Privacy focused email recommendation
Hi everyone! Since I was absolutely fucked by Skiff (thank fuck I didn’t pay for it) I’m looking for a new email provider :) I’m not sure I like how proton is transforming into a full on suit, I only need email. Any other recommendations or is proton my only choice really?
It’s not about “using an underdog”, I just like “do one thing and do it well” philosophy you know. I don’t need drives, calendars, vpn, password manager, in one thing. I want a simple email provider that’s it.
Yeah skiff wasn’t like that but it seemed not too push it as much, just “hey it’s there you can use it” not full on products. Maybe I’m just being stupid about it idk
You can simply ignore all of these other features. Proton offers an email-only plan.
True… People also recommend having your own domain so I can switch easily in the future. Having my surname seems a bit… un-privacy-like lol Any recommendations for that?
Paid subscription of Proton bundles SimpleLogin, an email aliasing service. So you can have your personal email with your surname, and when you want to sign up to some shady corpo site, you give them a randomly generated email address using SimpleLogin. All emails sent to that alias email will be automatically forwarded to your personal email. You can then disable the alias email anytime and stop receiving emails.
I have both, a personal domain with my name and also an anonymous generic domain. I use the anonymous one for 90+% of my online stuff, and use a random unique address for every service (you can set up a wildcard in proton, so *@domain.org lands in the same inbox). I would recommend that for two reasons: if you own your anonymous domain you can move your mailprovider anytime (as opposed to using some email masking service), using unique addresses for every service enables you to easily figure out which one leaked your address if you start getting spam. Just make sure to use a generic name for the domain and dont get an exotic TLD (just get a .com .org or something). Some of the non traditional TLDs may negatively impact your spam scores, and its easy to find a .com or .org when you can literally choose any domain name you want.
You can have your own custom email domain and for the use cases you want to be "anonymous" use simplelogin or addy.io on top of that.
Proton = No SMTP/IMAP support.
You can use Proton Mail Bridge to set up SMTP/IMAP with your email app of choice. Obviously, you’re still stuck with using the bridge app on your device in order to get it working.
Waiting for the day their business team devices the bridge is too much freedom you should get all locked-in.
If that were to happen, nothing is stopping users from exporting their emails elsewhere.
Yet. You're delusional, nothing is stopping people at gmail to move to another providers, yet they stay. And trust me gmail has a much better export and supports IMAP.
So your privacy-focused email provider recommendation is Gmail?
Obviously not, but just don't push proton. They're a company that resorts to predatory tactics and has zero respect for their users.
For what's worth Lavabit (back before Snowden) had much higher standards than Proton when it comes to privacy and still supported open protocols like IMAP and SMTP. What Proton is doing is pushing for vendor lock-in at any possible point so you’re stuck with what they deem acceptable because it’s easier for them to build a service this way and makes more sense from a business / customer retention perspective.
They support IMAP though their bridge but you will have to be on a paid plan.
The free plan is pretty terrible anyways so if you actually want to use proton you will have to pay.
Yes and you can't run a bridge on anything and they might discontinue it at any time and you'll become hostage. So much for self-hosting, independence and open-source solutions.
You can run the bridge on Windows, Linux and macOS. I wish that they had an Android app but I suspect that the aggressive power management on Android might make it a lot harder to implement in a nice way.
There is absolutely no indication that that will happen. Remember that only the paid plans have IMAP and Proton is essentially held hostage by their subscribers since they are their only income source. Their community would be very angry if they dropped support.
This has nothing to do with self-hosting. You are literally paying someone for hosting your email.
I agree that the lack of normal IMAP support is annoying. But it's a side effect to their encryption which is a good thing.
And it's not like proton is alone with this problem.
Tota doesn't even seem to have a bridge app. Fastmail changes extra for IMAP.
proton requires them to use their software and adds a footer with protonmail ads to all of your emails without an option to disable it without paying up
yes but they shouldn't be hiding that fact deep in the settings
also I don't care about encryption and stuff if it prevents me from using my favorite mail client without installing their bridge software
Ads are harmless. The harmful things is JavaScript.
