10/3/22: this post is being updated and may contain outdated information.

What is Disroot?

Per their words, Disroot is a platform providing online services based on principles of freedom, privacy, federation and decentralization.

They provide a variety of services, including email, cloud storage, document editing, paste bin, and more while advocating freedom and privacy.  Disroot is most known for their free email service and are often recommended as an alternative to GMail or Outlook users looking for privacy.

However, there's a few notes of concern that should give pause.  Let's take a closer look a few of their more popular services.

Email

With email being the reason they're often recommended, that's where we'll start. We should be looking for a couple specific features when looking into privacy centric email providers: zero knowledge access/storage and minimal logging of personal information. After checking into Disroot's privacy policy, one can't help but leave disappointed. It starts with this:

This Privacy Statement applies to all services hosted on Disroot.org and its sub-domains. It does not extend to any websites or web services that can be accessed from our platform including, but not limited to, any federated services and social media websites outside Disroot. Federated services are those that interoperate with each other (exchanging information and services) regardless of the provider (e.g. mail or open social networks).

Some services have a separate privacy policy where the general one doesn't apply, such as email.  Moving along, here's their email services privacy policy.

This service requires login with Disroot credentials.

All emails, unless encrypted by the user (with GnuPG/PGP, for example) are stored unencrypted on our servers.

IP addresses of currently logged in users via IMAP/POP3 protocols are stored as long as the device is logged in the server (per each device logged in).

Server logs, which store information such as, but not limited to, your username and your IP address, from and to email addresses, IP addresses of servers the emails come in or go out to, are stored for a period of 24 hours after which they are deleted from the server. No backup of log files is created. Logs are kept to prevent brute-force attacks on accounts and to provide quick insight when debugging issues.

Given that email works on a federated protocol, when interacting with email addresses hosted on third party servers (eg. Gmail.com, Posteo.org), data is sent to other independently operated and owned servers in the network over which we have no control.

Disroot states that all emails are stored unencrypted on their servers unless they're manually encrypted using PGP.  This means that every email sitting on their platform is available to Disroot and anyone who gains access to your account or their servers.

Also note the last couple sentences.  It states email is a federated protocol, which means it's not beholden to the general privacy policy and abides by their email specific one.

They also state that they log IP addresses of all devices that are currently logged into your account.  For example, your phone, tablet, laptop, and desktop computer all have their IP addresses logged when using their service.  While not perfect, an IP address can generally narrow down your location to the city - assuming you aren't using a VPN.  You can get a broad sense of how accurate it is over at What Is My IP Address.

Cloud Storage

Along with email, another feature that's commonly used is their Nextcloud powered online storage.  They provide 2GB of space for free with additional capacity at extra cost.  Similar to their email service, encryption - or lack thereof - is an issue.  Disroot doesn't provide client side encryption on their cloud storage and actually discourage using it.

End-to-end encryption is still in alpha state, don't use this in production and only with test data!

ATTENTION!

Currently, Nextcloud end-to-end encryption is disabled on Disroot. It is due to a long standing bug with Nextcloud desktop app.

What this means is that the files aren't being encrypted on our computer before they're uploaded. This is a standard, and critical, feature that every other online storage provider that takes privacy seriously implements.  

Chat

Chat is one of their lesser talked about features compared to email and storage but an important one nonetheless.  Let's take a look at it.

This service requires login with Disroot credentials.

The roster (your XMPP contact list) is stored on the server's database.

Chat history is stored on the server in the same form as on the chat itself, meaning unencrypted chat is stored in plain-text and encrypted chat is stored encrypted. Additionally, the chat history, if not specified by the user on per chatroom basis, is stored on the server for a period of one month. You can decide to not have any history stored on the server per chat.

Server logs, which store information such as, but not limited to, your IP address and your username are stored for a period of 24 hours after which they are deleted from the server. No backup of log files is created. Logs are kept to prevent brute-force attacks on accounts and to provide quick insight when debugging issues.

Given that XMPP is a federated protocol, when interacting with users or chat-rooms hosted on third party servers, data is sent to other independently operated and owned servers in the network over which we have no control.

Files uploaded to the server are stored as is (plain-text or encrypted) for a period of three months.

What Disroot is saying here is that they store your contact list on their servers. Along side that, chat history is stored on their servers as well.  If it's unencrypted (which is generally the default), the history will be store as such, allowing the company or someone who gains access to their servers full access to your chat. To top it off, IP addresses and usernames are stored for a brief period of time, which can make identifying who you are easier.

Compare this to the slew of privacy focused communication services and Disroot suddenly starts looking a bit primitive.

Long Term Stability

While this isn't directly privacy related, it's still an important note to consider. The last thing anyone wants to deal with is having to migrate their content because the business wasn't sustainable.

Disroot is solely run on goodwill, volunteers, and donations from the community. Their Patreon currently stands at just $291/mo after launching in 2015.   For a provider that offers 15 different services, $300 per month isn't remotely sustainable if they gain any real traction.

That's not to say everything they have is bad.  Some of the more niche offerings collect no data or are end to end encrypted, such as Polls and Paste Bin respectively.  

But, when you couple the lack of privacy in their core services with the questionable long term stability, it's hard to recommend Disroot in any capacity if you're looking for long term services.  They have strong ideas and a great mission but for the privacy conscious individual, look elsewhere.