Towards a privacy-friendly mailbox

Like many others, my personal email address is a Gmail address. But you don't have to dig very deep to realize that Gmail, a mailbox, is not very respectful of privacy. One could even say that it takes it and tramples it and spits on it...
Don't be fooled, most of the well-known brands do the same (Microsoft, Yahoo!, etc.).

How important is the notion of privacy in the digital world?

First, we may simply not want our data to be stored for mass surveillance and advertising profiling. Not to mention that these data, most certainly, we will survive.
Second, in a democratic world like ours, the risk is not great, but if we were to run into a tyrannical government, our data could backfire depending on the antagonisms of the leaders. Fortunately, we are not there. For the moment. In Europe. Well, in some European countries.

Privacy and anonymity

Privacy and anonymity are, as Andy Yen, CEO of ProtonMail, reminds ustwo things different often confused.
Privacy protection means that information about you, such as your email exchanges, is protected and are not made available to third parties.
Anonymity means not being able to know who you are (by means of your IP address for example). Some email clients facilitate anonymity (no phone number required, payment possible in cryptocurrency, ... ), but in this article, we will focus on privacy.

I chose a list of email clients based on an initial, totally arbitrary selection.
The criteria chosen were as follows:

Data protection

This is usually done through encryptionFor data at rest (emails stored on an email box) or data in motion (sending an email to another email box), there are two schools of thought:

1. A more or less strong encryption depending on the technology, whose decryption key is in the hands of the company hosting the data.
2. The Zero Access Encryptionwhich means that the messages in your mailbox are encrypted, and cannot be decrypted that and only that by the person who has the login to the mailbox. Even the service provider is not able to decrypt the contents of the mailbox. It should be noted that if you lose your password, you will lose the contents of your email box...

Concerning the data in transfer, we generally speak about End To End Encryption (E2EE), which means that the transfer of the message itself is encrypted and that only the recipient and the sender, who own the decryption keys, are able to read the content of the email. This is usually a fairly technical procedure to set up, but some email clients have simplified it to make it easy to access. It should be noted that this is only possible between exchanges on email clients both offering E2EEand with a even encryption system. The most common in email is the Pretty Good Privacy (PGP). An E2EE email box that sends a message to a non-E2EE email box will not be able to encrypt the email, except in some cases where it will be possible to encrypt the email via a password. But if two mailboxes use PGP (or another common encryption), then the email can be encrypted across the board.

I would also like to see only the bare minimum of information (IP addresses, metadata, etc.).
However, even if this is the case, in most legislations, once an order from the judicial authority is received, email clients are required to do everything technically possible to comply with the judicial authority's request. That's why we can find cases of email clients that, following such a case, have started to record all possible information of some of their customers, since they are legally obliged to do so. But if the emails are stored in Zero Access Encryption, their content cannot be disclosed, since technically impossible to recover.

Attention to a green energy choice

This point is quite complicated to evaluate, because beyond a "green" label, when you dig a little, you realize that the reality is often more complex. Some email customers like Posteo get their energy from Greenpeace Energy, in Germany, which produces part of its energy with natural gas. In short, if you dig deeper, the "green energy" argument often proves difficult to verify, even if the approach remains generally commendable and based on a true ecological will (at least on paper...).

The ability to use third-party email software

Because in most cases, the objective is the right balance between privacy and convenience. I accept to a certain extent to have less data security in favor of convenience, such as using my favorite email software (Thunderbird, Outlook, Apple Mail, ...).In most cases, maximum encryption will not not the use of third-party applications, whether for the email box or for the calendar.

Open source code

Because open source code is transparency on the technologies used. It is also to allow everyone to check the robustness of the code and its reliability. The security is generally reinforced.

Servers located in privacy-friendly countries

Some countries are more or less respectful of privacy. In the USA for example, Internet service providers have the legal right to record the activity of their users and resell this information to third parties without informing users. There are alliances of countries that collaborate to share data among themselves. Clustering the most intrusive being the " 5 Eyes "These are Australia, Canada, New Zealand, the United Kingdom and the United States. Any company that is subject to the jurisdiction of one of these countries therefore falls under the supervision of the whole. In addition to this alliance, two (and probably many more) other alliances exist: " 9 Eyes "(5 Eyes + Denmark, France, Netherlands, Norway) and " 14 Eyes "(9 Eyes + Germany, Belgium, Italy, Sweden, Spain). These last two groups probably do not share as much information as the 5 Eyes, nevertheless they participate actively and voluntarily data sharing and monitoring under the limitation of their own lawsLet's keep in mind, however, thatno country will be perfect. The most widely recognized as privacy-friendly are Switzerland and Iceland.

Email providers

The email solutions that I investigated are the following (list absolutely not exhaustive, there are many other email solutions):

ProtonMail

This is the the most (re)known email software regarding privacy protection (I had already made an article on them a few years ago). Its servers are hosted in Switzerland (in an anti-nuclear bunker, just in case...). They offer Zero Access Encryption and the E2EE (PGP compliant).
They also offer a certain user comfortfolders, labels, ability to import data from another email address, ability to send messages that areself-destruct after a certain time, existence of a gateway (Proton Bridge) which allows the support of IMAP and SMTP protocols, and thus ofuse third-party email clients (Outlook, Apple Mail, Mozilla Thunderbird, ... ) on Desktop. They also have their own mobile application, no possibility to use a third party application here. And finally, their code is open source.
They have a calendar and have a cloud system in beta. It is possible to have free access, but most of the features are accessible from the paid offers.

