The Riseup Collective is an autonomous body based in Seattle with collective members world wide. Our purpose is to aid in the creation of a free society, a world with freedom from want and freedom of expression, a world without oppression or hierarchy, where power is shared equally. We do this by providing communication and computer resources to allies engaged in struggles against capitalism and other forms of oppression.
We work to create revolution and a free society in the here and now by building alternative communication infrastructure designed to oppose and replace the dominant system.
We promote social ownership and democratic control over information, ideas, technology, and the means of communication
This is exactly the kind of stuff I've spoke about in the Avoiding "The Botnet" - impossible? article. If RiseUp realizes the source of the "botnet" and the need to control the infrastructure, then surely their service does not spy on you. Let's check it out though, to be sure:
No IP addresses of any user for any service are retained.
Good, the most important one is out of the way.
Your web browser communicates uniquely identifying information to all web servers it visits [...] We do not retain any of this information.
So, user agents and stuff like that isn't collected. So what do they actually store?
we keep a log of the “from” or “to” information for every message relayed. These logs are purged on a daily basis
So the sender and recipient metadata is stored but only for 24 hours at most, apparently for the prevention of spam. But then comes this:
Anonymous, aggregated information that cannot be linked back to an individual user may be made available to experienced researchers for the sole purpose of developing better systems for anonymous and secure communication. For example, we may aggregate information on how many messages a typical user sends and receives, and with what frequency.
If I have criticized Mozilla and DDG for the same thing, I can't let it slide here. Though, of course, it's mild compared to what everyone else is doing.
You may choose to delete your riseup.net account at any time. Doing so will destroy all the data we retain that is associated with your account.
Okay, so regardless of what is stored, if you delete your account - it's gone for good. The only sane policy that unfortunately isn't used by most other providers.
The more important things, though, are said in their RiseUp and Government section:
We will do everything in our power to protect the data of social movements and activists, short of extended incarceration. We would rather pull the plug than submit to repressive surveillance by our government, or any government.
We have fought and won every time anyone has tried to get us to give up information. We have never turned over any user data to any third party, fourth party, fifth party or any party.
We would not consent to the installation of any external hardware or software on our network and would end the organization rather than install any.
So they admit they will fight the government and would rather die than surrender. What other provider would do that? However, the claim that they've never turned over data is false:
After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization). The first concerned the public contact address for an international DDoS extortion ring. The second concerned an account using ransomware to extort money from people.
Even though this might seem justified by the apparent evil of the actions, it opens a can of worms that I'm not sure should be opened. I mean, the legal system itself is a massive oppressor and we shouldn't ally with it just because it happens to do something we like once in a blue moon. After this fiasco, RiseUp has taken steps to further increase privacy - they implemented automatic encryption of mail using your password (similar to Posteo):
Additionally, as of March 2017, the storage for all new accounts is personally encrypted. Riseup is unable to read any of the stored content for these accounts. Any user with an account created prior to March 2017 may opt-in to personally encrypted storage.
You can read more about this in https://0xacab.org/riseuplabs/trees. There is also disk encryption - so you're still protected against the government better than from any other service. And let's be real here - in RiseUp's 21 year long history (as of the time of writing), such a situation has (AFAIK) only happened once - while providers like Proton have given away data hundreds of times. RiseUp will remove your account for engaging in these activities:
* Harassing and abusing others by engaging in threats, stalking, or sending spam.
* Misuse of services by distributing viruses or malware, engaging in a denial of service attack, or attempting to gain unauthorized access to any computer system, including this one.
* Contributing to the abuse of others by distributing material where the production process created violence or sexual assault against persons.
Pretty mild compared to the litany of things you're not supposed to do that providers like FastMail or Mailbox.org have (and you pay for them). RiseUp also provides the best E-mail alias feature of all, which is free, does not reveal your real account in the headers, and you can delete the aliases if they aren't useful anymore or have become spammed. Though other providers, such as cock.li or danwin1210, do use the more secure v3 onion domains for XMPP and E-mail, RiseUp is the only one which provides them for the whole suite of services, such as bins, pads, file upload, etc.
All in all, for me this is still a great E-mail provider - taking into account the logging policy, lack of personal data needed for registration, v3 onion addresses, unlimited aliases, mail client support and great reliability (I don't think I've ever had it go down - unlike their XMPP). They also respond to support tickets. The only possible problem would be the FBI fiasco - though, they could not have done much there with the gag order. Remember - this service is used by thousands of activists - it has to take privacy and security very seriously. Of course, there is also the focus on anti-racism, anti-"homophobia", etc - but I haven't seen them claim to delete accounts for certain views, unlike Autistici. Other providers - such as FastMail or Mailbox.org - have a litany of things you're not supposed to do in their ToS (ten times longer than RiseUp) - and you pay for them. Still, it is a minor issue and since the service has no major ones, I have to mention those. To register, RiseUp requires an invite code from a person who already has an account.