Have been using Protonmail but have also heard bad things over time...looking to make a move.
132 sats \ 0 replies \ @final 24 Jun 2023
Also Proton since I use the VPN / Domain service. The issues with Proton for me mostly boil down to their marketing and pricing. The bad things to do with logging were something they were ordered to do by their local jurisdiction (unavoidable) so I just consider it as them acting on good faith.
Posteo is almost perfect. It's cheap, can be bought anonymously, runs on other email clients, but they lack a DMARC policy. They don't log IP addresses at all but your mailbox can be intercepted if they receive an order to.
https://posteo.de/en/site/transparency_report
reply
12 sats \ 1 reply \ @siggy47 24 Jun 2023
I use protonmail as well. I heard some people like Tutanota.
reply
7 sats \ 0 replies \ @final 24 Jun 2023
I used Tutanota before Proton, however they were hit with a DDoS attack during a time I was using it for important government-related services and I was unable to file forms.
It's been a couple years since that incident, but I think they're a great service past that. I learned not to use it for anything too important though...
reply
3 sats \ 0 replies \ @federatedcomputer 24 Jun 2023
Encrypted email is a scam. Unless you only email with other encrypted email providers... Most of the time, we don't.
The better solution, for security, is to use an email provider that is not centralized so that no outside authority can demand metadata and mail.
reply
30 sats \ 4 replies \ @ek 24 Jun 2023
Don't most mail providers use TLS encryption at least?
Yes, this means your mail provider can read your mails but ...
That's also the case if you have a conversation with someone from another provider afaict.
For example, if a non-Proton user sends a mail to a Proton user, it also uses TLS but the mail is stored using "zero-access encryption". But if you send a message to them, it uses TLS encryption so their mail provider can read your mail:
-- https://proton.me/support/proton-mail-encryption-explained
So I think using SMTP for confidential data is just a lost battle.
Use other services.
reply
1530 sats \ 3 replies \ @final 24 Jun 2023
Encrypted email is essentially harm-reductive. This is why when choosing a provider I just consider what the provider would do with my information rather than concerns about the email system itself. I have a big issue with Proton's marketing because of that, the way they explain it makes it appear like a perfect system when in fact you need to read in the lines or on privacy policies / support articles.
These posts, while focused on PGP (another annoying system I wish I could use less), It makes a lot of the points and problems 'encrypted' email providers have.
https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html
https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
reply
100 sats \ 1 reply \ @ek 24 Jun 2023
lol, but well said. "Encrypted mail services" give a false sense of security.
I think everyone using these mail services (and even paying for them) should read these articles
reply
0 sats \ 0 replies \ @final 24 Jun 2023
I like to believe LARP security also boils down to having security that only exists to be shown off rather than having any major benefit. Kind of like Proton's entire "THE SECURE EMAIL™ BASED IN SWITZERLAND™" marketing shtick, and with PGP users showing off their keys everywhere.
As a customer, they're better as an alternative or ethical service - It's the closest bridge to mainstream email service that isn't completely piled on Google or Microsoft.
reply
0 sats \ 0 replies \ @aoeu 24 Jun 2023
Thanks for the articles!
reply
20 sats \ 0 replies \ @aoeu 24 Jun 2023
I have accounts at Protonmail and Tutanota. I like Tutanota better, but the only way to access it is via their app or website. You can't use a third party. There are ways of using a third party app for Protonmail, but it also isn't the most ideal way. Nice thing about Protonmail is that it is PGP, which is compatible with other PGP email services. Tutanota is probably better encryption (subject lines are encrypted too), but less compatible unless you are communicating solely with other Tutanota users.
Both services allow you to send an encrypted email that is password protected to anyone. They click on the link and type in the password you gave them. Tutanota's implementation of this is much nicer IMO as it allows both parties to see a thread of the conversation.
Mailfence is around PGP implementation that is free to try out.
The email service that I use the most actually is Fastmail. I know it gets a bad rep for an encrypted service since PGP is offered directly. But, since encrypted services are only good if you are only emailing other encrypted (and compatible) services, most of the emails I'd send with Proton or Tutanota anyway would end up on someone's Gmail account.
If I really need to send a PGP encrypted message I just use a separate GPG program and paste it into a message that I send on Fastmail. Fastmail has a blog post about this here: https://www.fastmail.com/blog/why-we-dont-offer-pgp/
Main cool feature of Fastmail is how you can create on-the-fly aliases. Let's same my email domain is example.com.
I'm on the phone with a landscaping service and they ask for an email address. The name of the company is Green Landscaping so I tell them that my email is greenlandscaping@example.com. They can send an email to that without me having to do anything and I can reply back using that email or send an email from that address as well. So rather than organizing emails by sender, I've started filtering to folders based on the address that the incoming email is being sent to. I've switched away from Gmail over 2 years ago and haven't looked back. It has been so refreshing.
But, if you are emailing friends or family and can convince them to use an end-to-end encrypted service, then Proton, Tutanota, or Mailfence would be your best bet! Posteo would be a good one too, but I don't have as much experience with that one.
reply
0 sats \ 0 replies \ @mrtali 24 Jun 2023
Proton Mail and its VPN is great too.
reply
0 sats \ 0 replies \ @SovranSystems 24 Jun 2023
Email is not a private technology and simply needs to go the way of the fax. I use Startmail, however if you want the most private way, you need to sovereignly run your own Matrix server.
reply
0 sats \ 1 reply \ @federatedcomputer 24 Jun 2023
https://federated.computer. It's your own server. 100% private. From the same people who invented node.js.
reply
0 sats \ 0 replies \ @SovranSystems 24 Jun 2023
I like these services, the only thing is they are not sovereign.
reply
0 sats \ 2 replies \ @Zepasta 24 Jun 2023
What bad things you heard about Proton?
reply
7 sats \ 1 reply \ @btcforlife 24 Jun 2023
There's so much wrong with it, you're better off just getting a server, make it actually encrypted and then, when you do send e-mails, encrypt them, because what they sell you is safety, but that only happens if you send e-mail to other proton addresses, everything else you need to use a encryption key (just like @aoeu explained) and make sure the other side is willing to do it, for registration on websites, e-mails from companies and so on, they'll have them in 'plain text' on their end, so if they do get hacked for example, and get access to any e-mail accounts, they'll see that you're a user there and can track you back on the website itself (generally speaking, of course).
reply
0 sats \ 0 replies \ @nymatix 28 Jun 2023
deleted by author
reply
0 sats \ 0 replies \ @numbskull 24 Jun 2023 freebie
Outlook is great