"Trusted" eMail Providers?
from nefarioushoneybee@lemmy.zip to privacy@lemmy.ml on 11 Jun 04:46
https://lemmy.zip/post/65949563
from nefarioushoneybee@lemmy.zip to privacy@lemmy.ml on 11 Jun 04:46
https://lemmy.zip/post/65949563
I switched from Gmail to Proton, but now with everything coming out about Proton I’m switching from them too. I started using Posteo which I like but a lot of my accounts having to do with money and finance (including my bank) aren’t accepting the Posteo email. They have rejected it over and over and even locked me out stating that I was hacked.
Do you guys have any recommendations for email providers to use that also won’t send red flags to my more official accounts?
If it helps, I’m US-based.
threaded - newest
Maybe banks flag it because Posteo is a German company and they don’t see it as international? Did you raise a ticket with either your bank or Posteo as you’re paying for both their services?
Thats what I was thinking too. I was considering opening a ticket with my bank but trying to do that with sites like Paypal and my phone company are extra hassles since their customer services feel non-existant.
I’d love input on this too. I went all in on Proton and it’s aging like milk.
Becoming cheese?
I like and use Migadu.
Interesting, never heard of hat before, I’ll check it out
Yea I’m happy at Migadu as well, it’s been 2 years since the switch, not a single hiccup.
Servers are not in Sweden I thought.
Tuta is awesome. You can try their free tier for an unlimited time, so no need to rush it.
Ive been really considering Tuta as my next choice. Do you find it difficult or easy to use for your accounts like bills/finance/important?
I used tuta for a long time ans never had any issues. I recently switched only because I wanted to be able to send emails from my self hosted services ans they don’t support anything but they’re own clients. If that’s not a problem for you the tuta is a great option.
For me it works almost perfect. Once an alias with the @tuta.io Domain got denied, elsewise I am happy. Might depend on the TLD you choose.
I’ve also used Tuta. Just gonna point out that some shopping sites didn’t accept my Tuta email. I haven’t used it with financial stuff tho so can’t comment on that.
I’ve been using purelymail with my own domains. It’s cheap and it works. Depending on the receiving service, sent items do sometimes end up in spam.
Mailbox.org lets you keep your own private key.
Every email provider lets you keep your own private key if you do encryption using the interoperable OpenPGP standard using software running on your own computer. Many email providers will recommend that you do exactly that, and will helpfully instruct you about how to do so (eg, the more reputable options in this thread such as migadu.com, mailbox.org, posteo.de, and even fastmail.com all have instructions for how to use some implementation of pgp to encrypt your email).
Meanwhile any company selling non-standard “email encryption” (eg, proton and tuta) which is not compatible with pgp (or, in the corporate world, s/mime, which is also a standard…) is firmly in the snake oil business and should be distrusted and boycotted regardless of which shitty youtubers they’re sponsoring this week.
I hope more people pay attention to your response. Spot on.
I’m in the same situation, and I’m now seriously considering going all full Infomaniak which has a very good reputation for hosting and privacy. They have a whole suite like Google and even better than Proton’s. Mail, drive, office… Free for up to 15GB then pretty cheap for more. They are in Switzerland and I believe the law there is protective, making the whole service pretty trustworthy imo.
Please note that they may do a kyc on you at any point. I tried using infomaniak for getting a domain and they asked for kyc, I had to upload my id. Needles to say I cancelled. I have never been asked anywhere else for my id when buying a domain. I asked them why and they said they do it occasionally 🤷
Right, if you want absolute anonymity they might not be the best since they also ask for the phone number on subscription as stated in another comment. Then the question would be about trust. I mean, I wouldn’t trust with my data someone I wouldn’t trust with my ID or my phone number.
Its not about absolute anonymity, but my ID is something that I will not hand out for a piece of chocolate. For me there are levels of trust. I can trust someone to give them my name but not give them copy of my id. If your name leaks is not as problematic as if the copy of your ID leaks. Same way I can trust someone to even just use their service, but not with e.g. my timezone/location data. You know what I mean right?
Yeah I know what you mean. Pretty hard to find the good one…
Infomaniak may have changed since I tried making an account there, but when I did they asked for an address and phone number which I was not willing to provide.
Right, I forgot about that…
Been using fastmail for ~8 years now. No complaints
Consider getting your own domain name and pointing it at a provider, then when they enshittify you just switch provider and don’t have to change all your emails everywhere again.
Huh I never thought about this. This is something I’ll have to do some research on, thanks.
