Why you need an offshore email account

by Simon Black · 52 comments

Last month, a Wyoming bank employee was routinely emailing some loan documents to a customer’s personal Gmail account. It sounds like a simple enough task, yet somehow the employee made an enormous error.

Not only did he erroneously attach a file to the email that included the names, addresses, tax IDs, and loan information for 1,325 customers, but he sent it to the wrong Gmail address!

We’ve all been there… victims of our own fat-finger negligence– good intentions gone horribly wrong because our technology moves so quickly.

And so, with pulse pounding and panic setting in, the bank employee immediately sent a follow-up email to the mistaken address, pleading with the account owner to delete the sensitive data and contact him as soon as possible. And then he waited…

After several days had passed without response, the bank contacted Google for help. They wanted information about the unintended email recipient– is the Gmail account even active? What is the account holder’s name? Would Google take steps to ensure that the confidential information is not open or disclosed?

Google refused to comply without a court order, so the bank sued… and in this particular case the wheels of justice moved rather swiftly– within a few weeks, US District Judge James Ware ordered Google to temporarily deactivate the recipient’s Gmail account and disclose information about the account to the court and to the bank.

Days later, Google and the bank jointly announced that the issue had been resolved… but because of the court order, the user’s email account has to remain deactivated until the judge hears the case again on October 5th.

I read through the case files with great interest because, frankly I was disgusted that ‘the honorable’ Mr. Ware could compel Google to deactivate an individual’s email account.

Sure, the bank employee made an unfortunate mistake. But email accounts are deeply personal, even more than physical home mailboxes. I wondered if the employee had accidentally put a physical package in the mail to the wrong mailing address, would a federal judge direct FBI agents to beat down the recipient’s door?

Doubtful. Rather the judge would have told the bank, “Sorry guys, but you’d better start notifying customers of the security breach pronto.”

Advances in technology have a significant impact on the world; as I am fond of saying, technology is key economic growth engines over the long-term. But governments and regulatory authorities have a bad habit of abusing the ease and comforts that technology provides as a means to erode personal privacy.

Email usage, web searches, e-commerce, credit cards, etc. all make life easier and more convenient for consumers. They also make it easier for the government to keep tabs on our activity and whereabouts– and as this Google case demonstrates, the burden of proof required to violate an individual’s electronic privacy is quite low.

To take a page from WG Hill’s ‘Three Flags’ approach, I believe wholeheartedly in spreading one’s sovereign risk among different jurisdictions– establishing residency in a country that values foreign visitors, while maintaining citizenship in a country that doesn’t tax worldwide income and basing assets in yet another no-tax/low-tax jurisdiction.

To this approach, however, I would add another ‘flag’: jurisdictions in which an individual should base sensitive and electronic assets. The goal is to ensure that the computer server where your email is hosted, as well as the company which owns/manages the servers, are both outside of your country of residence and citizenship.

Clearly there is going to be some element of counterparty risk in any transaction that involves more than one person; but if the Gmail recipient had been using an email account in, say, Singapore or Switzerland, the chances of a foreign judge ordering the account to be deactivated are slim to none… and slim’s out of town.

Below I provide a links to a few offshore email providers whose servers are located overseas. With a properly configured account, you can switch to an offshore provider and still keep your existing email address:

Neobox- http://www.neomailbox.com (Netherlands)

e-mail.ph- http://www.e-mail.ph (Philippines)

HongKong Mail- http://www.mymailhk.com (Hong Kong)

mBox- http://www.mbox.com.sg (Singapore)

Green- http://www.mails.ch (Switzerland)

Swiss Mail- http://www.swissmail.org (Switzerland)

Remember, using these providers decreases the likelihood of your email account being confiscated or deactivated by your home government– offshore email hosting does not guarantee privacy or security unless you use encryption schemes (to be discussed in the future).

If you have suggestions for other providers, please let me know.

