Like it or not, email is a critical part of our digital lives. It’s how we sign up for accounts, get notifications, and communicate with a wide range of entities online. Critics of email rightfully point out that email suffers from a significant number of flaws that make it less than ideal, but that doesn’t change the current reality. In light of that reality, I believe that an encrypted email provider is a must-have for everyone in today’s age of rampant data breaches, insider threats, warrantless police access, and targeted advertising. If I can get access to your emails, I can get a range of sensitive information including where you bank (to craft more convincing phishing attacks), information about pets (I get notifications each year from the vet for my cats’ annual checkups), calendar reminders, news announcements from family, support tickets from services you use, and more. In a worse case scenario, if I get access to the account itself, it’s trivial to simply issue password reset requests for nearly any of those accounts, have it to sent to said compromised email account, and gain access to a wide number of other accounts you use – from banking to shopping and more – for any number of reasons. So this week, let’s look into the top encrypted email providers The New Oil recommends and their features to help decide which one is right for you.

      • ISOmorph@feddit.de
        link
        fedilink
        arrow-up
        8
        arrow-down
        1
        ·
        6 months ago

        Let’s see what europes e2ee ban will bring. Proton is one of the “high risk” services mentioned in the bills debate. Might not be too long before you have to host your own mail server if you want privacy in europe.

        • 乇ㄥ乇¢ㄒ尺ㄖ@infosec.pub
          link
          fedilink
          arrow-up
          3
          arrow-down
          5
          ·
          6 months ago

          I’m probably going to downvoted to hell with this… But didn’t people say Proton might be a government Op, even Tuta was mentioned as a honeypot in a recent Court case, so they released a blog post titled: Tuta is not a honeypot…

          Idk… my guts tell me, if something is too good to be true, then it’s not true… Proton offerings are amazing for a free plan… And their clients looks good and they sponsor YT channels… I used to be happy to see an Open source project succeed as a business, but the concept of honeypots, made me rethink my view

          • wagoner@infosec.pub
            link
            fedilink
            arrow-up
            7
            arrow-down
            1
            ·
            6 months ago

            Idk… my gut tells me… didn’t people say… might be… I’m probably going to be down voted to hell… if something’s too good to be true…

            What a ridiculous response.

              • wagoner@infosec.pub
                link
                fedilink
                arrow-up
                2
                ·
                6 months ago

                I quoted the bits that answer your question and which completely undermine the bits I didn’t quote.

                • 乇ㄥ乇¢ㄒ尺ㄖ@infosec.pub
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  6 months ago

                  first of it’s a comment not a response… secondly, you quoted everything in wrong order to make it appealing to further ridicule, which brings me to my last but not least point, is that what you do? you find something ridiculous and get your dopamine kick by saying how ridiculous it is!

                  I quoted the bits that answer your question and which completely undermine the bits I didn’t quote

                  Not what I asked, I don’t see ridiculousness in my comment, so if you care to reply with feedback, please do, otherwise stop bothering me

          • BrikoX@lemmy.zipOP
            link
            fedilink
            English
            arrow-up
            3
            ·
            6 months ago

            You thinking it’s a honeypot is a win for the government. All they need to do is spread some propaganda instead of actually bothering to run a service that is hard to keep alive. And if they were to run a honeypot, having it outside 14 eyes countries would be the most stupid decision the government could make.

            • 乇ㄥ乇¢ㄒ尺ㄖ@infosec.pub
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              6 months ago

              You thinking it’s a honeypot is a win for the government. All they need to do is spread some propaganda

              Good point, but I didn’t think of it that way just because, I saw things and read stuff that made me suspect it…

              to run a service that is hard to keep alive. And if they were to run a honeypot

              But they did, and it worked for them before, and it’ll always work unless no one start using that service, so there’s no point in keeping servers operational… time for a rebrand. plus they’re getting paid.

              having it outside 14 eyes countries would be the most stupid decision the government could make.

              having it outside the US ( if we’re talking about the US ) maybe, but the 14 eyes… It’s just s story at this point, even countries outside the 14 eyes spy on their citizens and make secret deals… So…

              • BrikoX@lemmy.zipOP
                link
                fedilink
                English
                arrow-up
                1
                ·
                6 months ago

                Good point, but I didn’t think of it that way just because, I saw things and read stuff that made me suspect it…

                There is “speculation” spread about every single “privacy” focused service for exactly that reason. If you don’t trust them, you are not using them. I’m not saying don’t be suspicious, but also look at facts that make it unlikely of it being a honeypot.

                But they did, and it worked for them before, and it’ll always work unless no one start using that service, so there’s no point in keeping servers operational… time for a rebrand. plus they’re getting paid.

                Right, but there are plenty of easier services to target that provide more sensitive information. If you are a honeypot, you have to be profitable and expand your services or people will move somewhere else. That all takes time and work. Buying other services like SimpleLogin or Standard Notes and integrating their staff into your scheme would be unnecessary complication.

                having it outside 14 eyes countries would be the most stupid decision the government could make.

                It’s not a story. So called 5 eyes, 9 eyes and 14 eyes refers to country agreements to share intelligence and make cooperation instant instead of having to go through proper channels that take time. I’m sure there are many conspiracy theories about specific things that might not be true, but there is no dispute that these agreements exist.

                Government run honeypots are usually facilitated by federal agencies, INTERPOL, or EUROPOL, and if they want to run something in a country where they are not welcome it has to be court approved. Hence, it being run in 14 eyes countries, make it easy. Switzerland on the other hand not only requires everything to be approved by their courts, but also require using their specific privacy laws when making determination, which are the strongest in the world.

