Go private, go blockchain, or roll your own email
Posted by vonnagy on Mar 14 2020, in asylon
Email is an interesting beast. Many people, even those with considerable technical abilities shy away using anything but a big tech email provider. The majority people use Google – which its a classic gmail address, or with touch more configuration, set up their custom domain with Google. There are still more than a handful that go Hotmail or Yahoo. The last smattering goes to various other email providers.
Email is an interesting beast. Many people, even those with considerable technical abilities shy away using anything but a big tech email provider. The majority people use Google – which its a classic gmail address, or with touch more configuration, set up their custom domain with Google. There are still more than a handful that go Hotmail or Yahoo. The last smattering goes to various other email providers.
Here I’ll go over the consequences of using that free email account and 3 alternatives to consider.
What are the consequences of using big tech email?
We use big tech email because its free and convenient. But this mean to us, and our privacy? Here are 3 simple reasons not use big tech emails:
You data becomes their fodder. Yes Google allows you check and remove your data at any point. This is a moot point. Its essentially like giving your personal diary to your sticky-beak auntie for safe keeping just because she’s got a nice mansion to keep it secure. You can retrieve it anytime, and its certainly yours, but who’s to say your Auntie didn’t read, copy and distribute your diary! While you might own your data, you don’t control it!
Big players make them big targets. We often worry about hackers lurking in dark basement tracking your online behaviour. These days. Hackers are less individualistic and have become massive state players. China, Russia, USA and many other countries have been complicit in massive data breaches. Data is most valuable commodity, and if there is a dragon hoarding this gold, you can bet that they are troupes of rogues that are systematically looking for ways to pilch these huge reserves. The biggest breach in history so far has been Yahoo, and the attack, though technical, relied a lot on human error.
Spam – Free email providers are often trapped in spam filters simply because they are free, and can be used by spammers. Even if you have never distributed your email to anyone, spammers have vast tool-base to guess emails. For businesses, reaching out to free emails accounts can be problem as well.
There are plenty more reasons. Lets look at 3 solutions
Get Privacy Focused Emails Provider
There are several free and paid privacy email providers. I’ve selected 3 below for having strong security and being in a jurisdiction where there is user privacy is more protected (this excludes nearly all English speaking nations). For more on this read about Lavabit.
In addition, being open source is important, it gives an opportunity to how their data is handled;
Protonmail is Swiss based email provider and is the first name that usually comes for privacy email. Although Switzerland is not under the jurisdiction of the GDPR, they have strong legacy for privacy, both in business and culturally. Some features of Protonmail.
- Encrypted with AES, RSA, and OpenPGP
- Free Accounts get 500MB of storage and a limit of 150 emails per day
- Paid accounts get more features starting at 4.00 € /Month, this includes using your domain (eg like mark@asylon.org) for the account.
- Is open source
- Has IOS and Android Apps
Tutanota is a German based email provider. Germany is under the jurisdiction of the EU, which means the strong protection of the GDPR are in place. Here are some features:
- Symmetric (AES 128) and asymmetric encryption (AES 128 / RSA 2048) to encrypt emails end-to-end.
- Free accounts get 1 Gigabyte of storage.
- Paid accounts get more features starting at 1.20 € /Month, such as getting your own domain.
- Is open source.
- Has Android App.
Mailfence is a Belgium based provider, this also puts them in the jurisdiction of the GDPR. Some features:
- Encrypted with AES-256
- Free accounts get 500 MB and 500MB in Document storage
- Paid accounts get more features starting at 2.50 € /Month
- Is in part open source, using the OpenPGjs library.
One of the features is that the free services offer a lot less space than the big tech accounts, but the trade-off is more privacy.
Get on the Blockchain
This is not one I would recommend, yet, however, there is a lot of promise here, and it contrary to popular belief its not just hype. Currently I not convinced this technology is going to be mature enough for many users.
In short, these emails can be easily accessed through web, but the data is not stored on a central server. These are know as dAPPs or ‘decentralised applications’, and your data is distributed encrypted and secure in the network, instead of being controlled by a central authority like a government or corporation.
I have limited experience with these, but given enough enough users will be huge threat surveillance capitalists. Currently the top blockchain networks for dAPPS are the Bitcoin and Etherium networks.