Tagged as: anonymous offshore email account, bad governments, best alternative gmail hushmail, best offshore secure email, best secure offshore hosted email, compare+hushmail, countermail reviews, countermail+alternatives, court order email address, does swissmail secure attachments, domain email hosting offshore, email privacy gmail foreign, email privacy hosting provider offshore, email provider panama, email providers for swiss customers, email providers foreign, email service without spying, encrypted email providers europe, encrypted email service review, fastmail v hushmail, foreign email account, free anonymous offshore email, free emails no snooping, free encrypted email providers hushmail, free offshore anonymous email account, hosted offshore email, how good is neomailbox, how safe is countermail, how secure is swissmail, hushmail cia, hushmail countermail alternative, hushmail email account owner, hushmail iphone problems, hushmail more than one account, hushmail vs, hushmail vs fastmail, individual operated free email service, is swiss mail secure?, mbox singapore-based email service, most private email, most private email accounts, most private email hosting, most secure email overseas, neomailbox bad news, neomailbox iphone, neomailbox trial, offshore email hosting, offshore email servers, offshore encrypted email provider, offshore gmail, offshore mail service, offshore web based email, offshore+email+hosted, offshore+hosted+email, privacy, privacy harbor any good, privacy harbor email, privacy harbor email review, privacy harbor not secure, privacy of personal email accounts, privacy+harbor+email+review, privacyharbor vs. hushmail, private email account, private email provider, private email providers, private webmail, runbox email gmx fastmail, safe private email providers, safe-mail vs. hushmail, safe-mail+privacyharbor, safe-mail.net fbi, secure email overseas server, secure encrypted email offshore review, secure personal email account iphone, services like hushmail, soveirgnty of the amish pdf, user reviews swissmail, vs hushmail, webmail offshore, Who owns hushmail

http://rauschenbach.us/blog Möpsi

Simon, you have not even mentioned the domestic surveillance capability of those free e-mail services. That e-mail going to the wrong recipient is almost the pointless part of the anecdote. The real worry should be that the e-mail will now exist forever in the database of a marketing company, and those US-based free e-mail companies are required to disclose all that data to an ever broadening network of recipients. So it is really a matter of whether the sender trusts EVERYONE in the loop, and not just the recipient.

http://profiles.google.com/jacob.frautschi Jake Frautschi

thankfully, gmail discloses identifying customer data less than most (all?) other large email providers, afaik.

Jeff

Simon,
Though I don’t doubt there’s plenty of “questionable” bits & bytes of data I’ve sent and received over the years, I’m not particularly concerned about anything any govt snoop might dredge up on me. I’m pretty boring.
Nevertheless, I wonder what sort of virtual red flags pop up on some snooping bureaucrat’s computer program when I suddenly become an international e-mail address.
Any thoughts?
Thanks,
Bored in CA
Christine

What about Hushmail? Mark Nestmann recommends this in his book?

Also, which one of the email accounts you recommended has the most free space for storing emails.

Hushmail is very low

Haxxx

hushmail is useless. simply google 'hushmail spills to the feds' from a 2007 wired article

http://profiles.google.com/jacob.frautschi Jake Frautschi

countermail does what hushmail set out to do but better, though admittedly at a steep price (I believe $60/mo after the 1 month free trial). They couldn’t divulge your protected email contents if they wanted to.

marat

If you want to go real unusual than try russian mail.ru
But there is too much of ad on their web site and poor spam control.

http://laird.zchs.org Gary

Too much spam on a Russian ISP? Who’d have guessed?

Kevin

Simon: I use a service out of Norway called Runbox. I’ve used them for 5 years and their service has been great. I ASSUME their servers are there too… ?

I’d love for you to specifically expand on the Three Flags concept… suggestions for countries for residency, citizenship (with passport!) and a low or no tax country for investments (staunchly and defiantly on the black list if possible!) Keep up the great work! KGB
Bill

Hello Simon,

I will be in Vienna, Budapest and Bratislava over the next two weeks. Do you have any plans to be in central Europe at that time. Let me know and we can grab a beer.

Bill O.
Jusina

I’ve learned so much from your “Notes from the Field”. We really appreciate your sharing your knowledge with us.

Jusina
Chris

How do you configure an offshore account to enable a person to keep there original e-mail address please?

http://none Lana Sanders

I would like to have an email account offshore just as I would like to find a virtual server that allows me to Trade from say Panama but be right here,,,is there really such a thing or do I have it wrong? What is the advantage other than the gov cant read your email, I doubt seriously if they wanted to read it that they couldn’t put enough pressure on the person themselves to get them to give it to them???

Lana Sanders

http://rauschenbach.us/blog Möpsi

Lana, as an e-mail expert by trade, I think it is more reasonable for you to expect that all electronic messaging is being “read”, at one or more levels, in fulfillment of its very design. Furthermore, at this point, encryption is impractical, and also draws the wrong kind of attention, for which there is now limited due process. That is the trade-off (the complete surrender of privacy) for the convenience factor you desire.

For those interested in privacy, I would stay away from electricity, and find an “Amish broker” who borrows their next door neighbor’s telephone. The Amish are great and aggressive capitalists… I would not be surprised if you find what I am describing, even though I am being just a little sarcastic, but not by much.
http://profiles.google.com/jacob.frautschi Jake Frautschi

what do you mean by ‘limited due process’ for encrypted email?

