💾 Archived View for gemini.circumlunar.space › users › laur%C3%AB › mail › startmail.gmi captured on 2024-08-18 at 19:37:29. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-12-28)

-=-=-=-=-=-=-

StartMail

Paid ($5 / mo, 5 times more than the better Posteo and Elude) with a free 30 day trial. Funnily, the webmail tells you you can't send mail - but it does work with the client. JavaScript is required for logging in. TOR is allowed, but provides no onion domain. Paid version has disposable e-mail addresses (a'la airmail) and OpenPGP encryption. But as usual, the most important issue is their data collection policy. Do they actually follow their "Privacy. It’s not just our policy. It’s our mission." slogan? Let's find out. First, their website:

The data that's collected and processed by their website include: your IP address, browser and operating system type and version, browser language settings, country, date and time, origin of your visit, as well as clicked links and visited (parts of) pages of their website. Hmm, the latter sounds suspicious. Wonder how do they justify it? " to help us get an idea of which of our pages appear to be effective to inform our visitors". How about the origin of your visit? "to assess the success of our search engine optimization and information outreach efforts." And the country? "to know in which countries and at what moments our marketing efforts appear to be effective." Sounds like good old tracking to me. They claim this data is then "deleted or anonymized", but whatever. I don't know about you, but I don't want to be apart of their "marketing" and "information outreach" experiments - anonymized or not. How about the mail service?

The big problem: StartMail's privacy policy is extremely long, and yet manages to not say what it actually stores (or the duration). All that we're told is what happens when you delete your data:

When you delete an email, it is immediately deleted from our production servers, unlike what happens with many other webmail providers. Only on the off-site backups (which are fully encrypted, of course) a copy will remain for the maximum retention period of three days. Your Account will be stored for as long as our Agreement remains in force. When an Agreement is fully terminated, all data contained in the Account, including all emails, will be deleted permanently.

As well as their policy in dealing with requests:

We will not comply with requests from any authorities other than Dutch authorities. If we receive a request from any foreign government, we will refuse to comply and will instead refer the requestor to place a formal request to the Dutch authorities for mutual assistance.
StartMail will never cooperate with any voluntary surveillance programs. Under the strong current laws that protect the right to privacy in Europe, European governments cannot legally force service providers like StartMail to implement a blanket spying program on their users. Should that ever change, we will use all methods at our disposal to resist.
We will not comply with any requests from private third parties to provide information about our Users, unless we would receive a valid Dutch court order to such effect.

Though it's cool they won't share your stuff with snoops without a valid court order, as well as having a sane deletion policy - let's not get bamboozled here. Not a word is said about the storage of your E-mail content and metadata, which is the most important part of a privacy policy - and yet it doesn't exist here. There's one more thing you might want to know about. Since the service is paid, and they don't accept bitcoins, you won't be anonymous. And they keep payment information for 7 years - "We store invoices for 7 years, or whichever period may be prescribed under applicable tax law." And, according to Wikipedia, invoices contain personal data, such as your name. Despite a lot of posturing, I can't recommend StartMail as long as they keep us in the dark in terms of the most important information. Also, recall that some time ago, StartPage was bought by a data collecting big corporation - and even though they allege that StartMail is a separate entity, you'd be naive to think that stuff won't spill over.