💾 Archived View for gemini.circumlunar.space › users › laur%C3%AB › mail › countermail.gmi captured on 2024-08-18 at 19:36:37. Gemini links have been rewritten to link to archived content

-=-=-=-=-=-=-

Countermail

UPDATE April 2022: Countermail is CUCKFLARED NOW. Holy shit! Ignore everything I wrote below, get some cockroach repellant, and RUN! UPDATE November 2022: apparently the mail itself does not go through CF - only the website - according to a reply from Countermail. Still, beware of any service that touches CF.

My old review of this one was kind of lackluster, so let me try again. First of all, CounterMail now requires an invite code to register - but unlike RiseUp, it's also a paid service. The price is 29 USD for six months - and that's the least you can pay for; Bitcoin is fortunately accepted. JavaScript must be enabled for registration; there are no captchas or anonymizer blocking. There is a free tier that's pretty much useless, since it doesn't even support mail clients and has a bunch of restrictions in terms of E-mail recipients.

Upon registration, CounterMail will generate a pair of PGP keys, which will be used to encrypt all incoming and outgoing E-mail if possible. If your recipient is another CounterMail user, messages will be automatically encrypted for the whole journey. Otherwise, they'll be sent in the clear from your recipient until hitting CounterMail's servers, then encrypted back to you. The problem with all of that is - of course - that CounterMail stores your private key on their server. They allege it's only stored encrypted with your password, but they could easily swipe that since you must type it to log in each time. Still, even that kind of encryption is better than plaintext - since at least middlemen can't access your messages, even if you do not trust CounterMail. But nothing compares to PGP that you manage locally, as long as your recipient is able to do so as well. UPDATE July 2021: it seems that now you can delete the private key from their servers and even use your own. This is the best of both worlds - newbies can rely on CounterMail's encryption while pros roll their own.

Privacy policy says that IP addresses are not stored. UPDATE July 2021: a reader informed me they've updated their privacy policy recently, and the most important addition is this:

We do not collect any data from our users, the only time we store some data is the first 14 days of your payment date, after 14 days, we remove most sensitive information and only store the data that is needed for the accounting, such as the product you bought, the amount, the payment method, the date and the country. So after 14 days: no Name, no Address, no State, no Phone, no Card numbers and no Secondary email

If we take this at face value, CounterMail becomes the provider that stores probably the least amount of data out of them all. The only way you could make it better is to tell us whether our E-mails (or their metadata) are stored after downloading by mail client and / or deletion through webmail - and if so, for how long. Mail clients are supported in the paid tier (which I didn't bother paying for, and so couldn't test). For an additional 15$, you get the option to use your own domain. There is an alias feature that actually works properly - as in, doesn't reveal your real account in the alias - something which only RiseUp has managed to do otherwise. There are a bunch of webmail-only features that I don't care about, because well...they are webmail only. The ToS is pretty lax, only forbidding stuff that's illegal in Sweden, as well as spam. To be honest, I have trouble rating this service. They seem to really care about privacy and security. The price is also pretty high - more than four times the amount of Posteo, for example. Overall, with the newest privacy policy change, CounterMail becomes one of the best providers out there. I think the only real flaw now is the price, but at least the product is worth it.