Where is Disroot Based?
Disroot was created in Amsterdam back in 2015, when the Netherlands was known for its liberal approach to security and privacy. Unfortunately, this has changed in recent years with the introduction of the Wet op de inlichtingen- en veiligheidsdiensten (Wiv) law in early 2017, handing a range of surveillance powers to an increasingly authoritarian government. Translating to “The Intelligence and Security Services Act”, this allows officials to monitor online communication through smartphones and other devices, profiling citizens and visitors down to their DNA.
The Netherlands is also a part of the Nine Eyes intelligence group, the first expansion of the Five Eyes Alliance, alongside the United Kingdom, the United States, Canada, Australia, New Zealand, Denmark, France and Norway. While this means information can be shared with other agencies, the country is still significantly more liberated than its neighbours, earning its “Free” status from the Freedom in the World survey.
How Much Does Disroot Cost?
Disroot is completely free to use up to 1 GB in the mailbox. It is possible to fill out a request for extra storage up to 10 GB for 0.15 euro per GB per month. This is simply to cover the costs of hardware, electricity, and maintenance, which is otherwise funded through the company’s “pay as you wish” scheme via donations.
There are several methods available to contribute to the project, including:
- Credit Cards via PayPal
- PayPal itself
- Select Cryptocurencies directly through the website
Disroot’s Patreon seems to yield the most benefits with its $15 monthly tier earning subscribers an extra 50 GB of cloud storage space, Email Aliases and a swanky Disroot branded T-Shirt on request.
The unstable nature of this method of funding begs the question as to whether Disroot will last. In the Frequently Asked Questions section, the company states that it does “intend to keep it going for a very long time” since its admins and maintainers are reliant on the services daily, but this still requires you to simply trust the organization.
Money is directly reinvested into the service, scaling depending on how much support it is getting at any given time. Remaining transparent, Disroot makes its annual reports available for the community to download and showcases a month-by-month graph of the current year’s progress.
Disroot's Features: Overview
- One free Alias (more available for supporters)
- 1 GB email storage account (can be upgraded to 10 GB at a cost of 0.15 EUR per month for each additional GB)
- Email attachments up to 50 MB in size
- Upload multiple files
- Cross-device compatibility thanks to IMAP/POP3
- E2E email encryption with OpenPGP
- Spam and Virus filter (with the ability to whitelist)
- Customizable filters - for sorting emails automatically as they arrive
- Unlimited filter addresses for keeping your inbox tidy
- Identities (Signatures)
- Fast search
- HTML emails
- Suite of applications, including Cloud, Calendar, Gallery and Notes
- Request delivery and read receipts
- Automatically add recipients to your address book
The Disroot RainLoop Client
RainLoop is an open-source email client with a sleek interface, on which Disroot is based. The organization obviously stands by the proverb ‘if it ain’t broke, don’t fix it’, as Disroot’s implementation is identical to the standard offering.
You can easily customize things yourself, adding your own branding by heading into the admin panel and uploading your own background. This is a minimalistic, yet nice touch that can be seen on the web client. Your email address is displayed prominently in the top-right, while your remaining storage space can be found in the bottom left in percentage form. Hovering over this will tell you just how much you have left in MB, so you can make the most of your limited space.
Most of the features you would expect are present, such as a neatly compact threaded view, the ability to create sub-folders and marking things as read in bulk. I particularly liked the ability to request delivery and read receipts, which could come in handy for workplaces. Unfortunately, there is no way to pre-place an automated response for when you’re away, such as on vacation.
There is no Disroot application for desktop, but its support of POP3 and IMAP means it will work with any client on OS X, iOS, Android, Windows, and Linux. There is also a RainLoop plugin available for Nextcloud on desktop and an Android repository containing Disroot from F-Droid, but both methods are a little fiddlier for those not well-versed in technology.
Does Disroot Offer Privacy?
Naturally, the organization eliminates most details needed to open an account, accepting anonymized usernames and a variety of payment methods that allow you to give as little or as much information as you’re comfortable with. You are required to provide an existing email address when setting up an account, but this is solely used for verification purposes and not stored on Disroot’s servers. Logs are kept for diagnostic purposes only and stored for no longer than 24 hours unless explicitly specified otherwise.
