Is secure email like ProtonMail worth it?

edited March 2022 in General

I have used gmail for years but starting to think that maybe the amount of data they collect is not so good. Changed to duck duck go for search, do you think it’s worth moving email to somewhere like ProtonMail? Or is it a bit of an overkill and something like mxroute would do fine?

Comments

  • edited March 2022

    ProtonMail is as close to a FBI honeypot as you can get.

    Edit: Protonmail does not provide End to End Encryption whatsoever, mxroute is a far better option as it's honest about the offer. You can always implement PGP if needed.

  • @Aidan said:
    ProtonMail is as close to a FBI honeypot as you can get.

    Edit: Protonmail does not provide End to End Encryption whatsoever, mxroute is a far better option as it's honest about the offer. You can always implement PGP if needed.

    Source?

  • I stay away from google anything when I can. I'm happy with fastmail.

    Thanked by (4)ialexpw jmaxwell bdl Tech2
  • bruh21bruh21 Hosting Provider
    edited March 2022

    Remember that stupid (I say stupid because he/she was relying on ProtonMail as the only line of anonymity) french kid who got his info handed over to the authorities when ProtonMail got ordered to?

    I have a ProtonMail account but it’s not something that I treat any differently from my Gmail, mxroute, or aol account

  • @skorous said:

    @Aidan said:
    ProtonMail is as close to a FBI honeypot as you can get.

    Edit: Protonmail does not provide End to End Encryption whatsoever, mxroute is a far better option as it's honest about the offer. You can always implement PGP if needed.

    Source?

    Page 12 for a summary: https://eprint.iacr.org/2018/1121.pdf

    Additional reading: https://encryp.ch/blog/disturbing-facts-about-protonmail/

    Crypto AG was also based in CH & barred at a national level for certain forms of communication - much like Peleus Proton Technologies AG.

    Thanked by (1)chimichurri
  • skorousskorous OG
    edited March 2022

    @bruh21 said:
    Remember that stupid (I say stupid because he/she was relying on ProtonMail as the only line of anonymity) french kid who got his info handed over to the authorities when ProtonMail got ordered to?

    Perhaps I'm misunderstanding your argument. I don't recall then claiming to be a no logs anonymizing provider. They're a secure email provider and I didn't think the email itself was ever compromised. Like they said at the time, if they had been using ProtonVPN they would have been fine.> @Aidan said:

    @skorous said:

    @Aidan said:
    ProtonMail is as close to a FBI honeypot as you can get.

    Edit: Protonmail does not provide End to End Encryption whatsoever, mxroute is a far better option as it's honest about the offer. You can always implement PGP if needed.

    Source?

    Page 12 for a summary: https://eprint.iacr.org/2018/1121.pdf

    Additional reading: https://encryp.ch/blog/disturbing-facts-about-protonmail/

    Crypto AG was also based in CH & barred at a national level for certain forms of communication - much like Peleus Proton Technologies AG.

    @Aidan said:

    @skorous said:

    @Aidan said:
    ProtonMail is as close to a FBI honeypot as you can get.

    Edit: Protonmail does not provide End to End Encryption whatsoever, mxroute is a far better option as it's honest about the offer. You can always implement PGP if needed.

    Source?

    Thank you.

  • @skorous said: They're a secure email provider

    If by secure you mean the same as Gmail, then yes.
    If encrypted, then no - it's functionally no different than using a gmail/yahoo account.

  • To answer the original question, no - I don't think it's worth it. I think it's overpriced for what you get and lacks some basic features out of the box unless you jump through extra hoops in the name of 'security'.

    🦍🍌

  • No, protonmail is not worth it. There is plenty of way better solutions regarding privacy. In past I ised counteremail. Highly recommended.

  • Protonmail is a fine email provider. Of course there are many alternatives. It's hard to say what is the best for you.
    If you want to encrypt your mail, Protonmail have this option. https://protonmail.com/support/knowledge-base/encrypt-for-outside-users/ I haven't tried it though...

    Mxroute is a good option too. Compare it to others and think what kind of service you really need. Avoiding data collect can be done with both.

    Filen.io - use this link to signup and we both get extra 10GB free.
    https://filen.io/r/4d472d5cdb57f6663621a251065e0b51

  • There are 3 separate questions here: 1) protecting your email content from surveillance by e.g. state agencies: for that you need end to end encryption. 2) Preventing your email content from being collected and analyzed by personal profiling companies like google: for that, it helps to use smaller providers, who simply don't the resources to embark on such projects. 3) protecting the metadata of who you are communicating with: for that, email has fundamental weaknesses. If you do want to use email then this is somewhat in conflict with #2, since having both people on the same provider helps control leak outside that provider, and having both people use gmail is fairly innocuous.

