What is up with: riseup, unseen, autistici? [email]

A couple of questions concerning email:

  1. Why was riseup delisted? (it’s not even on your Comparison of email providers wiki page now)
    I, personally, used them for years and have a very high level of trust with them. Any reason I should reconsider my attitude?
  2. What about unseen.is?
    Iceland based, looks promising.
  3. autistici.org is kind of similar to riseup, why won’t you list them?

I’m not affiliated with privacytools or anything but I’m guessing it’s because riseup is invite only and based in the US. I actually used Riseup once because one of Digdeeper’s friends gave me an invite a while ago. Riseup is a good email service, but they are political far-left bullshit. From what I’ve heard Autistici requires you to be far-left. I’ve never heard of unseen.

Here’s a question I have for privacytools.io.

A few months ago they updated their email page with new criteria similar to their VPN page. How did Disroot even make the cut? They don’t even warn the users that Disroot is far-left/antifa bullshit.

Riseup is probably the best of the far-left providers but only far-left people should use it.

This is because riseup, unseen, and autistici don’t comply with our 2020 email security requirements:



1 Like

We generally don’t really care about a services political views. Aslong as they don’t call out for violence.

3 Likes

So what you’re saying is it’s perfectly fine to recommend a far-left provider (Disroot) to normal people who either don’t give a shit about politics or are one of those conservatives who watch Fox News? If Riseup was recommended without warning, imagine all the Trump supporters who would see the recommendation and start begging for invites.

I’m not familiar with Unseen but yeah, Riseup and Autistici don’t meet PrivacyTools’ email criteria in several ways (that Blacklight linked to). Excellent tech collectives nonetheless (along with Disroot).

2 Likes

This is a US centric viewpoint.

Privacy is a global issue, agnostic of any local politics. Your either meet standards or you dont.

2 Likes

Thanks for the answer.
I get it, but I don’t :rofl:
From Our Email Provider Criteria :


Valid SPF, DKIM and DMARC …

Looks like for disroot DMARC is not there.

So if Google hosted their services in a different country, then they meet the standards?

Disroot appears to be one of those anarcho-communist/antifa groups. From what I’ve heard antifa may have been funding recent George Floyd riots probably so the government can say “screw freedom of speech and screw protesting.” I think their email service is one of the best free ones (better than ProtonMail and Tutanota because it actually supports email clients such as Claws Mail), but I don’t think we should recommend it. Keep politics out of emails.

Posteo is probably the only good recommendation of the seven listed on privacytools. What about Dismail? What standards did they not meet?

https://dismail.de/serverlist.html

I’ve also heard about Cock.li but don’t even think about them because they have 20+ domains to choose from and almost all of them are shit you wouldn’t want to show to other people.

It looks like you are the only one bringing up politics. Constantly:

Do you have any arguments that actually pertain to the service itself?

3 Likes

I’d rather see the comment on this, from somebody on the team.

Than discuss who is far-what (left, right, purple or whatever).
Let’s (instead of starting arguments) be happy that we all share the desire of privacy and/or security online! :upside_down_face:

1 Like

https://we.riseup.net/riseuphelp+en/social-contract
https://www.inventati.org/who/policy.en

Riseup and Autistici both require you to be far-left. If you recommended these to the average joe, then they would have to deal with a bunch of normal people and far-right who are against the far-left.

Disroot is pretty much ran by antifa. Considering all the George Floyd protests lately, you could at least warn users about that.

Let’s forget politics for now and discuss actual security.

Dismail’s server list has some info on which email providers are actually secure, and autistici and unseen perform very poorly on it. Keep in mind this only seems to focus on encryption and it takes more than that to provide a good email. Here is a list of what a good email provider should have:

  • No personal information required to register (no SMS or Email verification, only username and password)
  • Allows Tor access
  • Supports email clients (unlike ProtonMail and Tutanota which require you to use Javashit webmail)
  • No Cloudflare or any MITM-style DDOS protection
  • No Google ReCaptcha
  • Good Privacy Policy (no logs unless during maintenance in which case it’s deleted after 24 hrs, we encrypt everything)
  • No Google Analytics or Matomo or any other “anonymous” analytics

Another reason I wouldn’t recommend ProtonMail is the way their encryption works. It’s all done with Javascript in the browser and ProtonMail must store your encrypted keys (using your own is not allowed). Encryption can only be secure if the user is controlling it. It’s still better than not using E2E at all.