Bill Marsteller

I’d like info on encryption schemes for off-shore emails. Thanks, Bill

http://rauschenbach.us/blog Möpsi

Bill, if you can get all your communication partners on the same server, and send each other e-mails via WebMail only, then all those e-mails will never leave the hard drive of the server, and never fly out over the internet, if you know what I mean. That is one practical way to cut down on most of the snooping that goes on. But such a server would have to be configured correctly, to not allow e-mails to and from the “promiscuous Internet”. Such a server would also need to refuse http connections, and only allow https connections from browsers. It would also need its own iPhone and Blackberry app, to make off-line mode work, without which it is all impractical.

Those requirements are a bit specific, and I’ve never heard of anyone getting it done. I should probably go into business. But then again, the constraints I just described make the scheme too impractical for most potential customers, since they would first have to give up all their existing e-mail addresses, at least for confidential e-mails. And, the compliance laws in a lot of countries (probably all countries) require the snooping to get done anyway, and the laws even say the service provider or software manufacturer has to hide the snooping from your customers and your “fake” privacy disclosure notices. So again, going against the flow is highly impractical, and draws the wrong kind of attention. It is probably just better to stay under the radar, and keep all your activities transparent, all in the light of day, and buy as much gold for cash while it is allowed, and do everything else the same way, at the same metaphorical level as the cash-for-gold example.

When it comes to property, contract law, and all that, I think the political diversification is real and still has potential in the present time window. But as far as electronics is concerned, I think that all is one, and that there are no diversification opportunities, and that the veil of sovereign separate nations, or the hope of opportunities created by nations crippled by their own corrupt incompetence, breaks down completely at that level, and as far as the electrons are concerned, all roads lead to Rome.

http://profiles.google.com/jacob.frautschi Jake Frautschi

I feel like your world-view on privacy does not take into account (admittedly somewhat hard to use) encryption technologies that really make communications completely opaque to even the most sophisticated snoopers, with the one doorway to eroding the privacy being physical compromise of the computer containing the encryption keys.

http://rauschenbach.us/blog Möpsi

I should add that it pains me to advocate transparency in electronic dealings, because if it were only a matter of disclosing our electronic dealings to an honest elected government, most honest people would happily comply.

But, in a corporatist environment such as the current USA/Europe/etc, what we are really talking about is protecting our assets and trade secrets from the top tier of business, which has become one-and-the-same with government, which consists of the established monopolies, no-bid contractors, favored institutions, chosen winners, and all the rest. I am not defending any of that, but I am just saying that fascist cycles have to play out, and every wave has its own strength, and that there are times to surf, and times to get out of the water. And the latter, getting out of the water, is the gist of my “electron avoidance” narratives, such as cash-for-gold, or the shared modern Amish telephones, which seem comical at first, but work admirably for those precious few who still take these matters seriously in this land, even at the expense of convenience (God forbid!).

http://profiles.google.com/jacob.frautschi Jake Frautschi

intriguing. i can’t deny the possibility of what you say, even though i think it unlikely.

Paul

To protect against the marketing/privacy issue, just get a domain name in the country of your choice, then get web hosting in said country, most hosting plans include email. Now you control the email server. Sure it will add a couple of bucks to your monthly budget, but its worth it for the privacy factor alone.
BorisV

Quite a few people mix up two separate dangers: one is snooping on our emails by third parties and another is to lose the access to your email account for considerable time (weeks? months?). Simon clearly tells about the latter, since not much we can do against the former without PGP or similar methods.
I certainly don’t care much if governmental agencies read my emails (I’m boring, too), but I do feel uncomfortable if as a result of someone’s stupid mistake I would lose ability to read/get my emails.
Marlon Oddo

Take a look at Hushmail (www.hushmail.com). I think it is the best thing going.

greatermind

Hushmail is a Delaware corporation. Says so in their About section… unfortunately they would be subject to a US judge's ruling too.

Who

I think that mail.ru is free. I do not read russian well enough to know whether POP or forwarding are available.

As far as PGP goes: consider it compromised. If you use it then expect ALL of your encrypted mail to be read at NSA and possibly elsewhere.

http://profiles.google.com/jacob.frautschi Jake Frautschi

What?? PGP, properly used, is pretty damn secure… what evidence do you have that it is no obstacle for NSA?

jim

Privacy Harbor – give it a look.
Stephen McConnell

I’ll bet if the person at the GMail account had notified the bank that they had received the email erroneously, then assured the bank that they had deleted the attachment, there would have been fewer problems.

