The business model isn't there. I have yet to see a large group of consumers willing to pay for secure email and the only other alternative, advertising, leads to the exact same problem that you face with GMail.
That seems to imply you don't already. There are lots of paid email services that don't monetize user's emails. And many that are hosted outside the United States.
For the extremely vigilant, there is always CounterMail
The threat of email interruption and snooping can't be completely avoided. Undersea cables get cut, governments change, servers crash, data centers get raided, and companies disappear. At some point the data gets decrypted and everything is retrievable unless you are any extremely hard core PGP user. Even HushMail has to bend to the feds when it's all said and done. Even savvy people realize paranoia only gets you so far with email.
> advertising, leads to the exact same problem
> that you face with GMail.
Not necessarily. For some people that largest factor is that Gmail brings all of your email under US jurisdiction. It may be enough to just do advertising-funded Gmail clone that is solely based out of another jurisdiction.
You may even be able to convince non-US businesses that this is a better alternative.
I actually host my own email. I developed an open source application for automatically encrypting all email with my public key as soon as it arrives, and I can't do this if somebody else hosts my email. You can read why and how here: https://grepular.com/Automatically_Encrypting_all_Incoming_E...
Brilliant! Thank you for sharing the post and code. I'd be interested in hearing thoughts on how to make it searchable. If you don't index, searching will take quite some time. I guess the best thing to do would be to index each e-mail (keywords?) before it is encrypted and then encrypt the index itself as well. There is a problem with the keyword approach though - if the index encrypts the words but the "link" between message id and encrypted keywords is not encrypted, then an attacker who is in posession of one or several other message bodies in plain text can see correlations between the content of known and unknown message bodies.
Ok that's 2 customers who are also HNers. I think you'd need to do better than that. We are hardly a representative of the general consumer.
There is another problem, US govt' need to get access all these messages. For example http://en.wikipedia.org/wiki/Hushmail, people seemed to have signed up, but Hushmail was forced to provide plaintext messages to US govt upon request. So they sort of compromised their main selling point.
That is probably the largest problem, you'd be stuck between a rock and a hard place. You either please your security conscious customers or please Uncle Sam. You can't please both.
It doesn't have to, but unless it is located in Iran, NK or other US-unfriendly place, US govt can always pressure the local govt to pressure the local business to turn things over. I wouldn't, for example, count on countries like Switzerland, US is already getting to its banks to turn over US accounts, and is supposed to be one of the most independent and un-influenced countries.
With the current legislation trend, eventually un-cooperative or "terrorist friendly" sites would just be filtered out and blocked, so you might have a hard time accessing your email. Some messages might never make it to you.
I was actually talking about writing a front-end that you could host on your own server, not a gmail clone. (I wish I could update my original comment.)
I think for most people, $10 IS too much. Although we all talk tough about privacy, most people (even here) don't have much to hide from anyone, and when the difference between definitely secure, and probably secure (in terms of privacy and ownership of data) is $10, it suddenly feels a lot more expensive.
I am just about to migrate from Gmail to NeoMailbox. I'm choosing the Swiss hosting option. I'd prefer something in Iceland but the closest service I could find was OrangeWebsite and for them mail was pretty much an afterthought.
Obligatory comment pointing out an opportunity for disruption, etc., why aren't we all millionaires., etc. etc.