The mail service has to be affordable (around 10 euros per year). Tuta was an option but their plans are somewhat overpriced for me. Anyone using their (Tuta) free plan? How is it?

  • Saki
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    1 year ago

    Don’t worry about e2ee: Even if you get the most expensive plan from e.g. Proton, it’s not e2ee unless both parties use Proton. There is a free, “easy” way to realize true e2e: OpenPGP in Thunderbird (convenient), GnuPG (more secure), etc.

    As for mailbox.org: I used it before but it showed Google reCaptcha, which was an obvious red flag:
    cf. [Security and GDPR Issue] ProtonMail includes Google Recaptcha for Login, every single time. #242

    Also, technical score of mailbox.org has been relatively low, not improving: https://internet.nl/mail/mailbox.org/1080449/ (Don’t worry too much about this score, though. It’s only technical; human factors (philosophies, trust, etc.) are more important when it comes to privacy.) This is not a recommendation. DYOR; ultimately, believe your own intuition.

    • catacomb@beehaw.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I agree. I use Proton and I have exactly one service which supports GPG. It’s a cherry on top but it’s not all that useful.

      The big thing is to use a trustworthy service that you pay for. It’s not bulletproof but at least the incentive is there to keep your email private and away from advertisers.

      • Saki
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Actually, Proton + your local key = don’t work very good. Usually you’ll have to use a key pair generated by Proton—sharing your sec with the provider is not good.

        Nevertheless, Proton is 100 times better than Google to be sure. Those who are trying to ditch Google, Proton and Tuta are two good options to consider, also recommended by PrivacyGuides. For those who had ditched Big Tech and now starting to wonder if Proton is okay… that’s a bit tricky, still I say Proton is nod bad. I had recommended Proton to my friends until the French activist incident, followed by a few more bad incidents. Yet it’s understandable that Proton must obey it if they get a valid court order… If you’re a normal, daily user, Proton is good enough (if not the best), albeit a bit overpriced.

    • rush@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Note that Proton does support OpenPGP and maintains one of the largest OpenPGPY implementations

      • Saki
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        If you share (upload) your secret key, that is. A seasoned PGP users would never even imagine that.

        Another related problem is, Proton assumes that it’s supposed to automatically decode a PGP encrypted text by itself, and as such, if a classical PGP/GPG text (manually encoded/decoded offline) is received, it will show an error message saying basically they don’t have a key to decode it. This is annoying but harmless; you can still manually decode it offline.

        That being said, I’d highly recommend Proton and Tuta if anyone is still using Gmail. If you’re a classical PGP user, maybe Tuta is more convenient because it doesn’t try to decode anything by itself. If you’re not so privacy-aware, thinking that sharing your secret key with a third party is fine, then Proton is more convenient because it will automatically decode a PGP message you received, for you.