This is indeed a bummer and I understand your position. I was not aware that this is an actual requirement. On the flip side, can they really audit your political stance? They really can’t stop you from registering even if you are pro-whatever they are against.


You can pay both of them to use bridge software so you can use your preferred mail client. They need profit as a company after all.


Yes you need javascript but these are auditable. Go check them yourself. If you see unsafe or dangerous code, you may inform the team and tell them they are bad coders or something.


Also you dont even need to use their own encryption, you can use PGP

Yes you are in control of your key. If you can create your own encryption key if you do not trust them then import your own key.

What they’re against, for reference.

To be hosted on our servers you have to share our principles of anti-fascism, anti-racism, anti-sexism, anti-homophobia, anti-transphobia, and anti-militarism.

Our purpose is to aid in the creation of a free society, a world with freedom from want and freedom of expression, a world without oppression or hierarchy, where power is shared equally.

1 Like

Sorry, what I meant to say was they really can’t stop you from signing up even if you are pro-right. (Ive edited my entry to reflect this.

This would be dishonest on the part of the applicant if the applicant was pro-right. It would be like if an atheist faked religiousness to get a free warm meal if the atheist was hungry. Its up to the applicants conscience and self respect.

Gotcha, yeah, you’re right about that.

The list on dismail.de is partially outdated, and – more importantly – it is a list of arbitrary security features without any in-depth explanation on why all of these features are essential and how they protect the end user. Some of the features only apply when you access web servers; others only apply when you access mail servers. Then, features like CAA do not directly protect end users. We wrote about limitations of the online assessment tools they used, so an “A+” vs. a “B” doesn’t really mean that something is more or less secure.

Besides, Dismail is on the list. So, Dismail defined criteria to rate mail server providers and itself. Is this reliable or just self-marketing?


Regarding politics in general:
It is really hard to reliably check whether somebody is left or right. We saw this with the messenger Session. Another question is: Does everybody have to check the political background of people when talking about products or services they provide? If yes, then shouldn’t this include the complete supply chain? What about a recommended project made by “good” people, but they use a software library created by alleged “nazis”?

The endless spiral continues when people demand that we check if all creators of a project are vegans (to protect animals), do not own a car (to protect the environment), and donate money to people (for a good cause). Then, what about accessibility of services or the usability experience for average users? There is an endless list of things that could be checked, but this doesn’t mean that we can check this or must check this.

1 Like

Ignoring the political rubbish as that is not a part of the criteria… Certain persistent individual wants to make the conversation about that, lets not give in.

The reason that Dismail is not is because we don’t allow anonymous providers https://github.com/privacytools/privacytools.io/issues/1719#issuecomment-615359283 also it did not meet the criteria, just as those providers. Generally it was something major like a lack of MTA-STS etc, bad cipher options etc, we test also with more than one tool not just hardenize - that one is however most convenient.

In regard to DMARC, we only require a policy, not necessarily one in force, the reason for this is because it can cause issues with mailing lists, thankfully Authenticated Received Chain (ARC) RFC 8617 helps with. Disroot does have a DMARC policy, however p is set to none.

There are two issues I want to get to:

Which should improve that email page a bit.

2 Likes

It could be either. Dismail does better than any other provider on the list (except maybe Snopyta). Mailbox.org and Posteo are at the top of the list. If this is self-promotion, then it’s the most reliable self-promotion I’ve ever seen and it still sucks. Comparison charts like these will always be biased because of the criteria chosen. It’s all pick and choose here and Dismail failed to list anything that they didn’t have.

Here is an example of one of the most biased comparisons I’ve seen. CTemplar only chooses things that they have to make them look like they are perfect compared to ProtonMail and Tutanota. It obviously didn’t mention any weaknesses such as Cloudflare and lack of support for email clients.

Just about anything is biased, even Thatoneprivacysite.net. As long as users pick and choose the strengths of one service and ignore it’s weaknesses or the strengths of others, there is going to be some bias. The only way to get around this is to listen to all sides, which is why users should be encouraged to form their own opinion, and we can help them by putting links to other sites with different opinions (as long as the site isn’t one of those corporate ones who earn affiliates by recommending NordVPN, Express VPN, or Private Internet Access).

Also…

Disroot is changing their webmail from Rainloop to Roundcube on the 8th June.

https://disroot.org/en/blog/roundcube