E-mail providers - which one to choose?

Introduction

E-mail is the well known communication system brought to the digital world. It's useful mainly for signing up for stuff, but also to receive and send messages to other people. To use it, you need a provider (or you can host your own, but we won't cover that here) and either a web browser or a mail client (the superior option). Various providers have their pros and cons, and choosing one can seem overwhelming - especially with the amount of hype many of them are throwing around. I'll try to make this really simple. The most important features a service should have are mail client and anonymization support. If a provider lacks either one, they are disqualified, in my opinion. There are many reasons why mail client support is so important. First of all, you can choose the program you like, and make it fit within your workflow, instead of depending on whatever special snowflake JavaScript your provider comes up with. Your mail client software will always stay the same, while a webmail service can change their JavaScript at any time - including to make it malicious or incompatible with your web browser. Standardized protocols allow the downloading of mail to your computer; they keep the control in your hands, instead of a big corpo. A good mail client will surely outcompete webmail in terms of features. It also takes the weight off a web browser, which should really focus on just browsing the web (unix philosophy - one application per task). But perhaps the most important issue is that mail clients support established encryption in PGP; while webmail-only providers sometimes don't - and even if they do, it is not as secure when used that way.

The other feature - anonymization support - should be obvious. You don't want the stuff you do on the Internet to connect to your real identity, lest it be used against you sometime in the future. This means you need to be able to sign up with a VPN or the TOR network; as well as avoid revealing data such as real name or phone number. There are a few other things you might want to look for, but these two are the fundamentals that can't be replaced. An alias feature allows you to have many unconnected identities (for example, one for "professional" work, and another for sperging out about vidya or anime) within the same account. A good privacy policy that limits the amount of collected information - I mean, we don't tolerate spyware browsers, neither should we spyware providers. Then comes the price - free is the best; a paid provider better support Bitcoin if they want the highest grade. A mild ToS which won't ban you for homophobia or some other victimization issue of the day (still, a provider should not be reading your mail, and you should be encrypting yours, if possible). Most of the other stuff that services use to advertise themselves is pretty much hype; it's a jungle out there, and providers will try anything to get ahead of the competition. Keep the fundamentals in mind while reading this report (hint: providers are sorted from worst to best)!

List of providers

 Hushmail 

Everyone is entitled to their email privacy. Take back control of your data and experience a clean inbox with no advertising.

Okay, I'm in! Just give me a minute to check if the evidence supports your claims...

When you visit our website we may collect information about you, including your browser type, operating system and the Internet Protocol (“IP”) address of your computer. We use this information to facilitate your use of the website, gather market information and prevent abuse of our services.

No thanks. But wait, that's only the website - I could possibly deal with that if the actual mail service was private. But is it?

We take steps where possible to limit the personal information we collect.

Wow, thanks! So let's see just how limited those "limits" are:

As part of the account creation process your IP address will be recorded. We may request that you provide other information, such as a phone number, as well. We use this information to analyze market trends, gather broad demographic information [...]

Asking for my phone number is very "limited" indeed. And the market trends shit rears its ugly head again.

Information we record may include [...] account usernames, sender and recipient email addresses, file names of attachments, subjects of emails, URLs in the bodies of unencrypted email, and any other information that we deem necessary to record for the purposes of maintaining the system and preventing abuse.

So you're even snooping on the links in my messages! And any other information is an admission that they could possibly collect everything they imagine. But why pretend it's about preventing abuse? Just say you're in the business of gathering information.

We store sales, marketing, and customer care information with third-parties that support these business processes, which means that information such as your name, email address, phone number, and company name, as well as the history of communications related specifically to the sales or customer care process, may be stored there.

And now my name and phone number is being sent to whoever the fuck. Could this get any worse?

The records we keep of your activities are permanently deleted after approximately 18 months. Records that are stored for statistical purposes may be kept indefinitely.

...yes, it could in fact get worse. And that's not even the entirety of it (I don't want to write a book here!) - check out their privacy policy (archive) if you want to torture yourself further.

I forgot to mention that Hushmail actually wants money for all this abuse! And it doesn't even support mail clients. Taking all that into account, this is without a doubt the worst choice on this whole list. And they have the audacity to claim stuff like this:

Hushmail has been providing secure, private and encrypted webmail solutions since 1999. Here is why our customers trust our experience in the field.

Yeah sure - very trustworthy you are!

 FastMail 

This is another one of the paid providers which are also absolutely terrible from a privacy standpoint. From their privacy policy (archive):

If you register to use, or use, one of our websites or services [...] personal information that may be collected directly from you includes name, billing address, mobile phone number, organisation name, your own domain name, IP address, browser user-agent and billing details

Name, phone number, address. You're off to a fast start towards privacy hell, FastMail.