Rather than skulking around like we all have something to hide, maybe we could try to be honest and open.

And ANYONE who believes that email is secure and private (whether it is overseas or not) is an idiot.
http://laird.zchs.org Gary

Don’t kid yourself — if you access your email through the internet, it’s accessible to your government. It’s passing through nodes and cables operated under government control, and if it’s coming from an offshore server it’s *specifically* subject to interception.
Markus

If you are able to read German, you should also look at http://www.gmx.de. They also have a number of “fun” domains where the ending is in .com (so it is disguised as an international e-mail). They are part of the largest European Web space provider http://www.puretec.de and therefore you will be more sure that they will be around for some more time to come.
It is free, has 1GB of storage, plus very important: It allows POP3 access, so you can download it to your local computer without always needing to go to their website. (Only once in a year you need to log in to your account by Web to update your details (otherwise they will send you reminder e-mails) otherwise you are free to use POP3 access all the time (which I do) and the newsletters go in my Junk mail folder on my local e-mail client :-)
So advertisement free (and their spam filter is also pretty good :-). You get a report which mails have been held back, so you don’t even need to check the online spam folder. You only need to check it if your spam report includes an e-mail you actually want.
The have a newsletter which you will need to bear once in a while, but it is not too bad.
Oh, and, no, I am not working for them, but I am very happy with them for over 10 years already.
Anthony

Once again as Americans we blame everyone else. What about personal integrity or courtesy. Here is a novel idea. The person who received the erroneous email contacts the bank using Reply and states that information was sent to the wrong person and email address. Wow, what a concept person to person, no government and no corporations involved.

Another thought, Google contacts recipient directly and explains that issue may be elevated and that recipient may want to contact the bank directly.

There are solutions that do not invlove governement or attorneys.
BRIAN

WE HAVE OUR EMAIL AT FASTMAIL.FM

greatermind

Sadly fastmail is now taken over by Opera (as in the Opera web browser). And on this page near the bottom:
http://fastmail.fm/help/overview_reliability.html

it says that their main servers are located in New York City.

http://www.facebook.com/edmundas Edmundas

Hi, great piece. I’ll have opportunity to meet Google Europe head of communications next week and could pass comment or question from you or otherwise I’ll just ask him about that case and post his answer here:)
dave

I would like to add a note about international phone calls. A few years back one of my buddies got a pair of coder/decoders to use for telephone conversations. He and someone else used them several times for phone calls from Mexico to California. It took 3 days for the CIA or FBI to show up on the doorstep to see what was happening.
Roger

Any follow up to this story?

All of the banks customers, especially the originally intended recipient, should sue the bank.

There is no excuse for emailing highly personal documents like loan papers in unencrypted format. none.

they should be sued; if the bank has no policy on encryption, those responsible for that oversight should be fired. if they do, then the employee should be fired.

Encryption would have made this a non-event
HRH

None of you obviously thought of the possibility that maybe the ‘unintended recipient’ was ill or incapacitated for quite a while, or maybe he/she lazy or had a bunch of accounts and didn’t use that account very often and so never noticed the problematical e-mail.
justsharing

GREAT ARTICLE: Really puts me to thinking about emails…who would have thought a judge could just order your account shutdown. And, it was good the email service provider stood their ground until court ordered or this would have never come to light.

Our govt. is getting out of hand, eh!
vasilii

i found this interesting article about offshore servers hosting:
http://ezinearticles.com/?Offshore-Dedicated-Server-Hosting—Why-Consider-Hosting-on-Anonymous-Dedicated-Servers?&id=2968254
Nick

Hi Simon,
e-mail.ph- http://www.e-mail.ph (Philippines) is actually a front for
http://www.everyone.net, based in California.

If you read the privacy and terms of use agreements, that’s where you’re taken FWIW.
Pete

http://www.countermail.com is going to be the best one (as far as I can tell)… but they aren’t past beta-testing yet. Once they get going though, they’ll be the most private e-mail provider in the world! Better than Hushmail.com (which can decrypt your webmail and read it, and WILL if a US govt agency comes calling – as they have done), and much, much better than Safe-mail.net. If you want my analysis on the ones out there, I wrote it up: http://privacyoriented.baywords.com/2009/08/28/the-world-needs-a-free-encrypted-webmail-provider-that-does-not-suck/

http://rauschenbach.us Möpsi

CounterMail looks promising. By moving encryption and decryption to a desktop applet, and by limiting their servers to moving encrypted e-mails only, they have created a very secure server environment.

