The Great Guide to E-mail Clients

Feel secure on an ancient system

GR8 GUARD

There's this little application called GPG, the Gnu Privacy Guard, which is supposed to encrypt your e-mails to the point where nobody can read them, though if it actually does that I would not have a snowball's clue in hell. The website is so obtuse that even I couldn't understand it, the documentation is so dense that it tells you nothing about how to get the damn thing up and running, and there are so many .exe files in the installation folder that I gave up out of pity for the retarded monkeys who designed this piece of shit.

This reminds me of a chapter in How Music got Free (fuck off neocities for censoring my links) where one of the founders of the .mp3 format made a program that could encode music to the format, but it was designed so horribly that only seven people paid for it. This reminds me of GPG, where it's designed so horribly that it's being released for free and pretty much nobody uses it or talks about it.

Here's a hot tip from a marketer: it doesn't matter how revolutionary or beneficial your product is if it's not easy to use. This isn't a matter of being exposed to a different interface or a new workflow - it's a matter of being so foreign, so alien to potential customers that 99% of people give up trying, and are too embarrassed to admit that they failed to use it. This is one of the biggest reasons why only a select group of people install Linux - it's a bitch to learn, and hard to use even after you learn.

These days, not even having a GUI is a surefire way to have your program ignored, and GPG has the balls to expect me to install a separate one. No thanks. Other ways it's failed? No setup guide for dummies, it suggests that I talk to the community for help (you didn't sell me on the product! you expect me to talk to your users before you convince me to be one?), its manual is poorly formatted and denser than a guide on writing x86 Assembly, and it doesn't even make a shortcut in the start menu. How do you fuck up that badly? Being a designer isn't that hard - it's just predicting what your users will do first, and making accommodations to support that behaviour.

So anyway, GPG could be God's gift to Earth, but I won't know it until I figure out how the fuck it works. And if I can't figure out how it works, I doubt most of my readers could either. Ooh, cheap shot! Yeah, you're gonna take that lying down, aren't you? Just kidding. I can barely remember shell commands myself. The point is that most of today's e-mail clients are notoriously insecure, and I'm going to cleave through a list of them and tell you which ones provide the best security.

Note: despite what I say, never publish anything in an e-mail that you wouldn't want the government or the general public to find out about. The protocol for sending e-mails is probably the most broken Internet feature that's still in use today, being trivial to spy on and sending out loads of metadata about you with every e-mail, including your IP address (use a VPN + Tor to mask your IP from most snoopers). Assume everything that you send will be read by the cops and traced back to you, even if it's sent from a disposable address or an anonymous IP, as enough e-mail gathered over time can build a damning profile about any given account.

Don't use these:

All of these providers use closed-source software, are known to actively spy on their users, and operate from within the USA, meaning that the NSA has access to all of your (unencrypted) e-mails, as well as the company itself, who will gladly give them up to whoever threatens them with a court order. Never trust a company that can look at your data, because if they can look at it, so can a thug.

Google is the idic example. Not only do they make most of their money through advertising (which gives them incentive to build detailed profiles on their users by any means they can), but they have also been known to spy on all of their Gmail accounts, as well as keeping all of your e-mails for arbitrary amounts of time, possibly forever. It does not matter if these issues are still true today - you should never trust a company that has the capability to invade the privacy of its users.

Yahoo is also spying on your e-mail. This should have been obvious, as it's a USA based company which makes its money through advertising and profiling its users, as well as its blatant plans to store thousands of terabytes worth of data on its users, plus the whole "we're married to the NSA" thing. Once again, do not use.

Microsoft Outlook? Seriously? You're going to trust fucking Microsoft with your data, who built an entire operating system for the systemic collection of billions of people's data? I get it, it's rhetorical. Don't give this company any more of your data by using their e-mail services. This isn't 2002 - you have other free e-mail besides fucking Hotmail.

Facebook is one of the most unethical and abusive companies of our age. They will fuck you until you bleed and then fuck the wound. They have absolutely no respect for their users except as a money-making machine. Leave and never go back.

Not as bad but avoid:

Hushmail, despite its advertising, isn't secure, as it will gladly keep all of your e-mails in its records and then hand them over whenever somebody gives them a subpoena. It does not matter whether or not a company "safely holds" your e-mails; a company should never, ever have access to your private communications under any circumstances, as if they have access to them, then so do hackers and the government. It's not based in the USA, but Canada is their bitch, as well as being a Five Eyes country, meaning it's vulnerable to surveillance and data collection. If you signed up for a free account (pray you didn't pay for this piece of shit), then delete it and jump ship.

Yandex is based in Russia, outside the Fourteen Eyes global spying ring, which means it's somewhat secure from government spying so long as you trust whatever Russia is doing with it, as they have every reason to lie about the scope of their surveillance programs. The problem is that it's still collecting a great deal of data from you, and its privacy policy even states it'll share your data cross-border without limitation. Even though it's avoided a lot of controversy, you can do a lot better.

Novelty accounts, like lickmy@tastydi.ck (note: I have no idea if this is a real address), are tempting because they're fun and they're provided by parties who will make next to no money off it. The problem is that you're trusting all your (unencrypted) e-mail to whoever the random asshole is who's running the service, as opposed to a company who actually has the resources and obligations to protect their users privacy. Despite what I say, not all companies are bad - just the ones who are in it for the money. So don't let some randy take care of your private messages.