Well proven strategy, to the point where most providers explicitly allow it (might even be a decider). But don’t trust me (genuinely), Moar research! (please)).
Go for it. It’s surprisingly easy, relatively inexpensive and gives you way more control.
BRILLIANT!!!
Well… it has advantages, for sure. Also drawbacks. A custom domain, that ties together all your separate email addresses.
There are let’s say 16 addresses on mysuperbestnumberonemail dot com. One used at a bank, one on a shopping site, 4 on a social media site, and one each at some utilities. Those are the ONLY uses of that domain for email in the whole world.
Where if it’s a domain millions of others use, then addresses are harder to pinpoint down to one person.
That might matter to someone. Or it might not. Depends on what you care about. Just something to be aware of. A custom domain is a huge fingerprinting signal.
I would advise mainly using a generic {hello,mail,<domain>}@domain.tld as that reduces the bits of information that can be gained about its use®, and consider WHOIS data. Most registrars hide that information from the public but it’s still subject to court orders - always check what legislation a given TLD falls under. There are also some registrars that are fully anonymous.
This is how I use Proton. The setup process is really easy with clear instructions on what to configure in your DNS provider.
The only problem I have is that gmail rejects emails from my domain, I have to use proton’s address.
Well, that sucks. Guess you must hate the people who reject you. What domain? yy?
Yes, but normally I don’t send a lot of emails anyway.
If I send to any @gmail.com address, it’s rejected, unless I change the From to my @proton.me
You need to build up reputation before you can beat spam filters. This happens all the time to new domains. Make sure to have Dmarc and Dkim configured.
How do I build up reputation? Should I keep trying to send from that domain even if it gets rejected?
I have all the DNS things configured as per Proton’s instructions.
.
If Gmail is rejecting your custom domain, you haven’t setup your SPF, or DKIM records etc for you custom domain that authorizes proton to be a valid email sender.
E.g when Gmai receives an email from a custom domain it will look up records to confirm the mail server sending it is valid.
Checkout https://proton.me/support/anti-spoofing-custom-domain or search proton SPF DKIM for guides.
You wouldnt have issues sending from a proton domain as they already have these in place for you.
I 100% did set them up from day one, and for several months every mail I sent from my domain to gmail got rejected, so I stopped trying.
I did a couple of tests today and it seems to be working now, so I guess they are doing more than just looking at the DNS records.
There’s also Thundermail, if they ever get around to actually opening it up . . .
I must be out of the loop. What’s the issue with Proton?
Same. No idea what OP is talking about and I’m usually up to speed on stuff. Nobody has answered either so it’s probably an old article from a couple months ago about that cia inquiry or whatever (can’t recall). Idk what else. They always have a bad rep here, but it’s better than pretty much everything else, minus maybe a few one-offs.
There is absolutely no evidence for it. He went to lobby in DC, and apparently, some GOP folks had time for him but Dems didn’t. Could have been the opposite on different day based on several factors.
Then recently, the marketing firm they hired put a sponsorship on a far right guy’s video. They accepted full accountability for the mistake and said they would change procedures to get those being sponsored vetted appropriately.
Neither one of these are evidence of being MAGA. You can personally lobby in DC and find an individual of an opposite party who might have interest in your message. Just because Grainger played a commercial during satanic music videos doesn’t mean they are Dimmu Borgir fans. It just means people who listen to metal need tools too.
They guy might be a fascist dick for all I know. I’m just saying that the situations above do not indicate that it is the case. In fact, fascists typically never admit fault or accept accountability for anything. The only concern for me is that he was lobbying in the US at all, but that is the only way you can get your case heard sometimes if you need politicians to hear a different side of an argument.
@mrnngglry@sh.itjust.works proton keeps publicly dog whistling fascists/maga and – hopefully – by accident.
I thought it was the X posts from 2023 or 2024 supporting Drumph or the GOP.
Edit: It was mostly misunderstanding, at least on the topic I thought it was about. I know their stance on privacy may be in question still.
Found a source theintercept.com/…/proton-mail-andy-yen-trump-rep… And another: medium.com/…/does-proton-really-support-trump-a-d…
that’s how it started and it escalated to proton itself paying a french fascist to make a video a few days ago.
I was just reading their response to that. I skipped down to the part where they said their ad buys are sort of not their fault? lol
Edit: added link
don’t you just hate it when your money spends itself all on its own and w/o your control? lol
Most definitely
Found it
lemmy.ml/comment/26135495
I think they sponsored a right-wing French Youtuber, but they publicly apologised and said they didn’t know his political alignment.