We process mail sent and received from your account to block spam and fraud.

The private FastMail scans your mail.

We also store information from your address book, calendar, notes and files on our servers.

Is there anything you guys don't store?

We also collect the email content you create, upload, or receive from others

Guess not - even other people aren't safe from FastMail's prying eyes.

Each time you connect to our service, we log your IP address, your client identifier (browser or mail client information) and your username. If you send mail, we also log the email address you're using to send mail and the email address you're sending to. If you take action on mail in your mailbox, we also log the activities taken.

So literally your every move is being tracked and logged. And now for some humor - look at how they justify themselves:

This is necessary for providing proof of delivery and fraud analysis.

Sure. I wonder why almost no other provider on this list is doing so, then? Now check this admission (from section How do we use the personal information we collect from you?):

conduct analytics and measurement to understand how our services are used;

Oh, so it was about analytics all along, instead of fraud analysis or some other bullshit excuse. And for something even more damning (from section Sharing personal information with others):

We may share your personal information [...] with third parties who help manage our business and deliver services [...] Some of these providers use “cloud based” IT applications or systems, which means that your Personal Information will be hosted on their servers

And now all the stuff I've talked about will be put on some third party servers.

We may use your name and email address to send direct marketing communications to you and let you know more about our services or related services that we believe will be of interest to you

You will also be flooded with directed advertisements. But how does FastMail know what will be of interest to you? Of course, it's because of all that collected data - which, remember - includes your mail content! Later they claim that they don't profile you to send targeted advertisements, but that seems to contradict the above - and we should always assume the worst. FastMail also uses the Matomo tracking service, which was described in detail in ProtonMail's section. Anyway, that's quite a lot of data collected - but how long does it stay around?

Where we log information related to your IP address, we retain this information for approximately 90 days.

Where you request that we delete your account from our system, we will immediately lock the account and archive the information, then delete it from our severs within approximately 7 days from the date of your request.

Not bad, I guess. I mean, some other providers take a year or more...But wait:

However, in specific limited circumstances we may store your personal information for longer periods of time

Ha! So the 7 days figure was just for show. Let me quote some related information from another section (archive):

After an account is terminated, data and backups are purged within a timeframe of between 37 days to 1 year after closure

So you do take a year after all. And you fucking lied straight to our faces with the 7 day thing. This seems more and more like some entry-level trolling...Can we say anything at all positive about FastMail in light of the information presented? I guess this:

Providing secure end-to-end encryption via webmail is impossible. There are basically two options, both flawed:

That's right - it's the same thing I've been speaking about. So at least they don't pretend to have some super-duper in-browser encryption. And maybe another thing:

We won't release any data without the required legal authorisation from an Australian court. As an Australian company, we do not respond to US court orders.

But remember that some of your data will be stored on third party servers in other countries, which might have some different ideas...All in all, I struggle to provide a reason to use this one at all. The amount of stored data is simply massive (and I didn't even cover all of it), it's shared with third parties and used for sending advertisements - and you have to pay for all that.

 Outlook 

Since Google got one, then surely Microsoft must be the next in line for the chopping block. It's actually really similar to Gmail, but maybe even worse. Sign-up process is a mirror image of Google's, except you need to enable more stuff in uMatrix so that it works. Otherwise, it requires your real name and phone confirmation - which I (obviously) didn't bother with, so I don't know what comes further. As with Gmail, you can't sign up just for the E-mail, but instead get a Microsoft account containing access to all their services. Let's analyze their privacy policy now (better have some painkillers ready, because it hurts):

Data about your device, your device configuration, and nearby networks. For example, data about the operating systems and other software installed on your device, including product keys. In addition, IP address, device identifiers (such as the IMEI number for phones), regional and language settings, and information about WLAN access points near your device.

It's not enough for them to know how you're using their services - Microsoft will also snoop on everything else you're doing with your machine. Ugh.

Data about your interests and favorites, such as the sports teams you follow, the programming languages you prefer, the stocks you track, or cities you add to track things like weather or traffic. In addition to those you explicitly provide, your interests and favorites can also be inferred or derived from other data we collect.

Not sure how applicable the above is to E-mail specifically - but it clearly shows the attitude of Microsoft towards your privacy - which is a complete disregard for it.

Data about your contacts and relationships if you use a product to share information with others, manage contacts, communicate with others, or improve your productivity.

