Which domain or country has the most privacy?

I’m wondering which domain to use because I want an email address, but I don’t know which country is more about privacy. So please tell me some countries where you should be! !
Also, for example, .ch Switzerland (Protonmail) hears that privacy is important, but I’m looking for something other than Protonmail because I want to manage multiple email addresses in Thunderbird.

You can have more than one accounts IIRC. Have you sent them an email and asked?

Does it matter what country it’s in if once it crosses a border, anything the originating country promises stops at their border. What’s wrong with using your ISP - don’t most give real email addresses out with the account?

Maybe it all depends on which country hosts your email and how much you care about what they scan and profile.

No such thing as privacy on the Internet.

~o~

Nowadays, the concept of national TLDs doesn’t work anymore. You can register most TLDs regardless from your actual country of residence. For instance, you can register the German TLD .de if you are living in Austria (which has .at).

Besides, TLDs aren’t connected to any privacy or security features. The internet is a globally connected structure, and most servers are globally accessible. If you compare two mail servers that are 100% identical, you won’t get any more or less security or privacy by looking at the TLD.

It is more about the actual physical location of a server and area of jurisdiction. However, since everything is globally connected, only looking at countries isn’t actually more meaningful.

In general, e-mails come with lots of metadata, and using any mail server likely exposes all of your cleartext e-mails to the mail service provider – regardless from a .de, .ch, .com, .onion or any other TLD.

1 Like

I’m looking for a free email provider that is anonymous and privacy oriented. So the question is, which is better, closed source email for onion domains or open source emails for national domains like Protonmail, Tutanota and Disroot? I heard that the anonymity is the best domain, but it is a closed source, so the administrator may see it or contain a virus. Protonmail is open source, but there may be information disclosure in the national domain. Which is better?
Also, I want to use it with Thunderbird, so please let me know if you have a good email provider that supports SMTP, MTSP.POP3! !

Sorry, but it looks like there are many misconceptions about many different things.

  • A top level domain (TLD) like .ch, .com, etc. doesn’t change anything related to privacy or security. You can register most TLDs independently from your actual country of residence. So a service based in the USA can register an .eu domain, and so on. Nowadays, the concept of national TLDs doesn’t work anymore.
  • .onion is a special TLD for onion services. Onion services are hosted within the Tor network. They neither are closed nor open source; they are only special TLDs for a special network.
  • Regardless of the TLD, you can’t tell whether a mail server runs open-source or closed-source software. And this really doesn’t matter. Why? Because a mail service provider can just tell you that it is using open-source software A, but in reality it uses a modified version. You can only identify the software in use if you have access to the servers. This isn’t normally the case.
  • Even in case of open-source software, the mail service provider is very likely able to access, read and modify all of your e-mails since they are stored and processed in cleartext (if you don’t use end-to-end encryption like OpenPGP).
  • POP3 has some disadvantages like no support for folders, flags, synchronization, and no multi-device support. Nowadays, you likely want IMAP/IMAPS. Besides, there is no MTSP, and SMTP/IMAP/POP3 don’t come with transport encryption by default.

It would also be nice to see any reply of you, @pinp. You started many threads on this forum, however, it seems that you never reply after someone answered your questions.

2 Likes

What email provider do you use?

I’m looking for a security and privacy-oriented email provider other than protonmail, tutanota, disroot. The necessary conditions are open source and end-to-end encryption. I gave a candidate to investigate. Please tell me if they are safe.
Mailpile

mailbox.org

Mailfence

NeutronMail

Criptext

FlowCrypt

CTemplar

ElectronMail

Cock.li

I like posteo.net.

Edit: They’re on this official list too.

Is there a reason you’re avoiding Proton, etc?

1 Like

well, take it from me “do not put your egges in one place” (well, first time i heard it from the hated one xD but yeah) so i’m using proton, tutanota & mailfence all together & all are good to me & you not have tutanota & proton email in ur list so i will say mailfence

Consider reading my reply in the other thread.

Mailbox.org and Mailfence are solid choices. Out of those options I would pick one of those two.

  • Neutronmail I would not trust a provider which doesn’t even have it’s own domain for it’s website. When visiting neutronmail.ch it goes to a 403 Forbidden which is really unprofessional. That should at very least redirect to the main website which should not be a github.io page. They also seem to be blocking probing Hardenize so I wouldn’t go near them. The site also looks incomplete and the domain only looks like it’s been registered for less than a year:
    Domain name
    neutronmail.ch

    Holder
    Michael Blum
    Ludwig-Erhard-Straße 3a
    DE-84034 Landshut
    Germany
    Technical contact
    netcup GmbH
    Felix Preuss
    Daimlerstrasse 25
    DE-76185 Karlsruhe
    Germany
    Registrar
    netcup GmbH

    DNSSEC
    yes

    Name servers
    root-dns.netcup.net
    second-dns.netcup.net
    third-dns.netcup.net

    First registration date
    23 December 2018

And listing all those news sites looks like snake oil to me, apart from the fact the website isn’t functional. The quote there:

A new email service being developed by a group from MIT and CERN promises to bring secure, encrypted email to the masses and keep sensitive information away from prying eyes.

is ripped directly off ProtonMail’s Google Play and AppStore description.

  • Criptext I would not touch for reasons mentioned in the other thread. Hardenize report No DANE or MTA-STS

  • FlowCrypt is a plugin for doing encryption in gmail, so I doubt that’s what you want as you’d be sharing all your metadata with Google.

