Proton - Feels walled garden-esque, has one email for free, may cooperate with governments
54
TheFeatureCreature @lemmy.ca - 1mon
Been with Posteo for years now. They're very solid.
17
cRazi_man @europe.pub - 1mon
I've been with Mailbox for years now too. Also very solid.
7
majster @lemmy.zip - 1mon
I'm using runbox with custom domain. No issues.
3
PiraHxCx - 1mon
Afaik, Proton and Tuta are the only free ones with zero-knowledge encryption
32
Lyra_Lycan @lemmy.blahaj.zone - 1mon
Proton allows only one free email address, which is what taught me to be wary of unexpected restrictions on services. I've got to say the only one I trust fully is my own, with complete certainty of security and features are all only limited by the hardware. Whenever someone talks about paying per month to get more addresses, aliases, calendar or storage - nah. Self-host. DuckDuckGo email is a good firewall layer as well - it forwards all mail to your chosen actual address after trying its best to strip the mail of trackers.
15
PiraHxCx - 1mon
Login into Proton-Pass for 10 free aliases... but, it doesn't require your ID or anything to create an email, you can create how many you want :S
5
aev_software @programming.dev - 1mon
You can create as many free email accounts with ProtonMail as you like.
Proton now is a non-profit but their employees still need salary. Throw them a couple bucks if you like their service.
Do that with anyone whose services you enjoy. That's how you help them survive.
One thing to consider about mailbox.org is that if you don't use your own custom domain and keep an @mailbox.org address (which afaik is considered a best practice for privacy because it lets you "hide" in the crowd), if you decide to move on later they will make your old address available to others later.
10
Jerry on PieFed - 1mon
Proton Mail, Tuta mail, runbox.com, to name three.
I considered them, but had a problem with two things about them: they both a) don't allow custom domains (which is fine for privacy) and b) recycle email addresses, meaning that if you move on later they will make your old email address available to others.
8
Lyra_Lycan @lemmy.blahaj.zone - 1mon
That's going to be very interesting with persistent spam senders.
4
fodor @lemmy.zip - 1mon
The security risk is the problem, right? If you can get a a new password sent to an email address for the person who owned it before you, that's an interesting attack vector.
1
TurkeyDurkey - 1mon
I use posteo and simplelogin together.
2
Cricket@lemmy.zip - 1mon
Posteo seems fine if you use a custom domain. If not, they have the same issue of recycling email addresses, like mailbox.
1
thedeadwalking4242 @lemmy.world - 1mon
Tuta mail
11
solrize - 1mon
I've been using fastmail.com for a long time and am satisfied, though it's on the expensive side and I haven't looked into every alternative.
If you want cheap email hosting for your own domain, mxroute.com has been around for a while and cranemail.com is new, but both are small companies run by people who know what they are doing (online acquaintances of mine if that matters).
9
Antithetical - 1mon
For my own domains I'm using Migadu since they support unlimited domains per account. Quite happy with them..
3
solrize - 1mon
Yes, I forgot Migadu. I played with it a little and it was nice, though I think it costs more now.
2
Libb - 1mon
'Safe' is a bit too vague: what are you looking for?
If you just need an email that doesn't belong to GAFAM and is not subjected to US privacy-less laws but need no extra security (no end to end encryption): Infomaniak KSuite(Swiss) is available both as a free plan (20GB email + 15GB Cloud free) and as a paid version (unlimited email storage and 1To Cloud). They also offer just the email, if you don't need cloud: Kmail ;) . There is also mailbox.org (Germany)
End to end encryption: Tuta (German), Proton (Swiss).
I'm far from a privacy expert, but here are some things that I have been considering while researching this for myself:
Zero-knowledge encryption providers like Proton and Tuta are great for privacy at the expense of convenience, like possibly not being able to use common IMAP email clients. Proton has a bridge app for their paid plans that allows this on Windows and Mac but not Linux or mobile, and last time I checked, Tuta doesn't have this on any platform. This means that your email can only be accessed from their client, and more importantly, if a bridge app is not available for your provider on your preferred platform, all your email will be stuck in your mailbox forever with no ability to archive locally.