Information about your relationships and interactions between you, other people, and organizations, such as types of engagement (e.g., likes, dislikes, events, etc.) related to people and organizations.

Data generated through your use of Microsoft’s communications services. Traffic data indicates with whom you have communicated and when your communications occurred

Now these are surely relevant to E-mail. Not only does Microsoft keep your contact list, but also when you have written them. What about the duration of data storage? Unlike Google, Microsoft does graciously tell us something about it:

when your Deleted Items folder is emptied, those emptied items remain in our system for up to 30 days before final deletion

So, we know that - when we delete an E-mail - it's gone in 30 days at most. This sucks, but at least we get told about it - which many allegedly private providers can't manage to muster. As for the other data, we're unfortunately left with vague statements such as:

Microsoft retains personal data for as long as necessary to provide the products and fulfill the transactions you have requested, or for other legitimate purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements.

Realistically - considering the avalanche of various anti-privacy and anti-user stuff in their policy - we should assume the other data is stored for much longer than the actual mail content (you'd think they'd mention the duration if it was something they could have bragged about). Okay, there's just one more transgression of note that I want to cover:

To build, train, and improve the accuracy of our automated methods of processing (including AI), we manually review some of the predictions and inferences produced by the automated methods against the underlying data from which the predictions and inferences were made.

That's right - Microsoft uses your data to train their AI. The same crap Google has been pulling for years with their ReCaptcha. If you were considering Outlook as your E-mail provider (why?), this alone should drive you away from it. The ToS also makes SJWs look like freedom lovers by comparison. Same as with Gmail, Outlook does support mail clients and is free - which are the only advantages of the service.

 Gmail 

Fuck it, I'll give it a proper review, because why not? It's not even the worst provider out there, if you can believe it. It does support mail clients, for one - so it automatically has an advantage over many of the ones advertising privacy and user respect that are webmail-only. My VPN was not blocked, though it did ask for my real name (which you can fake) as well as requiring phone confirmation - which I ended up choking on.

Unfortunately - as if it wasn't obvious - mail client support is the only positive Gmail has. Well, it's also free - but you pay with giving up an amount of data which other providers can only dream of matching. For example:

unique identifiers, browser type and settings, device type and settings, operating system, mobile network information including operator name and phone number and application version number. We also collect information about the interaction of your apps, browsers and devices with our services, including IP address, crash reports, system activity, and the date, time and referrer URL of your request.

We use various technologies to collect and store information, including cookies, pixel tags, local storage, such as browser web storage or application data caches, databases and server logs.

There is much more. It's not an exaggeration to state that every step you take, every move you make while using Google is stored and analyzed (and the duration is not stated, as far as I can see - so assume it's forever). What makes it worse is that you can't sign up just for Gmail, but need a Google account for every one of their services. So, if you're logged in (because you're using their webmail, for example), then they can also track you all over YouTube, etc. and mix up all the information to make a profile. Google is also a PRISM member, so your stuff is likely ending up grabbed by law enforcement (they've shared location data with them before). And, using Google's services means you enable all their unethical practices (such as shoving ReCaptcha into our faces, heavy censorship on their search engine, widespread tracking and ads, their monopoly on browsers, etc). Other providers - even those of the spying sort - pretty much limit themselves to mail; they don't have the worldwide influence on so many things as Google does. So, you should specifically avoid Gmail just to inhibit their quest for world domination (did you know they can even lock you out of your house?) - even if they're not the worst provider out there.

 Gandi 

I wasn't supposed to review any more trash providers but this one stood out and someone requested it, as well. I'll be quick here, I promise. You need to get a domain with these guys before registering for their E-mail. The domain registration process needs an account with your real name, phone number, E-mail address and physical address. If that wasn't enough torture: to pay with cryptocurrency, you need to register for the third party payment provider BitPay - which is Cloudflared, requires solving reCaptcha, and providing them a fucking ID document! Holy shit. Are you a masochist? Then Gandi is the perfect provider for you! And yet, they have the audacity to advertise themselves as having no bullshit...

 VFEmail 

UPDATE May 2022: requires reCaptcha again, but allows to bypass it by upgrading your account, whatever that means (probably paying). Still asks for your real name; registration also fails on Pale Moon. Everything else is as shit as it was when I wrote the first report, except the site is now behind the evil Cloudflare. Mail clients are supported, but auto-configure doesn't seem to work. Accepts signing up from a VPN, and that's where the positives end...A lot of suspicious things in the user agreement; going over all of them would take a year, so I will discuss only the most important ones:

[...] VFEmail.net can terminate and/or change and/or modify your account [...]