  • CTemplar looks like a web client for doing PGP. They look like they have some paid service. Personally I wouldn’t use them as they have no DANE or MTA-STS. See Hardenize report for CTemplar

  • ElectronMail is an unofficial email client for Tutanota and Protonmail.

  • Cock.li has no encryption in their webmail, you must use your email client (Thunderbird with Enigmail for example) for that. I wouldn’t use them unless you’re okay with some of their questionable domain names. Maybe as a throw-a-away. Yeah I wouldn’t use them either

None of these providers would meet the minimum requirements to be listed on privacytools.io. Soon I will be doing a pull request with our new criteria. With the intention to publish March 2020. So far all providers have promised me that they will be compliant and that I will not have to de-list any of them with the exception of NeoMailbox (which is looking like it will get removed).

Also: DANE vs MTA-STS for secure SMTP transport.

If you’re specifically interested in source code “being open source” you’re going to need to use a mail client. There’s no way to verify an email provider is using the source they provide if they do provide any.

1 Like

I recently found an email provider called Criptext. https://criptext.com/. This is open source and end-to-end. And above all, it uses Signal technology. This saves the email content on your hard disk and not the cloud. Is this email secure? And which is better than Protonmail or Tutanota?

This one came up in the privacytools.io AMA.

They mislead potential users by stating very odd and a bit contradictory statements e.g they say “We don‘t have access to your emails nor do we store them in our servers.” which isn’t true, they have servers and those that were sent or received by other e-mail providers, the e-mails will be stored in their servers and their apps do in fact have API to their servers. Not to mention it’s still in beta phase. Them claiming “Quite possibly the most private email service — ever” is very blunt and arrogant. Snowden stated:

[…] Email is a fundamentally insecure protocol that, in 2019, can and should be abandoned for the purposes of any meaningful communication. Email is unsafe. […]
(Source)

Edit: To add to this, them saying “No Cloud Storage” and “Decentralized Architecture” is outright false and lie. If they go down, criptext will go down as well. E-mail protocol needs servers and eventually, whatever e-mail you send by it, it will go through their servers and then to other e-mail providers.

Essentially it comes down to it being snake oil.

Also perfect forward secrecy protocols don’t work with asynchronous communication like email anyway. They require a handshake, which is why things like PGP have persisted for email encryption. See Op-ed: Why I’m not giving up on PGP.

What Snowden is saying essentially comes down email having a lot of metadata in the headers of an email. For a SMTP relay (every mail provider has one and it is used when you send an email) to transmit a message from one mail server to another it must know things such as, who it was from, where it is going to, date, subject etc.

Even email providers like Protonmail and Tutanota cannot claim to keep this secure when sending email other email providers as they need to be able to process this information in order to work. They may be able to implement facilities to keep it secure at rest however (this only protects stored email not email being transmitted).

It’s also worth noting this service centralizes email. Emails sent from criptext to other email providers are not encrypted, so this completely defeats the purpose.

i use mailfence, protonmail & tutanota so because you just asking between protonmail or criptext…i will say protonmail

Yes should also mention that Tutanota uses it’s own encryption to encrypt email between Tutanota customers. This encryption isn’t compatible outside of the Tutanota email server. You also cannot use a third-party email client like Thunderbird, Apple Mail, Outlook etc with Tutanota.

However that being said, Tutanota allows you to send an email which is a link to the email on Tutanota’s server. You can then give the recipient a password to open it.

Mailbox.org also does this. Mailbox also uses uses PGP to communicate between other Mailbox users, and indeed Protonmail. Protonmail also has this feature.

Mailbox supports PGP in their web interface (Mailbox Guard) and allow you to encrypt all incoming email so that it is encrypted at rest. I like this as it allows me to use my smartcard (Yubikey) with NFC to decrypt email. The advantage of this is my private keys never leave my Yubikey and therefore are never on a potentially compromised device. There is a video here of how it works An NFC PGP SmartCard For Android. It is however a little more complicated to setup, and encrypted search of the body of emails isn’t possible. I tend to put my email into folders as I get it and use filters on the incoming email to keep it organized. That is what you’d do for maximum security, as all recent events in the last 10 years show that it’s not the encryption being defeated but rather the key being stolen from the compromised device.

Posteo also had encryption in their webmail but they do not allow you to use your own domain name, so if that’s something you need, then that’s not the provider for you. Their PGP is compatible with Protonmail and Mailbox, as is all PGP with any provider if you use an email client like Thunderbird and Enigmail.

Tutanota and Protonmail do allow for search of encrypted data [1] [2]. This might be useful if you have a lot of email and need to look through the body.

Protonmail’s bridge software allows you to use your third party email clients and keep the benefits of their service.

There’s also this review ProtonMail vs Mailbox.org comparison
you might find interesting.

IMO, that old idea of the Internet being World Wide is lost on features, ‘better browsing experience’ and ‘for your safety’.

I just opened a account at Moz, jumped through the hoops, over the hurdles and finally was permitted top ask about FireFoxs Privacy Policy wherein they block the stalkers, but appear force themselves on us as the only allowed stalker. They have been vague, but part of their privacy policy, under “Suggest relevant content” states:

Location data : Firefox uses your IP address to suggest relevant content based on your country and state.
NOTE: It doesn’t say “might use” or “may use” it states “will use”

The World Wide Web “will” become the Local Wide Web.

I wondered just how long it would be before FF stated looking for ways to make money. There is nothing wrong with making money, unless you’re printing it or abusing people’s privacy. I do not like being grouped in with the most profitable commodity on the 'net. I don’t like being pimped out - not even by Mozilla.

Just say’n s’all,
~☍~

.