And their software doesn't even have an option to display HTML messages as it is plain text messages.
by software i mean the imap bridge, but i agree that the official client is pretty bad too
Another vote here for Fastmail. I also like Posteo, Mailbox and mxroute, but these are not as fully featured - which may be perfect for you if you're after email only. What I really like about Fastmail is that on top of being a customer-focused business (rather than a customer is the product business), they offer a really snappy web interface with excellent search - and they are extremely compliant with email standards, building everything on JMAP.
I do not like Proton or Tutanota. I have used both, including using Proton as my main email account for the past two years. I do believe they are probably the best when it comes to encryption and privacy standards, but for me it's at far too much cost. Encrypted email is almost pointless - the moment you email someone who isn't using a Proton (or PGP encryption), then the encryption is lost. Or even if they just forward an email to someone outside your chain. I would argue that if you need to send a message to someone with enough sensitivity to require this level of encryption, email is the wrong choice of protocol.
For all that Proton offer, it results in broken email standard compliance, awful search capability and reliance on bridge software or being limited to their WebUI and apps. And it's a shame, because I really like the company and their mission.
Don't even need proton for that, just use delta chat.
I'm happy with fastmail. Remember that must people you email are probably on Google (Gmail) so there is only so much you can accomplish in terms of email privacy whatever you do.
Check out Posteo. It's affordable and focuses on privacy.
I've been using Posteo for years. I can recommend.
Posteo, mailbox.org, Tuta.
https://posteo.de/en
https://mailbox.org/en/ (can have your own custom domain)
https://tuta.com/ (can have your own custom domain but like Proton you cannot use K9-mail app and similar)
What's your objection to Proton? You don't have to use any of the other products, and the free tier is perfectly usable last I checked (granted many years ago). Not sure what your concern is
Edit: downvoting without replying doesn't tell us what the concern is. Y'all weird
Let me recommend Migadu, as email privacy is kind of a difficult topic. They offer complete email freedom for a very reasonable price; $20 ($10 for students) a year. They explain my main reasoning why I would avoid Proton:
Yeah, there's a distinct lack of nonsense with Migadu.
I 💜 Protonmail. I generally like proton as a company.This video has really gained my trust for them as a privacy focussed services provider.
Here is an alternative Piped link(s):
This video
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
I second disroot
I recently switched to skiff from proton as the skiff's free tier is offering what proton's mail plus plan. And now they are shutting down their services.
Their free tier storage offering was amazing. I honestly couldn't see how they could offer so much for free. I was very tempted at the time but chose proton. Although I think I may move to Fastmail when my renewal is due.
We just saw that it wasn't profitable and the business plan was to find an exit strategy via acquisition
Plus one for Proton, I don't use their password manager, but their other products I've been using and been pleased with. I consider it well worth the cost.
Been using Tuta for a few years and its great. Can use catch-all with my own Domain
I found http://mxroute.com/ they offer sane prices for unlimited emails and domains. I'm in the middle of switching to them.
Linux, dovecot, postfix and a large quantity of pain medication.
Proton, Tuta, or mailbox.org are good choices.
In my humble opinion, unless you use your account only to receive emails but also to send them, your provider has limited effect on your privacy. That's why I personally don't have a use for Tuta, Proton and other similar, super private services (mind you, I'm not saying they aren't good). That said, I've been a happy customer of mailbox.org for quite a few years and I found them reliable and cheap (if you don't need a custom domain). Same for Posteo, I guess. At the moment, I'm a paying customer for Zoho email, with quite a few custom domains abd I'm fairly happy. They have a free tier as well and their privacy policy looks good to me.
My 2 ¢: Email is inherently not private. With tls you have encryption in transit, but as soon as the data hits the server no metadata is ever encrypted. With pgp you can encrypt the message content, sure, but not with many of the advanced features we expect from e.g. Signal and matrix. Therefore it doesn't really matter if you use proton ot tuta, unless you exclusively mail other proton/tuta users.
I am extremely happy with purelymail.com. extremely cheap and versatile. I also use mailfence.com but that's only because i'd like to have two different servers for something as important as mail. Been a customer with purely for probably 3+ years . Mailfence probably 6+ years. Have seen two small outages with mailfence. None with purely.
