Jurisdiction
Negative scores are not necessarily reflective of the companies or their polciies, only the countries they’re based in.
Fourteen Eyes Countries:
More information on FEC’s here.
“Owned” means a country/location isn’t a Five-eyes country itself, but is a territory or commonwealth of one.
Second tier “Cooperative” countries are determined by Privacy International
Enemy of the Internet:
Based on Reporters without Borders’, 2014 “Enemies of the Internet” Report.
Logging
These metrics are collected from the official websites and other reuptable sources. This section takes each company at their word. It’s up to the user to decide who is trustworthy.
The term “logging” is referring to LONG TERM storage of this information, and not REAL TIME “monitoring”.
Anonymous Payment Method
Service offers at least one payment method that does not require personal information.
“Email” in this field is considered better than a No, since it may or may not be tethered to an individuals identity.
This does NOT count companies that claim that you can just falsify personal info and technically be anonymous. It’s to highlight companies that don’t ask for it in the first place.
Open Source Platform
The service in question has built their product on a free (as in freedom) and open source platform. They make their source code available for independent audits and review.
Gives back to Privacy Causes
A given service supports (typically by way of donations) organizations and worthy causes important to privacy. Examples could be donations to the EFF, FSF, OSTIF, and other organizations, FOSS audits, etc.
Meets PrivacyTools IO Criteria
- Operating outside the USA.
- Uses SSL encryption.
More info at privacytools.io
Webmail Access
Provides a method to connect remotely using a web portal to check and send messages.
Header Info Stripped
Takes steps to remove or obscure email headers in order to provide a greater degree of privacy for the sender.
Protocols (POP3, IMAP, SMTP)
Provides for using respective protocols to send and receive email through third party applications (Thunderbird, K-9, etc).
User can Control Private Key
The user has direct access to their private key. They have the ability to upload their own, download and view the active private key (if applicable).
2FA Option
Service provides a two-factor authentication option.
# of Addresses:
A 25 in this field actually indicates no advertised limit for the number of addresses (Done this way for conditional formatting purposes only).
Custom Domain
Customer can use their own domain for the address through the service.
Supports (CalDAV, WebDAV, CardDAV, ActiveSync)
The service in question supports the syncing of non-email resources (for example, calendars, contacts, tasks, etc. with third party applications and mobile devices.
Storage
The amount of cloud storage provided for email and documents. If pooled, the number is shown twice, even though it is not a dedicated figure for each.
# of Persistent Cookies
Using webcookies.org – persistent cookies
# of External Trackers
Using webcookies.org – third party cookies
# of Proprietary APIs
This field is derived from a urlquery scan of each service’s website.
Not all services are of equal concern (or even concern at all). This is a loose indication of how committed to free software a company is.
Server SSL Rating
Run using Qualys SSL Labs – SSL Server Test Tool
Pricing
Pricing is based off of normal rates, and doesn’t take into consideration promotions, coupons, or sales.
Refund Window
Often, payments made by cash or bitcoin CANNOT be refunded. User should research as needed. As this field only allows a numerical value, services that show -1 are indicating a free service.
Falsely Claims Service is 100% Effective
No security or privacy setup truly offers 100% protection or is a bulletproof solution.
When a company uses hyperbole or otherwise claims 100% effectiveness for anonymity, privacy, security, or generally gives this impression – it misleads potential customers that don’t know better and can harm the user who expects it to be true.
Some claims are more blatant than others, but any claim that could be construed as a surefire way to be anonymous is counted.
Incentivizes Social Media Spam
These companies offer rewards such as extra data allowances or free service time to users posting about their service on social media. This clogs up research channels and pads the number of likes (and therefore attention) a given service or feature has that it might not otherwise.
This also includes affiliates who post “deals” on behalf of the company to bring in traffic.
This in turn could mislead the honest customer.
Forbids Spam
Email or comment spam (by affiliates)
Ethical Copy
Companies that expect their affiliates to use ethically acceptable copy (keywords, terms, metatags, descriptions and webdesigns) in their advertising campaigns. Ethically acceptable copy is considered copy that is in no way deceptive, nor imposes upon the trademarks, copyrights or intellectual property of another product, company or entity. Purchasing advertisements on search engines with the names of the represented companies is strictly prohibited.
Requires Full Disclosure
This includes, but is not limited to, Federal Trade Commission 16 CFR Part 255 (or equivalent): Guides Concerning the Use of Endorsements and Testimonials in Advertising, which requires, among other criteria, that material connections between advertisers and endorsers be disclosed. This means that directories, review/rating sites, blogs and other websites, email or collateral that purport to provide an endorsement or assessment of an advertiser must prominently disclose the fact financial or inkind compensation is provided from the advertiser.
Affiliates
Affiliates are free agents bound to the terms of the companies they represent and given commissions or incentives to funnel traffic and referrals to the company’s site via affiliate links.
While companies are not directly responsible for their affiliates actions, they have a responsibility to keep affiliates and resellers operating within the terms of their partnership.
Ideally this means not spamming, breaking copyright, and providing full disclosure.