List of encrypted email services
 

On emaildiscussions there is the list of free email services, the list of private email services, the list of ... But no list of so called "private/encrypted" email services.

I only know of 3 services doing encryption, security and privacy from the ground up and as a mission statement unable to retrieve people's keys (so-called zero-knowledge (0K) providers):
mailfence (Belgium, not 0K it seems)
protonmail (Switzerland)
tutanota (Germany)

Are there others?

Scryptmail (USA)
Scramble (USA)
Cryptoheaven (Canada)

I've posted this overview of some privater email options:

http://www.emaildiscussions.com/show...hlight=private

And here's another update, though, sadly, it looks like it's being abandoned.

http://thesimplecomputer.info/free-w...better-privacy

I think that a lot of people are starting to realize that a lot of these "encrypted" email services don't provide the security that they think they do, making it more about "security theatre" than actual protection.

I'm not saying that they don't provide certain advantages, and if you understand what you're getting, that's great, but it's easy for a lot of people to be misled into thinking that they provide FULL security akin to an encrypted file storage service like SpiderOak or Sync.com, when the reality is that this simply isn't possible with the way email technology works.

In short, it's very difficult to build a service where your emails aren't going to need to be "in the clear" at some point along the way. These services will keep you safe from hackers who get a dump of your mail store, but there's absolutely no way they're going to be able to protect you from a targeted attack against you specifically or a warrant-based search.

Ultimately, I think this is why closed messaging systems are becoming much more popular choices for secure communication. They're not hampered by legacy protocols that were designed 40 years ago when the Internet (and the tech world in general) was a much safer and more friendly place.

There's a good recent discussion about this over here in the FastMail forum.

I think of it a bit like having locks on your door. If someone is determined to get in, he will, even if he has to use a battering ram. But for most potential intruders, if you have really good locks, he'll shrug and go elsewhere. I'm not so very good about security, but I take a few small precautions and gradually may do more.

Yeah, that's a fair statement...... Or as I like to tell people, it's about the old joke about two guys being chased by a bear, where one says to the other, "I don't have to outrun the bear. I just have to outrun YOU." :)

That said, though, it also comes down to the threat assessment aspect. If you don't trust your provider not to read your emails, than you can't really trust the encryption of the message store either, as there are WAY too many loopholes to allow them to do so. I'm more concerned about the locks on the front door of my email service and the reputation of the provider than I am about how it's ultimately stored on the back-end.

For anybody who is really concerned about the security of their mail store, the best thing do is to not keep it online at all; use an IMAP or (ugh) POP client to download everything and keep it locally on your computer. If you're using IMAP, archive to local folders. You lose webmail, but you'll also have the safety of knowing that the bulk of your e-mail isn't living anywhere in the cloud, only on your own computer.