Best "free" email?

Get a hitler.rocks email.

Tutanota is the closest you get, but now that they have """recovery keys""" it means someone, somewhere other than you has access.

You cant /thread your own post you newpenis.
Why am I seeing this everywhere, every day?

>Why am I seeing this everywhere, every day?
Summerfags, dont worry school is almost in

> forgets self hosting with gpg
Check mate athiest

Encryption doesn't matter unless you are messaging other privacy weirdos.

If you regularly message people who use gmail then don't even bother lmao.

>hacks your buggy self-hosted email server

Why does it matter where they are sent if there is encryption? Pronto mail seems secure and open source friendly. Self hosting opens oneself to a headache of spam and complicated setups. Only thing I wish protonmail had was IMAP on the free tier.

Because they use the encryption with the Mossad elliptic curve recommendations, aka back door. All traffic is decrypted on the fly and stored. Never use intelligence agency provided defaults. Several Palestinian sand niggers have already gotten black-bagged after organizing using ProtonMail. Enjoy being Israel's bitch.

So there is no good alternative then? Guess I will stick with it.

>gay name
too scared to use a horsefucker.org address? i think it's cute

Attached: 915.jpg (694x600, 87K)

Yes. Tutanota, RiseUp, Criptext, and Disroot are all better.

Oh, and obviously, self-hosting.

Do you have a single source to back that up?

Recovery keys aren't an issue if you set up 2FA with a Yubikey. To reset your password, you will need your second factor and your recovery code. To reset your second factor, you will need your login password and the recovery code. Meaning the rest of the world is locked out without your yubikey.

Or am I wrong?

Even if you're paranoid about the recovery key, which crosses Tutanota off the list, Criptext is superior to PM and Tuta.

>Tutanota
>recovery keys

I started using Tutanota recently. What do these anons mean by that or are they just scarefaggots?

Yes it is, dont listen the stormfags still seething because their ihateniggers email got taken down by obvious reasons

thatoneprivacysite.net/email-comparison/
No criptext listing. Sounds botnet.

/thread
Tutona, Criptext and Disroot are also good option.
>obvious reasons
GFY

Attached: mail-mail2tor-logo-anonymous.png (1200x1200, 10K)

Criptext is pretty new. It uses the Signal protocol for encryption, and the emails are stored on your device, rather than their server. Once the email is delivered, it is purged from their server, meaning there is nothing for them to hand over. If your device is powered off, they will hold the email until it is deliverable (with a max date of 30 days). Even if caught in transit, all that Criptext would be able to see is subject, date, and sender email address.

They already have a white paper and their privacy policy is very clear.

Attached: Untitle22d.png (1093x298, 58K)

Sounds interesting. I hope ThatOnePrivacyGuy can add it to the site so I can easily see how it compares to the other providers.

Yeah, keep an eye out for it (and maybe ask him to research it, if you can reach him). Another real nice part about it is the 2FA. Rather than insisting on Yubikeys or a "shared secret," like TOTP, their 2FA is a push notification sent to your inbox (whether you run the program on your PC or have the web app), that tells you that another device is requesting access, and would you like to grant it? Only devices that already have access can give permission to new devices, and if you have multiple devices authorized, rather than the server holding onto your emails until they are delivered to all devices, your secondary devices will get your saved emails from your primary device (typically, this means that your phone, which is almost always on, will sync with your PC, which isn't). The emails will still purge from the server upon delivery to any device.

I really like what they are doing, and am interested to see how they plan to monetize themselves (should be announced sometime this year).

Whats the proof that protonmail is sending traffic thru israeli telecom?

And what does it matter if its encrypted?

Ran the test myself too to verify.
cryptome.org/2015/11/protonmail-ddos.htm

Not who you were asking, but to me, the Israeli telecom isn't really the issue I have with PM, although I have several. Firstly, even though they have onion domain, they don't for signups.
When you try to sign up through it, you are redirected to the regular domain with no indicators unless you happen to look at the address bar.

Secondly, if you're signing up through Tor or a VPN, ProtonMail requires SMS confirmation OR confirmation through a non-private email (they won't let you use Criptext, Tutanota, or RiseUp for email confirmation). This leaves SMS confirmation, or donation, which would reveal information about you.

Thirdly, The way their "end to end" encryption works is by generating the encryption keys while you sign up - using your already existing keys is not allowed and ProtonMail must store the generated private key (archive) for PGP to work. Since the whole encryption process is done by JavaScript in the browser, nothing prevents them from sending you backdoored JS.

Fourthly, Protonmail's encryption contains serious shortcomings. Source: eprint.iacr.org/2018/1121.pdf

Fifthly, they state in their privacy policy:
>"We employ a local installation of Matomo, an open source analytics tool. Analytics are anonymized whenever possible and stored locally (and not on the cloud)."

