Signed-off-by: redoomed1 <161974310+redoomed1@users.noreply.github.com> Signed-off-by: fria <138676274+friadev@users.noreply.github.com> Signed-off-by: Daniel Gray <dngray@privacyguides.org>
13 KiB
title | icon | description | cover |
---|---|---|---|
Email Clients | material/email-open | These email clients are privacy-respecting and support OpenPGP email encryption. | email-clients.webp |
Protects against the following threat(s):
- :material-server-network: Service Providers{ .pg-teal }
- :material-target-account: Targeted Attacks{ .pg-red }
The email clients we recommend support both OpenPGP and strong authentication such as Open Authorization (OAuth). OAuth allows you to use Multi-Factor Authentication to prevent account theft.
Email does not provide forward secrecy
When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email.
OpenPGP also does not support forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed: How do I protect my private keys? Consider using a medium that provides forward secrecy:
Real-time Communication{ .md-button }
Cross-Platform
Thunderbird
Thunderbird is a free, open-source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Matrix) client developed by the Thunderbird community, and previously by the Mozilla Foundation.
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" }
Warning
When replying to someone on a mailing list in Thunderbird Mobile, the "reply" option may also include the mailing list. For more information see thunderbird/thunderbird-android #3738.
Recommended Configuration
We recommend changing some of these settings to make Thunderbird Desktop a little more private.
These options can be found in :material-menu: → Settings → Privacy & Security.
Web Content
- Uncheck Remember websites and links I've visited
- Uncheck Accept cookies from sites (1)
- You may need to keep this setting checked when you're logging in to some providers such as Gmail, or via an institution’s SSO. You should uncheck it once you log in successfully.
Telemetry
- Uncheck Allow Thunderbird to send technical and interaction data to Mozilla
Thunderbird-user.js (advanced)
thunderbird-user.js
is a set of configuration options that aims to disable as many of the web-browsing features within Thunderbird Desktop as possible in order to reduce attack surface and maintain privacy. Some of the changes are backported from the Arkenfox project.
Platform Specific
Apple Mail (macOS)
Apple Mail is included in macOS and can be extended to have OpenPGP support with GPG Suite, which adds the ability to send PGP-encrypted email.
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title=Documentation}
For those using macOS Sonoma
Currently, GPG Suite does not yet have a stable release for macOS Sonoma.
Apple Mail has the ability to load remote content in the background or block it entirely and hide your IP address from senders on macOS and iOS.
Canary Mail (iOS)
Canary Mail is a paid email client designed to make end-to-end encryption seamless with security features such as a biometric app lock.
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" }
Warning
Canary Mail only recently released a Windows and Android client, though we don't believe they are as stable as their iOS and Mac counterparts.
Canary Mail is closed-source. We recommend it due to the few choices there are for email clients on iOS that support PGP E2EE.
FairEmail (Android)
FairEmail is a minimal, open-source email app which uses open standards (IMAP, SMTP, OpenPGP) and minimizes data and battery usage.
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }
GNOME Evolution (GNOME)
Evolution is a personal information management application that provides integrated mail, calendaring and address book functionality. Evolution has extensive documentation to help you get started.
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }
Downloads
Kontact (KDE)
Kontact is a personal information manager (PIM) application from the KDE project. It provides a mail client, address book, RSS client, and an organizer.
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }
Downloads
Mailvelope (Browser)
Mailvelope is a browser extension that enables the exchange of encrypted emails following the OpenPGP encryption standard.
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" }
NeoMutt (CLI)
NeoMutt is an open-source command line email reader for Linux and BSD. It's a fork of Mutt with added features.
NeoMutt is a text-based client that has a steep learning curve. It is, however, very customizable.
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-info-16:{ .card-link title=Documentation} :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title=Contribute }
Downloads
Criteria
Please note we are not affiliated with any of the projects we recommend. In addition to our standard criteria, we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
Minimum Qualifications
- Apps developed for open-source operating systems must be open source.
- Must not collect telemetry, or have an easy way to disable all telemetry.
- Must support OpenPGP message encryption.
Best-Case
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should be open source.
- Should be cross-platform.
- Should not collect any telemetry by default.
- Should support OpenPGP natively, i.e. without extensions.
- Should support storing OpenPGP encrypted emails locally.