Let’s have a discussion about email providers. The focus here isn’t so much anonymity and Tor, but rather security and privacy. Despite that I think this discussion could find its place here as there is interest. A clear distinction needs to be made for choosing short-term or disposable accounts and for long-term accounts which you’d want to be very reliable. Finally let’s not limit the discussion to Tor friendly providers. Tor is great but email should work well on the clearnet too, it’s where most people are.
Here are a few privacy oriented provider lists, please mention any others:
Whonix on Twitter, 11:05 AM - 21 Mar 2018
#ProtonMail is snake oil. Google captchas on account creation. Their “trust us” JS crypto blobs that can turn on the user and steal their passwords any time and their refusal to support IMAP makes them a BAD choice for anyone who wants secure email. ^HU
This is of interest because Protonmail has claimed (successfully) leadership in privacy oriented email. More thoughts and info?
Which email providers would you be most likely to trust and why?
Financing: requiring payment could be a good indicator the provider has a sustainable and privacy respecting business model. Payment options are important. Popular and seemingly privacy oriented services with free accounts will invariably come under more scrutiny as they will sadly also be more commonly used for dubious activities.
Third-party content: outsourced captchas and scripts at registration or any time later are probably a very bad indicator.
Country of origin: important, but may not be decisive. There’s hardly a place where the state isn’t able to force the provider to hand over whatever is available. Even if the state seems nice it may have powerful “allies”.
Transparency of code: the most trustworthy providers provide all their source code. Happily this is not unheard of for email services.
Transparency of authorship: It’s hard to trust a service if there are no names behind it.
Tor policy: allowing access through Tor and providing an onion address indicates a high degree of technical proficiency and commitment to privacy. Some understanding for complicating registration through Tor may be justified. The abusive traffic could be overwhelming and providers have limited resources.
Data transfer: only having webmail and not allowing emails to be downloaded is unacceptable for serious use. Mentioned because unfortunately this is not a rare problem.