Wait, modify my account? What the fuck? This can literally mean anything, including rewriting your mail, deleting contacts, or changing the password. Suspicious as fuck!

[...] VFEmail.net or its designee may disclose information to third parties about User and User's use of the Service [...]

Great! Prepare yourself for your privacy being ripped away and thrown around to advertisers and trackers.

User acknowledges and agrees that content, including but not limited to text, software, music, sound, photographs, graphics, video, or other material contained in sponsor advertisements or information presented to User through the Service or advertisers is protected by copyrights, trademarks, service marks, patents, or other proprietary rights and laws.

So you will be sent advertisements and can't even show them to anyone. By the way, I've confirmed they add ads to your mail. Whenever you send anything from the free VFEmail account, your recipient gets this:

This free account was provided by VFEmail.net - report spam to [email protected] ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!

Funny how they claim to protect you from the NSA when they are Cloudflared (a US company) and have no real privacy policy. With a free account, you don't even get SSL encryption on your mail. So it is sent around in plaintext, completely visible to your ISP for example. Now what if you've paid? You get SSL (congrats for being the only provider out there who doesn't provide that for free), aliases, no ads and unlimited bandwidth - but are still in the dark as to the privacy and still subject to the shitty ToS. And to lighten up the mood...

If you do recieve mail between your last POP and the snapshot at 12am, it will exist on backup for a week - unless it's on Saturday night, then it's a year.

WTF? These guys must be trolling around here. Your mail is stored in a backup for a week...except on Saturdays! How random.

As for other data, you don't get told what gets stored and for how long. If you still didn't get the memo - get away from this crap! Honestly, it looks as if some jokers just slapped all the anti-user things they could think of, advertised themselves with bullshit like the Metadata Mitigator™ - for which of course you have to pay - and went around their merry way while raking in the cash. This might be worse than Gmail, which is more honest in regards to their (lack of) privacy and provides all its features for free.

 ProtonMail 

The most popular "private" E-mail provider, and often the first choice of a person getting away from the three giants. But does that mean it is in fact quality? The site is filled by beautiful black screen without JavaScript enabled. But assuming you got past that hurdle, let's consider the sign-up process - if you're signing up through TOR or a VPN, ProtonMail requires SMS confirmation:

And if you try to receive confirmation through a RiseUp E-mail, it says this:

So, SMS is the only option (unless you want to donate, which would reveal your personal information of course); therefore their claim that ProtonMail does not require any personally identifiable information to register is a shameless lie. Proton later included the option to solve a hCaptcha (used to be reCaptcha) for confirmation; however, the option disappears while using a VPN. They must really want that damn phone number if you are using anonymizers! And the claim that you can sign up without personal data is still false.

The way their "end to end" encryption works is by generating the encryption keys while you sign up - using your already existing keys is not allowed and ProtonMail must store the generated private key (archive) for PGP to work. Since the whole encryption process is done by JavaScript in the browser, nothing prevents them from sending you backdoored JS; the encrypted messages can also only be sent to other ProtonMail users, unless using the paid account (update: actually, a friend has told me that the latter isn't true anymore, though you have to upload the recipients' public PGP keys to ProtonMail if you want to use them). According to researchers, ProtonMail's encryption contains serious shortcomings. At the end of this report, I also link to an article detailing the issues with in-browser encryption in general. Mail clients are not supported except, again, through a paid feature called Protonmail Bridge.

But let's move past the fluff and see which data does ProtonMail actually store and for how long. Quoting from their privacy policy (archive):

We employ a local installation of Matomo, an open source analytics tool. Analytics are anonymized whenever possible and stored locally (and not on the cloud).

So when you visit their website, this Matomo spies on you. But what data does it actually collect? From Matomo's website (archive):

All standard statistics reports: top keywords and search engines, websites, social media websites, top page URLs, page titles, user countries, providers, operating system, browser marketshare, screen resolution, desktop VS mobile, engagement (time on site, pages per visit, repeated visits), top campaigns, custom variables, top entry/exit pages, downloaded files, and many more, classified into four main analytics report categories – Visitors, Actions, Referrers, Goals/Ecommerce (30+ reports)

So that's the website. What about the e-mail service?

we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, message subject, and message sent and received times. [...] We also have access to the following records of account activity: number of messages sent, amount of storage space used, total number of messages, last login time.

Great, even more metadata than Tutanota (if you trust Tutanota's claims that they collect as little metadata as they say they do). And then there's this gem:

When a ProtonMail account is closed, data is immediately deleted from production servers. Active accounts will have data retained indefinitely. Deleted emails are also permanently deleted from production servers. Deleted data may be retained in our backups for up to 14 days.

