User data security, privacy, and anonymity

is private anonymous

Security, privacy, and anonymity are three concepts crucial to Mailfence. Our email suite has been designed to take all three into account, making it a unique solution. We also believe each of them should be a concern to you, even to varying degrees. But in some instances, they may overlap, and it can be tricky to distinguish them. What exactly is security? Privacy, and anonymity? How do they differ? And how does Mailfence comply with each of them? Let’s have a look.

What are data security, privacy and anonymity in simple terms?

In simple terms, we can define user data security, privacy, and anonymity concepts as follows :

  • Privacy: To fully control and manage one’s personal information or actions. In other words, ‘they’ can see who you are but not what you do.
  • Anonymity: To become fully unrecognizable in one’s data or actions. In short, ‘they’ can see what you do but not who you are.
  • Security: To safeguard against threats, risks, and danger. You are safe even though ‘they’ can see who you are or what you do.

How does Mailfence comply with user data security, privacy, and anonymity?

Below is a general visualization using a mind map.

User data security

User data security is always our foremost concern, and we take it very seriously. Following are some of the aspects that we would like to highlight.

  • End-to-end encryption (E2EE) and Digital signatures (DS): Mailfence uses open source libraries, which have been publicly audited to provide end-to-end encryption and digital signatures based on OpenPGP. Our service works seamlessly in your browser, and maintains a zero-knowledge environment between your client (the browser) and our servers. You don’t want to store your private (encrypted) key on our servers, or do not like a JavaScript based front-end? You are perfectly free to use any local client that can support OpenPGP (e.g., Thunderbird/Enigmail, …) and keep all your keypairs on your device.
  • Two-factor authentication (2FA): Your account security is very important to us, and that’s why we have always encouraged users to protect their accounts using 2FA. If someone gets hold of your password (e.g., via phishing) your account will still remain safe. However, make sure you generated and stored securely the backup recovery codes (in case you lose access to your TOTP app).
  • Spam protection: We have several conventional and in-house spam preventive measures in place to protect your account from unsafe emails. We also plan to release a dedicated white and black-listing feature that will further empower users to retain control over unwanted emails.
  • Malware detection: We have dedicated measures to protect your emails (+ attachments), documents and various other import points from malware and other harmful content.
  • Other measures: Various other security measures are in place as well, e.g., mandating all connections to our servers via Transport Layer Security (SSL/TLS) encryption, both for web services (+ PFSHSTS) and IMAP/POP/SMTP email client, etc.

Mailfence and user data privacy

Based on our design philosophy, user data privacy is of the utmost importance to us. Mailfence manages to protect user’s data privacy by focusing on several aspects :

  • Minimalistic approach: Our basic principle is to keep as little data as possible. Starting from the registration, we only ask you for a first/last name.  It doesn’t have to be your actual name – and that is only used for your display name. You can change it at any time. During registration, we also request a username and an account recovery address (which could be an alias or a disposable address for privacy’s sake). Other collected data as stated in our Privacy policy is strictly used to run technical checks, deliver customer service, fulfil legal requests, and process payment transactions. Users are always encouraged to follow a minimalist approach, generally speaking.
  • No covert play: We use no tracking cookies, no browser fingerprinting and provide no secret access to third parties. There are no ads and solicitations. During more than 17 years of operation of our company, we have never commercialized our databases.
  • Locally hosted: We host all of your data locally, under strict Belgian privacy and data retention laws. Only a court order from a Belgian judge can force us to release information.
  • Third-party trackers: We filter out third-party trackers in all incoming messages to your account. Moreover, we also keep an eye on the evolving tactics of tracking users via emails, and improve our protections accordingly.
  • Protecting your location data: We strip your device’s IP address from all the outgoing email headers. This greatly helps in preventing malicious actors from geo-map your location.
  • Other measures: We do have several other measures in place as well, e.g., strict in-house data access controls and retention policies, use of zero-knowledge frameworks, etc.

Mailfence and identity anonymity

Identity anonymity is essential when thinking of online user data. At Mailfence we take into account numerous scenarios where anonymity layers are desired e.g., for journalists, privacy activists, political dissidents users, among others.

  • Using Mailfence with onion-based solutions: Mailfence encourages users to use Tor browser or Clearnet or I2P, or any other onion-based solution to achieve better anonymity. Of course, using a VPN is a plus, if you trust a single entity with all your internet traffic.
  • Support of Crypto-currencies: Mailfence supports Bitcoins, Litecoins and Ethereum. We also plan to extend our support for other currencies as well.
  • Pseudonymous porting and de-porting of data: This can be done using a display name of any sort while connecting through onion-based services, and paying via cryptocurrencies. You can then easily port -(import) and share your data e.g., using direct access (public) link while keeping your identity intact. You can always de-port (export) all your data if you want as well. This ability is made possible thanks to our support of open standard protocols e.g., SMTP/IMAP/POP3, WebDAV, CardDAV, CalDAV, OpenPGP. Interoperability is one of Mailfence’s key concerns, and we don’t restrict or lock users in our application eco-system.

Much more

We have of course plenty of other measures that protect your account security, privacy, and anonymity. For security reasons, we did not make all of them public.

Online security, privacy, and anonymity are more like a spectrum and look different depending on your goals, activities, and threat model.

Want to take it a step further to improve your online security ? Check our Email security and privacy awareness course. It will give you straightforward tips on protecting yourself against the most common threats to online privacy and digital security. Generally speaking, it will help you keep your accounts secure.

Take the first step to free yourself from Big Tech and degoogle your life. Why not start by opening a free Mailfence account? This will allow you to gently learn about data encryption and digital signatures, which will improve your online privacy.

You will also benefit from the various office tools that make up our suite:

All are secure and private. The icing on the cake ? They come with 500 MB of files storage for free as well. Subscribe here.

Get your secure email

– Mailfence Team

Share This Article
Avatar for Arnaud

Arnaud

Arnaud is the co-founder and CEO of Mailfence. He's been a serial entrepreneur and startup investor since 1994 and launched several pioneering internet companies such as Rendez-vous, IP Netvertising or NetMonitor. He is regarded as the internet advertising pioneer of Belgium. You can follow Arnaud on this blog.

You may also like...