                You only need to look at previous known honeypots to see where they originate and what they target.

          • Magic Blue Smoke@frogdrool.net
            link
            fedilink
            arrow-up
            0
            arrow-down
            4
            ·
            6 months ago

            @electro1 @ISOmorph imagine your enemy has infinite money, manpower, and resources to turn against you.

            why would the DoD give away a weapon like TOR?

            why would satoshi release bitcoin at 51% difficulty?

            why would Putin allow for the grotesque corruption of the oligarch state?

            because they have the other half.

            • 乇ㄥ乇¢ㄒ尺ㄖ@infosec.pub
              link
              fedilink
              arrow-up
              3
              ·
              6 months ago

              because they have the other half.

              could you please elaborate, or matter of fact, ELI5…

              Isn’t the whole purpose of having power and control, is to have it all, or make it appear that you’re not in control?

    • calm.like.a.bomb@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      12
      arrow-down
      1
      ·
      edit-2
      6 months ago

      Yes, and both have proprietary clients. I have proton and I’m in the process to moving away mainly because I can’t use their calendar and contacts natively in Android. Not sure about Tuta, but I never liked them.

        • calm.like.a.bomb@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          2
          ·
          6 months ago

          You don’t have 100% privacy as long as you send mails to people and services that don’t support proton’s encryption. If I wasn’t privacy I can always use gpg.

      • Twitches@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        6 months ago

        Same calendar doesn’t give notification unless I open it. I’m just looking to replace Google.

        • archer@lemmy.ml
          link
          fedilink
          arrow-up
          8
          ·
          6 months ago

          It works for me in GrapheneOS, should work on regular Android, too? What I’m missing is a dedicated Proton contacts application including integration into the phone app.

          • Twitches@lemm.ee
            link
            fedilink
            arrow-up
            2
            ·
            6 months ago

            Check your battery optimization, so if you go to the app in your settings turn off all battery optimization. Just did this, not sure how well it’s going to work, but, maybe

        • vatlark@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          6 months ago

          Huh, works fine for me for nearly a year now. The only thing I still use google calendar for are some shared calendars.

          After proton adds Standard Notes. I’m hoping google maps will be the last product I’m tied to.

          • Twitches@lemm.ee
            link
            fedilink
            arrow-up
            2
            ·
            6 months ago

            I think I figured it out, it was some battery optimization settings. Now just waiting for contact integration into the phone

    • TheFeatureCreature@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      6 months ago

      A lot of lists for private alternative email services start and and with Proton, seemingly. Services like Posteo, Mailbox, Hushmail, Fastmail, etc are frequently overlooked. It’s a shame because many of these other services are great and Proton is one of the most expensive and not suitable for everyone. I’ve been with Posteo for years and I have nothing but praise for it.

  • a1studmuffin@aussie.zone
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    6 months ago

    Has anyone tried self-hosting on a NAS or similar? I’d be interested to hear the practicalities of it, I imagine it’s not exactly set or forget, and the realities of the enshittified internet present some obstacles, like ending up in spam filters etc.

    • myself@lemmy.ml
      link
      fedilink
      arrow-up
      11
      ·
      6 months ago

      A mail server is often mentioned as the first thing you don’t wanna bother with hosting yourself

      • a1studmuffin@aussie.zone
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        I did some more research after your comment and it does indeed sound like it’s not for the feint of heart.

        Spam seems to be one of the biggest challenges, both incoming and outgoing. For incoming, it’s a constant arms race with spammers to circumvent spam filtering techniques. But at least that’s something you have control over, you can just turn off your spam filtering and ensure you receive all important email. The real problem is ending up in other people’s spam filters, which you have very little control over once you’ve decided on your mail server domain/certificate.

        The crux of the issue seems to be that SMTP is ancient insecure tech designed for an innocent era when email was for universities only. We desperately need a more secure open source email protocol designed for the modern era, but capitalism isn’t having it - instead we’ve got corporations wrestling for control of the next big thing with proprietary protocols… Discord, Slack etc. And big tech companies that continue using SMTP (Gmail, Outlook etc.) simply treat any servers outside their sphere with a high level of suspicion.

    • refalo@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      6 months ago

      it works fine IMO as long as you don’t happen to have an IP with a bad reputation, but you’ll likely need a VPS or similar as most home ISPs don’t allow mail server or even incoming tcp ports

  • Jinx2756@lemmy.world
    link
    fedilink
    arrow-up
    6
    arrow-down
    3
    ·
    6 months ago

    Both Proton and Tuta are great choices. Of the two, I prefer Proton simply because Tuta’s UI makes my head implode.

    But for my every day, general email usage, I have gone with Posteo.de. They are pretty cool and work seamlessly with any email client of your choice (no need for Bridge, or the like).

  • menas@lemmy.wtf
    link
    fedilink
    arrow-up
    7
    arrow-down
    9
    ·
    6 months ago

    Why people still promoting proton ? Private company will not defending your private data against States. There not Unions or independent organization, there are running for profits. If you don’t see it as a safety issue, think again. Proton sold IP addresses used by XR using their services to the french intelligence.

    • BrikoX@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      12
      ·
      6 months ago

      No company executive will go to jail for you. Give any company a court signed order and they will comply. Hence, the companies that orient around privacy limit the data they retain so that when they get a court order, they have nothing to give. Email is flawed by design, so some metadata always has to be stored for it to be functional.