Free Software Webmail Systems
Whether the server itself runs nonfree software is a different issue. Nonfree software running on the server infringes the freedom of the server operator, but not yours; therefore, it is a secondary issue. We note here that some server operators say they run exclusively free software; you might choose one of them to reward their support for the community.
We don't know of any surefire way to evaluate a mail service for privacy, since any such service could be handing mail data massively to some government, and there is no way to detect this from outside.
We do know that specific companies providing webmail services were named as part of the PRISM NSA spying revelations: Google, Yahoo, Microsoft, Apple, and AOL.
We also know that some smaller companies, like Lavabit, were pressured to turn over information.
With these caveats, here are some recommendations:
- Pick a mail service located in a country that won't cooperate with governments that you're particularly concerned about privacy from.
- Avoid using LinkedIn, which fishes for people's email contact lists.
- If your mail service and your search engine are run by companies that don't cooperate, neither of them can correlate your searches with your mail contents. (A spy agency could still do so, if the two companies are in the same country or in countries that cooperate in massive surveillance.) Thus, don't use both Gmail and other Google services such as web search.
Some of these services are gratis, but that's a separate issue. Recall that "free software" refers to freedom, not price.
- Posteo: Fully compliant with LibreJS's standards, but a bug in LibreJS causes the site to not work when the plugin is enabled. Does not work without JS. Credit card payments do not work.
- Riseup: Geared more toward activists - they have a manual screening process. Signup works with LibreJS. SquirrelMail (works without JS) can be used to access webmail, POP/IMAP clients can also be used. To access Squirrel mail, access the online mail client page, and select the "old webmail(squirrelmail only)" link.
- Kolab Now: Swiss based paid service focused on ensuring your privacy. Highly resistant to PRISM and similar programs. Runs on free software. Currently becoming LibreJS compliant.
- Safe-mail.net: Signup and Login possible with LibreJS enabled. Select "Traditional" interface for webmail use. Mail server details also available for mail clients.
- VFEmail: (uses google syndication, and captcha - both non-free). After registering, you can use mailserver configuration details and use a mail client.
To ask about a mail service not listed here, or request corrections and updates, please send a mail to: monoverde at riseup dot net : with "Webmail System" in the subject line.
Not RecommendedSystems we've investigated and found wanting.
- FastMail: Sign up, sign in, and webmail all work smoothly. This is a paid service with a 60-day free trial. - UPDATE: was notified that this is not the case.
- Mail.Ru: Sign up, sign in, and webmail all work smoothly. BEWARE though - it is almost certainly under governmental surveillance, and likely does not respect privacy.
- Yahoo! Mail: works without JS apparently, but you need JS enabled to create a yahoo account
- Yandex Mail: You can register and sign in with LibreJS enabled, but not send mail in the no-js interface. Also: looks to be Russian based, so almost certainly under surveillance.
Under ReviewThese are systems either currently under review, or undergoing a status change.
- Autistici/Inventati (A/I): Sign up needs JS. They are working on becoming LibreJS compliant, but no ETA on this yet.
- Hushmail: Site doesn't load without JS.
- mailbox.org: JS needed to register or use system.
- Mailoo.org: Explicitly states it runs on free software. Currently French only - would appreciate help translating(registrations were closed as of 2017/01/25).
- ProtonMail: JS needed to register or use system.
- Tutanota: Looks promising - they're working on becoming LibreJS Compliant.
- Unseen: Site doesn't load without JS.