this post was submitted on 06 Aug 2023
48 points (86.4% liked)

Privacy

32013 readers
1017 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Are there any private email services

all 32 comments
sorted by: hot top controversial new old
[–] FIST_FILLET@lemmy.ml 35 points 1 year ago
[–] jet@hackertalks.com 30 points 1 year ago
[–] lemmyuser30@lemmy.ml 24 points 1 year ago

+1 for mailbox.org

[–] Platform27@lemmy.ml 19 points 1 year ago (1 children)

Tutanota and Proton are often recommended services. I personally prefer Tutanota, and their encryption. Though, Proton has a nice suite of services, that is worth looking into. Namely their VPN and Drive..

[–] WhyIDie@lemmy.ml 4 points 1 year ago (1 children)

what caused me to lean more towards tuta was their encryption also encrypts the email subject line, and not just the body. I read PGP doesn't allow for that

[–] Platform27@lemmy.ml 1 points 1 year ago* (last edited 1 year ago) (1 children)

Tutanota also encrypts email folder ~~and~~ ~~labels~~ names. Last time I checked, Proton does not.

[–] WhyIDie@lemmy.ml 1 points 1 year ago (1 children)

I know contacts are encrypted, but I wasn't aware tuta implemented email labels yet, and all that came up from the search was a post from the company on reddit 6 months ago stating it was planned for the future, at https://web.archive.org/web/20230114104535/https://old.reddit.com/r/tutanota/comments/10aumyg/question_on_features_in_provided/ .

And encrypted folder names sounds believable, but I can't find a link definitely stating encryption for that, specifically. If you could shoot me a link about it, I'd love to know it's true before I start stating that to others. Don't get me wrong, I really like how privacy-focused tuta is, but I jumped into a paid account knowing their frontend functionality is pretty barebones; something I was fine with supporting while they built it up, since the backend privacy focus and it being open source were the main selling points to me.

[–] Platform27@lemmy.ml 2 points 1 year ago* (last edited 1 year ago)

Yes, that’s my bad, with Labels. I never really use them, and wrote it without thinking. I do not have a source for my folder claim. I was told this several years ago, by support, when I was enquiring about their service, for business use. It was one of my many questions. While the end user seems their folder name, Tutanota sees a random identifier.

[–] chemicalwonka@discuss.tchncs.de 15 points 1 year ago* (last edited 1 year ago)

E-mail is not a private service by default. You can "try" to mitigate some privacy flaws using PGP for example but PGP is not widespread to be something useful.

[–] Disgusted_Tadpole@lemmy.ml 13 points 1 year ago

I switched for Proton Mail paid plan a few months back. Glad I did

[–] banazir@lemmy.ml 13 points 1 year ago (1 children)

Throwing in Posteo for your consideration.

[–] Siliconic 1 points 1 year ago

Seconding Posteo, highly recommended. I wouldn't really recommend Proton or Tutanota, though you could do worse of course

[–] 7heo@lemmy.ml 10 points 1 year ago* (last edited 1 year ago) (1 children)
[–] kostel_thecreed@lemmy.ca 2 points 1 year ago (1 children)

Weird. Support was top tier when I had issues. I also own a business account for 30-35 people, and the issues we get are easily resolved by Tutanota. You most likely got a bad rep.

[–] 7heo@lemmy.ml 2 points 1 year ago* (last edited 1 year ago) (1 children)
[–] kostel_thecreed@lemmy.ca 2 points 1 year ago

Very valid. Hope you find a good alternative, as I understand that ass support is very frustrating to deal with.

[–] PropaGandalf@lemmy.world 9 points 1 year ago

I went with tutanota and I'm liking it so far. However I'm fully aware that email not intended for secure infirmation exchange at all.

[–] thatsnothowyoudoit@lemmy.ca 9 points 1 year ago* (last edited 1 year ago) (1 children)

The only way to ensure privacy is something like PGP. Encrypt before you send. Heck you could even encrypt before you put the contents into a message body.

With self hosted, the messages themselves aren’t encrypted at rest and they are clear text between hops even if those hops support TLS in transit.

Ultimately the right answer for you will hinge on what your definition and level of privacy is.

Note that PGP only encrypts the body, not the subject, sender, or recipient. So it's only partial encryption and not very private compared to modern messaging services like Matrix. This is a fundamental limitation of email. It's "Pretty Good Privacy", not "Very Good Privacy".

[–] lckdscl@whiskers.bim.boats 7 points 1 year ago (1 children)

What's your threat level?

There's no such thing as fully private. For that, encryption where you control your keys is the way to go. If you're really paranoid then Disroot or Riseup. If you like to be able to use any clients then don't go with Proton or Tutanota. There are a lot of paid mail services, whatever you go with, you just have to read the privacy policy and know what your threat level is. Just purely paying for the services may make you feel better about your privacy but that's not always the case. If you do something the authority doesn't like, the provider gets hit with a subpoena and can hand you over. But again, encryption encryption.

This resource may help you, although the author is pretty paranoid and I don't agree with a lot of their views or writing style, but I think this might be the most comprehensive list for email providers.

[–] jhulten@infosec.pub 2 points 1 year ago

This is important. Without a threat model, recommendations will always be generic. Are you important enough for the NSA to dedicate resources too? You're screwed.

[–] Norgur@kbin.social 7 points 1 year ago* (last edited 1 year ago) (1 children)
[–] Potatos_are_not_friends@lemmy.world 4 points 1 year ago (1 children)

I'd strongly recommend against self hosted email.

Has a team of engineers to manage emails and the company finally gave up and switched to AWS because of constantly deliverability issues. I think the commercial companies won that war.

[–] Norgur@kbin.social 1 points 1 year ago

Depends what you do with it. The average private person might never notice issues.

[–] FlappyBubble@lemmy.ml 7 points 1 year ago

What exactly do you mean by private with regards to email? What is the problem you're trying to solve.?