    Note that it's very difficult to keep your email away from google: even if your own account is on protonmail, when you email your friend, without prior selection there is a high chance that your friend is using gmail. So your email goes to google anyway.

    If you have to conceal metadata (Ukraine has me thinking about this), you're somewhat in spy-vs-spy territory, and you and your communication partners need to know what you're doing and probably use ad hoc methods depending on the exact situation.

  • if you want move away from Google,ProtonMail is a good choice.
    but not for GOV

    Thanked by (1)serverollie
  • Security for me is basically no one reading my email so Gmail works and I have 2 factor Auth there. Am I missing something else that makes it more secure than that?

    Thanked by (2)angstrom serverollie

    RCLOUDSYSTEMS - EmailBackup and EmailSync are powerful email management and migration utilities for an unbeatable price!

  • cybertechcybertech OGBenchmark King

    what is gmail collecting? i do have calender and keep notes with them so ...

    I bench YABS 24/7/365 unless it's a leap year.

  • @serverollie said:
    I have used gmail for years but starting to think that maybe the amount of data they collect is not so good. Changed to duck duck go for search, do you think it’s worth moving email to somewhere like ProtonMail? Or is it a bit of an overkill and something like mxroute would do fine?

    Definitely worth it compared to gmail. Just keep in mind that ProtonMail doesn’t offer anonymity and E2E is for emails sent between ProtonMail users. Also check out Tutanota, they encrypt all metadata including email subject line (which PM apparently doesn’t ) and their premium service( more than one e-mail alias, custom domains etc) is dirt cheap.

    Thanked by (1)serverollie

    Why?

  • @risharde said:
    Security for me is basically no one reading my email so Gmail works and I have 2 factor Auth there. Am I missing something else that makes it more secure than that?

    It's not about security per se -- Gmail is strong on security (or they're stronger than or as strong on security as any other email provider, as far as one can tell).

    It's more about "your being the product", i.e., Google's automatic scanning of emails for profiling purposes ( @willie's #2 above ). The use of a non-free independent email provider and avoidance of Gmail and other big free email providers (Yahoo, Outlook, etc.) would/should help with this issue.

    Thanked by (1)serverollie

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • edited March 2022

    @Chrisl said:
    I favor the actual publish. It truly is superb to discover a person explain in words out of your cardiovascular as well as high quality with this particular essential subject material might be very easily observed. You are interested in ddos proxy protection so contact us.

    Yes, indeed my cardiovascular has words

    mod edit: removed the spammer's link

    Thanked by (1)serverollie
  • @Chrisl said:
    I favor the actual publish. It truly is superb to discover a person explain in words out of your cardiovascular as well as high quality with this particular essential subject material might be very easily observed. You are interested in ddos proxy protection so contact us.

    Don't spam, don't spew nonsense

    Thanked by (1)serverollie

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • I am a ProtonMail subscriber. I have a bunch of free accounts with PM for various reasons, so I figured I’d buy an account and give something back, but I don’t really see anything in the product set that justifies the rather high price.

    I really like Tutanota. It offers the most useful (to me) paid ProtonMail features for €12 a year, which is personally a price I’m happy to pay.

    Thanked by (1)serverollie
  • "Secure Email" is an Oxymoron.

  • MannDudeMannDude Hosting Provider

    Yes and no.

    Yes, if you want email that works. No, if you think it'll keep you ultra super secret anonymous and expect it to do all the work for you.

    If you practice good op-sec, use their Tor onion service and understand what they do and do not encrypt (and what is limitations of PGP email in general, like that the subject line is not encrypted) then you'll be happier.

    If you're using ProtonMail from your home IP and expect the company to protect you if you use your ProtonMail account to do real dumb shit, then yeah, they can and may assist law enforcement. They have in the past. But, they also give you the option to stay pretty damn anonymous by using their Tor onion service.

    You can also just use PGP with any mail provider. We enable it in Roundcube (Enigma plugin) by default for those who want to test it out but the keys are stored on the server which isn't ideal for maximum privacy, but if it gets someone introduced to PGP and encryption in generally then it's a good thing.

    Thanked by (2)serverollie skorous

    [ IncogNET LLC ] - Privacy By Design
    We believe that privacy and freedom of expression are two very important things, so we offer solutions to accessing and publishing content safely.
    [ USA: Liberty Lake, WA | Kansas City, MO | Allentown, PA ] [EU: Naaldwijk, NL ] [ CL Shared | KVM VPS | VPN | Dedicated Servers | Domain Names ]

  • @serverollie said:
    I have used gmail for years but starting to think that maybe the amount of data they collect is not so good. Changed to duck duck go for search, do you think it’s worth moving email to somewhere like ProtonMail? Or is it a bit of an overkill and something like mxroute would do fine?

    I've never used ProtonMail, but I don't doubt that they're a very good email provider.

