If you’re looking for a new home, Disroot has free email services with a one-time payment if you want a custom domain attached. I’m just giving them the money I used to give Tuta every month. I don’t want to sound like a shill, so I’ll keep it short: I believe in Disroot far more than I ever did Tuta because Tuta was a business and Disroot is a movement. Disroot isn’t in a position where a fat cat investor is gonna start squeezing them for a return. Their last finance report also looked pretty good.
I’m tempted, but Disroot has two things that will probably keep me away, unfortunately.
Email is stored unencrypted on their servers
The site is associated with political activism
There are technical reasons for #1 being true (and ultimately, even if they encrypted the email, I would have to trust them anyway) but this opens extra venues for exploitation. Coupled with #2, the site may be targeted by activist groups who don’t like the politics associated with them, or participants on the service might be automatically associated with it. Personally, either of these issues on their own tends to be enough for me to avoid a service. I respect Disroot but it’s probably not for me.
#2 is fair, but I really don’t see any point in encrypting emails at rest when they by design are going to third parties who can do whatever they want with it. I don’t trust emails with sensitive information, so that’s not a problem for me. I wouldn’t have email if that was an option.
I think #1 is important in part due to #2, and because it’s due diligence for maximizing privacy where possible. If you’re sending emails to somebody on a different server, then you might not want them to be accessible on your own server if it gets breached, regardless of someone else’s security. (And if their server gets breached, attackers would then only have a subset of your messages.)
Yes, I understand, but I think it’s a false premise that email can be secure at all. You shouldn’t treat it as such and you should never send incriminating or sensitive information through email regardless of what promises are made about it being secure lest it is your own server. You can talk to people in much more convenient and actually secure and even anonymous ways and email does none of that so I don’t know why it’s expected to.
Email should, for 2-way communication, at best be used to establish actually secure connections elsewhere.
For all else, it should just be treated as an inbox that random people from the internet can dump stuff in for you to check out at your discretion.
If you’re looking for a new home, Disroot has free email services with a one-time payment if you want a custom domain attached. I’m just giving them the money I used to give Tuta every month. I don’t want to sound like a shill, so I’ll keep it short: I believe in Disroot far more than I ever did Tuta because Tuta was a business and Disroot is a movement. Disroot isn’t in a position where a fat cat investor is gonna start squeezing them for a return. Their last finance report also looked pretty good.
I’m tempted, but Disroot has two things that will probably keep me away, unfortunately.
There are technical reasons for #1 being true (and ultimately, even if they encrypted the email, I would have to trust them anyway) but this opens extra venues for exploitation. Coupled with #2, the site may be targeted by activist groups who don’t like the politics associated with them, or participants on the service might be automatically associated with it. Personally, either of these issues on their own tends to be enough for me to avoid a service. I respect Disroot but it’s probably not for me.
#2 is fair, but I really don’t see any point in encrypting emails at rest when they by design are going to third parties who can do whatever they want with it. I don’t trust emails with sensitive information, so that’s not a problem for me. I wouldn’t have email if that was an option.
I think #1 is important in part due to #2, and because it’s due diligence for maximizing privacy where possible. If you’re sending emails to somebody on a different server, then you might not want them to be accessible on your own server if it gets breached, regardless of someone else’s security. (And if their server gets breached, attackers would then only have a subset of your messages.)
Yes, I understand, but I think it’s a false premise that email can be secure at all. You shouldn’t treat it as such and you should never send incriminating or sensitive information through email regardless of what promises are made about it being secure lest it is your own server. You can talk to people in much more convenient and actually secure and even anonymous ways and email does none of that so I don’t know why it’s expected to.
Email should, for 2-way communication, at best be used to establish actually secure connections elsewhere.
For all else, it should just be treated as an inbox that random people from the internet can dump stuff in for you to check out at your discretion.