What are the privacy, security, and law enforcement/intelligence cooperation policies of the provider and country where the provider's legal entity and IT infrastructure are located? If located in a country with bad policies, spying on your email is much easier, especially if it's not a zero-knowledge encryption provider.
While using the provider's own domain for your address is better than using a custom domain, most providers appear to have a policy of making your address available to others after you leave them. Mailbox, Posteo, and Fastmail do this. One of the only providers I've found that has a policy of not doing this is Runbox.
Does the provider have a good reputation for email deliverability? This is a tricky one that requires some research. First, look at the provider's DMARC policies with a tool like DMARC Check Tool. Mailbox and Runbox appear to pass all tests, but Posteo and Fastmail fail the DMARC quarantine/reject policy test, which apparently makes it easier to spoof your email and could make your emails less likely to be delivered. Also search the web for comments on users' experience with email delivery, like "<provider name> email delivery issues", to find out what people have said.
6
chonomaiwokurae @sopuli.xyz - 1mon
Proton bridge is available for Linux as well.
6
Cricket@lemmy.zip - 1mon
Thanks for the correction, I didn't see it mentioned on their page. I've edited my post.
3
sidebro @lemmy.zip - 1mon
I've been using Tuta for almost two years now and I can't recommend it enough. It's really good. Check out tutanota@lemmy.world or https://tuta.com/
It's hosted in Germany and is very privacy-focused
6
GlenRambo @jlai.lu - 1mon
Were some people concerned with Germany hosting and the way the right leaning party (Germany for Germans?) was gaining popularity? And something about their data views. Although maybe I was wrong.
From whwat I see though mailbox and posteo are the same.
-1
zeca - 1mon
Not a recomendation... i just like to recall that it seems pointless to me to use a private/secure mail provider just to end up communicating with gmail users. There are other private/secure means of communication over the internet, just not so much through emails.
6
FoundFootFootage78 - 1mon
Proton Mail is good, just don't use the paid version of any Proton service. The paid version will delete your email address if you don't keep up with payments.
You can get a lifetime subscription to Proton Pass sometimes, and that's what I did. I suspect that may protect my account from deletion due to inactivity if I'm picked up by ICE or hit by a car and put in a coma (just examples, I'm not American). I'm not sure if it has that effect though.
6
pika @lemmy.today - 1mon
The paid version will delete your email address if you don't keep up with payments.
I emailed them a little over a year ago about this because the terms of service were unclear. I was told by support that my main address wouldn't be deleted, but I would be moved down to the free tier in every way -- so I would lose my extra addresses and aliases, as well as extra storage space. I was also told that there was a 30-day grace period in case my renewal payment didn't go through for some reason.
7
FoundFootFootage78 - 1mon
I've looked up so many email providers that I may have got the terms of services mixed up.
1
rammjet - 1mon
I can't attest to privacy, but I have used Zoho for years with my domains.
4
northernlights @lemmy.today - 1mon
i've been using purelymail.com since the google domains price hikes. They're cheap and I never had a problem.
2
confuser - 1mon
Nobody mentioning fastmail...sad times
2
StrawberryPigtails @lemmy.sdf.org - 1mon
I’ve been usingPrivate Email for the last few years. Run by NameCheap, I think. Got the account same time as my domain. No complaints so far. Haven’t heard anything troubling about them either.
It has a web ui if that’s your thing, but I’ve never used it.
Been using this for years. Best thing is to get your own domain, that way if you later switch providers, you keep your email.
2
beeb @lemmy.zip - 1mon
Been using my domain email more and more for that reason, and the setup with Proton was quite easy, integration is great too. I even set it up with Pass to generate privacy aliases on a subdomain of my domain.
2
Ardens - 1mon
Find a local mail-hotel, buy your own domain, and set it up...
-2
mistermodal - 1mon
Stop posting protonmail you bozos, what kind of person only needs a single email tied to a phone number? Preposterous. I won't even bother bringing up them putting some idiot climate activists in jail since I know "privacy" to redditors means posting about GDPR and turning your brain off
Tuta is allegedly okay (we're not international drug traffickers so we can pretend other (European) people's computers are trustworthy bc we don't need them to be usually) but it doesn't have imap, so you just use it as the recovery email and then use some other generic free disposable privacy email w imap
-5
FosterMolasses @leminal.space - 1mon
Stop posting protonmail you bozos, what kind of person only needs a single email tied to a phone number?
