Tag: email encryption

  • List of the best free webmail privacy services

    List of the best free webmail privacy services

    One of the most private email communication systems consists in using Tor or a VPN to connect to a free webmail service and encrypt the messages yourself with PGP, this method gives you privacy and anonymity. Thunderbird+Enigmail, or GPG4Win can do that and it won’t cost you a cent, the problem is the time and learning curbe it takes to do this.

    Encryption built-into the webmail service might not as secure as doing it yourself but if the company claims are true, encryption secure and their privacy policy trustworthy, it is a really easy way to secure your email messages.

    Atomic Mail: Free encrypted email service with aliases, zero access encryption and no advertising. Atomic Mail is a new privacy email service based in Estonia compliant with European GDRP privacy laws. You can use it to send password protected emails to people using an insecure email providers, when you send a password protected email only the link to the message hosted in a secure server is sent and not the content.

    Proton Mail: Company keeps minimum logs and can not read your data as the inbox is encrypted. Servers are based in Switzerland. Communicating with other Protonmail users is end to end encrypted, and emailing other email providers is done in plain text, to make the best of this service your friends should ideally be using too. the company itself can’t read your data.

    Tuta Email: Email privacy service based in Germany, messages are encrypted in your browser and nobody can access the encryption keys, Tuta staff has no decryption keys, they keep no login IPs and have no way to identify customers or decrypt data. They also publish transparency reports showing how many court orders they had and what it was done about it, like, handing over encrypted data.

    Tutanota free privacy email
    Tuta free privacy email service

    VFEmail: With support for PGP encrypted webmail using the interface and anonymous sign up using Tor, this service has a Tor hidden node from where you can access your account. Metadata is scrubbed from emails and your computer IP removed from the headers.

    Mailfence: Email service hosted in Belgium that supports sending OpenPGP encrypted messages and two factor authentication.  Seamless keystore integration.  All encryption happens in the browser.  Service includes a calendar and cloud document storage with paid for accounts giving you access to Android and iPhone apps to access your email using a portable device.

    NOTICE: List only includes services with free option. If you are willing to pay for a privacy email service other companies you should look at are Posteo (Germany), Countermail (Sweden), StartMail (Netherlands), CodaMail (USA) and KolabNow (Switzerland).

    Webmail services hiding your IP

    The following email services do not encrypt your messages but hide your computer IP in the headers. I tested all of them and the sender’s IP is replaced with a neutral IANA (Internet Assigned Numbers Authority) private IP address, a range of IP addresses not linked to any country or person reserved for use in private networks, the only way to find out who sent the email is to contact the company and ask them.

    Yandex: Russian email provider offering Email accounts in multiple languages, with huge storage space (10GB), beautiful interface of interchangeable themes, spam and virus filter and free storage for files and documents. Yandex strips your email from the headers but this is not a privacy service they keep internal logs of the real IP in case of abuse.

    GMX Mail: Free German email provider with PGP encryption, large attachments, filter rules and mail collector as well as 10 free aliases to be able to compartmentalize different online identities. GMX finances the free email service with advertising being displayed on their page.

    NOTE: Some email services will only strip your computer IP from the headers for webmail and include the computer IP in messages sent using SMTP.

  • Autonomy Central email encryption and secure notes

    Autonomy Central email encryption and secure notes

    Autonomy Central is a cross platform and portable Java based email service to encrypt email messages, files and notes using 2048-bit RSA key and AES 256-bit, that level of security should stop well funded attackers. Creating an account is a fast five step process for beginners, or you can choose a “Control Mode” for power users giving you more options.

    You will be given a @valeso.com email address that can be used to securely communicate with other users, encryption and decryption will be automatic. If someone is using a Outlook or Yahoo address and does not have an Autonomy Central account, you can send them a Special Delivery message with a link to an online SSL viewer where the recipient can decrypt the information entering the right password that could be transmitted via SMS or phone call.

    Autonomy Central Valeso encrypted email
    Autonomy Central Valeso encrypted email

    Other features of this security suite include a secure notes section where you can keep personal reminders encrypted, and a file storage service that will encrypt any file you drag and drop inside the Window. Data will be stored locally in your computer or in Valeso cloud servers depending on settings.

    Autonomy Central is a highly configurable email service, advantageous for those who like to decide every single detail of their email habits but it could complicated for beginners given how many options it has.The default settings are safe for everyone in case you don’t want to spend time reading the manual or playing around with the software.

    This service could be an alternative to Hushmail, with some  important differences that one should consider, like not being able to use your own encryption keys, which means you have to trust the company behind Autonomy Central, and not being able to use webmail.

    Visit Autonomy Central homepage

    Update 2014: Program no longer supported, link erased.

  • HIPAA compliant email service Protected Trust

    HIPAA compliant email service Protected Trust

    Protected Trust email encryption allows for real time email traceability with auditing logs recording who read the email and what they did with it, messages can be set to expire after a certain date so that they are no longer available or cancelled if they have been sent to the wrong person. Emails are encrypted with a unique symmetric key using AES256 then sent to Protected Trust servers, data never leaves the organisation computers unencrypted. If you email anybody not using the Protected Trust email service they will receive a link to read the message securely stored in the server.

    The content is made available to the recipient until expiration, retrieved with a shared secret that can consist of a known password or receiving a PIN to your phone number. Cryptographic hashing makes sure that emails have not been tampered with or damaged in transit.

    Protected Trust email HIPAA compliant
    Protected Trust email HIPAA compliant

    This email service is directed towards companies that need to comply with data privacy laws, it will cover legal liabilities if anything goes wrong and allows for accurate message tracking in case of security incidents. You can keep your current email provider and address, emails are easily sent using a Microsoft Outlook plugin that adds an encryption button to the interface, via Protected Trust web based portal supporting all major browsers (IE, Chrome, Firefox) or from a mobile device (BlackBerry, Android, iPhone, Windows Mobile).

    Protected Trust complies with the Health Insurance Portability and Accountability Act (HIPAA) regulating how patient data must be protected, financial institutions also need to comply with Government regulations regarding non-public data. The free version of Protected Trust is limited to just a few messages per month and requires phone verification of your account.

    Visit Protected Trust homepage