    Beyond any technical advantages (but I'm not sure that there really are any), I think that ProtonMail are also selling "peace of mind" ("We're secure, we respect privacy, we're in Switzerland"), which is a psychological advantage that some will choose to pay (a lot) for.

    But my view is that for most purposes, MXroute would do fine.

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • @MannDude said: If you practice good op-sec, use their Tor onion service

    Might as well use the .com, as they redirect you to the clearnet site when you login.

  • @MannDude said: If you practice good op-sec

    As far as I can tell the main argument in this appears to be that it's not sufficiently clear how to do that and that the app doesn't do enough to protect you from doing it poorly.

  • edited March 2022

    I don't think there is any email provider more secure (as in hard to hack) than Google. However, I am also somewhat wary of Google knowing too much about me, so I ended up using both Protonmail and Tutanota.

    Given this story, it seems that something indeed may be fishy about PM (not to mention other interesting tidbits from the article provided by @Aidan) - I'm not 100% convinced they are a spook honeypot, but this kind of sudden policy change makes me wonder whether they are to be fully trusted...

    OTOH, Tutanota seems IMO to be much more trustworthy... But regardless whether it's them or another encrypted email provider, if you're unlucky, and your provider doesn't want to become the next Lavabit, but instead they choose to comply with a court order so that they could continue operating, you could still end up with your emails from/to other email servers being snooped on.

    This is probably an inherent risk in email, which as both @willie and _MS_ [sry, can't tag you properly bro - -'] rightfully pointed out, simply isn't secure by design.. :p (yes, there is PGP, but it still leaves the metadata unencrypted)...

    So, in case you'd not only be looking for a trusted email provider, but possibly, also for a secure (as in hard to intercept by a 3rd party) means of communication, consider using a secure messaging app instead =)

    Thanked by (1)Aidan

    Contribute your idling VPS/dedi (link), Android (link) or iOS (link) devices to medical research

  • I used proton mail only because they don't want my phone number and gmail does

  • Not_OlesNot_Oles Hosting ProviderContent Writer
    edited March 2022

    I've been running my own email for years, and it's been fine. But my sending half a dozen emails a month isn't enough to make a good impression on Gmail. Even when I get a 10 out of 10 on mail-tester some of my emails to people who use Gmail end up in spam. That happens even when the recipient has my sending address in her contacts. And even when we recently have exchanged messages. I'm sure that getting my recipients to make a "Never put emails like this into spam" rule would work, but my recipients are not especially enthusiastic about this sort of fussing.

    I looked at https://drewdevault.com/2020/06/19/Mail-service-provider-recommendations.html and I have been trying Migadu as Drew recommended. I also have been trying Protonmail and Postmark.

    So far I have an excellent impression of Migadu: super friendly support, everything works great.

    In addition to standard protocols like IMAP, Migadu offers Rainloop, a nice graphical web interface for sending and receiving email. Notably, Migadu pricing is based on the number of emails sent, so you can add several users on several domains without changing the price of your account. So far, zero deliverability issues with Migadu.

    I'd be very grateful to hear everything you guys have to say about Drew's recommendations and also about Migadu. Thanks in advance for any comments!

    Best wishes from New York City and Sonora, Mexico! 🗽🇺🇸🇲🇽🏜️

    Thanked by (2)JeDaYoshi Tnetenn

    I hope everyone gets the servers they want!

  • MichaelCeeMichaelCee Hosting ProviderOGServices Provider
    edited March 2022

    Depends what “it” is. Was happy with protonmail before switching to custom domains. I didn’t expect every email to be encrypted but if I was to communicate with someone else using Proton then cool, it’s advertised as E2E. As far as legal concerns, I’d rather use a company that abides by their local laws and regulations than one that hides from the law (in most cases), could be a much worse ending.

  • Do you want to avoid data mining of your e-mails for ads, do you want to avoid small annoyances for things like DMCA? Yes.

    Do you want to avoid going to jail? No. They log your IP with a valid court order.

  • check this list:

    https://dismail.de/serverlist.html

    the technical details are interesting.

    during my research, i noticed not only the technical requirements, but also the political attitudes of email providers. with some, the attitude is very clearly recognizable with others, one can assume a lot and with most, there are no clear signs of an attitude. in particular, i see the providers with an unambiguous attitude as problematic. because a provider must then, consistently, also check the attitude of its users. and at this point it becomes dangerous. how is that supposed to work? the best way is to analyze and read the emails. that's exactly a big mistake.
    in the list, there is one provider in particular that advertises not to let any "nazis" (that's the maximum evil anyway) use its services. other providers are clearly from a left-wing extremist scene and take an unambiguous position right from the start.

    in my opinion, a service should be neutral.

    Thanked by (1)chris
Sign In or Register to comment.