Email privacy tips from The FSF

fsf-logo

The FSF is the Free Software Foundation which is a nonprofit with a worldwide mission to promote computer user freedom, they defend the rights of all software users.

Here are some recommendations from The FSF:

  • Pick a mail service located in a country that won’t cooperate with governments that you’re particularly concerned about privacy from.
  • Avoid using LinkedIn, which fishes for people’s email contact lists.
  • If your mail service and your search engine are run by companies that don’t cooperate, neither of them can correlate your searches with your mail contents. (A spy agency could still do so, if the two companies are in the same country or in countries that cooperate in massive surveillance.) Thus, don’t use both Gmail and other Google services such as web search.

Recommended

Some of these services are gratis, but that’s a separate issue. Recall that “free software” refers to freedom, not price.

  • PosteoAims to be fully compliant with LibreJS’s standards, but some scripts cause warnings. It does not work without JS. Credit card payments do not work.
  • Riseup: New accounts need an invite code from someone already on the system. Signup works, even when Javascript disabled. POP/IMAP clients can be used.
  • Some services will let you sign up and sign in without non-free JavaScript, and use IMAP/POP3 from a desktop program, but have broken webmail:
    • Kolab Now: Swiss based paid service focused on ensuring your privacy. Highly resistant to PRISM and similar programs. Runs on free software. Currently becoming LibreJS compliant.
    • Mailnesia.
    • Safe-mail.net: Signup and Login possible with LibreJS enabled. Select the “Traditional” interface for webmail use. Mail server details also available for mail clients.
    • VFEmail (uses google syndication, and captcha – both non-free): After registering, you can use mailserver configuration details and use a mail client.

For privacy purposes, you may sometimes want to use a disposable email address for one or a small number of messages. These disposable email services have been verified to work without proprietary JavaScript:

Under Review

These are systems either currently under review, or undergoing a status change.

  • Disroot: Sign up needs JS.
  • Autistici/Inventati (A/I): Sign up needs JS. They are working on becoming LibreJS compliant, but no ETA on this yet.
  • Hushmail: The site doesn’t load without JS.
  • mailbox.org: JS needed to register or use the system.
  • Mailoo.orgExplicitly states it runs on free software. Currently French only – would appreciate help translating(registrations were closed as of 2017/01/25). Mailo.com
  • ProtonMail: JS needed to register or use the system.
  • Tuffmail: Registration form didn’t need Javascript, though an application attempt resulted in no actual account being created. Investigations continue.
  • Tutanota: Looks promising – they’re working on becoming LibreJS Compliant.
  • Unseen: The site doesn’t load without JS.

Not Recommended

Systems we’ve investigated and found wanting.

  • FastMail: Sign up, sign in, and webmail all work smoothly. This is a paid service with a 60-day free trial. – UPDATE: was notified that this is not the case.
  • Google Gmail: You can sign in and use Gmail without non-free Javascript, but you have to make the account in a special way, through https://accounts.google.com/NewAccount. This is an old sign-up form; the currently recommended sign-up form is no good, since it requires nonfree JavaScript code. But Gmail is run by Google and was specifically named as part of the PRISM spying program.
  • Mail.Ru: Sign up, sign in, and webmail all work smoothly. BEWARE though – it is almost certainly under governmental surveillance, and likely does not respect privacy.
  • Yahoo! Mail: works without JS apparently, but you need JS enabled to create a yahoo account
  • Yandex Mail: You can register and sign in with LibreJS enabled, but not send mail in the no-js interface. Also: it looks to be Russian based, so almost certainly under surveillance.
  • Microsoft Outlook.com (@outlook.com, @live.com. Old emails: @hotmail.com, @msn.com): Requires nonfree Javascript.

Other

Systems that don’t fit conveniently into any category, but we’ve reviewed or processed them.

  • Mail-in-a-Box is an easy-to-deploy GNU/Linux mail server so you can run your own webmail.
  • mailcow is a docker based GNU/Linux mail server.

Read the full article: Free Software Webmail Systems

Be the first to comment

Leave a Reply

Your email address will not be published.


*