Read that again! Indefinite retention of data by the "private" ProtonMail! And 14 days for deleted data - enough for "them" to get you. At least there's disk encryption...UPDATE August 28; a direct admission they do store IP logs forever in certain cases - and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions. Their TOS says this: You agree to not use this Service for any unlawful or prohibited activities. You also agree to not disrupt the ProtonMail networks and servers, which can cover pretty much anything.

UPDATE June 2022: their new privacy policy (which, by the way, now doesn't display without JavaScript) is kind of different, they deleted some of the offending stuff. Doesn't mean they are not doing it anymore, since they already have proven to violate the user many times.

If you read their transparency report (archive), you will see quite a lot of requests for their data from governments all around the world. ProtonMail pretends to "require a Swiss court order" to cooperate - but you see that they often do that before receiving it - so don't expect that to protect you. One particularly egregious example is from May 2018, where they disabled an account because of terrorist allegiances - and we all know that's not just a convenient excuse these days, right? The new transparency report shows they've complied with 336 government data requests in 2018 alone - including 76 foreign ones. Oh, and since August 28, they finally admit to direct surveillance - In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities. And you will never be told you're being watched. So, what we have here is a provider that does not support mail clients, requires personal info to sign up while claiming otherwise, spies on you on their website, stores your e-mail metadata (and IP in certain cases) forever and immediately gives it up whenever government knocks on the door and shouts "terrorism!". Its encryption is also lacking according to researchers, and cannot be used for non-ProtonMail accounts without paying. And then - after all that - it claims to be a champion of privacy...As we can see, ProtonMail is found out to be a paper tiger when examined deeper. It does have an onion domain, but guess what - when you try to sign up through it, you are redirected to the clearnet with no indicators unless you happen to look at the address bar. This behavior is something I'd expect from a honeypot - you get lured with the added security of the onion domain, and then it's pulled away like the carrot on a stick. Avoid!

UPDATE: this is no longer valid. But I'm leaving it up to show that these frauds do not care about security at all. And they still have OTHER clearnet redirects up! Even this one took them way too long to fix it. And they seemingly did it ONLY because I trashed them for it. Otherwise, you'd keep being violated by the malicious redirect, since ProtonFail still shows no indication of caring about the user at all.

UPDATE May 2022: the new interface contains dark patterns! Look:

This button appears on the index page. And when you click it, instead of a creation screen for the free account that you were promised, you see this:

Everything on this screen is trying to get you to buy the most expensive plan (even though Mail Plus provides pretty much the same features if you only care about the E-mail). Starting from its middle position, which is the part most visible to your eyes. The purple border and button instead of boring white. The full storage bar making you feel like you're getting a crippled version of the service with the other options. The shiny fire button screaming at you how it's the most popular option (is it really more popular than the other plans?). Then there is the arrow pointing at the 24 month option (this ensures that, even if you find a better provider, Proton will still run away with your cash). We can add the dark patterns to the pile of reasons to avoid Proton.

But let's assume there aren't any dark patterns. The Mail Plus plan still costs more than a mail account alone should. And the free plan is useless, as it does not support mail clients. So, Proton's Mail Plus is not only outclassed by cheaper paid plans like Posteo, but also free ones like Disroot. That is even if you ignore the privacy issues. Just bury Proton already.

 Scryptmail  (DEAD - https://blog.scryptmail.com/discontinuing-of-service/)

Free 7 day trial and then you have to pay. No mail client support. Claims to encrypt metadata and senders instead of just messages. Blog and support forum appear pretty dead; FAQ is also outdated - says Scryptmail is only a year old, but it's actually 4.

What about the privacy? Website uses Matomo analytics described in ProtonMail's section. And the mail? According to their privacy policy (archive), whenever two Scryptmail accounts communicate, only sent times metadata is stored. On the other hand, if someone using another provider sends an e-mail to your Scryptmail account, the collected data extends to this:

sender and recipient email addresses, the IP address incoming messages originated from, message subject, body and attachments and message sent and received times.

Other stored information includes: Last login time, IP address, User agent, API call. Though they claim that they have no ability to match an IP to a specific user account. Which appears to contradict the earlier claim, since they know when a certain account logged in, as well as with which IP address. It is possible they delete the information about the account which the data belongs to, but to say that they have "no ability" to connect them is a lie.

You should assume that your data will be stored pretty much forever. From the Data Retention section: Active accounts will have data retained indefinitely. What about deleted accounts?

