Are there any private email services

  • Platform27@lemmy.ml
    link
    fedilink
    English
    arrow-up
    20
    arrow-down
    1
    ·
    1 year ago

    Tutanota and Proton are often recommended services. I personally prefer Tutanota, and their encryption. Though, Proton has a nice suite of services, that is worth looking into. Namely their VPN and Drive…

    • WhyIDie@lemmy.ml
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      what caused me to lean more towards tuta was their encryption also encrypts the email subject line, and not just the body. I read PGP doesn’t allow for that

      • Platform27@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Tutanota also encrypts email folder and labels names. Last time I checked, Proton does not.

        • WhyIDie@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I know contacts are encrypted, but I wasn’t aware tuta implemented email labels yet, and all that came up from the search was a post from the company on reddit 6 months ago stating it was planned for the future, at https://web.archive.org/web/20230114104535/https://old.reddit.com/r/tutanota/comments/10aumyg/question_on_features_in_provided/ .

          And encrypted folder names sounds believable, but I can’t find a link definitely stating encryption for that, specifically. If you could shoot me a link about it, I’d love to know it’s true before I start stating that to others. Don’t get me wrong, I really like how privacy-focused tuta is, but I jumped into a paid account knowing their frontend functionality is pretty barebones; something I was fine with supporting while they built it up, since the backend privacy focus and it being open source were the main selling points to me.

          • Platform27@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            1 year ago

            Yes, that’s my bad, with Labels. I never really use them, and wrote it without thinking. I do not have a source for my folder claim. I was told this several years ago, by support, when I was enquiring about their service, for business use. It was one of my many questions. While the end user seems their folder name, Tutanota sees a random identifier.

  • Chemical Wonka@discuss.tchncs.de
    link
    fedilink
    arrow-up
    15
    ·
    edit-2
    1 year ago

    E-mail is not a private service by default. You can “try” to mitigate some privacy flaws using PGP for example but PGP is not widespread to be something useful.

    • Siliconic
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Seconding Posteo, highly recommended. I wouldn’t really recommend Proton or Tutanota, though you could do worse of course

    • kostel_thecreed@lemmy.ca
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Weird. Support was top tier when I had issues. I also own a business account for 30-35 people, and the issues we get are easily resolved by Tutanota. You most likely got a bad rep.

  • PropaGandalf@lemmy.world
    link
    fedilink
    arrow-up
    10
    arrow-down
    1
    ·
    1 year ago

    I went with tutanota and I’m liking it so far. However I’m fully aware that email not intended for secure infirmation exchange at all.

  • thatsnothowyoudoit@lemmy.ca
    link
    fedilink
    arrow-up
    9
    ·
    edit-2
    1 year ago

    The only way to ensure privacy is something like PGP. Encrypt before you send. Heck you could even encrypt before you put the contents into a message body.

    With self hosted, the messages themselves aren’t encrypted at rest and they are clear text between hops even if those hops support TLS in transit.

    Ultimately the right answer for you will hinge on what your definition and level of privacy is.

    • Eufalconimorph@discuss.tchncs.de
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      1 year ago

      Note that PGP only encrypts the body, not the subject, sender, or recipient. So it’s only partial encryption and not very private compared to modern messaging services like Matrix. This is a fundamental limitation of email. It’s “Pretty Good Privacy”, not “Very Good Privacy”.

  • lckdscl [they/them]@whiskers.bim.boats
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    1 year ago

    What’s your threat level?

    There’s no such thing as fully private. For that, encryption where you control your keys is the way to go. If you’re really paranoid then Disroot or Riseup. If you like to be able to use any clients then don’t go with Proton or Tutanota. There are a lot of paid mail services, whatever you go with, you just have to read the privacy policy and know what your threat level is. Just purely paying for the services may make you feel better about your privacy but that’s not always the case. If you do something the authority doesn’t like, the provider gets hit with a subpoena and can hand you over. But again, encryption encryption.

    This resource may help you, although the author is pretty paranoid and I don’t agree with a lot of their views or writing style, but I think this might be the most comprehensive list for email providers.

    • jhulten@infosec.pub
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      This is important. Without a threat model, recommendations will always be generic. Are you important enough for the NSA to dedicate resources too? You’re screwed.

  • FlappyBubble@lemmy.ml
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    What exactly do you mean by private with regards to email? What is the problem you’re trying to solve.?

    • Potatos_are_not_friends@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      I’d strongly recommend against self hosted email.

      Has a team of engineers to manage emails and the company finally gave up and switched to AWS because of constantly deliverability issues. I think the commercial companies won that war.