The Final PRISM Break Push: Secure & Private E-Mail

The time has come to wave my goodbyes to Gmail.

Ever since whistle-blower Edward Snowden exposed government security agencies around the world as lying bastards1 who spy on our every move on the internet, I’ve gradually taken steps to tear myself away from Big Internet. In my PRISM Break series of posts, I have - over the last two and a half years - ditched the closed source browser Opera in favor of Mozilla Firefox, replaced Google with DuckDuckGo as my default search engine, and moved all the content I had on public cloud storage services to a self-hosted ownCloud server.

But there is still one thing that ties me to the prying eyes of FVEY & Friends: E-mail. For a long time, I’ve been using Google’s Gmail to cover my (declining) e-mail needs. Why? Because it’s free, has tons of storage space, and is very reliable. But Google has to earn money somehow, right? Of course. They do this by having a look-see through your private e-mail correspondence:

Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.

The above paragraph is copied from Google’s current terms of service (archived version). Unlike government security agencies, Google is perfectly honest about what they are doing with your data. So if you’re OK with Google snooping, then Gmail is a great service. I’m not OK with that, and about eight months ago I started the hunt for an e-mail provider that takes security and privacy seriously.

I sat down and wrote a detailed analysis of the majority of the e-mail providers that were, at the time, promoting themselves as companies that didn’t dick around when it came to security and privacy. My conclusion was that while there were some promising providers out there nine months ago, none of them could really provide the features I wanted. So I decided to sit on the fence and wait to see how the market developed.

Doing that was one of the better ideas I’ve had. Since I wrote the original analysis, two of the companies I researched have gone tits up: Lavaboom declared bankruptcy in August, while Whiteout declared end-of-life for their services in November. Both closures are a shame, but it was a crowded marketplace with a rather limited user base, and some providers were bound to cave.

Two days ago, I had a look at the providers listed in the original analysis again to see how they were faring. Out of the 9 companies fund in the feature matrix, I selected the three I felt had the biggest potential for becoming my Gmail replacement, and had an even closer look at what they had to offer.

Posteo

Of the three, German Posteo is the company that has been around the longest - almost 7 years, to be exact. From what I’ve managed to gather by reading what they write about themselves on their site and from other sources around the web, they take both security and privacy exactly as serious as they should. As an added bonus, Posteo also focuses on sustainability, with 100% clean energy, organic-vegetarian lunches, and regular donations to various NGOs. So with Posteo, not only are all your e-mails safe, you can also get that great, tingly feeling of a clear and clean conscious.

Unfortunately, Posteo lack one feature that stops me from getting aboard: Custom domains. I’d like to send and receive e-mail through Posteo using the vegard.net domain, and as long as they don’t support custom domains, I can’t. Interestingly, the lack of custom domain support is entirely by design, as described in their FAQ.

Tutanota

Tutanota, another German e-mail provider, does support custom domains. At least if you upgrade to their premium plan, but at €1/month, that’s a cost I should be able to cover. Besides, when paying for a service, you’re no longer the product yourself, which is nice.

Tutanota has solved the challenge of how to communicate securely by e-mail with someone who is not using the same encryption-enabled e-mail service or other means of encryption, for instance PGP: When you send an encrypted e-mail to a recipient who use a provider that can’t automatically deal with the encryption, e.g. Gmail, Tutanota will send a link to the encrypted message in an e-mail to the recipient’s inbox. The original, encrypted message, is stored on Tutanota’s server and can be accessed by using the link in the e-mail and entering a password that the sender and receiver have agreed on by using out-of-band communications, e.g. over the phone, or by exchanging pieces of self-destructing paper.

In addition to this ingenious solution to e-mail communication being hopelessly unsecure, Tutanota also provides mobile apps for Android and iOS. On the flip-side, there is no 2 factor authentication - and we all know how much I love 2FA - but according to their site, it’s a planned feature. Another planned feature that is currently missing is a convenient way to import e-mails from another provider.

ProtonMail

Moving south across the German border, we find the Swizz company ProtonMail. If you follow internet security news, you might have heard of these guys: In November last year, someone tried to DDoS them back to the stone age. But ProtonMail managed to soldier through the attack, and the service came back online again after a few days.

Compared to Tutanota, ProtonMail is basically offering the same service: Encrypted e-mail communication with non-encrypted providers is solved in the same way, and support for custom domains is provided if you upgrade to their premium ProtonMail Plus or ProtonMail Visionary plans. But there is no 2FA support or a way to import e-mail from another provider. Like Tutanota, however, ProtonMail claim they are working on it. ProtonMail doesn’t support e-mail aliases, but they allow you to setup 5 different e-mail addresses with their premium plan. Probably good for companies, but pretty useless for individuals like myself. ProtonMail comes with a unique self destruct feature that will automagically delete an e-mail when a configured timer is up. Cool feature, but not something I see myself using very often.

The Verdict

So what’s it gonna be, then? It’s either Tutanota or ProtonMail. In the end I decided to go for ProtonMail, but for very trivial reasons: Through their website, ProtonMail comes across as a more professional company than Tutanota. I can’t quite put my finger on exactly why, so their PR department obviously did a good job on my subconscious. Also counting in ProtonMail’s favor is the look and feel of their web based and Android clients. They look better and feel more pleasant and user friendly than their Tutanota counterparts, and good UX and visual design are important factors.

So I’ve now jumped on the ProtonMail bandwagon. But have I shelled out the €48 annual payment for the ProtonMail Plus package required to use a custom domain yet? No, I haven’t, I’m just leeching on the free version and forwarding everything to ProtonMail from my Gmail account. With the lack of 2FA and no option to import e-mails from Gmail, I don’t quite see the point to make the move permanent just yet. One of the main reasons for leaving Gmail behind is to move my e-mail to a safe and private place. And that there is no 2FA support is, to be honest, a bit of a surprise. But when ProtonMail has 2FA and mail import implemented - or Tutanota do the same and up the ante with better web mail and Android clients - I’m leaving Gmail behind.

And that’s hopefully happening sooner rather than later.


  1. There goes my chance of ever working for the Norwegian equivalent of the NSA, PST↩︎


Feedback

Do you have any thoughts you want to share? A question, maybe? Or is something in this post just plainly wrong? Then please send an e-mail to vegard at vegard dot net with your input. You can also use any of the other points of contact listed on the About page.

Caution

It looks like you're using Google's Chrome browser, which records everything you do on the internet. Personally identifiable and sensitive information about you is then sold to the highest bidder, making you a part of surveillance capitalism.

The Contra Chrome comic explains why this is bad, and why you should use another browser.