Your personal data shall be deleted no later than at the end of the calendar year following the year of the termination of the contract unless in an individual case specific reasons to the contract apply. [...] Moreover, the deletion of inventory and billing data may be omitted provided that legal regulations or the prosecution of claims require this action.

In summary: paid, no mail client support, confusing and contradictory privacy policy, significant amount of data stored and never deleted. Avoid!

 MsgSafe 

Another one dug up by a chat member. Website doesn't work at all without JS enabled and embeds Cloudflare scripts. Then - after you turn on JS - you'll wish you hadn't when you realize the CSS has all kinds of fucked positioning (at least in Pale Moon), making the site barely usable. Usually I'd drop it right here, but I was in the mood for some suffering - and MsgSafe provides it in droves. As far as I can see, the service is webmail only, so we can't avoid dealing with the shitty design. It's funny how they make this seem like a virtue:

Our software works through the web and operates using open standards so you know what's happening at all times. There's no software to download, no app store to trust, there's just you and us, and you're in control.

It's exactly the opposite, of course. Mail clients keep you in control, while a web app can be modified at any time by the provider, with the user unable to resist the change. If that wasn't enough, the privacy policy is a nightmare:

This includes referrer pages, time stamps, page requested, user agent, language header and website visited.

We don't get told the duration all this stuff is kept for, either. And no information about the possible storage of mail content or metadata. The free account allegedly supports up to ten aliases, but I can't seem to find a way to actually create them. I assume the paid tiers do support the option, but I'm certainly not going to test it - the quality doesn't justify the price of $5 minimum per month (hell, I wouldn't use this crap for free). As a positive, it does apparently support Bitcoin payments, but...why? Leave it rotting along with FastMail, Criptext and the other piles of junk.

 Criptext 

There are so many violators popping up now that I wasn't supposed to review any more of them unless they were significant for some reason. However, this one was mentioned to me by two people and it encompasses a lot of what's wrong with E-mail services and computing in general, so I might as well get to it. Let's start with the quote from their main page:

Quite possibly the most private email service — ever

That's it - I'm sold. Of course, no violator has ever made that promise before...not at all. But let's not jump ahead of ourselves, and first check out what's actually so special about Criptext. First of all, since it's a shitty Electron "app" (literally embedding Chromium inside it), it takes up a huge amount of resources - much more than Claws Mail. The interface is your usual webshit and you cannot make it fit with the rest of your operating system - like an alien invader. Obviously, forget about it supporting mail clients; Criptext says fuck the established standards - we'll run our own special snowflake webshit implementation. That alone would usually be a dealbreaker for me, but let's dig deeper. I don't seem to be able to run the "app" through either torify or proxychains, so it can be assumed to not support anonymization. To use Criptext, you need to sign up through the "app" which asks you for your real name. Now let's tackle some specific claims made on their site:

All your emails are locked with a unique key that‘s stored on your device alone, which means only you and your intended recipient can read the emails you send.

So, Criptext alleges to be E2E - but actually, it only works between Criptext accounts - others will just receive your mail unencrypted as usual. And - as the "app" doesn't support PGP (unlike a regular mail client) - you're left bare unless you encrypt through the command line. This is not at all different than what Proton or Tutanota are doing.

Criptext doesn‘t store any emails in its servers. All your emails are stored on your device alone, which means you‘re in control of your data at all times.

That's actually absolutely impossible. At some point, the E-mail has to go through Criptext servers so that it is delivered to the recipient. Why pretend otherwise?

With real-time tracking you can know once your email is read.

This is advertised as an unique feature, but actually, mail clients support it with something called Request Return Receipt. No advantage for Criptext, unfortunately. Now check this from their security section (I cannot even archive the Jabba-heavy page, ugh):

All your emails and private keys are stored solely on your device. Once Criptext delivers an email there‘s no trace of it left in our servers whatsoever.

This is called decentralized architecture by Criptext - which is of course a total joke since their "app" enforces usage of Criptext servers - unlike a regular mail client. Let's now check out their privacy policy:

Once messages are delivered to your device, they are deleted from our servers. The same holds true for messages which you send.

Okay - assuming they're not bluffing (which they already did a few times) - this is a welcome change of pace compared to most violators. However, POP3 protocol in mail clients supports the deletion of E-mail upon retrieval - so again, this is not specific to Criptext.

We also keep email metadata (subject, date and sender email address) in order to enable certain features of the Services, such as the “unsend”, “read receipts” and “expiration” features.

The duration is not mentioned. Red flag.

