Which Email?
A while back I started on this journey, and as most people did, I've had my ups and downs and went through the learning curve, I've now reached the point of so much knowledge that I truly know, I dont know shit. People of Lemmy I come to you today because idk what to do, I recently made a free account with proton, their subscription is fairly cheap so idm paying the monthly tier of 15GB so I can have control over ending it whenever I please instead of being locked in for a year. Now, I heard about Tuta but never dived much into it, i know Proton has had its controversies (Don't be shy of reminding me of what they were), but what are my options here truly for a proper FOSS email provider? I can negate the free part for a reasonable price, but truly private AND secure is a must.
Self Hosting isn't an option yet for personal reasons unless it's completely free.
alibloke
in reply to snowydroopz • • •snowydroopz
in reply to alibloke • • •alibloke
in reply to snowydroopz • • •snowydroopz
in reply to alibloke • • •alibloke
in reply to snowydroopz • • •Cons: some knowledge of Docker is required
A static IP is helpful but not a requirement
If your ISP uses gcnat then that's a problem. Using a residential IP isn't great for reputation
Pros: It's a very well thought out system
Very few bugs
Excellent documentation
Includes spam protection, webmail and a bunch of other features
itjustworks
sakuraba
in reply to alibloke • • •snowydroopz
in reply to sakuraba • • •Voxel
in reply to snowydroopz • • •TL;DR: Stick with Protonmail. There is, based on what you told us, no reason for you to switch to another provider.
I wouldn't recommend Tuta at the time of writing, due the lack of OpenPGP (no, their own EE2E does not act as a solid replacement) and JMAP/IMAP support.
snowydroopz
in reply to Voxel • • •Take it easy on me with the big boy terms haha, you mind explaining them? Except E2E, I know what end to end encryption is, tho idk if EE2E is another thing or just a typo by you
Another user said mailcow, thoughts?
sakuraba
in reply to snowydroopz • • •I think they meant E2EE (End-to-end encryption)
OpenPGP is an encryption standard
JMAP/IMAP iirc lets you use other clients like Thunderbird (you won't be able to use 3rd party clients with proton unless you pay for it so take that into account too)
snowydroopz
in reply to sakuraba • • •sakuraba
in reply to snowydroopz • • •yeah it is used for encryption, in this case mails between proton users can be encrypted using OpenPGP
i recommend to research a bit yourself on these topics and your use case for privacy in this context. email is not private by design.
thanksforallthefish
in reply to Voxel • • •elkien
in reply to thanksforallthefish • • •thanksforallthefish
in reply to elkien • • •Thanks for the response, yeah that is better than nothing, but if OP hasn't migrated yet then better to choose a provider that isn't locking them into an apple-esque walled garden. If they decide to stop supporting the bridge then you're stuck.
I like proton but they make a few too many weird decisions. I mean imap has been around for a long time, why not use the open standard.
superglue
in reply to snowydroopz • • •This might be an unpopular opinion in this community, but here it goes.
Privacy doesnt really exist with email. Yes, Proton does support encryption, but nobody but Proton uses it. When your bank sends you an email, its plain text, and its pretty much guaranteed its sent from an outlook or gmail server. If they want your data they can get it whether youve got proton or not.
As for me - I actually still use my universities email. Its on outlook, but, hardly anything is sent to it, it never gets flagged as spam, and it doesnt cost me anything and will hopefully be there forever.
snowydroopz
in reply to superglue • • •superglue
in reply to snowydroopz • • •SupremeDonut
in reply to superglue • • •BladeFederation
in reply to superglue • • •sakuraba
in reply to superglue • • •snowydroopz
in reply to sakuraba • • •StumblingWasabi
in reply to superglue • • •edel
in reply to superglue • • •Your opinion is not unpopular here.
