Emails for security and privacy
-
Hi everyone,
I am new here, and I think a community of tech savvy individuals is exactly who I need to consult with about this matter.
I have been looking to get away from gmail and outlook for a bit more privacy, and am wondering what others concerned with privacy and security are using and think about the services they are using. I have looked into such email services as ProtonMail, Tutanota, Mailbox.org, Disroot, Runbox, Posteo, and, of course, Vivaldi mail (and I am probably forgetting a few, too). For various reasons, I am hesitating between ProtonMail and Posteo (and somewhat Tutanota, but I don't like the lack of several common features like a conversation view). I am attracted to the simplicity and interface of ProtonMail, but Posteo is cheaper and offers more customizability in terms of privacy and security (but the interface is, mildly speaking, lacking). Vivaldi would be my go-to choice, if not for the "trust us" concept. I like the philosophy of the people behind Vivaldi, and chose to support them by using the browser, but I am willing to pay to be sure.
I would like to hear both criticism and praise about any services above, especially from the point of view of their users and, maybe, more technically literate people than me. If there is a service I missed, I'd like to hear about it, too. I have been doing my homework for a couple of weeks now, so please give me something juicy and special.
Thank you all in advance.
-
I use, apart from GMail (a novice error many years ago), Tutanota y ProtonMail and of course Vivaldi mail. For me Protonmail and Tutanote are the best options for privacy, but not all sites accept this mailservices as valid for registration.
-
It puzzles me that on 1 hand that people want the best privacy and security, but then want to use a web browser to access it.
Webmail portals are a convenience for you to fall back on when not using your own devices, and to offer custom management facilities.If you use a real Email client with the features you need, than all email providers will have those features, such as threaded conversations.
Several secure email providers allow you to add your PGP key or MIME certificate to the web portal (Vivaldi let you use your key).
Personally I would rather only add my private key to local system that I control, such as the email software on my computer.
All proper email programs support MIME certificates, and are the easiest way to add encryption and authentication.
PGP usually needs a plugin for your email client, which is the common stumbling block and puts people off.If you use your own encryption, you don't need to worry about the host provider having access.
I am happy enough with Vivaldi and VFEmail for my private/secure email.
Protonmail is the go-to provider for secure email, and that attracts a lot of unwanted attention and inconvenience for some, so depending on where you live and your risk level, you may want to think twice if you intend it to be your only secure option.
https://www.databreaches.net/russia-blocks-encrypted-mail-service-provider-protonmail/ -
@Dr-Flay said in Emails for security and privacy:
Don't MIME keys expire? I found it inconvenient for the purposes I want to use e2e encryption for.
Wow, banning ProtonMail in Russia is rough. I visit the county from time to time, so it is not a big deal, but a deal nontheless. Good to know, thanks.
Have you ever looked into Posteo? What I am attracted to is that they allow (similar to Tutanota and ProtonMail, I guess) to encrypt your entire mailbox. That's a nice feature to have, I thought.
@CATWEAZLE
Thank you for your input. Could you specify the problems you have with ProtonMail and Tutanota? What sites tend to reject them? -
Yes certificates have a life-span. Free certs are usually for 1 year.
Theoretically you should not want to have old secure emails still openable several years later, however as long as you still have your old certs you can open them yourself.I tried Comodo originally, but the lack of a portal or account means you can't remake your keys. You are forced to make a totally new one.
StartSSL were very useful for letting you have access to the portal for free, so you could remake lost or expired certs.Depending on who you are communicating with, you can always opt for a self-signed cert and make it last for many years.
You would have to tell the recipients to expect a cert error, but if it matches the details you have given them separately they can override the warning.You seem to be capable of handling PGP anyway, so for your needs I would recommend it over S/MIME
-
@Dr-Flay
Thanks for the extra input.
Indeed, I have mailvelope installed and have a key of my own (which I am struggling with in another thread here, though), and while I keep reading that S/MIME is better and more intuitive, I find it to be quite the opposite. My organization uses Office 365, and my work mail has S/MIME on by default, and that's undoubtedly convenient, but I feel it is quite finicky when it comes to setting it up for personal use. I might be wrong, of course, but I exhausted my intellectual capacity trying to wrap my head around it, so I just went for PGP which made more sense to me.PGP is more of a bonus than a requirement for me, but it is a great bonus if it is as easy to use as, for example, in vivaldi web mail. I can readily recommend it to the people I communicate with if they are interested in this extra protection, but arguably, ProtonMail and Tutanota have this implemented even better - you sort of relinquish control over your private keys but get a lot of convenience in return. Again, if my understanding of how they handle is correct.
Q:
Is my undertsnading correct that expired S/MIME keys can be used to decrypt old emails but not lock/unlock new ones? -
So far I have been able to open my old emails from drafts or the sent folder, as long as I still have the keys installed in Windows.
