💾 Archived View for gemini.circumlunar.space › users › laur%C3%AB › mail › disroot.gmi captured on 2024-08-18 at 19:36:44. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-12-28)

-=-=-=-=-=-=-

Disroot

UPDATED March 2023. I went on to confirm that all the policies are still the same, and they are - just with some wording changes. Also took the time to improve the descriptions, remove clutter, etc.

Starts off with some nice quotes. From the front page:

Disroot is a platform providing online services based on principles of freedom, privacy, federation and decentralization. **No tracking, no ads, no profiling, no data mining!

The About page:

In the last few decades information has become very valuable and more and more easy to collect and process. We are accustomed to being analyzed, blindly accepting terms and conditions for "our own good", trusting authorities and multi-billion dollar companies to protect our interest, while all along we are the product in their 'people farms'.
Many networks use your data to make money by analyzing your interactions and using this information to advertise things to you. Disroot doesn't use your data for any purpose other than allowing you to connect and use the service.
Disroot aims to change the way people are used to interact on the web. We want to encourage and show them not only that there are open and ethical alternatives

And the mission statement:

The once decentralized, democratic and free internet, has been dominated by a handful of technology giants, promoting concentration in monopolies, more government control and more restrictive regulations. Everything that, in our opinion, opposes and destroys the true essence of this wonderful tool.
Our motto is "The less we know about our users, the better". We implement data encryption whenever possible to ensure that obtaining user data by unauthorized third parties is as difficult as possible and we maintain only the minimum of user logs or data that are essential for the service performance.
We chose a working approach in which users (from now on referred to as Disrooters) are the most valuable part and the main beneficiaries of the project

So, we get the impression that Disroot dislikes what the Internet has become - a place where we're data-mined, controlled, dependent on powerful entities that don't have our interests in mind. Sounds great; but as usual - what's most important is the confirmation of the ideas espoused above - after all, Mozilla, for example, says the same things. So let's check out their Privacy policy. Starting with the E-mail specific one:

Server logs, which store information such as, but not limited to, your username and your IP address, from and to email addresses, IP addresses of servers the emails come in or go out to, are stored for a period of 24 hours after which they are deleted from the server. No backup of log files is created.

So, all logs are wiped every day. There's also no backup. Very well, can't do much better than this.

All emails, unless encrypted by the user (with GnuPG/PGP, for example) are stored unencrypted on our servers.

If you worry about this, realize that you can just download your E-mails with your client through the POP3 protocol, and then they won't be stored at all after that. You can also use PGP as they say. Disroot also uses disk encryption. This is it for the E-mail specific policy, so let's check out the general one:

We do not sell your data to any third party.
We do not share your data to any third party [...]
We have no advertisements or business relationships with advertisers.
We store all data in our own servers, located in a data center in the Netherlands.

In short, your data stays at Disroot. If you scroll back to the other providers, you will see that barely anyone else - if anyone at all - follows this policy. Let's now check out their Terms of service. The relevant parts are these:

2. Contributing to the discrimination, harassment or harm against any individual or group. That includes the spread of hate and bigotry through racism, ethnophobia, antisemitism, sexism, homophobia and other forms of discriminatory behavior.
3. Contributing to the abuse of others by distributing material where the production process created violence or sexual assault against persons or animals.

Shortly, no violence, abuse, or discrimination of others (the latter could be worrying depending on how strict of an interpretation is taken, but whatever). Using Disroot for commercial activities is also not allowed:

Because of this structure we see using Disroot services for commercial purposes as abuse of the service and it will be treated as such.

Knowing what I know now, this rule is understandable to me - but will bother a lot of people, for sure. If you want an E-mail for your business, I'd suggest another provider. Even then, Disroot will not immediately kill your account when such an activity is detected:

5. Using Disroot services for any other commercial activity will be examined per case and the decision on terminating such accounts will be based upon communication with the account holder and the type of the activities in question.

This ToS is still more lenient than almost any ToS out there. Disroot allows signing up through a VPN or the TOR network (however, there is no onion domain). Mail clients are supported - but you can use the RainLoop webmail as well, which supports PGP encryption - but they tell you not to rely on it and instead encrypt your shit locally (as I've been saying all throughout this report).

Nevertheless, we encourage you to always be cautious when using email communication, and to make use of GPG encryption to ensure your correspondence is safer.

Signing up for Disroot requires filling a "Your Story" section (UPDATE: this is now answering a "What is the first thing you think about when you wake up in the morning?" question). Earlier, they've used ReCaptcha to deal with the spam problems they had, but - due to privacy reasons - dumped it and had to come up with something else, so there it is. If you do so, you also get access to some other services, including a forum, where you can read that Disroot is in for the long haul:

So as far as I'm concern disroot isn't going anywhere. It is my primary email address, xmpp account and d* account.
I think we have something, big corporations don't. We believe in what we do, and the change of current status-quo. Going back to the roots, to how the internet used to be.
We started disroot with "long run" in mind. From my side I can tell you, disroot is my baby and I believe in it's success (or however you want to call it). You don't kill your babies.

The admin also claims the service is not activist exclusive - unlike RiseUp or Autistici:

I dont know where did you get the information that we are somehow for activist exlcusive. Nowhere on our website, neither in our Mission statement we say anything about it.

Me and a chatroom member also did tests with him sending E-mail to my account from some rarely used providers (such as Paranoid or Onion Mail), and Disroot blocks them, forcing the other person to resend. This is a way of spam filtering which does result in 99% of spam being blocked without your input - but the few false positives are annoying, for sure. To inspect the rejected spam mails anyway, you can check the webmail's "Junk" folder.

In summary - logs stored only for 24h, no personal data required for registration, VPN / TOR usage allowed. So, privacy is very good and they mostly did end up confirming their mission statement - unlike Mozilla. The issues with Disroot include: no onion domain, blocking unknown providers and a somewhat restrictive ToS (no discrimination or violence, no commercial usage) - however, still much less so than almost all the others. You also have to pay for aliases. Along with RiseUp, Disroot is still the best free option out there.