So what's information does Matomo collect? According to their website:
>All standard statistics reports: top keywords and search engines, websites, social media websites, top page URLs, page titles, user countries, providers, operating system, browser marketshare, screen resolution, desktop VS mobile, engagement (time on site, pages per visit, repeated visits), top campaigns, custom variables, top entry/exit pages, downloaded files, and many more, classified into four main analytics report categories – Visitors, Actions, Referrers, Goals/Ecommerce (30+ reports)

(cont)

Continued from Sixthly, the information that PM collects themselves:
>we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, message subject, and message sent and received times. [...] We also have access to the following records of account activity: number of messages sent, amount of storage space used, total number of messages, last login time

And finally, this gem:
>When a ProtonMail account is closed, data is immediately deleted from production servers. Active accounts will have data retained INDEFINITELY. Deleted emails are also permanently deleted from production servers. Deleted data may be retained in our backups for up to 14 days.

I hope it doesn't detect another device by ip?

Well, I don't know what you do, but I have stopped trusting people saying something without evidence when I was 6.

Nope. Right now, my phone and laptop are on the same wifi network, and I just downloaded the AppImage for linux. I turned off my VPN for both devices. Still got hit with the 2FA.
I entered in my username and password on my laptop, and then it told me to "check and approve on your existing Criptext device to continue." Opened up the app on the phone, and saw pic related.

I cropped the image for privacy reasons, obviously.

Attached: criptext approval.png (534x422, 21K)

/thread.

Disroot and encrypt your emails.

And here's what my laptop looked like when I rejected the request on my phone.

Attached: criptext rejection.png (1217x664, 141K)

help me oldwrinklypenis im new here but i've been ghosting since 2018 where would these posts go

Kino. Absolutely kino. Hopefully this one will stick around for a while.

I think it will, depending on what they lock behind premium, and how much that costs. I'd like to see "premium" be more like Tutanota than PM, at least cost-wise.

jews are the best bet imo at least they'll keep the info to themselves

cock.li is redpilled af, e.g. he doesn't reset passwords, at all

arstechnica.com/tech-policy/2015/12/cock-li-e-mail-server-seized-by-german-authorities-admin-announces/

If privacy is the goal of this email service, I can not imagine a way in which it possibly could have failed more. The victims of this breach were probably wishing they never cared about this "privacy" stuff and still kept using Gmail. Also, forget about having a normal domain name with this guy - they are all shitty jokes about cocks, rape, memes like blazeit and others you'd rather not show to most people.

Another really significant issue is how often the cock.li domain is blocked on various sites. With that in mind, I cannot anymore say that this is a good choice at all. It does at least have an onion domain at mail.cockmailwwfvrtqj.onion/. However, this does not prevent them from reading your mail or storing the metadata.

Why are so many of these "dude totes privacy email" servers in the heart of the 4th Reich? No fucking duh they're compromised.

There are plenty of acceptable privacy-focused mail solutions. Cock.li is not one of them, and it wasn't really designed to be.

Anyone who cares about privacy uses PGP to secure their shit.
GnuPG is piss easy to use. It literally takes seconds to set up and works on all devices and is absolutely free in every sense of the word. The only people who don't use it either don't care about their privacy enough or have been living under a rock for about 20 years.

PGP and GPG have some pretty serious issues, as well. Lots of metadata, as well as the subject line and all attachments.

It's a big reason why the Signal protocol was created. Too bad it's mostly being used in instant message clients. Criptext seems to be the only service trying to use it for email, and while I like them a lot, the more competition, the better.

>PGP and GPG have some pretty serious issues, as well. Lots of metadata, as well as the subject line and all attachments.

So which is it, have you been living under a rock or do you simply not care enough?

Attached: no.png (742x70, 33K)

See

Attached: 1566246901477.jpg (400x197, 14K)

>Protonmail is walled garden garbage.
What? There's a free version of their email as well. What walled garden garbage? As far as I know, you have to go through heaps and piles of unadulterated autism to just get an account for Riseup, not to mention that you can't sign in right away. First to somehow get invited to RED or something and then to another forum where you can beg other autists for a Riseup invite...

>didnt they ban peoples accounts based on baseless accusations?
Uhhhhhhhhhhh, no?
There was one case of a man with a nationalist slogan in his email getting banned, but he also complained about it on Reddit and posted flyers around town.
>also it seems too honeypot like for me
How? Why?

>uh i mean they did but he did have the gall to tell people his email existed so no duh he deserved it
Do you hear yourself

I'm looking at it, but what are you supposed to say if not "Signal Protocol." That's literally what it is. Ditto for white paper.