Proton’s a good alternative.
There’s some confused allegations of them being MAGA Facists. But it’s a combination of misunderstanding and misrepresentation.
funny how they’re the only ones in this space that keeps making this mistake
Is it funny?
By a sizeable margin they’re the largest and most popular in the space. At the same time, that makes them the biggest target and most watched.
Someone even mentioned a possible smear campaign by Google. While there’s no evidence at all of that, they would be the most obvious target.
So it’s not really funny or odd in any way. It’s kind of obvious really.
tuta seems to avoid making this “mistake” and it too has a sizeable following as well as a full complement of privacy respecting services that can rival proton.
They realy aren’t, and don’t.
Tuta doesn’t have even half the user base, or services.
They aren’t bad at all. And I don’t doubt they’ll get there.
But they aren’t at all close yet.
tuta is (like proton) snake oil. (here and here are two of my old comments about why…)
Oo intriguing last guy I asked about this never answered very good
Just stick with proton. Email isn’t secure and it doesn’t matter what the company does.
Proton, Tuta, Murena…
.
What trust are you expecting to get out of an ancient and inherently insecure protol to begin with?
I use disroot.org, it’s free and pretty good. Not as much inbox space as those that are either free or from corpos tho. Should be alright as long as you delete useless mails.
What is coming out of proton? Honest question.
The recent controversies probably regarding Support of far Right social media
I’m also in the US and using Posteo. I’ve never had any issues (that I recall) with the address being rejected. Have you tried using a Posteo-provided alias with a different domain?
Serious starting to wonder if all this vague, anti-Proton misinformation-posting isn’t just some Google-backed astroturfing campaign
It’s not a conspiracy, Proton is a shit company. But, by all means give them your money for security theatre.
You say that, but nobody ever really has any proof. It’s always just vague aspersions (like yours) or misinformation spread by non-technical people who don’t really understand how any of the technology involved works, so they make assumptions and upset themselves when Proton can’t deliver on their imaginary assumptions.
I can practically see the unwritten half of your comment now: “Might as well keep using Gmail. Just consume. Don’t think”
Proof of what? That they are a profit based company that engages in security theatre marketing to sell their service. This is self evident. I find Protards especially suspicious when they can’t accept this basic fact.
Every single email provider from Switzerland has to follow the law. Pretending their service has something over other services when they just follow the law is kind of ridiculous. This is marketing and it sucks.
Companies sell images and Proton, being a major corporation, is no different. People think throwing money is going to solve their problem and Proton is happy to stroke this feeling to make profit.
For me, I liken it to advertising your company is bonded. In California they have recognized that this is a deceptive marketing practice and made it illegal for businesses to do it. If Proton just advertised we follow swiss law like every email provider in this country it would be accurate. Instead they create security theatre to attract users.
A great example of this is their recent credit card scandal where it was revealed that they they store meta data on transactions needlessly. They claim privacy, but yet they store your private information on their servers. They don’t disclose this actively and it is a serious violation of privacy.
discuss.privacyguides.net/t/…/37094
Proton’s answer is always the same lame garbage along the lines that anonymity is not privacy and then they try to explain how you can protect yourself. The truth is their service does not respect privacy in some regards. You point out their technology is pretty solid. Sure, but that is not my issue with them.
My issue is they pretend to be all about privacy, but then they store your personal information and it is YOUR fault. Like the end user is supposed to magically know they do this and somehow protect themselves when the problem is with Proton itself.
Proof of that.
It is not.
Good thing they don’t pretend anything like this and are very up front about following the law. In fact following the law is a large part of the marketing, which is just that Swiss law is less invasive than other countries, which it is.
Which is exactly what they do. Where exactly is your problem again?
Of course they do? You’re literally paying them to? HELLO?
See here’s your problem, you see the word “privacy” and attribute a bunch of promises to Proton that they haven’t made. They advertise a privacy friendly email service, and they do. You’ll get much more privacy using ProtonMail than something like Gmail or ICloud mail. You’re not going to achieve to 100% anonymity when using a protocol as old as email, on somebody else’s servers. That’s impossible and they never promised you that. You won’t find ANY email provider that will be as “Private” as you want them to be. You’re blaming Proton for not providing you with an imaginary product that doesn’t exist.
It is your fault. Why is your ignorance anyone else’s fault? If you use Proton you will get far more privacy than using just about any other email hosting service, and on par with other privacy-centric email platforms. If digital privacy is this important to you, then devote SOME of your time to learning how to achieve what you want.