For those that don't know, yes, when Proton or Tuta sends an email to an unsecured provider, it is on the open... if you want it to be that is. You have the choice to tick if you want to send the mail and attachments encrypted or not. If you choose to send it encrypted, they have a link they have to introduce a password to get in. I use this multiple times with somehow sensitive data. At least their email provider won't have the data... now, the recipient may place then that data in Google Docs and that is game over; but that is your party's fault, not your email provider.
ShutUpWesley
in reply to snowydroopz • • •whatiswrongwithyou
in reply to snowydroopz • • •Everyone telling you email isn’t private is right.
Don’t use it for things you don’t want to be public knowledge.
TheMadCodger
in reply to snowydroopz • • •Others have already said similar, but it depends on what you mean by "private" and "secure". Yes, proton is e2e but that only is true if you're emailing another proton user. And yeah, Proton can't read your emails, but as soon as you email someone else outside the ecosystem, it's as good as public.
I'm not saying thou shalt not use proton! But I had a subscription and cancelled. One part because the CEO vocally supported Trump and the doubled down when called out. Another part because I got tired of the proton ecosystem being inaccessible outside its own walled garden because of the e2e.
So I switched to Fastmail and couldn't be happier. Is it perfect, no, but what is? It works well, it's reasonably priced, they've been around forever, and I can use it with apps/programs outside of what they provide.
When it comes down to it, your email will never be truly private unless you only communicate with people who are just as concerned about privacy.
Product tour
Fastmailsnowydroopz
in reply to TheMadCodger • • •TheMadCodger
in reply to snowydroopz • • •Pros, it just works the way I'd expect it to. What really makes me happy with it is how they enable you to use it outside their ecosystem if you want to, so like caldav, SMTP, etc. Those either don't exist or are much harder to do in proton because of the encryption.
They have a mindset of enabling you to use your data the way you want to: recently they added an api for interfacing with LLMs, which lets you plug one into your email/calendar but only if you want, and then it's something you have to turn on. If you never want to have AI near your data, that's the default. In this era of "we made email better by integrating AI into it that you didn't ask for" Fastmail gives you the option, but doesn't force you.
Not unique, but they have a great masked email creation that can be generated from elsewhere. Currently I have them generated in Bitwarden when I create a new login (Bitwarden problems are a different thread).
Cons, it is hosted in Australia which does have better protections than the US, but is still part of Five Eyes. Your data isn't encrypted on
... Show more...Pros, it just works the way I'd expect it to. What really makes me happy with it is how they enable you to use it outside their ecosystem if you want to, so like caldav, SMTP, etc. Those either don't exist or are much harder to do in proton because of the encryption.
They have a mindset of enabling you to use your data the way you want to: recently they added an api for interfacing with LLMs, which lets you plug one into your email/calendar but only if you want, and then it's something you have to turn on. If you never want to have AI near your data, that's the default. In this era of "we made email better by integrating AI into it that you didn't ask for" Fastmail gives you the option, but doesn't force you.
Not unique, but they have a great masked email creation that can be generated from elsewhere. Currently I have them generated in Bitwarden when I create a new login (Bitwarden problems are a different thread).
Cons, it is hosted in Australia which does have better protections than the US, but is still part of Five Eyes. Your data isn't encrypted on disk, but is encrypted in transfer as is standard these days. They are transparent about the fact that they could see your data if they wanted, but they state their principal is to have a very food reason to do so, otherwise they say they'll respect your privacy. They also say their business model depends on not scanning your data and selling it because people would jump ship if they did (true) but all of that is taken on faith.
Ultimately, unless you self host, you're going to have to trust someone. And the headaches of Proton's ecosystem being so locked down just so I could say they couldn't read my email, but gmail could as soon as I sent it, didn't add up for me, which is why I switched. I like the convenience and it works well, and the price is reasonable.
snowydroopz
in reply to TheMadCodger • • •danhab99
in reply to snowydroopz • • •I've kind of given up on the concept of email as a whole. Nobody emails anymore. Nobody in my family uses email, I've never had a friend who emails me, I'm the weirdo for asking for an email address so I can email you a calendar invite because I'm a weirdo for using the calendar..