Tutanota

After ProtonMail, Tutanota is usually the second name that comes up when looking for privacy-friendly mailboxes. It is a company based in Germany. It offers Zero Access Encryption as well as the E2EE no PGP here, but an in-house encryption. Their code is also open source. Unlike ProtonMail, Tutanota also encrypts email objects. On the other hand, no IMAP or SMTP gateway. If you want to use something other than the web interface, you have to go through Tutanota's applications (available in desktop and mobile). The company also runs on energy from renewable sources.
They have a calendar
They have a free basic package, but like ProtonMail, most of the features are in paid packages.

Ctemplar

Based in IcelandIn Iceland, one of the most privacy-friendly countries along with Switzerland, the Ctemplar mailbox offers similar services to Tutanota. They are also powered by green energy (almost 100% of the energy produced in Iceland is green). It is not not possible to connect an email client via IMAP/SMTP, and there is no desktop app for the moment, only mobile (Apple + Android).
The company is relatively young, and still lacks experience. They have been the victim of a critical technical crash which, due to a lack of backup, has caused the complete or partial loss of information of a part of their customer accounts. Despite this, their services seem to be promising.
They have a free basic offer, but like the other 2, most of the features are in paid offers.

Posteo

Posteo has a posture different from previous services. They sacrifice some security for ease of use. In terms of comfort, it is possible to connect email clients via IMAP or SMTP without problems. If the emails on the servers are encrypted, so as not to be accessible by hackers or others, they can be deciphered by the company itself (in case of a judicial request, for example). And the communications do not offer no E2EE by defaultIn order to do this, you have to install third-party software. It is also the only company of those presented here to do not support a personalized domain name. Posteo is based in GermanyTheir servers' code is open source and they are powered by renewable energy.
No free offer, but the first price is affordable (1€/month)

Mailbox

Mailbox is very similar to Posteo: based in Germanyencrypted servers but decipherable by the company itself, no E2EE by default, and possibility to connect with IMPA or SMTP. They are also powered by renewable energy, however, their code is not open source.
No free account but, like Posteo, their first offer is for 1€/month.

Runbox

Based in NorwayRunbox offers the same comfort/safety compromise than Posteo and Mailbox, i.e. the emails are stored securely, but they have the decryption key. It is possible to connect a third party email client in IMAP or SMTP. They are powered by renewable energy and their code in the latest version (in beta) is open source. The beta of their latest version is here since 2019but they publish regular progress reports.
No free account, their first offer is 15€/year.

Infomaniak

This service provider is a bit of an outlier. Based in Switzerland like ProtonMail, Infomaniak has emphasized the ease and professionalism rather than on the security side. It's not that the security is lacking, far from it, but they made the choice not to encrypt emails, nor to offer E2EE natively, in order to ensure important functionality for business customers. For example, encryption does not allow them to index emails (and therefore blocks some of the search functions).
Originally, Infomaniak was a hosting solution that gradually expanded its services (Dropbox-style cloud storage, video conferencing solution, etc.).
This is also the solution chosen by Badsender, mainly for their approach ethical and ecological, as well as all the available features.

Mailfence

This service is similar to that of infomaniak, in that it offers a complete solution with calendar, secure document sharing etc.
Based in Belgium, Mailfence goes one step further regarding data protection and offers a solution allowing E2EE without additional plugins, as well as a encryption key management system. The struggle for privacy is embedded in societyThe company donates 15% of its Ultra account revenues to two non-profit organizations fighting for civil liberties in the digital world: the Electronic Frontier Foundation and the European Digital Rights Foundation.
Mailfence also offers the possibility of connecting with third-party software in IPOP/IMAP, while warning of the risk of losing security since emails must then be sent in clear text (except when using specific plugins).
Mailfence has a free basic package, but most features are available with a paid account.

Self-hosting

It is about setting up the technical architecture to manage your emails. In the overwhelming majority of cases, it will be a bad solution : more expensive and above all, much more technically complex. And if there are flaws in the technical implementation, your email box will be more vulnerable than a piece of meat in a piranha pond. In short, the solution is mentioned because in absolute terms it is the most secure. But in practice it will only be possible for a very small number of people.

Transparency

These companies do not collects no dataUnless ordered to do so by a court of law. And even then, they only collect what they are technically capable. In this case, ProtonMail, Tutanota and Ctemplar will not provide never the content of the emails, since it is technically impossible for them to access it.
ProtonMail has been in the news recently for releasing some information about a French activist using an email box on their premises, under court order. No company can afford to say no to a judicial authorityand ProtonMail only responded in the context of the Swiss law (France had to go through Europol, which then contacted Switzerland), and only provided what it was technically capable of: IP addresses from the moment of the judicial constraint, metadata, ... But not the content of the emails.
And don't get your hopes up, all of these services have their share of judicial requests to which they must respond. They make publicly available transparency reports in which they publish the number of court applications received, accepted and rejected.

Balance

If you want to change your email address or mailbox to more privacyAll of the above solutions will be (much) more virtuous than Google, Yahoo!, Microsoft and others. Some of them ensure that no one but you will have access to the content of the emails, others have the technical ability to transmit this information on court order; in return, they usually offer a higher level of comfort for the average user through third party application support for example.
In any case, you won't get your emails anymore scanned and your information transmitted to third partieswhether it is for mass surveillance or the advertising profiling.

Feel free to comment if you have any other privacy friendly email providers to highlight!

PS: Mea culpa, I learned that, for this article, the correct term is encrypt rather than encrypt