US citizenship and money involved, they might be compelled to do just that.

So their response does the opposite of building confidence. The issue was there when they already flogged themselves as "NSA secure". Which they still do. Although by now they should have received enough security advice to explain to them why they are not.

Proprietary snake oil is all this is. Nothing to see here, please go along.

chovy commented Jul 24, 2014

this has got to be the most popular issue I ever created on github. a year later still going strong.

Dablim commented Sep 10, 2014

No one on Vmail? Is a valid alternative?

Zegnat commented Sep 10, 2014

Re: vmail, I don’t have much time lately so I haven’t done a lot of looking into it but it says on the bottom that they are run by a french student and some of the policies are in french too. If they are hosted in France then I would assume the same laws apply as to, meaning they will have to give up their encryption keys to law enforcement no questions asked. As such is the French law. Based on that I can’t recommend them.

(Not a lawyer, not a french lawyer, not even in france, and only gave them a cursory look. Just thought I’d point it out. For more discussion on the matter, search for the issues we have had about


I've just known this thread, so my comment is probably late; but just in case...
Autistici's target is principally people involved in civil rights and liberties movements and people who frequently participate in political debate from that left winged perspective, so they are a clear target for being "preventively" monitorized by State agencies. They also provide blogs, chat and other services that in theory couldn't be shut down arbitrarily nor manipulated by said agencies and intitutions. But you don't need a social hero to be accepted; just write to them in italian, spanish or english and telli that you just want an email account because you participate in software libre forums and use to send and comment political news with your friends and family, like most of the socially conscious people, and don't want to be tracked and included in some huge database about "politically uncomfortable individuals from all the world" in some server under the USA administration even if you aren't an activist at all.
That's all what I did to get the mine one. Never had to explain my political points of view nor prove that I was being sincere. After some days I received a mail teliing me that my account had been created. This was a couple of years ago; nobody ever asked me for a single proof that I were even a sympathizer to what I have said.
But in your case, if you tell them you are one of the Prism Break "crew" I'm sure you will be accepted without any reserve.

Another thing: your opinión about Protonmail is near to a year and a half old. Do you know if things have improved? The fact that people from the CERN and the MIT are its developers makes one to be favorably inclined fro mthe "intellectual" point of view; besides, their selfdestructing mail option makes it very interesting. I knew about selfdetructing notes apps on the web, but didn't know email providers were providing it too ( About the second half of the page).


@pickfire have good service but the registration seem to be hard.


Hello guys,
I've been searching a lot before deciding to reply here and here are few suggestions/conclusions that I came out with:

According to your comments mykolab seems to be pretty good with privacy and after reading the privacy policy on it's obvious that mykolab can give up data to Swiss government due to Swiss law if requested.

I'm not a law-guru but according to
Switzerland is not top country when it comes to privacy, instead Iceland seems to be the best.
So I come up with which claims to protect privacy as well according to but it also can give up data to government if asked, reason why I think it could be better is that it is completely free unlike mykolab and also because Iceland has more strict privacy laws.
according to website it seems that it's still beta so I don't know how much my statements can be true when it comes to security in general.

Also Iceland is part of NATO while Switzerland isn't which is a minus for unseen since I don't trust countries that are part of the block when it comes to privacy

BTW fabianlischka (post before mine) noted but I'm not so much sure about germany :/

This is my personal opinion so please don't take it offensive.
I will further investigate about data privacy laws between Iceland and Switzerland only for comparison purposes.

BTW also creating free email accounts based in Switzerland seems to be impossible without giving proofs of residence or additional personal data. that scks.

The website does not list any email providers 😕 do you know why?

Zegnat commented Jan 13, 2015

In basically every country in the world the State could bring your email provider to court and have them forced to hand over your data. This is just as true for Switzerland as Iceland. If you do not want them to have anything to hand over use a solid encryption system like GPG. I do believe that MyKolab does a good job of explaining the swiss legal framework, which Unseen doesn’t seem to do.

I would not put all too much trust in the Nomad Capitalist page. Romania made the list but is actually a country that tried to implement the EU Data Retention Directive. Twice. The Netherlands has been known to have provided information to the US global data collection program, but wins over Switzerland? This seems to be based on hosting companies not taking websites offline rather than evidence of them fighting back against wiretaps. Norway, coming in at number 2, is praised for not being part of the EU. That would be great, were it not for the fact that Norway often copies the EU going as far as implementing the EU Data Retention Directive.

Is Iceland comparable in protection to Switzerland? It could be, just that none of the things you have linked really go into it so I cannot make a good judgement on the matter.

Is Unseen comparable to MyKolab? Maybe. I am definitely seeing some cons. MyKolab specifically runs their whole service on an open-source platform that you could also run yourself. As well as giving you the ability to back-up all your data and move away from them. While I didn't seen any mention about the technology Unseen uses.

One thing that scared me was reading this in the Unseen FAQ:

[…] and premium users can generate and store their own private key.

And free users can’t? Does that mean free users do not get encryption or does Unseen generate their private key for them? The latter is bad. The whole idea of a private key (in public key encryption models) is that the user is the only one with access to it. Storing it on your email provider’s server is equal to not using encryption at all, so their practice may even endager their premium users if that’s what they mean. Extremely bad from a cryptography point of view there.

I will further investigate about data privacy laws between Iceland and Switzerland only for comparison purposes.

Please do! Email is a sore point here as there are so many providers making claims and few of them that can live up to it.

[…] creating free email accounts based in Switzerland seems to be impossible without giving proofs of residence or additional personal data.

MyKolab is not a free provider, but PRISM Break is less about free (gratis) and more about freedom (libre). Some of the free providers that we do recommend limit their users in another way, e.g. for I/A you have to agree to their politically charged manifesto.