This is exactly what I’m talking about, you posting these vague aspersions with literally zero evidence backing it up. You’re literally the exact type of user I mentioned in my original comment. A non-technical end user pissed off because something you don’t understand doesn’t work in the way you imagined it in your head, because you don’t understand enough about email or privacy to form a cohesive opinion on the matter.
Like have it your way, just keep using Gmail and let them scan every line of every email in your inbox and feed it all to Gemini. Or switch to other of Proton’s peers and experience the same benefits and the same limitations you do with ProtonMail while deluding yourself into thinking you’re better off. But this rampant spreading of misinformation has got to stop eventually.
Omg you do act like a Protard. I don’t need to provide evidence that Proton sells its service off the concept of privacy, something every company operating in their nation does by law. As I alluded to, you can’t even accept basic facts.
You don’t get marketing and how corporations work. I swear you give off some of the biggest bootlicking vibes I have ever seen. It is almost comical like you are a parody account. If so, thanks for the laugh.
I love how your only comparison is with big companies rather than small email providers or self hosting. You must live in a sad world to have so few options. I guess you better throw some money at Proton for “security”.
Then when I pointed out they needlessly store your meta data credit information you could give a shit. That is how I know you are not a privacy respecting person and just acting like a corporate hack.
You have failed to disprove my points in any meaningful way. You ignored evidence that Proton has poor privacy practices because you like to carry water for them I guess. I really don’t know. But pretending people don’t have legitimate reasons to dislike the company is pretty ignorant.
You do lol. Otherwise you’re just yapping.
I don’t think you know what a fact is.
You’ve failed to prove your points in any meaningful way. That which is asserted without evidence can be dismissed without evidence and all that.
The evidence you failed to provide because in your own words, you “don’t have to”? Lol. Lmao even.
Oh no I compared small email providers. They have all the same limitations as ProtonMail will have. As for selfhosting, you don’t even understand the first thing about email, privacy, or OpSec. Selfhosting is entirely out of the question for someone like you.
I’m still waiting for a legitimate reason. I ask with an open mind every time I see comments like this but the answer is always the same, technological illiteracy and “bad vibes”, your comment included.
Speaking of funny, you read my comment saying how the bots complaining about privacy-forward services like Proton are always a result of ignorance and not understanding how technology or privacy work, and you were like “Hey that’s me, now’s my time to shine” lol
Your deny that Proton uses privacy as a selling feature and you want me to prove it does otherwise I am yapping? Do you know how impossibly dumb you sound.
My point that I think they have shitty marketing practices? You have not even addressed this nor moved the needle in how I see their shitty business practices. My argument is not what you are addressing at all. That is okay, like I said you act like a parody. It is actually funny to see how hard you pander for a corporation. You must REALLY like Proton, lol.
Proton uses privacy as a selling point and they deliver on it by providing you with a private email service.
If you would like to assert that they’ve broken some kind of promise they made to you in regards to privacy, then yes, you have to provide some sort of proof of that claim. If you believe that you don’t, it’s you that appears impossibly dumb I fear.
If you have a point to make about their marketing practices, then make it. If you can’t articulate a single problem you have with Proton then you’re just yapping and can be safely ignored.
I am glad you admit to at least one basic fact. I don’t like how they market to privacy when they do shit like store your credit card meta data on their server.
Other companies have solved this privacy problem but yet this supposed privacy company can’t seem to figure out. I personally believe that because of their marketing they have created quite the honeypot for illicit actors. They know this and they are a little too eager to give up information because of it.
They receive ten of thousands of requests for information every year and this keeps increasing dramatically. They have already transitioned from famous to infamous for the amount of times they have failed their users.
Everytime the excuse is the same. It is the end users fault for not buying our VPN or some other bullshit. The are shitty and you seem to tow the company line like a good little shill.
As I said before, I still believe you might be operating an elaborate parody account. I really can’t believe people are this hard core, it reminds of those defenders of Microsoft or Telsa in years prior.
Security theatre is just that. Proton is just cashing in on the concept of security when they are aware that their own practices along with the industry at large prevents it.
cambridgeanalytica.org/…/protonmail-s-logging-tra…
You want to throw money at them to ignore the actual problem at hand, go ahead. Pretending they actually offer security is a lie. It is a marketing lie. Security is not achieved by giving your hard earned money to a corporation and frankly you should be ashamed for suggesting it.
Did they market to not storing metadata? Of course not, they can’t lol. Neither can any of the other privacy focus email providers lol.
