I think I know the answer, bit maybe I’m missing something
Since proton only sends and receives encrypted emails to other proton accounts, that means that when you get or send an email to someone else, they have to send / receive unencrypted and there is no way for us to verify what they are doing. Right?
Also if most accounts are google Microsoft, they still get 90% of my emails. By switching to proton I think I’ve gained nothing, while losing convenience , added another trust point, and having two different companies have my data instead of just one
Proton drive, calendar and VPN I think are fine
Sorry for the poor syntax. I’m at work working on email related things, and this topic kept distracting me. I might correct it later
IMAP + GPG
POP is better than IMAP, the emails get deleted from the servers.
IMAP can delete too. When it’s not your server, there’s no proof it’s actually deleted. So, use GPG.
Right. So back to gmail?
No private registration or payment.
Sorry. I don’t understand
Tuta has no IMAP, vendor lock-in, bad.
Proton has IMAP with extra steps, almost vendor lock-in, bad.
Gmail has IMAP, good. So, we can use it with our own libre app, with GPG, but first we need an account.
Making a new Gmail account is not private. Also, paying for paid Gmail is not private.
the thing with proton is you don’t really know that they’re private and they pretty much always collaborate with the police and their android vpn app collects some data that it doesn’t need to. I would suggest you:
- don’t use email, that’s the ideal solution
- use a provider like cock.li and send messages encrypted with pgp. this isn’t ideal, pgp leaks a lot of data and cock.li gets sinkholed by most email providers.
- use proton and encrypt emails with pgp, you have not much privacy but it’s less worse than microsoft and not much convenience loss, except that proton doesn’t allow email clients(at least if you don’t pay), I don’t know about ms).
they pretty much always collaborate with the police
a corporation is a legal extension of the state, hence why all of them will always collaborate when ordered by the courts or otherwise required by law.
some will even collaborate when they are not required by law such amazon ring providing pigs access for no reason, facebook censoring content per request of US or Israel… needless bullshit but hey it helps get government contracts ;)
bottom line, expecting corpo to do anything for you for 5 bucks a month is naive, at best they should not do it for no reason and they should not sell your data.
but even that is a tall order for these parasites.
I don’t know how old are you or where you live, but for everyone I know it’s non optional. My government requires an email. And for any site I want to use I require an email. Even Lemmy.
Privacy is multiplayer. When the government needs it, we must do more to spread these ideas.
I don’t understand what you are trying to say
Note that ProtonMail actually supports automatic encryption to email accounts that publish their public keys in a Web Key Directory, which I’ve set up for mine. When you type such an email address in the To field, it’ll turn into a special color with a lock symbol.
Likewise, ProtonMail also exposed a WKD so people can send encrypted emails to ProtonMail accounts. I don’t know of any mail clients that support this though (I used the command line to pull keys)
Wow, til I learn about WKD! I used to have a key on keyservers, but hated how that was basically a spam trap and the fact that anyone could upload a key there for my own address. It was easy because I own my own domain and already have a web server there.
I set it up and tested it with help from https://www.webkeydirectory.com/
Looks like it’s being added to clients: https://wiki.gnupg.org/WKD/DistributionOfWKD
You could self host your email
Yes. But then again. If no one I know uses a private provider, my emails will still get scanned and read.but it its 1000% less convenient
Tuta lets you encrypt a message for the sender only, with a passphrase.
They’ll have to follow a link but still…GPG and mailbox.org or anothet “just” email service
Assuming that you trust what Proton says, when they receive a (possibly unencrypted) message they re-encrypt it with your key as soon as possible and they don’t log the content. So, after that point, they (or anyone else) can’t read the email contents. If it was also encrypted in transit, then there’s only a small window inside their email processing system where the plaintext was passed from one encryption to the other. It’s only decrypted again in your browser or proton mail app with the key that only you have. It’s not bulletproof, but it’s better than most providers.
Mail transport these days is usually encrypted over the wire, but once it lands at the receiving server (i.e. gmail) it is stored in the clear, or at least in a way that the host can read it.
Exactly. It has to be sent unencrypted. So there is no way to know what either of the providers are doing and is just a big “trust me bro”
It’s usually sent encrypted (by TLS) so it can’t be read by external entities monitoring internet traffic. Then the host decrypts it and stores it and can access it. Yes it’s trust me bro. Email is fundamentally not all that private, because of that.
deleted by creator
Well, the way I see it is it’s like taking candy from someone who says “I put razorblades in this candy” versus somebody who says “I did not put razors in this candy.” Sure, maybe the latter is lying but are you going to pick the former? There’s really no viable way to run your own email server with actual delivery anymore, and it’s clearnet in transit anyway, so I don’t really see the downside in “trusting” Proton or another provider enough to pick that over Google. To get any benefit, you would need to move things over though. If you’re unwilling to do that work, the reality is you’re just on Google and Microsoft and training their AIsand it is what it is. If you think about it, though, even if you move half of your logins to Proton or Tuta or whatever instead of Google, you are depriving them of half of what they know about you going forward.
