"Privacy oriented" is something I strive for in my own dealings, but centralized service privacy is and always will be lip service. What does "privacy oriented" actually mean? It must be very clearly defined.
Let me give an example. A government entity sends a subpoena to receive all data on an email account. If the service provider is legally mandated to respond with data or face prosecution, what happens? In this case, Google might actually be better for "privacy" because they at least have the economic capability to push back against Doe subpoenas. A small provider won't have the resources to defend against a frivolous subpoena and will hand over everything.
Something to keep in mind when considering this stuff. I really think the only way to at least control the option to defend your privacy is to run your own servers.
The country where the company and servers are located makes all the difference IMHO. Many things that government can push in US under Homeland Security and similar acts, they can't in Germany. Their privacy laws are much more protective against mass and/or unsubstantiated surveillance, legal services are not that ridiculously expensive as in US, etc.
> Many things that government can push in US under Homeland Security and similar acts, they can't in Germany.
Many of the controversial things done by US intelligence/security services domestically in the "War on Terror" are just things they have long done (and are overtly charged with doing) overseas, but which are controversial (and in some cases outright illegal, either under statute law or the Constitution) when done domestically.
> Their privacy laws are much more protective against mass and/or unsubstantiated surveillance
The NSA is not exactly known for respecting privacy laws in its conduct of global mass surveillance, particularly foreign privacy laws.
> In this case, Google might actually be better for "privacy" because they at least have the economic capability to push back against Doe subpoenas.
I'm pretty sure Google complies with subpoenas for data all the time. Given their scale, they probably even have employees whose full-time job is dealing with government subpoenas for data.
If Turkey ask data from Gmail Google says that the USA has rights for free speach so we cannot give this guy's real IP (who sweared to Erdoğan). On the other hand Hotmail immediatly gives this kind of data to the Turkish prosecuters. Why? Because Government of Turkey is the customer of Microsoft but Google is not. So if you live in Turkey who you would trust? If you live in USA who you would trust? If you live in X who you would trust?
You might have a point if you compare FastMail and Google on intrusions for example - FastMail (ie, any small service provider) may not have the same calibre security team Google does.
All providers respond to subpoenas, IIRC. Even if it's just to say "we don't log anything".
I really hate the kind of “Privacy made in Germany” way of marketing, especially since I am german.
Mailbox.org seems decent from what I've heard but products advertised like this are mostly sheer bullshit. I don't know why transferring a “quality” label from (oldschool) engineering products to IT even works.
It resonates with me. I don't think it's just a reference to engineering quality, Germany is more privacy conscious than some other countries. Whether it's the cypherpunk & privacy-tech scene of Berlin, or the awareness of the consequences of surveillance resulting from the GDR days.
Even in little things: like Germans using cash because they don't want to create an electronic credit card trail of where they were, or walking through Munich train station and seeing Snowden in all the news headlines (in 2013), while back home he was getting nowhere near as much news coverage (and certainly not the front page headline).
I don't know if any of this applies to Mailbox.org, but as a marketing phrase it works for me.
> like Germans using cash because they don't want to create an electronic credit card trail of where they were
... and then using their Payback loyalty cards at every opportunity.
Don't get me wrong: many Germans hold out on loyalty cards and some people may indeed use cash to avoid a paper trail, but you make us Germans sound like mythical privacy-minded creatures which the vast majority of us is decidedly not.
The mark is so overused, one day it will actually do what it was intended to [0]. I think that is a tragedy. One of the best brands in the world gets destroyed, because it is not actually a brand. Free rider problem.
Right, the war efficiency and quality car production sure created this stereotypes. It is quite amusing when you see how poorly things are ran in Germany irl. Like road works taking 10 years. Or the Berlin Airport debacle, which can teach Italian Mafia a lesson or two:
If you actually listen to the guy's talks (Heinlein) on youtube, you will see that he cares deeply about privacy. That's all it means, it doesn't mean that the whole German society cares more than others about privacy.
A month or two ago I sent them an encrypted (gpg) mail to their support address but they replied in plaintext and even citing my original request in full.
After the fastmail fiasco (they increased prices, and now old packages no longer have access to the newest features), I started looking for an alternative and came across mailbox.org... I've been trialing for a few days and they do seem interesting.
I just wish we could use an unlimited number of aliases in our own domain, it doesn't make sense to me otherwise..
