NOTE: This is an update to an article I published several months ago. I have added a couple of new encrypted email services to the list. If you know of other such services that should be added to this list, please post a comment below.
“Free” email services like Gmail, Yahoo! Mail, and Hotmail come at a high price: your privacy. The fine print lets them search every message you send and receive for profit‐generating keywords. They even keep their own copies of your deleted messages and your attachments. Furthermore, your emails can pass through servers all over the world as plain-text messages, where they’re vulnerable to hackers and mass‐surveillance programs.
The governmental spying on citizens’ private email messages has been a problem for years. However, the problem has gained a lot more publicity in recent months. We now know that various US government agencies and presumably the United Kingdom’s GCHQ can obtain copies of nearly every email message you and I send or receive.
The only exception we know of is the various email services with offices and email servers located outside the United States and outside of the United Kingdom that offer encrypted email services. Most of these safe and secure services are based in countries where national laws prohibit any kind of email snooping, even when the snooping is done by governments. The use of encryption means that government agencies and civilian hackers alike cannot read your messages.
NOTE: The US National Security Agency (NSA) reportedly can break some forms of encryption. However, the agency will not tell us which encryption methods they can break. In all cases, the foreign-based secure email services use high-quality encryption techniques in an attempt to keep out all unwanted spies.
Protecting yourself with encryption used to be difficult and time‐consuming but new, easy-to-use services are now available. If you are looking for a new, much more private, email service, I suggest you look at:
TutaNota (see my earlier article at https://privacyblog.com/2015/03/29/tutanota-a-secure-open-source-encrypted-email-service/)
ProtonMail (see my earlier article at https://privacyblog.com/2016/03/18/swiss-encrypted-email-provider-protonmail-releases-ios-and-android-apps-and-opens-to-the-general-public/)
StartMail allows a user to send private email to anyone, whether the recipient is StartMail user or not. It features easy, one-click PGP encryption, the Internet’s gold standard. StartMail is a company based in the Netherlands and uses mail servers in Europe where strong privacy laws prevent disclosure of your personal information to any governments or to anyone else. StartMail employees can never read your email, nor can anyone else unless they know the encryption key that you create: https://www.startmail.com
Hushmail is based in Canada, a country that does not have rigid privacy laws concerning email (see my earlier article at https://privacyblog.com/2015/01/05/hushmail-a-privacy-oriented-email-service-with-built-in-encryption-and-no-third-party-advertising/). However, Canada subscribes to the “five eyes” program that is used to circumvent privacy laws. In theory, if the Canadian government demands access to the information or emails of a Hushmail customer, the company has no choice but to comply. For more information about “Five Eyes,” see the earlier article at https://privacyblog.com/2018/09/03/five-eyes-intelligence-alliance-argues-that-governments-should-be-able-to-spy-on-your-online-encrypted-activities-via-backdoors/.
Other methods of sending secure, encrypted email messages
The following are not secure email services by themselves. Instead, they provide methods where you can encrypt your message(s) inside your own computer before sending them. The recipient then needs to decrypt the received, encrypted message. No plain text messages are ever stored on any mail servers in any country:
EncryptUS (only available for Windows – see my earlier article at https://privacyblog.com/2016/08/25/encryptus-for-windows-can-keep-your-email-secure/)
Gabriel (see my earlier article at https://privacyblog.com/2016/04/26/gabriel-is-possibly-the-most-secure-suite-of-products-for-use-with-family-friends-and-business-associates/)
UPDATE: Here is an addition suggested by a reader of this blog. EEZY KEYZ® end-to-end email encryption software is client side end-to-end encryption software that works with virtually any email service. It is available for Android, Apple iOS and Outlook. The encryption is performed in your own computer and decryption may only be performed in the recipient’s computer. Even the software developers and other employees at IPRA Technologies Ltd., the company that developed and sells EEZY KEYZ, cannot read your email messages. Obviously, they also cannot give the messages to any government spies, even if served with a court order. For details, see https://eezykeyz.eu.