Disroot is entirely General Data Protection Regulation (GDPR) compliant, giving you control over your personal data. The organization does warn you that you could potentially be exposed to web trackers from the likes of Facebook, Twitter, and Google due to its embedding system, but this is dependent on how you use the services provided and what is emailed to you by other people.
How Secure is Disroot?
Disroot is seemingly lacklustre in the security department, for a company all about privacy. Its primary cloud service is based on Nextcloud, which currently has end-to-end encryption disabled due to a longstanding problem with the desktop application. The RainLoop-powered email service forgoes Advanced Encryption Standard (AES), but does protect access to its servers by enveloping information in SSL/TLS, providing that the recipient also supports this kind of encryption. It also houses built-in support for GPG encryption, although this has had its issues in the past.
Disroot helps you lock down your account via two different types of two-factor authentication (2FA): Time-based One-Time-Password (TOTP) methods like Google Authenticator or Universal 2nd Factor (U2F) devices like USB keys. We always recommend hardware-based 2FA, as it is the most secure, but we do acknowledge that TOTP is more accessible across multiple platforms.
The organization has taken precautions against the worst-case scenarios by implementing disk encryption into Disroot. This helps to prevent data leaks when servers are stolen, confiscated by authorities or physically tampered with in any way.
How Easy is Disroot to Setup?
Annoyingly, Disroot does not make it simple to sign up to its services. The main Google Search points you in the direction of its Cloud login, which in turn does not include or link to a sign-up sheet. Instead, you’re seemingly expected to navigate towards the “Forgot password?” section, click “cancel” as you obviously don’t have a password yet and only then are you presented with “New User Registration” as an option.
Since Disroot allows the recovery of passwords, it does not subscribe to a complete zero-knowledge policy. It does take a cautious approach upon signing up, however, with robust requirements and an indicator telling you how strong your password is. Trying to keep data collection to a minimum, Disroot only asks for:
- A username (this can be an anonymous pseudonym)
- A Password
- An email address for verification purposes
Once you’ve completed your request for a free Disroot account, you will be required to either click on the link provided or input the code sent to your verification email address. This caused me a handful of issues, as the first email took longer to come through than the website’s automatic 15-minute timeout. Unless you actively click on the webpage to refresh the countdown during your wait, the page will expire and seemingly require you to repeat the process all over again.
Your new @disroot.org email address is automatically created using your username, should your account be approved.
The Website and Customer Support
My issues with the website stem from a disconnection from cloud.disroot.org, where the services are found, and the information-based disroot.org, where the sign-up sheet is. A third website called user.disroot.org is used as the User Self Service Center, where account changes can be made. Navigating between these three is unnecessarily difficult with things hidden in very specific pathways yet could easily be resolved with a simple “sign in/sign up” hyperlink and a homepage option.
By contrast, Disroot’s customer service was impeccable with a great response time of 2 hours and clear, straight-to-the-point answers. Most problems can be solved by looking through the information provided in the About Us, Services, Blog, Tutorials and FAQ sections of the website but the agents provide a welcome safety net for the community-led platform.
My Final Thoughts on Disroot
The free version is already a fully featured service that offers calendars, contacts, accessible notes and, best of all, cloud storage. But, there’s certainly value to paying for the service as Disroot charges the equivalent of a cup of coffee each month.
Overall, Disroot is incredibly impressive with a community-led service that’s sure to please most looking to break away from the clutches of Google, Microsoft, and other corporate titans. The passion behind the project is a refreshing change of pace that will only enrich the platform moving forward.
- Free with cheap upgrades
- Emphasis on privacy, data reduction, zero tracking, green energy, sustainability, social justice
- Can request to link your own domain if you’re a supporter
- Fully featured: Cloud storage, calendar, contacts, notes, cross-client compatibility, drag-and-drop support
- Clean and customizable user interface
- No .com addresses available
- Located in a “Nine Eyes” country
- Does not have an auto-reply feature
- RainLoop is written in PHP, a server-side language for open source