And this is before even getting into their recent scandal with their VPN service.
I won't touch that shit with a 39 ^1^/~2~ft poleeee~🎵
8
mistermodal - 1mon
Lol i didnt even hear abt it im running off old animosities 😌
1
icelimit - 1mon
But proton doesn't need a phone number? You can just do a captcha. I would never use an email that asks for a phone number. Or even a phone.
7
mistermodal - 1mon
They began demanding my phone number after I signed up without it. Not sure why. Was years ago tho
That's the same trick discord pulls btw it's shady
3
icelimit - 1mon
I wonder if it's by region. Are you outside EU?
1
matron1049 @lemmy.dbzer0.com - 1mon
They want your IP or your phone. Use a VPN IP or TOR and they'll require a phone number. That's been my experience at least. I don't trust them.
1
icelimit - 1mon
Hmm. That's not been my experience. I've been using proton with VPN with no issue. But yes, as you say, if that's your experience, it's shady. I would stay away from them were I in your shoes.
0
4am @lemmy.zip - 1mon
Don’t Proton just get caught revealing a French activist’s IP address to authorities? Might stay away from that one for now.
-6
ChaosSpectre @lemmy.zip - 1mon
This happened years ago afaik, but lemmy keeps sharing it around for some reason.
For context, proton encrypts the traffic, not the IP Address. While I dont remember how long IP Addresses stay in their logs, you can easily avoid exposing your true IP address by using a VPN, which is clearly not what that acitvist had done.
Proton is still compelled to follow government laws in order to operate, and will hand over what info they have when compelled to. If that info is something their service can encrypt, such as emails, cloud storage, passwords, and so on, then it will look like jumped data when handed over. You IP address can't reasonably be encrypted, and neither can your primary email that is associated with you proton account. If your primary email has revealing info, then thats on you for not obfuscating it more. If you arent using a VPN to access services, then your IP address will be indicative of where your traffic might be coming from. The end user does need to take extra steps to make sure their traffic is secure, and proton does talk about this in their documentation.
Proton is one of very few companies Ive seen pass third party security audits. They may not be perfect, but they are secure, and I've yet to see that truly disproven.
17
PiraHxCx - 1mon
Mullvad processes all its VPN data directly in RAM, so it’s constantly rewritten and no data is saved because there isn’t even a disk for it... I wonder if it would be possible for Proton (or any other privacy-focused service) to do the same with all its services. They already don’t keep logs, but in that case they were ordered to keep them because they had the means to do it. If they weren’t physically capable of doing it, what would happen? I don’t think a court could force them to rework their infrastructure just for that (considering how expensive it would be).
1
Doomsider @lemmy.world - 1mon
Proton claimed there was no way to appeal, but Swiss law is not bound by Interpol. I think what it really amounts to is they are not going to protect their users. This is why you don't pay for let alone use a corporation's services unless you willing to give up your privacy.
Proton is not your friend, they have and will continue to betray their users. Do not trust them or any corporation that is not willing to fight for their users.
-5
ChaosSpectre @lemmy.zip - 1mon
Operating in other countries means you do need to follow their laws in order to operate in them. Being a swiss company doesnt make them exempt from the laws of other countries, and not complying risks them losing business in other countries. Their products do work, but the user needs to use them correctly to not put themselves in a position where they can be traced. The activist clearly wasnt using a vpn when accessing their email.
I do agree, dont trust proton, never trust any corporation, but i also know enough about how their tech works and how to manage my own online privacy that I know they arent just blowing smoke. I would much rather have proton comply with the law and continue to be accessible for most of the world, than have them fight for a single user who could have done more to protect themselves and potentially lose the ability to run their services for other countries. Most people arent self hosting, so they cant run their own secure services. Proton is a much better option than the fascist bowing corpos who run most of the tech world. Until self hosting becomes accessible for regular people, I will continue to recommend proton as the easiest option to have secure services with.