Maybe it's just been my experience but does anyone actually use email? And if so what about everyone else's security?
Scott 🇨🇦🏴☠️
in reply to danhab99 • • •nixFREAK
in reply to snowydroopz • • •snowydroopz
in reply to nixFREAK • • •nixFREAK
in reply to snowydroopz • • •snowydroopz
in reply to nixFREAK • • •nixFREAK
in reply to snowydroopz • • •snowydroopz
in reply to nixFREAK • • •Libb
in reply to snowydroopz • • •Remember that email is none of that, unless both people use encryption.
Tuta and Proton both are encrypted, which is great, but the moment you exchange with someone that is not using encryption (aka, the vast majority of people), they're not anymore.
I always considered email like sending a good old postcard: something anyone could read without being invited, just by looking at it.
Be it Tuta or Proton, or any other commercial offering, you won't have real control without owning your actual domain name. Owning it means you can change email provider if/when you wand (and if you don't feel like using your own).
snowydroopz
in reply to Libb • • •Libb
in reply to snowydroopz • • •Your purchase it from some registrar.
I'm from France so it probably won't be the same as you, it will cost you a small yearly fee. Like, for example I do own the domain 'thefoolwithapen.com' (my blog) among a few other domain names. So I can use libb@thefoolwith... with either my own email/hosting or most third-party provider, I don't have ti use their own name/domain. Sorry for the lack of specificity in my explanations, I'm everything but an expert ;)
Edit: clarifications
snowydroopz
in reply to Libb • • •Libb
in reply to snowydroopz • • •Damage
in reply to snowydroopz • • •I have a domain and I use email aliases, they're addresses that redirect everything they receive to another address. That way you could for example redirect all emails from John@Doe.com to John.doe@proton.com
When you send emails from John.doe@proton.com, if you want to show the alias' address as the sender, your provider must have support for identities, many do, Gmail does, proton I don't remember.
Btw you don't PURCHASE a domain, you rent it. Usually the basic plans can include limited hosting space for a website, and actual e-mail accounts with storage, but while most also offer webmail portals, they aren't as good an experience as Gmail.
snowydroopz
in reply to Damage • • •edel
in reply to snowydroopz • • •Just a week ago I wrote my impressions of diverse email providers so I put it here with a few corrections:
Proton gives me some no good vibe I cannot explain, but it works really good and they really have the human capital to make it work the best. A big criticism is hosting some many services under one roof... specially VPN, drive and email, but it is very convenient for customers. They do also have policies of no-refund that makes that bad sentiment grow... Why no refunding non-used portion or even with a penalty? Regarding its founder, Andy, he did made 3 statements that appeared to support Trump, but I think they were misinterpreted; Andy criticized more the Democrats unrelenting support for the Tech Giants than praising the Republican administration. Let’s remember that, at that time, Trump was the only voice that appeared that was going to favor more the small business vs the mega corporations. Of course, that was the promise that Trump, as with all others he made, were a complete lie. I don’t recall any other statements from Andy beyond th
... Show more...Just a week ago I wrote my impressions of diverse email providers so I put it here with a few corrections:
Proton gives me some no good vibe I cannot explain, but it works really good and they really have the human capital to make it work the best. A big criticism is hosting some many services under one roof... specially VPN, drive and email, but it is very convenient for customers. They do also have policies of no-refund that makes that bad sentiment grow... Why no refunding non-used portion or even with a penalty? Regarding its founder, Andy, he did made 3 statements that appeared to support Trump, but I think they were misinterpreted; Andy criticized more the Democrats unrelenting support for the Tech Giants than praising the Republican administration. Let’s remember that, at that time, Trump was the only voice that appeared that was going to favor more the small business vs the mega corporations. Of course, that was the promise that Trump, as with all others he made, were a complete lie. I don’t recall any other statements from Andy beyond that topic of small business vs big tech. After listening to many of Andy interviews, he does not seem to me like a typical Conservative, let alone MAGA supporter.