When a normal, unencrypted email is sent to you by a non-Criptext sender, the email gets encrypted by the server with your public key and can only be decrypted by your device. The same holds true for attachments that are sent to you from non-Criptext addresses. This means that your emails are always encrypted, even if the sender is not using Criptext.

That just means the E-mail would be encrypted from Criptext to you - but not before it reaches Criptext. Therefore, Criptext could still read it - again, why pretend otherwise?

We may automatically log information about you and your computer or mobile device when you access our Services. This includes information like hardware model, operating system information, battery level, signal strength, app version, browser information, and mobile network, connection information including mobile operator or ISP, language and time zone, and IP.

So, Criptext stores your IP address and lots of other information. Duration is again not specified. It also shares that data with unspecified partners:

We may disclose your personal information to our subsidiaries and corporate affiliates for purposes consistent with this Privacy Policy.

Okay, I think it's lights out for Craptext now. The only positive about them is their promise to immediately delete your E-mail upon retrieval - but seeing how many deceptive claims they've already made, it's doubtful they do even that. All that remains from the privacy posturing on their main page is a pile of rubble. The sane thing to do is to leave Craptext rotting right along the Protons, Fastmails and Hushmails and use some proper services.

 Soverin 

Another person requested a review, so here it is. Thought it's obvious it's terrible so I'll be brief here. Phone number requirement during registration makes Soverin completely non-anonymous - and for me, alone disqualifies it. Privacy policy says nothing about what data they actually store and for how long - only that if you delete your account, it's all gone. Soverin dares to ask for money for this abuse - and through a third party payment processor (archive) that collects everything possible about you and even shares it with others - Mollie will share your personal data with third parties if this is necessary for the performance of the contract or if it is based on legal obligations or legitimate interests. As for some positives - well, mail clients are apparently allowed, as well as Bitcoin. But if their payment processor stores so much stuff, does it even matter? There is disk encryption...who cares, everyone now does it. If you really want to part with your money, get Posteo that is 3 times cheaper and much better. Or just go for the good free ones like RiseUp or Disroot.

 Librem Mail 

A chat member has inquired about this one. Their modus operandi sounded nice:

Purism is a Social Purpose Corporation (SPC), which means we put social good above exploiting people.

So I decided to check them out, naively believing it (I guess the Mozilla situation has taught me nothing). The amount of personal data required for getting an account is the most I've ever seen out of any provider:

Billing First name is a required field. Billing Last name is a required field. Billing Country is a required field. Billing Street address is a required field. Billing Town / City is a required field. Billing State is a required field. Billing ZIP is a required field. Billing Phone is a required field. Shipping First name is a required field. Shipping Last name is a required field. Shipping Country is a required field. Shipping Street address is a required field. Shipping Town / City is a required field. Shipping State is a required field. Shipping ZIP is a required field. Please enter an address to continue.

What a shitshow. And you need all this info even if trying to pay using cryptocurrency. Librem is a paid provider, and you can only pay for a bunch of services together. This is like going into a store to buy bananas, but learning you can only get them in conjunction with apples - and you hate apples. Now, if you do want their VPN, chat and social media, the price might seem justified; but this is the E-mail report and a minimum of $8 per month for an E-mail is just too much compared to even the most expensive providers. Especially since Librem doesn't seem too interested in privacy with all the personal data it's trying to grab. The signup process alone is enough to drive someone away from Librem, but fuck it, I'll dig into their privacy policy anyway. Aside from the empty posturing - such as We do not track you. or We do build products, software, and services that respect society and your privacy. - the only mildly useful information is that they keep temporary things for 30 days. Don't expect the social purpose corporation (heh) to tell you about what exactly that consists of, though. Librem does support mail clients, which is the only real positive I can see about this service.

 SAFe-mail (safe-mail.net) 

UPDATE August 2020: The signup still requires manual approval and it's hit-and-miss whether you get in. Last time I reviewed them I didn't, even though I gave a real looking name. Now despite a troll name they accepted me for some reason - and I did it through the TOR network too. Clearly, they're not a serious service. Often, you can't even connect to the site and they send you http:// links through E-mail - which are not even redirected to HTTPS (without addons). More importantly, full mail client support is limited to paid accounts - free ones can only receive. Therefore, this should be considered a paid provider, with minimum $25 per year (or about $2 / month). And if you do that, you need to provide your real name, address, and credit card data, so it becomes totally useless for privacy. Lights out for SAFe-mail then, but there's more damning information I wrote previously, so take a look at it if you want to dig deeper still:

Israel-based service established in 1999. Before I delve deep into the meat of the issues, let's look at the first impression. Namely, the site structure and grammar is something a chimpanzee would make - this makes getting any information from the site a puzzle in itself. Most of the stuff in there is ancient, and some sections contradict each other. They've had 20 fucking years to make a proper website but instead we get this abomination...but let's try to make sense of it anyway:

SAFe-mail pretends to be privacy-based but has no real privacy policy. The only thing is a snippet from 2008 saying:

Safe-mail.net is not using cookies and not collecting any data about users. Safe-mail.net does not transfer, sell, trade or oterwise exchange any data it might have about its users with any other company.