The website does not list any email providers 😕 do you know why?

Something seems to be broken on their end, we will have to monitor it and possibly remove our link to them. Too bad, as they were doing a good job sorting through a lot of providers.


Thank you Zegnat for reply...
I spent some time reading unseen FAQ etc.. and would like to quote you on following:

I didn't seen any mention about the technology Unseen uses


Unseen uses encryption technology and software running on custom-designed and custom-built > > platforms controlled by Unseen

next you say:

One thing that scared me was reading this in the Unseen FAQ:

[…] and premium users can generate and store their own private key.

And free users can’t? Does that mean free users do not get encryption or does Unseen generate > their > private key for them? The latter is bad.

Yes this is obviously bad, I created an account with them anyway and after completion was presented with a dialog saying that I will not be able to store my private key on my computer, the point here is that emails get encrypted
Anyway, on their FAQ it says this:

How does it work?

We use a hybrid peer-to-peer and hosted network solution for transmission of encrypted >messages. Messages are encrypted and decrypted by each person sending or receiving a
message. They are never decrypted along the way (we don’t have the key). This is done >automatically and is transparent to the user and our services will appear on the surface to work the >same as the regular free email or chat services.

I do not understand what they mean by "we don't have the key" ? while also limiting local key storege 😕 where is the private key stored then is unknown here ?
but I use PGP anyway (as you suggested earlier) with thunderbird and torbirdy connecting via Tor network to them so their limitation by not giving me the right to actually store my private key locally makes no real world sense 😕

MyKolab is not a free provider, but PRISM Break is less about free (gratis) and more about > freedom (libre). Some of the free providers that we do recommend limit their users in another way, > e.g. for I/A you have to agree to their politically charged manifesto.

Yes I absolutely understand that, obviously has choose to limit their "free" users by not giving the right to store private keys locally unless you pay :D

I don't know but at least the service is free, and each email transport indeed is encrypted.
The keys are generated manually via web form (even free users can do it).
I don't see why would that be a limitation because you either pay them for local private key storage or use PGP with free version of service.

I have made a test with these keys...
Here is a screenshot of key manager presented in browser after logging in:
obviously one can generate, import and export it's own keys with free account:
Key manager

They even provide their own email client so that same keys can be used within, or using the keys with 3rd party client once exported. (or using GPG to ensure private key is your own, and not the one generated in the browser, and then importing via browser or using from the client such as thunderbird)

I think Unseen deserves further attention by you guys so that clear conclusion can be made without false judgement.

As for laws by country I come out with a website that makes easy to compare countries by data protection laws:

It's easy to spot if something is (possibly) outdated and in this case (Swiss and Iceland) one can get particular updates from these two sites:

From what I gathered Iceland is pushing to be number 1, problem is that there is a lot to read lol :)

Zegnat commented Jan 13, 2015

Did you see any mention of the technology used to store the private key? Because that sounds like a really, really bad thing to be doing…


You are correct, they keep it all secret, I found Why you should stay away from that elaborates from security aspect more closely.
Thank you a lot!

BTW The works again 😄


What make it down?

svnpenn commented Dec 12, 2015

@kevinSuttle are you dense? The page I linked has over 20 providers, why would they list them all on the main page?


Who said all of them? And watch your mouth. No need for that.

svnpenn commented Dec 12, 2015

@kevinSuttle sorry, but no. You are being an idiot. The page here:

is layed out exactly as it should be. It has a few prime examples, followed by
this link and text:

For more email providers, take a look at

Also if you notice carefully, the first link I put has this text:

Free Recommendations

According to the second link Fastmail is not free, so suggesting it for that
page is absurd. Go away.


People like you give open source a bad name. Good luck being a sad little child.


@kevinSuttle, @svnpenn: i'm going to need you to retard your anger level a few notches

chovy commented Dec 12, 2015

I read that as I'm going to need you to retard your angel level... and was confused. Carry on :)

svnpenn commented Dec 12, 2015

Hey @kevinSuttle, fuck yourself!

vyp commented Dec 12, 2015

@kevinSuttle Fastmail is mentioned on though (which is mentioned at I suspect it's not recommended on prism break directly because (some) of its servers are located in the US. That isn't necessarily a bad thing, but in practice it means that they're much more easily susceptible to being compromised by the US government. (i.e. See what happened to Lavabit.) I am surprised though to see no other mention of Fastmail on prism break's issue tracker, you're right!

Zegnat commented Dec 12, 2015

Email itself is a pretty broken system from a privacy point of view. Too much metadata, too much data travelling in the clear. PRISM Break realises that people cannot go without email just yet, but we would rather not expand the current section.

  1. Riseup and A/I are on there not because of their server locations but because of their history fighting for their users. Very few other email providers can claim the same long history of offering activists a way out. This is why these two are included over other providers.
  2. Kolab Now is included partly because of their location (they really thought about their options and their website clearly states their do’s/don’t concerning the Swiss law) and partly because they use FOSS software. They even make it easy for you to migrate away from them into your own Kolab installation. And PRISM Break already recommends Kolab.

Linking to is a way to give people more choices, and inform them about those choices, without inflating the contents of PRISM Break.

If you know an email provider with either a history supporting activists (like Riseup) or with a set-up for privacy and open-source software (like Kolab Now) then please open a new issue specifically for that service. Otherwise you can assume PRISM Break is not actually the right place for it.

I am closing and locking this issue to stop people from dragging it up again.

@Zegnat Zegnat closed this Dec 12, 2015
@Zegnat Zegnat locked and limited conversation to collaborators Dec 12, 2015
@Zegnat Zegnat removed the discussion label Dec 12, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.