I’ve been using the U.S.-based company Cotse.net for email and proxy services for many years, ever since I learned about it from S. Cotse gives good service at a good price. I’ve been a happy customer. There’s nothing at all wrong with Cotse.
Except that it’s based in this increasingly thuggish surveillance state.
Which has already driven more than one privacy-protecting company to shut its doors.
I’m seeking a back-up service. I’ll keep Cotse, but I want to be using a Plan B if the feds drive them out of business, too. So I’ve been reading articles like this one. But online reviews are no substitute for personal knowledge.
What can you tell me — from personal experience and/or knowledge of a company’s location, management, and services — about other reliable services?
Here are the requirements
* MUST BE BASED OUTSIDE THE U.S. — MUST!
* Will preferably be based in a jurisdiction where its owners feel no need to kowtow to every illegal demand of some UberGovernment.
* Provides services including email and VPN
* Has reasonable rates
* And shows no sign whatsoever of just being some phony front for the surveillance state.
I started using hushmail.com about 2 months ago. So far, so good. Located in Canada. If you send an email to another hushmail user, the entire message is encrypted. I have two partners in a precious metals biz, and now all of our interaction uses hushmail. A great feature is their inability to gain access to your account information. ANY account information. If you forget your password (they encourage the use of passphrases, btw), they have no way of resetting your account… so you’d lose all of your data. I chose the $35 for a year plan. Can’t say if they have a VPN service.
Oh, also, if you want to send a non-hushmail person an encrypted email, you can. It’s a bit clumsy, but works very well. AND the encrypted message you sent them is automatically deleted in 2 weeks.
I’m a happy, non-compensated customer!
I’ve heard purevpn.com is decent, but have no personal experience.
The problem with all of these, even if you believe what they say, is that in all probability the certificate authorities that they use have been compromised. Given that they wide open to who ever has the key to their certificates.
Then there is the Liechtenstein bank problem. No matter what secrecy laws (or policies) are in place, if a rouge employee sells the customer list….
If you are not a deep geek then I think the best bet is to use a standard mail service and encrypt. The meta data will be visible but the actual content will not.
If you are a deep geek (or have access to one) set up your own mail server, use your own certificates, and have the people you want to communicate privately with send you email using that server. Of course, still encrypt.
With regard to Hushmail, this is old so may not longer apply, but they have turned stuff over to law enforcement in the past: http://www.wired.com/threatlevel/2007/11/hushmail-to-war/
Hushmail? Maybe… not.
Or even… definitely not.
I stopped using it several years ago.
Dammit. Went to moderation. While we wait for Claire to find that, try a web search on “issue with Hushmail”. You’ll want to see the multiple cases of Hushmail turning over cleartext emails to the feds.
That having been said, cryptohippie.com offers what seems to be a good service with a good security service. I know a few of their customers and they are happy. They are expensive.
Sorry, no personal experience. But the Feens recommend Boleh.
Unfortunately, they don’t appear to provide e-mail service. But then, just spot checking the providers at that About article, none of them do either. My initial impression is that e-mail isn’t typically a bundled service from VPN providers.
Boleh is HQ’d in Malaysia.
So far have just used the free proxy to visit pro liberty sites, works well, almost as fast as not using it.
Thanks for this article.
I’ve been wanting to switch over to a new email service for a while.
Startpage.com has an email service in the works, but who knows when they will set it up.
I’ve been looking at neomailbox.com but I haven’t tried it.
Neomailbox.com is their US-based service. Neomailbox.net is their Swiss-based service. I have an account on the latter, basically sitting there idle at the moment until I switch over. In my experience their response to service requests is quite slow but eventually everything got taken care of, although not always to my satisfaction. For example I bought their offshore privacy combo which is their secure email plus their VPN-like service. They don’t use openvpn for the latter, but SSL. Not really their fault I suppose but I could find no working package in Arch Linux to interface with the latter. Hmm maybe I should try again since I’m now on Lubuntu.
In general it seems to me that integrating VPN service and email service in the same server would make a lot of sense, but outside of this not-yet-successful combination in neomailbox I have had no luck finding that. Companies seem to concentrate either on VPN or on email.
As to VPN I have used ibvpn.com so far. They are good and cheap and just as important, allow you to subscribe by the month. I started with them just to experiment with VPN and get my feet wet but I’m so happy with them I have never found the need to move on. Quick and competent service too. They are a Romanian company with servers located in lots of good places like Netherlands (good privacy laws). Ideally I think one should use two servers, one located in Canada for good performance, and one in a place like Netherlands for best privacy. Too bad their packages no longer allow that combo at the cheapest rate, $5 a month.