There’s really no viable way to run your own email server with actual delivery anymore
SMTP relays make IP reputation a complete non-issue. As long as you aren’t sending hundreds of emails a day, there are multiple free options (free tier, subsidized by paying corporate customers who send a lot of emails).
I think a Proton or Tuta is a better option for most people than dealing with a transactional SMTP provider, which is almost certainly selling all outgoing email contents for AI training at least if not even more nefarious things.
a transactional SMTP provider, which is almost certainly selling all outgoing email contents for AI training at least if not even more nefarious things.
That’s a big assumption, and that kind of behavior is specifically prohibited in the privacy policy of most, if not all SMTP relay providers, as well as GDPR regulations. If you think they’re violating their own privacy policy and government regulations and doing it anyway, there’s no reason to think Proton isn’t as well, or any other email provider, so that’s kind of a non-starter argument IMO. Plus this only applies to outgoing emails, not incoming. I don’t know about you, but I send about 5-10 outgoing emails a year, there’s not much to be gleaned there. Incoming is what you’d want to protect more than anything.
I think Proton mail is worth it just to diversify off Google but I don’t lend much faith in how effective privacy will be with email. The free service is enough for that. If I wanted more faith in encrypted communications, encrypted chat applications. I sub to proton for drive and VPN. ProtonPass has all the email aliases for throwaway websites
I wouldn’t say you have gained nothing. The amount of data provided to google or microsoft when using their email is significantly more. For example, your app or client is checking email all of the time, giving them telemetry on your location and activity, all your devices, 24/7. Google logs and analyzes all of your interactions with Gmail’s web pages, how long you have certain emails open for, what you don’t bother to open, what you tag as important, etc.
Much of the one-way email you sign up for from companies and organizations come from smaller outfits like sendgrid or their own infrastructure, so you are cutting google out of information about your associations and interests.
Also, in regards to that 90%, you can either be part of the problem for all your contacts, or part of the solution. The network effect is huge.
I pay the amount of maybe 10 $ a year for having my own domain hosted at a mail-hotel, and that means I control my own e-mail. I think it’s worth it. There more who switch, the better.
Could you elaborate? What is an email hotel? I’m guessing you mean an email hosting.
just like a webhotel, just for mail instead… So yeah, like you can pay someone to host your website, you can pay someone to host your e-mails with your domain name…
That sounds like the worst option of all. At least I can trust google has some protections in place to stop employees from looking at you email, because if they didn’t there would be thousands of cases all the time.
In your case, you never know who is looking. At any point a rogue admin can issue a bank password reset and just read the email
I’ve never heard of the term web hotel before. I’m guessing its web hosting
Sounds like you don’t know what you are talking about. :-) That’s fine, but unless you know something about the topic, you shouldn’t really be judging…
I know exactly who is looking. And I would also know if anyone tampers with the passwords. I guess you don’t have the skills, and that’s fine. You might even think that there’s anything in the world that is totally secure. There’s not a single thing that is secure.
Oh, what is this? - https://www.forbes.com/sites/zakdoffman/2025/08/25/google-warns-most-gmail-users-must-change-passwords/
Good for you
Google literally opens all your email and scans the contents to build an ad profile on you. They scan all attachments too.
Of course. But you didn’t switch to a trustless provider. You switch to a nobody that has nothing to lose by reading you email. Also my point is that google has programs reading every email, but not people. They probably have a lot of locks to stop employees form accessing users email
Makes me feel like I’m doing the best I reasonably can, even if it’s of limited effect. Also, built-in aliasing service.
This is the best reply so far. Probably not enough for me to stay, but at least not pretending it’s safer
Email is never private, even with encrypted email, headers give away metadata. HOWEVER, Tuta & Proton are not scanning your emails to market shit to you and train AI. That’s the main advantage.
You can’t know if they are not reading you emails to do anything. That is the issue. Because of how email works, we know that they COULD. And experience tells us that tech companies profit from breaking promises and laws.
Problem is where you send emails to is.
Yeah. That’s ops whole point.
Except that proton released their LLM AI so maybe they will start doing that?
No they probably won’t, proton is not a big enough company to train it’s own large language model instead they are using already available open source models.