I'm curious what's the advanced feature?
I am no expert, so this is just my understanding: pgp encrypts the message, with the the recipients public key. Once the private key is compromised , bruforced or cracked, all messages are compromised. With signal, and all the other apps that uses signal protocol, it's different. Here, the key is renewed often (i think for each message) and the key is device dependant. Therefore if the key is compromised no previous messages are compromised and neither are communications with other people. This is what e2e means, and pgp is not that. Also the key or self is harder to crack I think, but i am not sure how strong signals elliptic curve crypto is finished to a 4096 rsa key.
Tldr: pgp is a simple encryption at rest, that can be cracked once and for all. Signal et. All is e2e encrypted and much harder to compromise one and for all.
If you don't need anonymity you could just buy a domain with a single email and use your own email app SMTP. I think it's cheaper than most email providers.
Have been happy with Tuta
I was pretty happy with tuta, but I just switched to proton for the IMAP/SMTP support.
+1 for proton!
I've been using it for years, they've never let me down!
Proton = No SMTP/IMAP support.
How would they be privacy-centric if they supported SMTP and IMAP?
Both support encryption and Lavabit probably had much higher standards than Proton when it comes to privacy and still supported those open protocols. What Proton is doing is pushing for vendor lock-in at any possible point so you're stuck with what they deem acceptable because it's easier for them to build a service this way and makes more sense from a business / customer retention perspective.
So it's all based on an assumption.
So you assume that Proton won't snitch on you whenever the NSA comes around asking for data?... And I'm sure Lavabit didn't snitch on Snowden.
I don't really care that much about any information like IPs, I care about the actual emails which are encrypted.
There is nothing that indicates that they will snitch since that would be terrible for everyone and also illegal for them to do.
But most importantly lavabit is an American company which is insane for if you care about privacy at all.
Proton also published a transparency report while Lavabit is really opaque.
There isn't. Self hosting is the only way you can send email without giving your data. All email provider have your data, assuming there is a provider that is private is lying yourself. Even if they have some kilograms of privacy policy.
Regardless of who you choose. Use an aliasing service. It makes moving to a new provider/email address a breeze on the future. It took me days to go around updating all my 200 sites online. If I ever move from proton it will take me 5 minutes to ensure all my sites now go to my new provider.
My only tip would be to create a new domain rather than using a shared one. This will prevent some sites from blocking you from using an alias.
Email alias indeed helps to avoid spam and helps you to assume separate identity per site, but won't help in any way to stop mail provider/server from processing your email data for user profiling / targeted ad purpose.
Buying email domain and self-hosting is only the full proof way from privacy POV, but it is really difficult target to accomplish. A privacy respecting email hosting + alias should be next ideal choice, IMO.
Check out YUNOhost. It's an open source operating system for servers which comes with email already set up. You can install it on a cheap VPS or home server and easily manage it graphically via web portal.
Self hosting is best if you have the knowhow, inclination and time to maintain it, but there are alias services that will encrypt any mail they forward using a key you provided so this would eliminate the ability of your chosen non-self-hosted email provider/server to easily read your received mail limiting their ability to profile or target to any metadata and header info that is passed along unencrypted.
Of course, then you are placing trust in the alias service's privacy and logging policies. But some are open source and you could host an alias forwarding service yourself if you wished as well.
Ah! I was not aware of the fact that Alias service can encrypt email before forwarding to actual mailbox.
https://github.com/privacyguides/privacyguides.org/blob/HEAD/docs/email.md and https://www.privacytools.io/privacy-email document services you'll probably find interesting.
I just came across this one too, seems rather promising! https://forwardemail.net/en
No SMTP/IMAP support.
That's because they are encrypted. There's a bridge
ProtonMail's encryption system isn't particularly useful
I've always considered it for my data not to be read by the company and it's employees but you bring up an interesting point.
That makes them totally unreasonable and pushed for vendor lockin and proprietary applications you can't run anywhere.
This is hilarious, people here get all pissed about google and microsoft when it comes to email and then pick an alternative that is less open in all possible ways.
Just use a domain then and switch whenever you feel like.
Run your own, you need a server, tech knowledge and time, or maybe Tuta mail?