4
Doomsider @lemmy.world - 1mon
Corporations can and do fight for their users. Proton is not one of these companies. I think that says all we need to know about their commitments to their users. You are welcome to continue leading people to a business that have shown that they are not willing to do what is right because profit is their primary motivation.
-1
superglue @lemmy.dbzer0.com - 1mon
Proton is not what you want to use if you are trying to hide from the government but if you are trying to starve google of your data its a solid option.
14
Zerush - 1mon
Any webservice, like mail, cloud services and social platform, as even eg, Lemmy and other online platform, is forced to reveal the user data they have, if there is an court order a cause of an criminal investigation. Proton can't in this case evade the info they have, it is the IP and the account data, content of the mail is encrypted, so they can give only encrypted data in this case.
This has nothing to do with privacy rights, this protect the privacy only from access of private data without an court order in the EU.
In the same case as with this activist, also Tuta, Murena and any other private mail service would have done exactly the same thing as Proton.
If you are searched by law, never is a good idea to create an account anywhere. Drug barons use pen and paper for communication because of this.
5
Matt - 1mon
Mind you that Switzerland is not in the EU.
3
Zerush - 1mon
Well, it's not in the Eurozone, but it's strict with the EU Privacy laws, in Europe it's only the Vatican out of the EU, only in the Eurozone for practical reasons.
1
Matt - 1mon
I know that they're in the EEA though.
1
Zerush - 1mon
The Vaticane don't fullfit the conditions to be an EU member, they have not signed the Declaration of Human Rights, nor have they officially condemned torture and the death penalty.
ArchmageAzor in privacy
Could somebody recommend me a reliable and safe email service to use instead of Google and Microsoft ones?
Have a look at Proton and Tuta (used to be Tutanova)
Used to be Tutanota*
Oops. Correct 👍
EMAIL PROVIDERS:
DEFINITELY FREE TIERS:
Been with Posteo for years now. They're very solid.
I've been with Mailbox for years now too. Also very solid.
I'm using runbox with custom domain. No issues.
Afaik, Proton and Tuta are the only free ones with zero-knowledge encryption
Proton allows only one free email address, which is what taught me to be wary of unexpected restrictions on services. I've got to say the only one I trust fully is my own, with complete certainty of security and features are all only limited by the hardware. Whenever someone talks about paying per month to get more addresses, aliases, calendar or storage - nah. Self-host. DuckDuckGo email is a good firewall layer as well - it forwards all mail to your chosen actual address after trying its best to strip the mail of trackers.
Login into Proton-Pass for 10 free aliases... but, it doesn't require your ID or anything to create an email, you can create how many you want :S
You can create as many free email accounts with ProtonMail as you like.
Proton now is a non-profit but their employees still need salary. Throw them a couple bucks if you like their service.
Do that with anyone whose services you enjoy. That's how you help them survive.
I am using mailbox.org for years now.
One thing to consider about mailbox.org is that if you don't use your own custom domain and keep an @mailbox.org address (which afaik is considered a best practice for privacy because it lets you "hide" in the crowd), if you decide to move on later they will make your old address available to others later.
Proton Mail, Tuta mail, runbox.com, to name three.
Proton mail.
www.Posteo.de
I considered them, but had a problem with two things about them: they both a) don't allow custom domains (which is fine for privacy) and b) recycle email addresses, meaning that if you move on later they will make your old email address available to others.
That's going to be very interesting with persistent spam senders.
The security risk is the problem, right? If you can get a a new password sent to an email address for the person who owned it before you, that's an interesting attack vector.
I use posteo and simplelogin together.
Posteo seems fine if you use a custom domain. If not, they have the same issue of recycling email addresses, like mailbox.
Tuta mail
I've been using fastmail.com for a long time and am satisfied, though it's on the expensive side and I haven't looked into every alternative.
If you want cheap email hosting for your own domain, mxroute.com has been around for a while and cranemail.com is new, but both are small companies run by people who know what they are doing (online acquaintances of mine if that matters).
For my own domains I'm using Migadu since they support unlimited domains per account. Quite happy with them..
Yes, I forgot Migadu. I played with it a little and it was nice, though I think it costs more now.
'Safe' is a bit too vague: what are you looking for?