>They most likely store all your emails and sell them all to the highest bidder.
How? The emails aren't stored on their servers.
>E-mail is insecure by design no matter which service you use (unless you use something like PGP on top of course).
Which is what Criptext does, only instead of using PGP, it uses something else that apparently nobody on Jow Forums is allowed to say without admitting they are a shill.

There's a reason that thread had a total of 3 posts by 2 posters. One was the OP, one was a copypasta, and one was the OP replying to himself calling the CEO a jew

>And try to avoid using email in general. There are much more secure alternatives.
What are the more secure alternatives, and what do they use?

Yandex Mail.

>Uhhhhhhhhhhh, no?
>There was one case of a man with a nationalist slogan in his email getting banned, but he also complained about it on Reddit and posted flyers around town.
How do you know he posted those posters, instead of somebody else who knew his email address and wanted his email account banned?

>So there is no good alternative then? Guess I will stick with it.
Why the fuck are you even indulging someone screaming "DA JOOS MAN DA JOOS" instead of providing actual arguments or sources?
And see? Somehow we didn't head a peep from him when asked directly.

They banned one (1) flagrant stormnigger

>uh i mean they did but he did have the gall to tell people his email existed so no duh he deserved it
>Do you hear yourself
I do. Not seeing the issue here. It's not like anything of value was lost in the world by deleting such an account.

>Why the fuck are you even indulging someone screaming "DA JOOS MAN DA JOOS" instead of providing actual arguments or sources?
See: Not a single mention of Jews, with the exception of stating that I don't have an issue with the Israeli telecom. Still had 7 valid criticisms about the service.

He himself started a reddit thread and identified himself even further. Can't dig up the sources right now...

Someone claiming to be him started the Reddit thread AFTER his account was already suspended. Even presuming it was him (which, for the sake of this argument, I am willing to do), they didn't wait and see if it was a false flag. They also gave him no time to get a backup of his inbox.

So yeah, fuck PM. They didn't wait for a valid court order. They didn't even contact the email to see if it was the account owner who was posting those fliers. They just deleted his account, and said "tough titties."

That's more like it.
Even with all that, they just had an attack recently ant their attackers failed. Some countries and websites have outright banned Protonmail. They're definitely doing something right.
neowin.net/news/protonmail-blocked-in-russia-25-other-web-addresses-cut-off-as-well
protonmail.com/blog/bellingcat-cyberattack-phishing//

Nothing you said had anything to do with the 7 very valid criticisms I gave about the service.

Why bother taking any risk when PGP is a thing? I don't get why anyone would bother with a dubious alternative when a tried and true tool already exists. It even transcends mediums so it cannot be banned like ProtonMail. The only problems it may have is /maybe/ a keyserver thing but even that can be mitigated as you shouldn't be using those anyway.

Considering Protonmail is nothing more than "Auto-PGP for dummies", I don't see the point of it to begin with. And it's not like there's a good way to see which addresses have ever signed in with Javascript, which means that their inbox could be compromised.

Just use disroot and encrypt your emails

Well for starters, it can be banned depending on where you are. Also I don't think it even has encrypt-subject support. And also you're taking an additional risk not managing your own private keys. You're practically handing them over to whatever client takes care of them for you. You're better off using enigmail.

>Also I don't think it even has encrypt-subject support
It doesn't.

But it sounds like we are both preaching to the choir. Personally, I don't think you can really call any email service secure that uses JavaScript. Does this mean Tutanota/Protonmail are insecure? Not if you only use their mail clients, but that doesn't change the fact that JavaScript is still an option. Furthermore, in the case of PM, you can't enable 2FA without accessing their JavaScript client. Their android and iOS apps definitely don't allow it. I'd need to check to see if their standalone app on PC would allow it.

>email
>privacy
They just don't go together, do they?

Attached: Lv0VJ9W.jpg (816x404, 131K)

Where is this coming from? I have several tutanota accounts and I was never prompted for any keys.

Depends on how you qualify privacy.

tutanota.com/blog/posts/development-feature-list/

Attached: tuta recovery code.png (750x1334, 103K)

>NATIVE electron app
kek

I don't think their phone apps are electron.

Oh well.

talking about NATIVE desktop app

Thanks for posting fren.

host your own service on your own machine

Does PM have a desktop app at all?

This.
The only thing it lacks for me is that you canct open PDF in the e-mail client, but that may be a security feature, idk

You might as well use gmail then

it does, unofficial eletron garbage

Gmail wouldn't have deleted his account. They let almost anything fly. I don't use PM anymore, and I'm really glad that I never paid for anything.

If anyone is abandoning their PM, remember to delete the account. If you don't, they keep all records of everything you do forever.

>unofficial
Wouldn't trust it regardless, then. I know Tuta has a desktop app. Is it electron as well?

