Comments
Rambler OP wrote
Unsure, honestly. I use ProtonMail as well. Hoping to see some suggestions by others.
mr4channer wrote
tutanota or mailbox/posteo few bucks a year
smooth_jazz wrote
Actually, any email provider+PGP is good, but incoming mail may not always be encrypted, and trusting the provider with your keys is a REALLY bad idea. Paranoid does this without storing your private keys like protonmail. They have a no-webmail policy (you'll need a mail client) and encrypt all incoming mail (if unencrypted) with your public key which is the only key they store.
RichardButte wrote
E-mail is outdated, the steps required to get truly safe e-mailing is beyond regular users reach and trusting third parties to handle the technical security isn't the right way forward. Look at Tutanota and the recent forced backdooring.
The next step is rather to have personal end-to-end, peer-to-peer communication systems.
Rambler OP wrote
This article reads like an NSA operation to convince you to move away from a Swiss based provider (where they can't intercept) to a provider that is based in Germany (a 14-eyes country) or similar jurisdiction where US intel has easy access.
It very well could be, and it's hard telling in this day and age. I just stumbled across the article and thought it was worth sharing and discussing.
For what it's worth, I use protonmail myself.
Rambler OP wrote
The next step is rather to have personal end-to-end, peer-to-peer communication systems.
Which some platforms have, it seems, but then you're stuck communicating to only those within that platform. I believe ZeroNet has something similar, where you could technically email me at nxm9c2wjbjlhjsrc@zeroid.bit but I never check it because no one ever uses it. You can also mail me on I2P's network as well, at (I forget) @mail.i2p, but once again, it's network specific.
Whoever can get the major networks and up-and-comers to agree upon some sort of standardized P2P E2E encrypted mail system that can be accessed from anywhere, then you'd have a winner.
But I doubt that's possible with all the various networks working hard to implement their own vision.
Rambler OP wrote
I also have a paranoid.mail address, but it's unclear to me if they're still "around". Although I was able to get the clearnet mailservers working fine, and I love the pop3 access, I wanted to use it over TOR and no matter what, with the information provided, I couldn't get Thunderbird to accept the TOR mailservers.
smooth_jazz wrote
That's odd. I use it via thunderbird on tails everyday, via their onion servers. Maybe it's because thunderbird on tails comes pre-configured to use Tor? Also I think they use imap and not pop3.
Rambler OP wrote
Possibly. I'm just using it on my Debian desktop. Let me take a look at the settings again. If you don't mind testing it out with me (sending me an email, me sending one back) then shoot me a PM. If not, no worries.
smooth_jazz wrote
Although some points are worded a bit... extreme, they make sense.
Protonmail DOES redirect you to their clearnet site for signing up, but this doesn't mean they are compromised.
And as far as E2EE is concerned, this depends on your threat level. You could use a different email provider (or self-host) and manually encrypt your messages. Or you could trust somebody to do this for you. And as far as a normal user is concerned, protonmail is a good start. Other claims in the article do seem far-fetched.
solstice wrote
Look at Tutanota and the recent forced backdooring.
Do you have a source for this? The only news I've found is Tutanota being forced to hand over new outgoing and incoming emails of one user who was a suspected criminal, not a backdoor for the whole service.
ex0dus wrote
ProtonMail also doxed Tom Spark during some controversy ( https://medium.com/@gaetanosabin/did-nordvpn-and-protonmail-violate-gdpr-and-us-privacy-laws-by-doxing-vpn-affiliate-2fe7b0d51d1f ) I'd just avoid anything Proton. I currently use CTemplar but obviously I still don't do anything critical over email.
Rambler OP wrote
What are your thoughts?