The mail service has to be affordable (around 10 euros per year). Tuta was an option but their plans are somewhat overpriced for me. Anyone using their (Tuta) free plan? How is it?
I have two (paid) Mailbox.org accounts running for the last several years. No problem at all and they include several features that I use on a regular basis like email aliases (not just a + email, but unique emails), disposable email, contacts and calendar that I can easily sync to my phone, etc.
One uses a custom domain name and the other is just a mailbox.org address.
I prefer tuta over proton, but both are good
I’ve not used Tuta but currently use Proton. What do you prefer from Tuta over Proton? Genuinely curious.
Tuta has a linux desktop app, and their android app is on fdroid and doesn’t depend on google play services. Plus they use green energy for their servers
I was tired of proton because their linux vpn app is pretty awful, especially if you use iwd instead of networkmanager like me. Plus they don’t even support ipv6. So I was switching to mullvad vpn (which has great linux support and ipv6), and then for the price of just email tuta was cheaper and better on all the things I mentioned without any downsides (to me), so I switched.
It’s sad to me that the answer can’t be “the one you run yourself.”
There’s theoretically no reason why everyone couldn’t run their own mail service who had a domain name. But with spam practices being what they are, self-hosted mail will get binned in most places.
Highly recommend protonmail which also has a free tier.
- Tuta (free): you can send only like 6 email per day. Otherwise, Tor-friendly. No onion. Support forum on Reddit 😞 Germany.
- Posteo.de: 1 €/mo affordable. Nothing fancy. Support via PGP like that’s common sense. Germany. Non-crypto anonymous payments w/ various options (e.g. a prepaid CC): they don’t even ask your name (much less address, cell phone number).
- Disroot.org: Free, pop/smtp, community-based, trusted even by the Tails team. w/ onion. Netherlands.
- Cock.li: Free, pop/smtp etc. Very Tor-friendly w/ fast onion. It’s good if you think it like disposal. Irresponsible in a way (aka Freedom), but actually 10-year-old & stable. Romania.
- Proton (free): bloated, very mixed opinions, yet better than Google. w/ onion (slow). Switzerland. A simple feature like Plain Text view is missing (HTML by default: not serious about privacy).
Don’t worry about e2ee: Even if you get the most expensive plan from e.g. Proton, it’s not e2ee unless both parties use Proton. There is a free, “easy” way to realize true e2e: OpenPGP in Thunderbird (convenient), GnuPG (more secure), etc.
As for mailbox.org: I used it before but it showed Google reCaptcha, which was an obvious red flag:
cf. [Security and GDPR Issue] ProtonMail includes Google Recaptcha for Login, every single time. #242
Also, technical score of mailbox.org has been relatively low, not improving: https://internet.nl/mail/mailbox.org/1080449/ (Don’t worry too much about this score, though. It’s only technical; human factors (philosophies, trust, etc.) are more important when it comes to privacy.) This is not a recommendation. DYOR; ultimately, believe your own intuition.
I agree. I use Proton and I have exactly one service which supports GPG. It’s a cherry on top but it’s not all that useful.
The big thing is to use a trustworthy service that you pay for. It’s not bulletproof but at least the incentive is there to keep your email private and away from advertisers.
Actually, Proton + your local key = don’t work very good. Usually you’ll have to use a key pair generated by Proton—sharing your sec with the provider is not good.
Nevertheless, Proton is 100 times better than Google to be sure. Those who are trying to ditch Google, Proton and Tuta are two good options to consider, also recommended by PrivacyGuides. For those who had ditched Big Tech and now starting to wonder if Proton is okay… that’s a bit tricky, still I say Proton is nod bad. I had recommended Proton to my friends until the French activist incident, followed by a few more bad incidents. Yet it’s understandable that Proton must obey it if they get a valid court order… If you’re a normal, daily user, Proton is good enough (if not the best), albeit a bit overpriced.
Note that Proton does support OpenPGP and maintains one of the largest OpenPGPY implementations
If you share (upload) your secret key, that is. A seasoned PGP users would never even imagine that.
Another related problem is, Proton assumes that it’s supposed to automatically decode a PGP encrypted text by itself, and as such, if a classical PGP/GPG text (manually encoded/decoded offline) is received, it will show an error message saying basically they don’t have a key to decode it. This is annoying but harmless; you can still manually decode it offline.
That being said, I’d highly recommend Proton and Tuta if anyone is still using Gmail. If you’re a classical PGP user, maybe Tuta is more convenient because it doesn’t try to decode anything by itself. If you’re not so privacy-aware, thinking that sharing your secret key with a third party is fine, then Proton is more convenient because it will automatically decode a PGP message you received, for you.
Not a recommendation but I too trust Disroot pretty much. You can get a custom domain there without “buying a paid plan” once you make a donation. Would that be an option for you?
Using multiple providers (having multiple accounts) is a good idea, though. Don’t put all the eggs in one basket. I’ve never heard the two providers you mentioned, so I can’t tell. If you can sign up anonymously via Tor, if they’re Google-free + not behind CF, and (most importantly) if you feel them “good” (subjective but gut feeling…), I think they’re usable.
If their support use PGP, that’s a good sign too. (Proton even doesn’t share its pub key iirc.) If they also accept the privacy coin like Disroot and Tuta do, that’s nice too. Ultimately, though, believe your gut feeling, because everyone has different priorities, different threat models, etc.
