Vivaldi email (@vivaldi.net
) is a free email provider which appears to meet our criteria at a glance. The only thing I haven’t figured is their encryption at rest, which needs investigating. Their webmail seems to have integrated PGP.
Vivaldi does require phone number verification to access mail/community features
While (to my knowledge) this is not something that would prevent it from being listed as per our criteria, it does feel like an obvious disadvantage.
In my opinion, it would need to have something very special going for it to make up for that downside, otherwise I don’t really see the point.
I think the primary advantage over current recommendations is that it is free, and unlike many other free services they seem to have a clear business model which can sustain the services they provide, which isn’t related to advertising or a similar practice that might incentivize them to snoop on email content.
I’d say that should be a hard reject, especially for an email service. There’s so many other options out there for email, I don’t see why recommending one that requires a phone number is a good idea.
I feel like the same can be said for Tutanota and Proton who both have a clear business model and free tiers, and as far as I’m aware, neither require a phone number to set up (I can personally vouch for Proton on that front).
All in all, I don’t see what this adds to our existing recommendations.
Tutanota doesn’t require one either (just made an account this month. Personally i don’t think its worth adding at this time when proton and tuta do so well already
The Vivaldi mail server, mxi-2.vivaldi.net, uses 2048 bit DH.
Is there a problem with this? I believe we should use 3072 bit DH.
As it says it is indeed a problem. It seems Vivaldi has chosen some non standard key exchange which is quite worrying. There is really no reason to do this. They don’t use DHE but standard DH which is really a bad idea. Perferabily I would be ECDHE.
But I also see even TLS 1.0 I mean c’mon.
According to this test, mailbox.org is even worse, and it’s still recommended
Email test: mailbox.org
Vivaldi has removed phone number verification requirement.