One to investigate is Blockstack.org and Dmail. Blockstack uses the Bitcoin network for creation of blockchain applications, and Dmail is an app that resides on it. What’s great about it is that it has all of the same tools you would expect from Google ranging from your own online storage, email, even maps.
However, I can not recommend it at this point, because as much as they talk about privacy, there privacy policy remains spotty at best. As of the time of writing this, their actual online privacy policy is an unreadable document (archive.org link).
If you are an early adopter, it would worth keep your eye on different blockchain networks.
Rolling your own server.
There is stigma is that email is hard. Over the years, I found that most of the programmers I knew had their own personal websites, but very few had their own mail server. They know doubt had the technical ability to set one up, but always defaulted to out of the box solutions (eg gmail). Upon querying my programmer friends who didn’t host their own email the responses were similar across the board:
- Its too much maintenance work.
- I’ve already got a free [gmail/yahoo/hotmail/wundermailingus] accounts
These are not actually excuses. Not to denigrate myself, but I don’t nearly have as good technical chops as the people I work/have worked with. I have been fortunate to work with some of the most intelligent technical minds around the world the last 20 years. If I can do it safe and securely, so can anyone.
First, after hosting my own email, I found that if configured correctly, its no less work than hosting your own website. Maybe a little more, but not that much more. Secondly, people have moved from one free big tech account (yahoo.com, hotmail.com) to others (gmail.com) previously, so this
There are many tutorials out there now about how to set up your server. If you go this way, I see 2 different paths to take: Setting up an email server on your own dedicated server; using an open source hosting control system. Let’s look at each option.
Dedicated Email Server.
Below is a very simple overview of what is involved with setting up an email server. As you can see its pretty involved, but can be tackled in a systematic approach:
- Getting your own domain name.
- A hosting server (more than likely using a flavour of Linux)
- MTA – Configuring a Mail Transfer Agent – This the technology that involved in sending the mails. Postfix is a software commonly used for this.
- MDA – Configuring Mail Delivery Agents these get emails from server delivers them the users’ inboxes. Dovecot is a software used use for this.
- A Spam Blocker (SpamAssasin)
- A database (Postgre/MySQL/MariaDB)
- A webserver (Apache/Nginx)
- A webmail client (roundcube)
Although a few years old, this Ars Technica article is an excellent start for setting up your own email server. Even if you don’t go this route, its an excellent read to understand each component that is required for your own email server.
An another very popular solution is a bundled software solution that care of several of the above steps for you. One of the most popular programs for setting up your email own email is Mailinabox.com. This application includes a precise step by step guide, an install video, and discussion forum. There are other solutions out there as well, such as iRedMail and Modoba.
Hosting Control Panel.
Unlike the above, a hosting control panel handles nearly every aspect website & email hosting. The learning curve is slightly less, however there are many more moving parts that go wrong! If you already own a few websites, then this might be the best solution. There are two open source control panels that I have worked with, both are excellent for different reasons:
- ISPConfig – This control panel system runs on a BSD license and can run on several linux systems. Here is list of features from ISP Config: https://www.ispconfig.org/ispconfig/services-and-functions/
- Virtualmin – This hosting software runs on GPL license and supports several operating systems, though mileage may vary. Here is a list of Virtualmin features.
Both hosting systems have online communities, and I would highly recommended checking them out before installing to get a feel of what’s they are like; if you have an issue the community boards are best place to solve them.
Regarding the setups, much of the email set up is automated once you get the system up and running, and most of the configurations are ‘hardened’ by default, erring on the side of security.
Further reading:
These links range from the philosophical, to the technical to the practicality of moving and changing you’re email account. If you are deciding to make a change in your email lifestyle ponder upon some of these reads:
- [ ] You should not run your mail server because mail is hard
- [ ] The only Safe email is text email and Use plain text email.
- [ ] Migrating away from an (entrenched) gmail.com email address
- [ ] It’s Always Sunny in Iceland (or) How I NSA-Proofed my Email
- [ ] Email is the thing you are bad at.
- [ ] 500,000 Emails Later.
Finally, let me conclude with some final thoughts from legendary computer scientist Don Knuth;
I have been a happy man ever since January 1, 1990, when I no longer had an email address. I’d used email since about 1975, and it seems to me that 15 years of email is plenty for one lifetime.