They do have some interesting features, such as mailbox encryption as well as calendar/contacts encryption. It's client-side encryption, though it's in the browser.
It's probably worth clarifying that you have a business account with multiple users, and FastMail have recently implemented a new setup that changes how their business accounts work.
I've used FastMail for my personal mail for about 10 years, and the changes have made no difference to me at all.
Do you have some citation for this "fiasco"? They did change the plans but I was unaware of any significant unhappiness. (And existing users can keep their old plans anyway.)
I think they abandoned a lot of their "freemail" style services but grandfathered existing users in some cases and those grandfathered plans now aren't updated for obvious reasons?
I really can't recall a major negative fallout from that and I'm fairly certain I joined right around the time that happened (the docs were still a mess because a lot of it hadn't been updated yet and referred to the now non-existent plans).
There was a fiasco? And I'm not aware of any features that old plans don't have access to. AFAIK the only difference that would be made by me moving to the new plan structure would be paying $50/year for 25GB instead of paying $45/year for 15GB.
It gets a lot more complicated for "Family" and "Business" accounts.
Previously, it was possible to mix users with different plans in the same family or business, so heavy users would get the $40 plan while light users would get the $10 plan. Now it seems that everyone in the family or business needs to have the same plan (usually the $50 plan because of the custom domain requirement). This can increase the cost by up to 400% for some users.
Individual users aren't affected much, especially since they will continue to be billed at the previous price until and unless they decide to change plans.
I was about to move from Google to Fastmail (been looking to move away from Google for a while) and then I read your comment. Now rethinking the decision.
Make the move. FastMail is great. I didn't even know there was a fiasco (I knew they changed their pricing structure to make it much simpler, but it doesn't really affect me in the slightest as a normal user). I switched from Google to FastMail a while ago and I haven't had a single regret.
I like the product it supports open standards, imap, caldav, carddav.
If you want you can lock down pretty much everything with pgp.
Data is in Germany/EU and the pricing is really fair stars with 1€/month with 3 mail aliases and 2 GB.
The guys behind it seem to be IT people with Linux/open source mindset and good ethics as far as I can judge.
I use them as well, they have custom domain and two factor authentification support. The only complain is that sharing in their online Office can be buggy, i hope Open-Xchange will fix that, but that's more of a side feature for me. At least their business model seems more honest than Proton Mail.
Mailbox.org runs http://open-xchange.com/, so besides email you also get a calendar and (rudimentary but functional) online word processor and spreadsheet, with team collaboration. You can try a demo of the software on the Open-Xchange site.
I've also been a happy customer for about a year now.
Does ProtonMail have a feature similar to the "full inbox encryption" [1] mailbox has? Also, there are some nice features in mailbox, like only allowing to send email to other servers which support encryption [2].
I'm genuinely curious if ProtonMail has similar functionality on offer, especially since it appears to be free.
TL;DR: It encrypts just about everything in storage but "Subject lines and recipient/sender email addresses are encrypted, but not end-to-end encrypted.", which tells me they might have access to these things.
I've been using Protonmail for a year now, and I'm very happy with it. I have several domains on it. The mobile apps are decent (I have iOS and Android), and the web app is fine. It's not perfect, but given their limited resources compared to Google I'm quite impressed.
I think we need more of these types of companies, or at least more competitors in this realm. I've also heard so many good things about FastMail too. We need more mail providers who are:
* trustworthy
* secure
* reasonably priced
* etc.
If running my own mail server was not so laborious and headache-inducing, i'd love to move away from google for apps/domain. I have no functional complaints of google; i am happy with their performance without a doubt. Its just that, as every day passes, I keep getting creeped out; its the "ick" factor. And for me it started well before the Snowden disclosures.
If you want to stop using Google for email, but want to keep the domain in Google Apps for whatever reason, you can set up a FastMail account and then configure Gmail to forward all of your email to FastMail. Yeah your email still goes through Google's servers so it's not completely ick-free, but at least you don't have to deal with using Google for email on a day-to-day basis anymore.
Readit News
Let me give an example. A government entity sends a subpoena to receive all data on an email account. If the service provider is legally mandated to respond with data or face prosecution, what happens? In this case, Google might actually be better for "privacy" because they at least have the economic capability to push back against Doe subpoenas. A small provider won't have the resources to defend against a frivolous subpoena and will hand over everything.