Which moves all of the security concerns into the desktop applet. I ran it on my Mac, and it started by asking for access to my computer. Um, this is far more exposure to sniffing, spying, and whatever than an insecure server environment could ever have. I decided to deny access for the moment, and figure out who I was dealing with.

I then looked up the digital certificate, granted by Comodo (UserTrust) to “Counter invest i rattvik AB, Textilvagen 11, Rattvik 79532 SE”. That looks like a real enough address, but I cannot find where Comodo publishes a whois service. In other words, how I am I supposed to follow up on the chain of trust? More digging required, but this is supposed to be easy, and a Certificate Authority’s main job, yet I can’t find out how to do it on my own. More than likely, Comodo is more interested in rubber-stamping websites with a “trusted” logo than doing a proper CA’s job.

Since the CounterMail solution looks like it has much promise, I am working with them to see if they will open-source the applet, so that whatever version I decide to allow to have access to my computer, I can compare an MD5 hash of it with a version that I can build on my own computer, from the source codes, to ensure it is not running any rogue spyware. Anything short of that comes back to not being able to trust it, since the spooks could just force their hooks and sniffing into the applet, which not only makes my e-mails vulnerable to being snooped, but also exposes my address book, files, and everything! No thanks for now.

The CounterMail staff is nice enough, but remember that once the spooks come knocking on their door, they are required by threat of prison time to keep it a secret that their applet is now spying on you on behalf of 400+ busy-body agencies around the globe, or whomever else. So just because it has not happened yet, does not mean it won’t happen the day after they go live.

http://rauschenbach.us Möpsi

Ernst & Young audited Comodo’s CA activities in Aug 2009, which means there is probably nothing to worry about there. https://cert.webtrust.org/SealFile?seal=973&file=pdf
Anonymous

“”The CounterMail staff is nice enough, but remember that once the spooks
come knocking on their door, they are required by threat of prison time
to keep it a secret that their applet is now spying on you on behalf of
400+ busy-body agencies around the globe, or whomever else. So just
because it has not happened yet, does not mean it won’t happen the day
after they go live.”"

Swedish law does not allow government agencies to force email providers to comply. Not even through court order. Telecom-companies (internet, phone and so on) may be forced to comply and spy on their customers but email-providers are not included. The only thing a government agency may do to Countermail is to seize the data of a particular user. But the only thing the agency would have in cleartext are the times/dates and address of undeleted mails sent and received…the email bodies and attachments would all be encrypted even if sent to somebody who does not support PGP-encryption (like Hotmail, Gmail). That is the major difference towards services like Hushmail – and also that Countermail does not log any IP-addresses. Ever. In addition to that, a deleted email is permanently deleted in Countermail whereas in most other services it is retained for a while (for instance in Hushmail it is retained a month and IP’s are logged for 30 months).

You wont find any service that does not log IP-addresses except Countermail.

Only negative thing I can say is that I dont like Countermails interface, they are a bit expensive (I mean, cmon its an email service!) and their service does not work with Iphone. But if its security one is looking for there is no better alternative. It is as secure and anonymous as an email service could be.

http://none.com Dave

Can anyone recommend any additional offshore email accounts?
ma2

wow good article, thank you! gonna check countermaail out.

pce
Youngandrestless

I think we are overexaggerating this case slightly. The judge ordered that the email address be “temporarily deactivated” and google comply with the bank. If we are thinking logically then this is quite correct. If the email user was actively using the account then why not reply to the bank employee's follow up mail? the only answer would be that he is trying to profit from the information. Therefore the judge is correct to force action by google. If the email user is not actively using his account then what harm is it that his account is temporarily deactivated.

Frankie says relax!
Johnny

What do you guys think of these chaps? http://www.rayservers.com/e-mail
Jdkdio

Recently I signup for privacyharbor looks to be nice.

Any good privacy providers out there?

Tried signup with hushmail premium service (even tho they gave it all up to feds) due to me being not from US, somehow it kept giving my ip is too far away from my card. WTF. IP = real address isn't 100% perfect, yes it stated correct country but wrong city.
Anonymous

Offshore email account is very important for more security and advance email service. These is great list of different offshore service providers.
Anonymous

There is very little that Uncle Sam can’t decypher. Believe me. I know.
Anonymous

There is very little that Uncle Sam can’t decypher. Believe me. I know.

Previous post: Panama and the OECD

Next post: Panama: Don’t let this law affect your decision

Mon	Tue	Wed	Thu	Fri	Sat	Sun
« Jan
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29

Why you need an offshore email account

Must Read Posts

Recent Articles

Resources

Popular Content Tags

Calendar

Information