Lelantos is a privacy email provider only accessible through Tor but able to communicate and receive messages from any Internet wide email services like Gmail or Yahoo. The owners, a small unidentied group of people, claim that all data in the server is encrypted, with data back ups located in different countries.
When you open a Lelantos email account you will initially get a @lelantos.org address, currently that domain name is registered to someone called Ryan Harris living in Canada and the DNS servers are set to Domains4Bitcoins, the little information one can gather from that is that Lelantos is paying the domain registration with Bitcoins, registration details in Canada might be fake or might not.
To stop other people from knowing that you are using a Tor email service Lelantos gives you a choice of multiple private clean domain names that are not listed anywhere and not linked to the Tor network. Lelantos obviously doesn’t have access to your computer IP since the only way for you to read and send messages is using Tor.
Lelantos webmail has two interfaces, a SquirrelMail layout that does not need Javascript enabled to login and a RoundCube interface that needs Javascript. I have used both interfaces and there isn’t too much difference in between them, RoundCube, looks more modern and has drag and drop but the main functions work the same. If you are serious about privacy go for the SquirrelMail interface with no Javascript.
Another way to protect yourself against browser exploits is by using Lelando’s IMAP and SMTP .onion servers with TLS, for this you have to set up your email program with a socks proxy and run Tor in your computer. Unfortunately few email programs support socks proxies, I suggest the free open source Thunderbird email client from the Mozilla Foundation.
Lelando’s terms and conditions forbid using their email service to transmit child pornography, spam or sending violent threats, if you breach their Acceptable Use Policy your account could be terminated.
This is not a free email provider, you have to pay some Bitcoins to fund service maintenance, I think that it is not unreasonable since they also provide support, with a public PGP encryption key available to communicate with Lelantos staff. For extra security is best to anonymize your bitcoins with a laundering service like Bitlaundry, but, as long as bitcoin payments can not be linked to an specific email account it should be fine.
Lelantos Tor address: http://lelantoss7bcnwbv.onion
Red5
Good stuff… Thanks for finding this. I was wondering when something better than Tormail was going to come.
John
Lelantos has been under DDOS attacks; probably by the NSA, for at least the last two weeks; and is not currently functioning.
Anonymous
Lelantos has been experiencing difficulties for some time now, partly due to the aforementioned DDOS attacks. Their problems started long before this, however.
The article states that Lelantos provides a PGP key:
pub 4096R/F98718B0 2013-10-07 [expires: 2016-10-07]
Key fingerprint = E8AD 0464 0377 36C9 EAC0 D3D9 5140 50CD F987 18B0
uid Lelantos Projects
As can be plainly seen, the Lelantos PGP key does not have an encryption sub-key. This key format was abandoned as insecure in 2009 by the PGP/GnuPG developers, as single PGP keys used for both signing and ecryption can, under certain circumstances, leak some of their private key bits, making the keys easier to break. That is why the PGP/GPG developers abandoned this key format starting in 2009. Yet, in 2013, a full four years later, we see Lelantos still using software that generates keys using this insecure and abandoned PGP key format.
For an individual to miss this, would be understandable, and could be excused. For the developers of a so-called secure email service, ignorance of such matters amounts to nothing less than negligence. One is led to wonder, what other flaws or oversights might be lurking behind the scenes, that we are unaware of?
shrooomies@lelantos.org
Lelantos is currently totally working for webmail. I think they still have problems with IMAP/POP3 client logins though due to DDOS.
fishbowl
I’m new to this, and a bit discouraged. Are there are any reliable, private/secure, free or low-cost email clients available right now?
Everything I’ve looked at so far compromises heavily on either reliability (lots of downtime, no guarantee your message will actually arrive at the recipient’s inbox) or security and privacy. I’ve yet to find anything that can be trusted on all counts.
Trader
Take a look at bitmessage.ch for a secure working solution. Though you have only 1 alias at least it works. Lelantos is crap indeed.
Rand
Lelantos works well now. Most problems fixed. Still have some issues sending to other onion addresses though. Might not be their problem