Something to keep in mind when considering this stuff. I really think the only way to at least control the option to defend your privacy is to run your own servers.
Many of the controversial things done by US intelligence/security services domestically in the "War on Terror" are just things they have long done (and are overtly charged with doing) overseas, but which are controversial (and in some cases outright illegal, either under statute law or the Constitution) when done domestically.
> Their privacy laws are much more protective against mass and/or unsubstantiated surveillance
The NSA is not exactly known for respecting privacy laws in its conduct of global mass surveillance, particularly foreign privacy laws.
I'm pretty sure Google complies with subpoenas for data all the time. Given their scale, they probably even have employees whose full-time job is dealing with government subpoenas for data.
All providers respond to subpoenas, IIRC. Even if it's just to say "we don't log anything".
Mailbox.org seems decent from what I've heard but products advertised like this are mostly sheer bullshit. I don't know why transferring a “quality” label from (oldschool) engineering products to IT even works.
Even in little things: like Germans using cash because they don't want to create an electronic credit card trail of where they were, or walking through Munich train station and seeing Snowden in all the news headlines (in 2013), while back home he was getting nowhere near as much news coverage (and certainly not the front page headline).
I don't know if any of this applies to Mailbox.org, but as a marketing phrase it works for me.
[I'm Australian, but an 'aspiring German'.]
... and then using their Payback loyalty cards at every opportunity.
Don't get me wrong: many Germans hold out on loyalty cards and some people may indeed use cash to avoid a paper trail, but you make us Germans sound like mythical privacy-minded creatures which the vast majority of us is decidedly not.
[0] https://en.wikipedia.org/wiki/Made_in_Germany
https://en.m.wikipedia.org/wiki/Berlin_Brandenburg_Airport
And also: http://www.bbc.com/news/world-europe-36185194
German wikipedia article about it: https://de.wikipedia.org/wiki/E-Mail-%C3%9Cberwachung
Deleted Comment
But now the rules are different. Spyware can only be used "when lives are at risk". http://arstechnica.com/tech-policy/2016/02/german-police-can...
I just wish we could use an unlimited number of aliases in our own domain, it doesn't make sense to me otherwise..
They do have some interesting features, such as mailbox encryption as well as calendar/contacts encryption. It's client-side encryption, though it's in the browser.
An alternative to mailbox.org is mailfence.com.
I've used FastMail for my personal mail for about 10 years, and the changes have made no difference to me at all.
I really can't recall a major negative fallout from that and I'm fairly certain I joined right around the time that happened (the docs were still a mess because a lot of it hadn't been updated yet and referred to the now non-existent plans).
Dead Comment
Previously, it was possible to mix users with different plans in the same family or business, so heavy users would get the $40 plan while light users would get the $10 plan. Now it seems that everyone in the family or business needs to have the same plan (usually the $50 plan because of the custom domain requirement). This can increase the cost by up to 400% for some users.
Individual users aren't affected much, especially since they will continue to be billed at the previous price until and unless they decide to change plans.
Do they also use on Open-Xchange?
I like the product it supports open standards, imap, caldav, carddav. If you want you can lock down pretty much everything with pgp. Data is in Germany/EU and the pricing is really fair stars with 1€/month with 3 mail aliases and 2 GB.
The guys behind it seem to be IT people with Linux/open source mindset and good ethics as far as I can judge.
I feel very comfortable with mailbox.org
[0]: https://protonmail.com
I've also been a happy customer for about a year now.
edit: maybe they are? http://oxpedia.org/wiki/index.php?title=SourceCodeAccess Why is there no link on main website?
I'm genuinely curious if ProtonMail has similar functionality on offer, especially since it appears to be free.
[1] https://support-en.mailbox.org/knowledge-base/article/the-en...
[2] https://mailbox.org/en/ensuring-emails-are-sent-securely/
edit: links
TL;DR: It encrypts just about everything in storage but "Subject lines and recipient/sender email addresses are encrypted, but not end-to-end encrypted.", which tells me they might have access to these things.
If running my own mail server was not so laborious and headache-inducing, i'd love to move away from google for apps/domain. I have no functional complaints of google; i am happy with their performance without a doubt. Its just that, as every day passes, I keep getting creeped out; its the "ick" factor. And for me it started well before the Snowden disclosures.