Side note: I don't use either service.

rule of thumb: if it has "app" in the name it is electron

tutanota.com/blog/posts/desktop-clients/

>Secure desktop clients based on Electron
>When we decided to build desktop clients for Tutanota, we carefully evaluated whether to build a native client for each OS or use Electron to convert our webmail client into desktop clients for Linux, Windows and Mac OS. We have opted to use Electron for the following reasons:

Who cares what the reasoning is? This is bucking privacy for ease of development. This is likely fine if you aren't describing yourself as a privacy company.

I will never understand why so many "privacy" companies take the easy way out.

>- we copy pasted the html file into ~/.trash/
>- then it was as easy as using zip to create it!
javashits larping as developers

>Please note that if you open several instances of the desktop client, only the instance that has been opened first saves data if you choose to save the login password or create a search index. At the moment, the additional instances only use a temporary cache so that such data is not saved when you close the desktop client again.
almighty kek

Also, I have no idea why their priorities are what they are. Blocking a message or marking a message as Spam is one of the dumbest things ever from a usability standpoint, and they seem dead set against fixing it. Then they focus on an encrypted calendar, for whatever reason, and are just now getting around to implementing it. No way to sign in via biometrics, meaning you either leave your ass swinging in the breeze, or have to enter your username, password, and 2FA code every time. Also, they still haven't had an audit, despite being since 2011. I'm also pretty sure that it was a volunteer that made their 2.0 look, and the dark mode looks washed out as hell.

I'm just seeing all sorts of priorities on shit that doesn't really matter, while ignoring easy to solve problems that would improve the look and quality of the app.

>There's a free version of their email as well. What walled garden garbage?
The free version is unacceptably gimped. You're forced to use their webmail as they don't support email clients in their free plan, which is a deal-breaker. Not to mention, even if you do pay, the bridges are proprietary and only work on Windows and macOS.
>As far as I know, you have to go through heaps and piles of unadulterated autism to just get an account for Riseup
All you need is an invite from a friend. It's literally the opposite of autism.
If you have no tech friends and you're considering even getting an account at a private tracker just to beg for an invite to a stranger, then you're exactly the kind of autist that shouldn't use Riseup. The point of needing an invite is to filter out the spergs who eventually ruin it for everyone.

Fucking shill. I've already read this exact same text twice on Jow Forums

Keep in mind that most residential ISPs block email hosting, so you need to find a VPS that's not on a spam blacklist.

>All you need is an invite from a friend. It's literally the opposite of autism.
Yeah... From a friend mental enough to have gone through the pile of autism that is becoming a RED member. I'm sure that easy.
>The point of needing an invite is to filter out the spergs who eventually ruin it for everyone.
How the fuck can you ruin an email client for other people? It's not a social network.

Ignore them anyways. Between their icon (a black and red star), and their About Us page, you can tell that these guys are "revolutionary" Anarco-communists at minimum. Possibly antifa.

Some snippits:
>We do this by providing communication and computer resources to allies engaged in struggles against capitalism and other forms of oppression.
>We work to create revolution and a free society in the here and now by building alternative communication infrastructure designed to oppose and replace the dominant system.
>We promote social ownership and democratic control over information, ideas, technology, and the means of communication.
>We empower organizations and individuals to use technology in struggles for liberation. We work to support each other in overcoming the systemic oppression embedded in the use and development of technology.

>Meet the Collective
>Cedar Waxwing (Bombycilla cedrorum)
>Waxwing is a revolutionary hacker and critic of late capitalism.

>Colibrí Jacobina (Florisuga mellivora)
>...she doesn’t hesitate to use her abilities and radical spirit to fight rich people, men, meat eaters, fascists, monogamy, and the police.

>Eurasian Blue Tit (Cyanistes caeruleus)
>A few years ago it stopped migrating and now nests in a small town commune.

>Greater Roadrunner (Geococcyx californianus)
>He spends his days as an anarchist hacker....

>Rook (Corvus frugilegus)
>Rook helps make tools that other birds use to hack at the intersections of kyriarchy, from cissexism and heterosexism to racism, in the world at large and within the social justice movement itself.

>Sunbird (Nectarinia asiatica)
>For his day job, he is a legal worker focused on protecting the rights of immigrants and refugees.

>Alumni

>Arara (Ara macao)
>His interests range from... politics, economy, social movements, anarchist theory and how the hell we are going to get the world out of this shithole it is in right now.

And I'm not even done. I've just hit the character limit.

Oh, and my personal favorite:
>Catbird (Dumetella carolinensis, small bird of the thornbushes)
>Catbird enjoys challenging gender stereotypes and is not afraid to invite some feminine energy into tech work.