The email program shows a warning but allows me to still open them.
I don't know if it works for recipients that still have your old public key.The only problems I have had installing certs, is when accidentally picking the wrong section of the cert store to add it to.
Normally you can just double-click and add it to your system, though it may be better to open the Certmanager ("certmgr.msc" on Windows) and import from there.
Personal email certs go in the "Personal" section, and in Microsoft software should automatically appear in the security section of the email account.
It won't be pre-selected, but it will now be available.Different software seems to prefer a different format, for example to use in old Opera 12, I had to export the cert from the Windows certmanager in a different format than I received it.
Annoying, but not much of a problem. -
@alvk Protonmail
-
@alvk said in Emails for security and privacy:
@Dr-Flay said in Emails for security and privacy:
Don't MIME keys expire? I found it inconvenient for the purposes I want to use e2e encryption for.
Wow, banning ProtonMail in Russia is rough. I visit the county from time to time, so it is not a big deal, but a deal nontheless. Good to know, thanks.
Have you ever looked into Posteo? What I am attracted to is that they allow (similar to Tutanota and ProtonMail, I guess) to encrypt your entire mailbox. That's a nice feature to have, I thought.
@CATWEAZLE
Thank you for your input. Could you specify the problems you have with ProtonMail and Tutanota? What sites tend to reject them?I remember that trying to register in a forum some time ago, it came out to me that Protonmail was not a valid address.
Something similar happened to me on another page, but this was some time ago. I do not remember the sites, because when I get messages of this type
I give up, when considering discriminatory, equal in the places that impede the access with Vivaldi, if it is not an important site for me.
In places where I only have to register to have access to certain information and I do not intend to stay, I also usually use a disposable mail -
I'm also starting a quest replacing all the google services I use as much as I can.
For me the most important things are:
- A company who is an activist in privacy and human rights for the future of the internet, or partners with such groups.
- Having a good community forum with feature request and such.
- Having customizable interface is it's main philosophy.
You know.. being generally good
Browser wise, this is why I love Vivaldi
I would really love your thoughts about the different email services with relation to this points.
Also, I have a domain in Namecheap, they also have an email service, do you know how does it compare to the ones you mention?
This website compares email services but was last updated in 2018:
https://thatoneprivacysite.net/choosing-an-email-service/I used this comparison website, I chose the fields of jurisdiction eyes, jurisdiction enemy of the internet and open source
-
@ChimeraLove , in my opinion, Tutanota and Proton are the most recommended, regarding privacy. Proton especially has bombproof encryption. Adding that behind Proton are developers, scientists from CERN.
-
@Catweazle Thanks! yeah it seem everything is leading to these two.
Also as I am looking to replace all google services I'm looking at NextCloud, they have email too -
If it's of any interest to anybody, I use Protonmail's paid-for service and think it's three quid a month well-spent...
-
A "quid" is a pound sterling, BTW!
-
I use Proton Mail, although the free version. I do not have so much mail volume in this mail to need the paid version and the free version has the same security and privacy (It is even more private, since the free version does not require your complete data for registration).
Besides I also use Tutanota -
@Catweazle said in Emails for security and privacy:
I use, apart from GMail (a novice error many years ago), For me Protonmail and Tutanote are the best options for privacy,
I agree
i have been using them for a while
-
@alvk said in Emails for security and privacy:
I have been looking to get away from gmail and outlook for a bit more privacy
What do you mean, exactly?
If you just don't want your e-mail provider to read the contents of your e-mails, to target you with ads, you don't need security features (like mail encryption, signing, etc...), but a privacy policy of the e-mail provider, where it is clearly stated that they don't read your messages (
like Vivaldi doeslike Vivaldi clearly states they don't).If you want your messages to be encrypted while they travel on the internet, so that they cannot be read, then you have no choice: you must encrypt them, but you need the persons you are writing to, to use the same encryption technology (like the outlook PC mail client does): some kind of single key encryption granted by some kind of authority.
If you want to use an encryption technology that doesn't rely on the features of your e-mail client, then you must use some kind of public key infrastructure technology, like PGP.
...
I am willing to pay to be sure
to be sure?
Privacy is not something you buy, but something you must trust your privacy provider, is providing you.
-
@newscpq said in Emails for security and privacy:
clearly stated that they don't read your messages (like Vivaldi does).
That could be taken either way.
Presumably you mean
clearly stated, as in Vivaldi's privacy policy, that they don't read your messages.
-
@Pesala AH AH, yes, of course
-
@dtakaishi , the main reason why I do not use Vivaldi mail as the main mail is not because it is less secure than others in the first place, but rather the lack of privacy at the point it cannot be private. Everyone who visits this forum knows the email address of all users, since the address is [email protected] invariably for everyone. To remember that this forum is freely accessible to everyone, also for those who do not use Vivaldi and also for malicious people.