Kolab Now Review

Kolab Now is an email provider that is based in Switzerland, a location generally thought to be excellent for privacy. The country has no mandatory mass data retention directives and Swiss authorities must demonstrate due diligence in order to obtain a warrant to access data in criminal cases. All this means Kolab Now is well situated for protecting people’s emails.

Kolab Now is an email service that is marketed as an alternative to privacy-invading services like Yahoo and Gmail. The firm has a strong privacy policy that promises never to access user emails, and for this reason, Kolab Now is considered a secure email provider.

So, is this service all it is cracked up to be? And is it worth the money it asks for a subscription? 

Our Score
2.5 / 5
Free option
Available
Visit Kolab Now

Overview

Many of the biggest email services are known to scan emails for advertising data, and have even been accused of working directly with US authorities by permitting mass surveillance. These revelations have caused a growing number of people to drift away from commonly used email services in favor of providers that are secure. 

While Kolab Now has risen to popularity as an alternative to Gmail, there are some things about the service that make it different from the average secure email provider. It lacks features that many other secure email services have, which makes the service seem quite expensive. In our opinion, it lacks some important security features that would allow Kolab Now to be considered a genuine rival some of its main competitors. 

Having said that, Kolab is open-source, and it has a lot of things going for it compared to services like Gmail. For this reason, it can be considered one of the “good guys” of the emailing realm.

Kolan Now

A subscription to Kolab Now can be purchased on a monthly basis. And it will set you back either $4.45 per month for a personal account, or $5.43 for a business account. Those accounts come with 2 GB of storage space by default, and accounts can be upgraded to have more storage for around 50 cents per GB (per month).

However, it is worth noting that if you opt to pay those prices you will get a “Lite” subscription that comes with email only. To get access to all the features you actually have to pay closer to $8.80. That is really very pricey considering what you get.

In fact, no matter which way you look at it, Kolab Now is expensive. And the fact that there is no free subscription plan (as is the case with ProtonMail and Tutanota, for instance) is a bit of a shame. However, users do get a 30-day money-back guarantee, which means you can test out the service if you want. 

Users can opt to pay via credit or debit card, Amex, PayPal, or by using Bitcoin. 

Get Kolab Now

Features

If you opt for a lite account, you will only get access to emailing and an address book. However, if you pay for a full premium subscription, you will benefit from the following features:

  • Strong privacy policy
  • No sharing data with third parties
  • Based in Switzerland
  • Web portal for browsers
  • Contacts feature
  • One alias allowed per account by default
  • Full-text email searching 
  • Email filtering into folders
  • File storage with sharing
  • Share email folders with other Kolab users (same domain name only)
  • Calendar
  • Task management feature 
  • Notes feature for creating a searchable knowledgebase
  • Mobile sync
  • Custom desktop client for all popular platforms
  • Completely open source (FOSS)

Setup

Purchasing a subscription to Kolab Now is easy and only takes a few moments using its website. However, you will need to include a previous email address in order to receive the verification email. 

This is annoying for a service that centers around privacy. We would prefer to be able to join Kolab Now without handing over a previous email.

During subscription, you get the option to set up dual factor authentication (2FA) for webmail and the administration panel. However, 2FA will stop you from being able to sync your account with a third party email client via IMAP, DAV, or ActiveSync. 

Once you have paid for an account and completed the account verification, you can log in and start using the Kolab Now web portal. Users get access to emailing and much more, as long as they pay for the full premium version.

Ease of Use

Kolab Now is an easy emailing platform to get used to, and because it is available in your browser you can easily use it on Windows, Chromebooks, Mac, iOS, Android, or Linux. 

The service can also be used on third party email client via POP, IMAP, CalDAV, CardDAV, and WebDAV. And subscribers can connect their mobile devices via ActiveSync. 

Ease of Use Kolab Now

Migrating emails and contacts over from your old email provider is possible, and subscribers can pay to have both their emails and contacts brought over for them using the German service Audriga. However, anybody that uses the Roundcube web client can import contacts themselves via .CSV or vCard files if they prefer. 

Anybody who pays for a standard subscription will only get basic email features, and despite this being advertised as a secure email provider there is no native ability to encrypt email. Thus if you require the ability to send encrypted mails using PGP or password protected emails with a shared secret; you will need to look elsewhere.

Anybody that pays for a full subscription can make use of excellently integrated features such as the calendar, and file storage. The user experience is certainly extremely good when using these features, because integration is seamless.

Being able to share emails and email folders with other Kolab Now users is a smart feature and means that it is ideal for families or teams who want to share some access to email content. However, it is worth noting that only users on the same domain (the part after @ in your address) to be able to share.

Kolab Now inbox

Overall a great service in terms of features and functionality, and definitely good for beginners who can’t deal with a massive learning curve.

Get Kolab Now

Privacy 

The Kolab Now privacy policy explains that the firm will never store any data about its users. It also explains that cookies and any other tracking performed by its website is done in an anonymized fashion for the purposes of ensuring “the technical working of the system” and is never used for tracking its subscribers on third party sites. 

The privacy policy also explains that the firm will comply with legal requests to access data:

“As also explicitly stated in the Terms of Service, we are obliged to provide access to Lawful Interception requests issued by a Swiss judge. These are then processed by our staff, and either granted or rejected.

