Did you know that Gmail, Outlook, and many other Big email services think they can read your emails and sell them?
That's why were here to help find some safe alternatives!
Credits to @sir for helping me on this one!
Hoped you enjoyed and Stay Safe!
@sir @Tommy I respect your argument but I have to disagree. Proton supports PGP and has a track record of not having anything to turn over to authorities. I do agree that it is a risk to put your security in someone else’s hands but I think for 90% of people these services are just fine and will suffice. But I respect your points and arguments.
@sir @Tommy you’re asking me to trust you right now. I’m not doubling down on being wrong, but I think you’re gonna have a hard time getting the average person to self host their own email server. You have to accept that privacy is a sliding scale and additional that no digital medium is perfect anyways. You’re being this person right now: https://write.as/thenewoil/one-size-does-not-fit-all
2 -> they may not have access to your keys today, but web applications are inherently unsuitable for keeping secrets from service providers and if you log into the webmail tomorrow they could trivially exfiltrate your keys - this is only the illusion of privacy
3 -> what they tell you they log and what they actually log can be entirely different and you would never be any wiser to it.
4 -> you didn't mention this, but they claim to encrypt incoming emails transparently, but there's nothing to stop them from siphoning off the plaintext and, again, you would never notice. This gives you a false sense of security and de-emphasises end-to-end solutions like PGP which actually work.
@sir @Luke @Tommy Those are all completely fair points, but if I may play devil's advocate:
1) But I can still access my data via their website? Just because I can't download my data doesn't mean they aren't showing me all my data? I don't get the connection there.
2-4) Isn't that true of any non-self-hosted service?
@thsprsntdrknss @Luke @Tommy
1) Vendor lock in is a problem no matter how you slice it. They conveniently lack these standardized features for the express purpose of hoarding your data away from you, and then lie to you about made-up privacy reasons for doing so.
2-4) not necessarily. Services can be designed to avoid the (2)nd problem by not handling your secret data in a context which they can secretly update. (3) can be minimized by reducing the amount of data which is transmitted to them in the first place. (4) can't be avoided, but they should be upfront with the limitations of their approach and not sell it as a perfect solution. If they wanted to improve (4) they should be working to improve and standardized end-to-end approaches like PGP, or something new if they can't stomach PGP.
@sir @Luke @Tommy Also, afterthought related to #4 specifically: PGP doesn't encrypt metadata, so with any service - Proton, Mailbox, Gmail - what's to stop any service from logging your metadata? PGP isn't a foolproof option either.
Correct me if I"m wrong. Again, I do not claim to be a tech expert. I'm a fucking bass player.
@abloo @sir @Luke @Tommy In response to 4, isn't Proton based on PGP? Don't they basically just streamline the PGP process? I agree they could do more but it's not like they build their own encryption like Telegram or Tutanota. And in responses to 2 and 3, how do the services you recommend conform to them? Again, seriously asking. I want to learn. I want to improve.
@thsprsntdrknss @abloo @Luke @Tommy protonmail has limited PGP support but it's not what their solution is based on. Even if it were: it's not a valid excuse for IMAP/SMTP, that's just a convenient way to secure vendor lock-in for them.
I have made my email provider recommendations available here:
1. requiring payment for imap/smtp access
2. them having plaintext access to incoming mail
3. running untrusted code on their servers
I'm not quite interested in a self-hosted mail setup yet since I'm concerned about the network reliability of the place I would be hosting from.
Diskussion in some flaws at #mailboxorg in German:
Yes! How could I have forgotton!
Riseup is very trustworthy and unbiased.
Thank you for asking!