Have they though? Do you have any proof of this? If they’re taking credit card information, they are required to keep the same metadata. Not doing so would stop them from being able to process credit cards at all. You don’t know the first thing about the payment industry clearly lol.
They have not. I can’t find one verifiable instance where they failed their users.
They deliver on privacy and security in every way they feasibly can, and in fact all the ways they advertise. Do you have any proof to the contrary? You still have provided none.
Are you at any point going to provide an example of this so-called security theater, or any way that they’ve broken any promises, or failed their users? Or are you just going to keep yapping in a circle about nothing without providing any proof?
They market on privacy and fail to deliver as I keep pointing out. Perhaps this isn’t entirely their fault because of regulations and the way the Internet industry operates. I recognize this, but this informs me to be skeptical of all corporations. Self hosting is also problematic because the big providers are essentially using their monopoly power to lock residential IP addressed email out.
As far as the meta credit card data, yes they do keep it.
"We do not retain full credit card details, we only save your name and the last 4 digits of the credit card number. " -Proton
I am not a fan of any corporation, but to illustrate a point Mullvad VPN does not store this information on their servers at all. There is some nuance with Swiss law where VPN provider can’t be compelled to hand over logs but email providers can be compelled if the user or provider chooses to use or turn on a logging feature. I don’t speak their language(s) so I could be misreading these details.
"It is therefore our policy to never store any activity logs or metadata and to have as minimal data retention as possible. " -Mullvad
Having this separation is just another layer of privacy that illustrates that a company that is focused on privacy can continue to innovate to increase protection. If you are going to pay for privacy, you should expect excellence. Not exactly what state law allows. That is the floor not the ceiling.
Proton is low effort and that has resulted in governments abusing their power to out protestors/criminals/etc. There are multiple cases of this happening which has also forced Proton to become an arbitrator of investigations.
You see, they do fight back for some users but not all. This obviously creates an enormous conflict of interest because a private corporation should not be the arbitrator of the law in this way.
Needless to say the bigger a corporation grows the more concerning this becomes. A market with a few dominate providers allows for abuses and Proton is unfortunately part of the problem at this point. I suppose their is some lesser of the evils argument for using their service that I don’t care to entertain.
You haven’t pointed out a single way they’ve failed to deliver. They deliver on all of their marketing promises, and I have yet to see any proof to the contrary. You saying they failed over and over again is not proof.
So Proton is keeping only the bare minimum amount of information necessary? Sounds like something a company keen on privacy would do lol.
Mullvad is a VPN service, they don’t provide private email services like Proton. Mullvad doesn’t need to keep any metadata because you’re not paying them to maintain or store your data. It is a transit system for your data, not a destination. You’re comparing apples and oranges.
The actual comparison you’d have to make is with other private email providers like Tutanota or Fastmail, both of which store the same payment metadata as ProtonMail, because they have to.
When I pay for privacy, I expect to receive privacy, and preferably the most privacy, and that’s what ProtonMail delivers quite successfully. Moreso than its competitors in fact, because I also understand that paying for a commercial service means that service is subject to the laws where the service resides, and Tutanota is in Germany, and Fastmail is in Australia/US.
Have you found any proof for your claims yet? You’ve had plenty of time now. If you can’t provide anything with your next comment I’ll be forced to determine that you just don’t have any, and that your only aim was to spread misinformation from the start.
I have already explained to you several times what my issue with Proton is. If you are incapable of understanding that is okay.
You don’t understand how payment is processed and no a VPN does not have to process their payment differently. There is no requirement to hold onto meta data. Once again you are failing to grasp. I believe you are just acting obtuse at this point.
You are just a fanboy who licks the boots of the business they pay for.
You’ve failed to explain yourself properly or make any coherent point or provide any evidence of your baseless claims.
You clearly don’t understand how payment processing works, but since I do I will tell you that yes, there’s a big difference between an ephemeral VPN service that doesn’t need to tie any long term data to your account, and an email service that has to secure and maintain your data for you over a long period of time. These are two wildly different service models and There is in fact a requirement to hold onto payment data in this case. This is why all of Protons competitors do the same thing.
Your technological ignorance and naïveté to the world is not an indictment of Proton. And since you still after all of this time haven’t make a single coherent argument against proton or provided any proof to any of your claims, I’ll have to call it here.
What is that, it is hard to hear you with the boot in your mouth. Maybe you should upgrade your Proton plan. What a dumbass.
Nice try, begone bot. Come prepared next time. You are banished back to big tech land. Back to Gmail with you