Edit: moved mailbox out of the E2EE section.
Tuta is German no?
Yes
Thx (to both of you), edited my post to reflect that. I was convinced they were French.
No worries, I was fully ready to discover they were French
proton.me is not bad.
I've started using Disroot recently and I'm satisfied so far.
Define "safe"?
Like, preferably not spied on like with Gmail or whatever the MS one is.
Purelymail. Really good and cheap it all you need is email. No extra cost to bring your own domain.
Tuta
Murena Workspace
I'm far from a privacy expert, but here are some things that I have been considering while researching this for myself:
Linux ormobile, and last time I checked, Tuta doesn't have this on any platform. This means that your email can only be accessed from their client, and more importantly, if a bridge app is not available for your provider on your preferred platform, all your email will be stuck in your mailbox forever with no ability to archive locally.Proton bridge is available for Linux as well.
Thanks for the correction, I didn't see it mentioned on their page. I've edited my post.
I've been using Tuta for almost two years now and I can't recommend it enough. It's really good. Check out tutanota@lemmy.world or https://tuta.com/
It's hosted in Germany and is very privacy-focused
Were some people concerned with Germany hosting and the way the right leaning party (Germany for Germans?) was gaining popularity? And something about their data views. Although maybe I was wrong.
From whwat I see though mailbox and posteo are the same.
Not a recomendation... i just like to recall that it seems pointless to me to use a private/secure mail provider just to end up communicating with gmail users. There are other private/secure means of communication over the internet, just not so much through emails.
Proton Mail is good, just don't use the paid version of any Proton service. The paid version will delete your email address if you don't keep up with payments.
You can get a lifetime subscription to Proton Pass sometimes, and that's what I did. I suspect that may protect my account from deletion due to inactivity if I'm picked up by ICE or hit by a car and put in a coma (just examples, I'm not American). I'm not sure if it has that effect though.
I emailed them a little over a year ago about this because the terms of service were unclear. I was told by support that my main address wouldn't be deleted, but I would be moved down to the free tier in every way -- so I would lose my extra addresses and aliases, as well as extra storage space. I was also told that there was a 30-day grace period in case my renewal payment didn't go through for some reason.
I've looked up so many email providers that I may have got the terms of services mixed up.
I can't attest to privacy, but I have used Zoho for years with my domains.
i've been using purelymail.com since the google domains price hikes. They're cheap and I never had a problem.
Nobody mentioning fastmail...sad times
I’ve been usingPrivate Email for the last few years. Run by NameCheap, I think. Got the account same time as my domain. No complaints so far. Haven’t heard anything troubling about them either.
It has a web ui if that’s your thing, but I’ve never used it.
Soverin
using disroot for a few years now, they're very reliable.
I use Disroot. Idk if sign-ups are always open though.
https://thatoneprivacysite.xyz/
Late to the thread but I use startmail
Proton mail
Been using this for years. Best thing is to get your own domain, that way if you later switch providers, you keep your email.
Been using my domain email more and more for that reason, and the setup with Proton was quite easy, integration is great too. I even set it up with Pass to generate privacy aliases on a subdomain of my domain.
Find a local mail-hotel, buy your own domain, and set it up...
Stop posting protonmail you bozos, what kind of person only needs a single email tied to a phone number? Preposterous. I won't even bother bringing up them putting some idiot climate activists in jail since I know "privacy" to redditors means posting about GDPR and turning your brain off
Tuta is allegedly okay (we're not international drug traffickers so we can pretend other (European) people's computers are trustworthy bc we don't need them to be usually) but it doesn't have imap, so you just use it as the recovery email and then use some other generic free disposable privacy email w imap
And this is before even getting into their recent scandal with their VPN service.
I won't touch that shit with a 39 ^1^/~2~ft poleeee~🎵
Lol i didnt even hear abt it im running off old animosities 😌
But proton doesn't need a phone number? You can just do a captcha. I would never use an email that asks for a phone number. Or even a phone.
They began demanding my phone number after I signed up without it. Not sure why. Was years ago tho
That's the same trick discord pulls btw it's shady
I wonder if it's by region. Are you outside EU?