So it allegedly does not collect ANY data about its users. Why, then, do they bother to qualify it with a statement that they also don't sell the data? Wait, there's also this: (from the user agreement) (archive)

SAFe-mail Ltd. will not disclose information about you or your use of the SAFe-mail system, unless...

Okay, so you DO have data about your users after all...

You agree that SAFe-mail may access your account, including its contents, for these reasons or for service or technical reasons.

So now you admit that you can access even the contents of my account? Isn't this an admission that you read our mail?

Please note that your Internet Protocol address is transmitted with each message sent from your account.

No shit. But what we're interested in is whether that IP, or any other data, is stored by SAFe-mail, and for how long - and this information is not provided. Does this not sound suspicious? SAFe-mail spends a lot of time posturing on how privacy-based it is, yet seems strangely secretive about the kinds of data it collects; in fact, you have to read between the lines to realize that it stores anything at all. A clear indication of a honeypot to me.

 Runbox 

Their website is so full of privacy posturing it's a wonder how they managed to fit anything else. I won't bother quoting it all here; let's move right on to seeing whether the posturing is actually worth anything (spoiler: it isn't). From their privacy policy (archive):

You consent to providing us with the following personal data when you register an account: First name, last name, company name (where applicable), mobile phone number (where applicable), country, and alternative email address. [...] To revoke this consent you must terminate the Service

Sorry Runbox, but requiring my real name just ain't privacy-respecting. The first impression already isn't very good...and it's just the beginning.

Your Account Information is stored on servers located in Norway for as long as your account is active...

Great, so I have to kill the account for you guys to stop storing my information. And then it's fucking gone, right?

...and: up to 1 month after closure of trial accounts; or up to 5 years after closure of subscribed accounts, as financial records must be kept for 5 years according to the Norwegian Bookkeeping Legislation.

No, of course it isn't fucking gone - that would be too private for the "privacy-loving" Runbox. So it's five years after the deletion of your account until your real name is gone from their database...or is it?

Backup of Account Information is stored on secure servers separate from the Runbox system for up to 6 months, even after the information has been deleted from the main storage.

Nope, the privacy-loving Runbox is truly smashing all the previous privacy records set by privacy giants such as Google or Yahoo; it's five and a half years until your data is gone from their servers! Oh Runbox, what are some other ways in which you protect my privacy?

Email service content (data associated with Webmail, Contacts, and Files in the Service) is stored in main storage on servers located in Norway for as long as your account is active and: up to 3 months after closure of trial accounts; or up to 6 months after closure of subscribed accounts.

So all your mail and metadata (sender, recipient, subject, date/time) is stored as long as your account exists. There's also the backup which is stored for longer. Should we prolong this torture? Okay, let's do the finishing move and get this over with: The Runbox "service" is fucking paid! Can we say final nail in the coffin? Seriously, they're like a Gmail you have to pay for...but wait, there is more: (I swear it's the last quote!)

If you correspond with us via e-mail, the postal service, or other forms of communication, we will retain such correspondence and the information contained therein.

To say something positive, I will mention that they accept Bitcoins...and you can use them through the mail client. There is also a 30 day "free" trial. Oh, and they are powered by renewable energy sources (but so is the actually private Posteo, reviewed later), which is the only really commendable thing about this "service". But since the data collection and storage policy is so terrible, you should stay away.

 OpenMailBox (DEAD) 

Has no privacy policy at all - a huge red flag; in fact, all they really say about privacy is that all user data is stored in privacy respectful countries - without, of course, specifying those uber-private countries. ReCaptcha is required to sign up, which shows you just how much privacy matters to them (if they submit to the Big G's botnet, you can safely assume they store fucking everything). Openmailbox severely lacks ethics, deleting features without notice (archive):

Free users of Openmailbox could use IMAP/POP to connect to their mailboxes previously. The new owner of the service, French company SASU Initix, disabled the option without prior notice for all free account owners.

This blocked the use in all email clients for free users, and left them with no choice but to use the web interface instead to do their mailing.

Related to that is the removal of the mail aliases feature. The available aliases were removed completely and stopped redirecting any mess