The mail service has to be affordable (around 10 euros per year). Tuta was an option but their plans are somewhat overpriced for me. Anyone using their (Tuta) free plan? How is it?

You are viewing a single thread.
View all comments
8 points
  • Tuta (free): you can send only like 6 email per day. Otherwise, Tor-friendly. No onion. Support forum on Reddit 😞 Germany.
  • Posteo.de: 1 €/mo affordable. Nothing fancy. Support via PGP like that’s common sense. Germany. Non-crypto anonymous payments w/ various options (e.g. a prepaid CC): they don’t even ask your name (much less address, cell phone number).
  • Disroot.org: Free, pop/smtp, community-based, trusted even by the Tails team. w/ onion. Netherlands.
  • Cock.li: Free, pop/smtp etc. Very Tor-friendly w/ fast onion. It’s good if you think it like disposal. Irresponsible in a way (aka Freedom), but actually 10-year-old & stable. Romania.
  • Proton (free): bloated, very mixed opinions, yet better than Google. w/ onion (slow). Switzerland. A simple feature like Plain Text view is missing (HTML by default: not serious about privacy).
permalink
report
reply
3 points
*

Don’t worry about e2ee: Even if you get the most expensive plan from e.g. Proton, it’s not e2ee unless both parties use Proton. There is a free, “easy” way to realize true e2e: OpenPGP in Thunderbird (convenient), GnuPG (more secure), etc.

As for mailbox.org: I used it before but it showed Google reCaptcha, which was an obvious red flag:
cf. [Security and GDPR Issue] ProtonMail includes Google Recaptcha for Login, every single time. #242

Also, technical score of mailbox.org has been relatively low, not improving: https://internet.nl/mail/mailbox.org/1080449/ (Don’t worry too much about this score, though. It’s only technical; human factors (philosophies, trust, etc.) are more important when it comes to privacy.) This is not a recommendation. DYOR; ultimately, believe your own intuition.

permalink
report
parent
reply
1 point

proton has their own in-house captcha system now :)

permalink
report
parent
reply
2 points

I agree. I use Proton and I have exactly one service which supports GPG. It’s a cherry on top but it’s not all that useful.

The big thing is to use a trustworthy service that you pay for. It’s not bulletproof but at least the incentive is there to keep your email private and away from advertisers.

permalink
report
parent
reply
2 points

Actually, Proton + your local key = don’t work very good. Usually you’ll have to use a key pair generated by Proton—sharing your sec with the provider is not good.

Nevertheless, Proton is 100 times better than Google to be sure. Those who are trying to ditch Google, Proton and Tuta are two good options to consider, also recommended by PrivacyGuides. For those who had ditched Big Tech and now starting to wonder if Proton is okay… that’s a bit tricky, still I say Proton is nod bad. I had recommended Proton to my friends until the French activist incident, followed by a few more bad incidents. Yet it’s understandable that Proton must obey it if they get a valid court order… If you’re a normal, daily user, Proton is good enough (if not the best), albeit a bit overpriced.

permalink
report
parent
reply
1 point

Note that Proton does support OpenPGP and maintains one of the largest OpenPGPY implementations

permalink
report
parent
reply
1 point

If you share (upload) your secret key, that is. A seasoned PGP users would never even imagine that.

Another related problem is, Proton assumes that it’s supposed to automatically decode a PGP encrypted text by itself, and as such, if a classical PGP/GPG text (manually encoded/decoded offline) is received, it will show an error message saying basically they don’t have a key to decode it. This is annoying but harmless; you can still manually decode it offline.

That being said, I’d highly recommend Proton and Tuta if anyone is still using Gmail. If you’re a classical PGP user, maybe Tuta is more convenient because it doesn’t try to decode anything by itself. If you’re not so privacy-aware, thinking that sharing your secret key with a third party is fine, then Proton is more convenient because it will automatically decode a PGP message you received, for you.

permalink
report
parent
reply
1 point
Deleted by creator
permalink
report
parent
reply
2 points
*

Not a recommendation but I too trust Disroot pretty much. You can get a custom domain there without “buying a paid plan” once you make a donation. Would that be an option for you?

Using multiple providers (having multiple accounts) is a good idea, though. Don’t put all the eggs in one basket. I’ve never heard the two providers you mentioned, so I can’t tell. If you can sign up anonymously via Tor, if they’re Google-free + not behind CF, and (most importantly) if you feel them “good” (subjective but gut feeling…), I think they’re usable.

If their support use PGP, that’s a good sign too. (Proton even doesn’t share its pub key iirc.) If they also accept the privacy coin like Disroot and Tuta do, that’s nice too. Ultimately, though, believe your gut feeling, because everyone has different priorities, different threat models, etc.

permalink
report
parent
reply

Privacy Guides

!privacyguides@lemmy.one

Create post

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more…


Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don’t ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don’t repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

Community stats

  • 613

    Monthly active users

  • 632

    Posts

  • 12K

    Comments