All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What do you want in an email provider?
Legit question. I know it's generic, but I'm truly interested in the answers to this question. If you could have the perfect email provider, what features would be the ones that made you define it as perfect?
To be clear, I have been intending to offer a free email service for quite some time. I have reached out for a lot of private feedback, I want to hear the thoughts of anyone else who is interested. My priorities are privacy and transparency in how I provide that privacy. Think lavabit but maybe a tad less genius, and I don't care if they come at me. However, I would always do my best to comply with a LEGAL request, without compromising other users. Keyword: legal. Not just submitted by government, but actually legal. So there's the context. Go!
Comments
Nothing. Host your own email.
Network Stability
Server Stability
Backups, Encryption
A sleek, nice looking Web based access.
Pop3.
I would never host my email on a free email host. I would much prefer to pay so they have a reason to protect my privacy.
Deliverability (i.e. are you able to get your customer's email to their intended audience, over and over) comes to mind.
Also, of note, LavaBit (like it or not) was served with a LEGAL request. That is part of the problem, NSLs allows parts of the US Government to demand anything.
Further, just because you have the balls to stand up to an FBI agent, it doesn't mean all of your providers (network, hosting, DNS, SSL certs, etc) do.
Well that doesn't give me a new after hours adventure :P
Of course I have to run this by people for approval with my noncompete agreement but given the nature of it, I don't see it as any form of competition.
I would mostly agree. In my case, it's that I want to do my part in protecting people's rights. I'm reasonable, I'm not trying to stick it to authority, but I think that we need people committed to their users first and I can afford to do this without compensation. The feeling of helping people has always been enough to drive me.
A good user interface
100% uptime
Google-tier spam detection
Generous amount of storage
No adding client IP/user-agent headers
Transparacy
I'm thinking the primary server has live failover and the sending servers are in rotation to minimize impact of unfortunate blacklist events, all under the same domain for SPF verification of course.
I totally understand. If I used your service I would want to pay you though even if you offered it free. Unfortunately someone's integrity is not enough for me to trust them. Don't take it personally, I have a huge amount of respect for you and the things you do I just generally don't trust people without them having extrinsic motivation.
What do you mean? I meant I'll host my own email. I don't think I could be convinced not to.
As for privacy, it would be cool if you could set up some kind of encryption so that the privacy is not based solely on trust; and I think a few months ago I would have trusted Google more than you. For example, set up gpg-mailgate to encrypt incoming mail for each user, then have a passphrase-protected PGP key on the server that's sent to the client for each session when the client logs in, and client-side JavaScript decrypts it with the password and stores in for the session. Of course that'd be a very large project, and it's still sub-optimal since having PGP key on the server would be insecure.
I am looking for a while to find a provider I would trust. I can host my own email, but I am no expert in cryptography at least not enough to be able to write a bullet-proof end-to-end encryption scheme.
I would like to have an email server and client which encrypts everything and the untrusted web and storage has no way of decrypting it. Using Tor to connect and there you have the best protection.
That would be only a temporary solution, though, the real solution is a darknet freenet style, widely used and with easy to connect clients that would forward and store the content, including email making communications secure as long as you trust both ends.
Great idea! I'm thinking that narrowing down privacy to a few options that are streamlined for the user would be a good choice, something that let's people pick their privacy level by how much effort they want to put in to it.
You have a good eye for real privacy, so I'm glad you chimed in. I intend on running some details by you privately later as well for opinions.
Since looks like you want a privacy oriented service:
Disclaimer: I host my own email and wouldn't use any US-based provider for general purpose email. Also, those requirements are different than the ones I would want for a general purpose provider.
Advanced searching / grouping / filtering capabilities. Right now it's a royal mess trying to sort my 2000 emails out.
The most important feature is the support for "BYOD" (bring your own domain). Like "Google Apps for Domain" used to be, or Yandex PDD, or a number of other options. Where you would provide MXes for the any user's own domain, not limiting them to E-Mail addresses [email protected].
Because... relying on E-Mail at a domain you don't own, is the height of insanity. Provider goes under, and then you have to run around the internet update your E-Mail address in all those accounts and subscriptions. Whereas with your own domain you just arrange for a different provider (or your own VPS/dedi) to start providing the MXes, no problem whatsoever.
200% agreed
One more thing I forgot:
If you want to be really serious about privacy, run a Tor Hidden Service too. This is much more secure and private than users connecting to a not-hidden service via Tor.
True. I'm a little hung up on where to draw the line. I would be devastated to know that I provided a platform for, well let's just call them out, pedophiles. While a political activist fearing for their family and a pedophile may have identical goals in privacy, I am committed to finding a middle ground that protects one while at least discouraging the other.
Except political dissidents have a lot of shit going on and just use Twitter instead of wasting time playing neo-cryptomancer on Tor
I understand.
However I was just speaking from a technical point of view: connecting to a website using Tor isn't private, just anonymous. A hidden service provides privacy for already anonymous users, since you can't MiTM that connection or use a forged SSL certificate, for example.
People get killed in some countries for writing about it's governments. You don't need to be a political dissident, it's a real problem out there and Tor is really helping out some people with good intentions.
But that isn't the topic of this discussion anyway.
It's...in my top 5 interests here. I'm not out to do this as NSA bait or anything, but if we all do our part the people will always have the power.
Oh. Then, thanks for doing this.
For the intention to help fellow human beings without wanting much more than feeling good with yourself at the end of the day. More people like you are needed.
Really, thank you.
Except where Twitter is not accessible and when email providers give out the identity of accounts to the governments. Mind you, not only US, but chinese too (that is what we know, but other governments might have a line into it).
A hidden service might be a good idea, but you still have to trust the email operator and we all know some views regarding privacy that US people have (you have nothing to hide if you are not a terrorist/pedophile, you know that s**t).
I'll always despise that attitude. Sure it may be true at one point in time, but if history has taught us anything at all it's that we do not know what the future holds and that absolute power corrupts. I have nothing to hide, I just want the right to have something to hide.
No, it isn't. Tor is too much trouble for actual dissidents to bother with
Yean and that works out so well for them.
http://southweb.org/blog/saudi-arabia-jailed-political-commentator-for-his-tweets/
http://www.arabianbusiness.com/kuwait-teacher-jailed-for-twitter-remarks-504679.html
http://www.news24.com/World/News/Turkish-pianist-jailed-over-tweet-20130415
Mostly repeating what has been already asked/said:
Anyway to get read of google for most simple cases would be much welcome!
Twitter was just an example. My general point was that no one but cryptonerds and pedos give a fuck about Tor. It's not like people in those countries are saying "oh damn, people can get arrested for saying things publicly on Twitter? Guess I better start learning tech skills so I can figure out how to use this slow, convoluted anonymity network. Certainly that is my next best option."