Also, if you haven't picked up on my put-downs, you shouldn't trust a company with any sensitive information at all. Despite what they say, there's still a very good chance they can log and spy on whatever you've written down in a message. While some degree of trust is necessary to function in this world, you should somewhat trust entities that only use FLOSS and act for the sake of altruism and not profit. If it's a matter of life or death, you shouldn't trust them either, but when it comes to things that may be illicit or illegal, you'll have to have some faith in your VPN or your operating system to not spy on you, which is why you always do research on a program or a company before you do business with them.

So because some trust is still necessary, you must look closely at a company's terms of service and privacy policy before you decide to trust them with things that could get you arrested, or even worse if you live in a wackjob country like Iran (banned! Foursome!). But I have done a great deal of research on these sites, and can say that they're trustworthy to the degree that they will significantly impede the progress of hackers or government agents. That's the way it should be - you keep the bad guys out, no matter what their intentions are.

Okay to use:

I haven't used Kolab Now, though a search of privacy-focused websites shows you that it's a very credible service. It's based in Switzerland, one of the most privacy-friendly countries, and has given governments almost nothing to work with. It's also FLOSS, and therefore more secure because FLOSS is just plain better. The downsides are that it doesn't provide encryption, and you have to provide your own, meaning that e-mails sent between Kolab Now accounts aren't secured and are as easily snooped on as anything else you send. You also have to pay for the service to use it, which makes disposable accounts expensive and impractical to use. It's clear that its focus is on individual account protection and not general surveillance protection, and as such might be too impractical for you to use.

Guerrillamail is a unique and handy product. It's big feature is that the e-mail addresses are considered disposable, meaning that you can immediately abandon one and have it not be associated with you in any meaningful way. You simply generate an e-mail address, and then you can access it at any time without signing up for anything, including not needing a password. It deletes all e-mails an hour after it receives them, and deletes all of its minimal logging after twenty-four hours. Its Downsides are that it still reveals your IP address (VPN + Tor, please), it's possible for somebody to access your account and retrieve an hours worth of e-mails if they should get the e-mail address, and it does have some dodgy third-party provisions and anonymous e-mail data collection. That said, it's still a solid service, and the only time it's ever come up in law, it didn't play a role in the outcome of the case.

Possible uses for Guerrillamail include sending out e-mails you don't expect a reply to, signing up for an account using it and a combination of Master Password (like "guerrillamail.com e621.net", for instance), and for sending out sensitive information to another party at an agreed-upon time (even though it's unencrypted and based in the USA, so should only be used for inconsequential shit that won't get you arrested or personally identified). Some sites will also discriminate against it, because they're so piss-scared of spam that they'll fuck over legitimate users who just want some decent privacy, so keep trying addresses until you get one that works. It's pretty idiot-proof, so just look at the website and see how you can make use of it.

The e-mail client I use when a site won't let me use Guerrillamail is Protonmail, which is pretty obvious when you look around my website (plz no hackerinos). It's also based in Switzerland, with the added features of having an encrypted mailbox and automatic encryption between Protonmail users (designed in a way that the server can't read the data). It's also FLOSS, barely keeps any logs (VPN + Tor please stop me from running this into the ground) and stores its servers a kilometre underneath a mountain (Jesus Christ). It also requires no personal information to register, beyond either a non-Protonmail or disposable e-mail address, a phone number, or a Google Forced & Unpaid Labour RECAPTCHA.

These lenient terms also allow you to treat Protonmail as a disposable address for sites which hate Guerrillamail. If you set your VPN to a country like Canada or the United States which lets you use a Google Forced & Unpaid Labour RECAPTCHA to make an account (note: make an account quickly, I don't know how long this exploit will be up for), you can make multiple, independent Protonmail accounts that can't be traced to each other, all while satisfying those picky websites. You may also delete the account if you really need to get rid of the breadcrumbs, or set up shop at a permanent web identity that's separate from your real-life identity. To remember them all, use a service like Master Password's web app and the "name" field.

Is it worth it to go through all that bother? Well it's either that, or having the cops bust open one account and get access you have ever sent to anybody else, including those activation messages from accounts on the Deep Web where you would really rather have nothing to do with at all. So the temporary hassle of using multiple accounts is worth it in the long-run, preventing privacy and security leaks from not just hackers, but from government thugs, too.

Conclusion:

At the end of your rope, you have to decide whether or not it's worthy to trust certain companies with your private data, even though they may claim to protect it, even though they may claim not to see it. And while some claims are easier to verify than others, you're still giving up your confidential information to a third-party for distribution purposes, and as such, it's impossible to be certain where the data is going to end up.

E-mail is still part of our world though, and as a result of which, we must choose providers which go beyond that of greedy advertisers and soulless companies, and instead choose those that make steps which go above and beyond in protecting the security and privacy of their customers, including those that I've showcased here. While you should never trust a third-party with information that could cost your life or your freedom, you can consider putting some faith into those which would rather not look at this information.

Is e-mail a good medium? Absolutely not. But it's what we have, and we must adapt to the changing world using the best options we have at the time. If this article prevents you from being arrested one day, then I will be very proud.

Call me, beep me, preferably at Froghand.

Today's page was updated on July 1, 2016!

Better than waiting three weeks for a messenger.

Copy this shit
The CC0 Mark of God