They want your IP or your phone. Use a VPN IP or TOR and they'll require a phone number. That's been my experience at least. I don't trust them.
Hmm. That's not been my experience. I've been using proton with VPN with no issue. But yes, as you say, if that's your experience, it's shady. I would stay away from them were I in your shoes.
Don’t Proton just get caught revealing a French activist’s IP address to authorities? Might stay away from that one for now.
This happened years ago afaik, but lemmy keeps sharing it around for some reason.
For context, proton encrypts the traffic, not the IP Address. While I dont remember how long IP Addresses stay in their logs, you can easily avoid exposing your true IP address by using a VPN, which is clearly not what that acitvist had done.
Proton is still compelled to follow government laws in order to operate, and will hand over what info they have when compelled to. If that info is something their service can encrypt, such as emails, cloud storage, passwords, and so on, then it will look like jumped data when handed over. You IP address can't reasonably be encrypted, and neither can your primary email that is associated with you proton account. If your primary email has revealing info, then thats on you for not obfuscating it more. If you arent using a VPN to access services, then your IP address will be indicative of where your traffic might be coming from. The end user does need to take extra steps to make sure their traffic is secure, and proton does talk about this in their documentation.
Proton is one of very few companies Ive seen pass third party security audits. They may not be perfect, but they are secure, and I've yet to see that truly disproven.
Mullvad processes all its VPN data directly in RAM, so it’s constantly rewritten and no data is saved because there isn’t even a disk for it... I wonder if it would be possible for Proton (or any other privacy-focused service) to do the same with all its services. They already don’t keep logs, but in that case they were ordered to keep them because they had the means to do it. If they weren’t physically capable of doing it, what would happen? I don’t think a court could force them to rework their infrastructure just for that (considering how expensive it would be).
Proton claimed there was no way to appeal, but Swiss law is not bound by Interpol. I think what it really amounts to is they are not going to protect their users. This is why you don't pay for let alone use a corporation's services unless you willing to give up your privacy.
Proton is not your friend, they have and will continue to betray their users. Do not trust them or any corporation that is not willing to fight for their users.
Operating in other countries means you do need to follow their laws in order to operate in them. Being a swiss company doesnt make them exempt from the laws of other countries, and not complying risks them losing business in other countries. Their products do work, but the user needs to use them correctly to not put themselves in a position where they can be traced. The activist clearly wasnt using a vpn when accessing their email.
I do agree, dont trust proton, never trust any corporation, but i also know enough about how their tech works and how to manage my own online privacy that I know they arent just blowing smoke. I would much rather have proton comply with the law and continue to be accessible for most of the world, than have them fight for a single user who could have done more to protect themselves and potentially lose the ability to run their services for other countries. Most people arent self hosting, so they cant run their own secure services. Proton is a much better option than the fascist bowing corpos who run most of the tech world. Until self hosting becomes accessible for regular people, I will continue to recommend proton as the easiest option to have secure services with.
Corporations can and do fight for their users. Proton is not one of these companies. I think that says all we need to know about their commitments to their users. You are welcome to continue leading people to a business that have shown that they are not willing to do what is right because profit is their primary motivation.
Proton is not what you want to use if you are trying to hide from the government but if you are trying to starve google of your data its a solid option.
Any webservice, like mail, cloud services and social platform, as even eg, Lemmy and other online platform, is forced to reveal the user data they have, if there is an court order a cause of an criminal investigation. Proton can't in this case evade the info they have, it is the IP and the account data, content of the mail is encrypted, so they can give only encrypted data in this case.
This has nothing to do with privacy rights, this protect the privacy only from access of private data without an court order in the EU. In the same case as with this activist, also Tuta, Murena and any other private mail service would have done exactly the same thing as Proton.
If you are searched by law, never is a good idea to create an account anywhere. Drug barons use pen and paper for communication because of this.
Mind you that Switzerland is not in the EU.
Well, it's not in the Eurozone, but it's strict with the EU Privacy laws, in Europe it's only the Vatican out of the EU, only in the Eurozone for practical reasons.
I know that they're in the EEA though.
The Vaticane don't fullfit the conditions to be an EU member, they have not signed the Declaration of Human Rights, nor have they officially condemned torture and the death penalty.