A while back I started on this journey, and as most people did, I’ve had my ups and downs and went through the learning curve, I’ve now reached the point of so much knowledge that I truly know, I dont know shit. People of Lemmy I come to you today because idk what to do, I recently made a free account with proton, their subscription is fairly cheap so idm paying the monthly tier of 15GB so I can have control over ending it whenever I please instead of being locked in for a year. Now, I heard about Tuta but never dived much into it, i know Proton has had its controversies (Don’t be shy of reminding me of what they were), but what are my options here truly for a proper FOSS email provider? I can negate the free part for a reasonable price, but truly private AND secure is a must.
Self Hosting isn’t an option yet for personal reasons unless it’s completely free.
This might be an unpopular opinion in this community, but here it goes.
Privacy doesnt really exist with email. Yes, Proton does support encryption, but nobody but Proton uses it. When your bank sends you an email, its plain text, and its pretty much guaranteed its sent from an outlook or gmail server. If they want your data they can get it whether youve got proton or not.
As for me - I actually still use my universities email. Its on outlook, but, hardly anything is sent to it, it never gets flagged as spam, and it doesnt cost me anything and will hopefully be there forever.
Came to say the same, the only benefit I see in proton and other providers is not having my email monitored by Google but that’s it
Google alone is enough reason for me haha
Nah that’s a pretty common (and correct) take. Never email something you wouldn’t want to see come up in a court case. Secure email can limit exposure somewhat though. Unless it’s the government it may be impossible or at least harder to put things together about you from other email addresses. At the very least every email is not being scanned by Gemini and used to train it. And the more people that use privacy respecting email the more private it is.
Never actually thought of it that way, like how no matter what you do, since most of your family uses META, you’re indirectly hit by the crossfire
Right ya. You’re best bet if you want to achieve privacy is to pretty much stop using email as much as possible. Proton is fine, and it is better than say using outlook or gmail, but barely.
Privacy doesn’t really exist in what way? In a sense that the layperson should be concerned or just a person of interest in a diplomatic position?
Yeah, as long as it’s not Google, it works. The real trick is to find a good email aliasing service (I use Addy.io) so when email are exposed in a data breach you can just turn it off and avoid spam. Also good for when your trying different emails out because you just have to update what the aliases send to.
Everyone telling you email isn’t private is right.
Don’t use it for things you don’t want to be public knowledge.
but truly private AND secure is a must.
Remember that email is none of that, unless both people use encryption.
Tuta and Proton both are encrypted, which is great, but the moment you exchange with someone that is not using encryption (aka, the vast majority of people), they’re not anymore.
I always considered email like sending a good old postcard: something anyone could read without being invited, just by looking at it.
so I can have control
Be it Tuta or Proton, or any other commercial offering, you won’t have real control without owning your actual domain name. Owning it means you can change email provider if/when you wand (and if you don’t feel like using your own).
How can I own my domain name?
Your purchase it from some registrar.
I’m from France so it probably won’t be the same as you, it will cost you a small yearly fee. Like, for example I do own the domain ‘thefoolwithapen.com’ (my blog) among a few other domain names. So I can use libb@thefoolwith… with either my own email/hosting or most third-party provider, I don’t have ti use their own name/domain. Sorry for the lack of specificity in my explanations, I’m everything but an expert ;)
Edit: clarifications
Okay so whenever I buy a domain name, I now can use that domain name on any emai regardless of the email provider (google, proton, etc.) Can the domain name be taken away from me somehow?
- Depends the email provider, I 'm not sure (quite certain they’re not) all are offering that.
- Yes. The moment you stop paying as it will most likely be sold for cheap. One of the oldest domain I owned (from the 90s) and got rid of a few years ago is now used by someone hosting porn… Which is kinda funny. Maybe one can also lose it in a trial? But that would be very specific… Say, you own StarWarsSucksHard.com you won’t probably own it for long the moment Disney’s armies of lawyers focus their attention on you ;)
Honestly use whatever you want and use pgp, or gnpg. Encrypt all your messages using ecc.
Okay now i need you to explain how to do any of that, and what each one is for
Alright, I’ll write something up and post it.
You mind tagging me?
Writing it up now
Alright, can’t wait
I’m using Migadu and I’m happy with it. You need your own domain though.
TL;DR: Stick with Protonmail. There is, based on what you told us, no reason for you to switch to another provider.
I wouldn’t recommend Tuta at the time of writing, due the lack of OpenPGP (no, their own EE2E does not act as a solid replacement) and JMAP/IMAP support.
Hmmm ? Has Proton introduced imap support ? I was going to migrate to them a few years ago until I realised that was missing. Not keen on getting locked into their proprietary app.
No it hasn’t, but with the Proton Mail Bridge you can get close, as it creates a local IMAP server that you can use with any email client - it’s far from ideal though and it has plenty of glitches
Thanks for the response, yeah that is better than nothing, but if OP hasn’t migrated yet then better to choose a provider that isn’t locking them into an apple-esque walled garden. If they decide to stop supporting the bridge then you’re stuck.
I like proton but they make a few too many weird decisions. I mean imap has been around for a long time, why not use the open standard.
Take it easy on me with the big boy terms haha, you mind explaining them? Except E2E, I know what end to end encryption is, tho idk if EE2E is another thing or just a typo by you
Another user said mailcow, thoughts?
I think they meant E2EE (End-to-end encryption)
OpenPGP is an encryption standard
JMAP/IMAP iirc lets you use other clients like Thunderbird (you won’t be able to use 3rd party clients with proton unless you pay for it so take that into account too)
Isn’t PGP what they say to always encrypt any message you send with prior to sending it? Especially on Dread and DNM Bible, never understood how to actually use it though
yeah it is used for encryption, in this case mails between proton users can be encrypted using OpenPGP
i recommend to research a bit yourself on these topics and your use case for privacy in this context. email is not private by design.
While there is no way to completely protect your email I am big believer in minimizing vulnerability. It’s somewhat nice to know your email provider at least isn’t reading your direct emails. Most of my correspondence comes from auto reply emails. It’s the same I recommend to people still on Windows or MacOS. Use apps with no telemetry as much as possible. That to me would include email.
The real answer isn’t don’t use email for private communication. It’s like asking what’s the most private way to shout into a crowded room
I’ve kind of given up on the concept of email as a whole. Nobody emails anymore. Nobody in my family uses email, I’ve never had a friend who emails me, I’m the weirdo for asking for an email address so I can email you a calendar invite because I’m a weirdo for using the calendar…
Maybe it’s just been my experience but does anyone actually use email? And if so what about everyone else’s security?