Mailbox, has been static for a while, but they do offer a good service and now they are attempting to modernize. No full privacy by default but that could potentially be with some effort, but okay for most people. Still a bit German-centric. I still would recommend them easily.
Posteo would have been my first choice since 5 years ago, but the lack of no being able to use your domain, sorry to say it is inexcusable. They say because your own domain brings some privacy up to light, very true! So advise it, “look, we suggest to use our domains for better privacy for you, but if you want the freedom to move to another provider in the future at the cost of a bit of privacy, you are welcome to bring your own domain”. I want to believe the decision was genuine because they think it is for better privacy and not to create a lock-in for its customers.
Tuta… oh Tuta. I like the people, I believe and trust them the most! Yet, they probably still need to grow a bit so they can have the resources to do better (maintaining an email service is it very hard nowadays, even more a privacy oriented one). Their android client does not share data with Google for the push notifications (hello Proton?!) and that should be a fundamental requirement. For just email, it is fantastic and for privacy it is the best, period… if you are OK with the lack of support on IMAP and POP3 protocols that is; They should do some bridge like Proton does and I would put in top among all in a instant.
Other privacy oriented providers can be okay since they have a low profile and less targeted by 3rd actors, but at the same time also less prone to keep with security updates. It is sad, but I would not use in a daily basics. Same with self-hosting, free or non-free, don't! As mentioned, it is very complicated not only from a security concern but also many email will get lost in the void by picky providers like Gmail.
On the concerns of the change of political colors in Germany, first regarding privacy, you are more at the wimps of the people of the provider than the leader of the time. I don’t really see any country as safe today, not a single one! Now, a right owner is someone like Lavabit’s that choose to close shop rather than given the SSL keys to the US authorities, that is why trust is so critical; I would rather use a provider based in the US with the right owner, than one in Switzerland with one I don’t know much about. Your only protections are the technology and the owner!
Once said that, unless you are a high targeted individual, maybe you should not only focus on privacy, besides, sometimes, the best defense is to blend-in among the no-so-top-notch-privacy providers. In any case, I trust the most Tuta, but recommend Mailbox for most people and Proton to those a bit concerned about normal privacy. I think there is room for a new player here that covers all the shortcomings, but it is not here yet.
snowydroopz
in reply to edel • • •edel
in reply to snowydroopz • • •From Posteo I cannot say much more since using my own domain is critical.
Tuta, it is indeed missing PGP and that is a problem if you are trying to communicate with someone that uses PGP. Now, Tuta's encryption although no as universal as PGP, you could say it is better implemented since the subject is encrypted (unlike with PGP's). The shortcoming is is that Tuta's encryption only works seamless between Tuta accounts, or the recipient is offered a web link where he/she has to enter a password. In real life, a handful full know to to work with PGP.
So at the end depends on who you intend to send emails to... are part of them PGP users? If yes, get Proton, if not, either Proton or Tuta will be OK, use other criteria to choose between them.
snowydroopz
in reply to edel • • •tradclasstruggle
in reply to edel • • •I recently switched to Proton, mostly to get out of Gmail and Hotmail.
I did this firstly to get out of the yankee services, not because I trust Proton: their claims of private mail are mostly bullshit, and they do clearly behave like a CIA honeypot, so I don't trust them (as I didn't trust the other two), so I use the free account (also there are increasingly fewer and fewer free options nowadays) just to get emails that I'm more than okay being known, or where my domain emails don't work.
Everything else goes to an assortment of addresses on my webstorage with my domain, running on a national server outside of all the cursed 9/14/etc eyes. Even still I expect them to be fully visible under a court order. But I get no one actively profiting off their info, and get no spam there. So I'm very happy with the change.
edel
in reply to tradclasstruggle • • •64bithero
in reply to snowydroopz • • •flo_l
in reply to snowydroopz • • •Mylemmypt
in reply to snowydroopz • • •snowydroopz
in reply to Mylemmypt • • •Mylemmypt
in reply to snowydroopz • • •