As a country that places a high value on privacy, Switzerland is extremely reluctant with such access, and all the statistics of such Lawful Interceptions (LI) are always provided in anonymized form by the authorities themselves, including detailed spreadsheets that allow you to control the grounds for approval.”

Overall, the privacy policy is a rather short document that does not mention GDPR (it should be explicitly mentioned with users’ rights to be a GDPR compliant policy). As a result, you have to turn to the Terms of Service (ToS) to find out more about what the service is doing and what rights you have as a subscriber.

The ToS promises that there will never be any third party access to your data (which firms in Switzerland are legally prohibited from doing anyway). Kolab Now does not work with advertisers or marketing firms and does not sell your data, or scan the contents of your emails - as is the case with providers like Gmail.

The service does have a transparency report on its website that details the number of times it has received legal requests for data from the authorities. However, those statistics have not been updated since 2015. This is problematic  -and if we use the transparency report as a warrant canary - this rings alarm bells and seriously brings into question the privacy provided by the service.

We also found the following part of the ToS concerning, you can make of it what you will:

Indemnification Kolab Now

Security

Kolab Now always provides secure SSL connections to its services, which means that your data should be secure in transit. It also provides Perfect Forward Secrecy for those communications to its servers. We tested its TLS/SSL security using Qualy SSL Labs and found that it scored an A+ this means that you can trust the integrity of your email data when it is in transit. 

However, the Kolab webapp does make subscribers vulnerable to a potential cyberattack caused by the way that browsers handle JavaScript code. This could allow hackers or government snoops to inject keys on the Kolab user-  in order to commence a man-in-the-middle attack. The only way to ensure that you do not fall victim to this sort of attack is to use your Kolab Now account via a stand alone email client that does not run in your browser. Kolab Now has guides for setting these up via IMAP, POP, CalDAV, CardDAV, WebDAV and ActiveSync. It is worth noting that this is true of all browser based email portals and not just Kolab Now. 

Perhaps the biggest drawback of this service is that it does not provide any encryption for emails. Users cannot send encrypted emails and there is no encryption for emails that are stored at rest on its servers. 

This means that if a hacker were to gain access to Kolab Now servers all those emails would be available in plain text. This makes it possible for employees to access those emails, and could lead to email content being leaked online. Perhaps most importantly, it also means that if the Swiss government serves the firm a legitimate warrant it could easily grant access to the contents of your emails, because it has full control over access to your emails. 

Thus, despite promising to provide a “secure” email service, the reality is that this service does not protect your data in a way that ensures the content of your emails can never be accessed by anyone but your (clients-side encryption). For this kind of privacy and security, you will need to subscribe to a service that provides end-to-end encryption for your emails. 

Customer service

Kolab Now permits people to send questions to their support team via a portal on its website or via an email to its support team. However, I found the team to be extremely unresponsive. We asked questions on two occasions and received no response. This is a disappointment. We even tried informing them that we were reviewing the service to see if that would help and still got no response. This is concerning for anybody who wants to ask questions before purchasing a subscription.

Having subscribed, it was possible to send messages. However, you do have to pay for that support if it is not directly related to a problem caused by the service. Thus, if you simply need help using the service you will be charged for support at $2 per request. This is what the firm says on its website:

“Due to costs, our support team does not offer telephone support. They also focus on and prioritize issues directly caused by the Kolab Now service. We are happy to help you with other issues, such as how to set up a specific third party client properly, but we then ask you to buy a support ticket. These tickets cost 2.00 CHF and will appear on your next invoice when used.”

Having to pay for support when the service is already expensive is frustrating, and it does put us off this service considerably. Many secure email providers have much better help at a fraction of the cost of a subscription.

Conclusion

While Kolab Now is generally respected as an email provider that does not perform any invasive activities on its user-base, it is hard to really consider this email provider a bonafide secure email provider. The firm’s policies appear to be strong and being based in Switzerland is certainly much better than invasive jurisdictions such as the UK or the US.

However, a complete lack of encryption at rest for emails as well as the fact that Kolab Now has full control over access to your emails is concerning. Emails sitting around in plain text could fall victim to hackers, could be accessed by rogue Kolab employees, and would be easily accessible to the government should they serve the firm with a legitimate warrant. 

The fact that its transparency report has not been updated in four years rings alarm bells and considering the cost of this service, we generally recommend shopping elsewhere for an email service with end-to-end encryption. 

The service itself is easy to use, and it does have a lot of features. However, it also lacks the kind of customer support you get with a lot of cheaper services. Tutanota and Posteo all cost around 8 times less per month, which is a lot. And those services provide strong end to end encryption meaning that you do not need to trust the service not to access your emails.

The seamless integration of features on this service may appeal to some people, and it is an excellent part of the service. And we can applaud for this provider’ for having open-source software which has been published in full. However, the lack of encryption and cost of this service is a massive put-off.

Get Kolab Now

0 User Reviews

Leave a Review

Your comment has been sent to the queue. It will appear shortly.

Thanks for your review!

Written by: Ray Walsh

Digital privacy expert with 5 years experience testing and reviewing VPNs. He's been quoted in The Express, The Times, The Washington Post, The Register, CNET & many more. 

0 Comments

There are no comments yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

StartMail is a Netherlands based secure email provider, offering 10Gb of storage, unlimited aliases and more.

A straightforward encryption service, with some cracking features, that lets you try before you buy - no credit card details required