If you access your email server via your VPN server you may find a problem sending email. You will have to change from default port 25 to an alternative port in your SMTP setup (assuming you use a client rather than webmail). Ask the email provider, but port 587 has worked for me, for both my email providers.
I should say that neomailbox is a Swiss company; their email servers are located either in Switzerland or the US. That does tend to make a person wonder a bit…
Oh, one other thing. These services are now allowing a lot of payment options, often including bitcoin. I think paying for them with bitcoin probably helps security somewhat; maybe a lot. This might be another topic for discussion.
Thanks for the suggestions, guys, and sorry for not responding more quickly. I’m looking into everything you’ve suggested to me here in comments and sent by email. Except Hushmail (sorry); I don’t trust any service that claims to handle email encryption for users & haven’t seriously considered Hushmail since it started up.
Looking into everything else.
Unfortunately I keep running into some familiar problems that I didn’t think about while writing the above post. One is that offshore usually services want to be paid by credit card, which defeats the privacy purpose. The other is that some have client software that’s only for Windows. Drat.
The links above may answer some questions but I still only use the freebie, will be awaiting feedback. The freebie works fine for what I need so far.
runbox.com for email. Based in Norway with solid privacy protection. IVPN.net for VPN services, based in Malta.
Something to keep an eye on… http://www.czhliw.com/2013/10/dark-mail-alliance-fighting-to-bring-privacy-back-by-reinventing-email-encryption-rt-usa/?https%3A%2F%2Fwww.facebook.com%2F
Here’s something hopeful for the future. And look at the source! How great that these guys, driven out of business by the surveillance state, haven’t given up.
Hope they have the good sense to base this operation offshore. FAR offshore.
[Unfortunately I keep running into some familiar problems that I didn’t think about while writing the above post. One is that offshore usually services want to be paid by credit card, which defeats the privacy purpose.]
Neomailbox takes bitcoin and pecunix. Ibvpn takes bitcoin and a bunch of non-credit card options. Runbox takes cash at least. Cyberghost “partners” with 3rd-party sellers like bitmit which is a bitcoin marketplace. Boleh seems to have very limited payment options, essentially paypal. Cryptohippie takes cash, pecunix, or bitcoin.
Clearly after Snowden et. al. these vendors need to add anonymous payment options if they wish to stay competitive, and they are certainly moving in that direction, from what I see. The payment options were much more limited a couple of years ago.
The VPN vendors will need an email address to contact you for service, but if you use your anonymously set up offshore email that shouldn’t be a problem. However IIRC when I set up my neomailbox account they asked for my old email address for an alternative in case the initial setup didn’t work; that obviously is a security problem if it happened that way (not too sure, just relying on memory). If you can tell them to use your new neomailbox address that you will check via webmail, that would be more secure.
Another question that occurs to me, is who do you give your new email address to, after going to the trouble of anonymously setting up a secure offshore account? Clearly, you don’t want your name associated with that account online, otherwise it would no longer be anonymous! I’m guessing everyone needs both a public and a private email. The public could just be some gmail thing, and this is the one you provide when writing articles for public consumption.
I don’t know, if your circle of friends who you give the private email address to is too small, there hardly seems to be any point in having one. This stuff leaves me scratching my head…
Thanks, Ragnar. Ooops, your comment went into spam, then I found a similar story at Rational Review News and posted it. Urg.
Or great minds, as the case may be.
Runbox looks pretty good. I put them on the top of my list thus far for when I get my website going in a couple of months. Thank you, Mr. Galt.
Paul, that’s one of the big problems with trying to keep things private. I use COTSE, but have only one correspondent who does. The rest? Mostly Gmail, and other big-company providers.
In re. the Dark Mail Alliance, I commend their efforts. I won’t trust it though, because of end-device security. Since I have a droid phone, I’m painfully aware of the difficulty of typing good quality passphrases using the screen keyboard. This will lead to people using short PIN type passcodes. Perhaps they have a plan for how to get around this, but it’s a difficult nut to crack.
Good article on Dark Mail:
Hope nobody’s posted it yet. 😉
Yeah, you have a point, jed. But it’s a step in the right direction, and the folks who actually need security will use better passwords even if it is a pain. Maybe they won’t be using smartphones at all since there are multiple security issues with them.
The biggest hurdle, still, is getting people to use encryption at all. To the extent that DarkMail helps with that, I’m all for it.
Last I read, sales of PCs are down. Part of that is that there’s a lot less upgrade pressure now, with PCs being as fast as they are. But tablet sales are on the rise, along with smartphones. And judging by what I read, most people just don’t understand the need for strong passwords. And, cracking techniques keep getting better. Most people don’t even read the same stuff I do, concerning security, passphrases, and biometrics. So yeah, just unlock your iPhone with a fingerprint now, and don’t worry!