Why should you have a self-hosted email?
Because without it, you don’t own anything.
Most websites force you to link an email, and the email can reset the password. And because email forces you to trust the provider, the provider really owns your accounts.
Don’t use Protonmail. The emails come in as plain text, and then they supposedly encrypt it. But this is a conflict of interest, as they are protecting you from themselves.
Instead, here at Simplified Privacy, each customer gets the login credentials and SSH keys to their own tiny cloud (VPS). So you fully control your own data, and lock us out. With Protonmail, you can’t verify their cloud. But with your own VPS, you are the cloud.
Our combo package is designed to keep your VPS lightweight and save you money, while being jammed packed with functionality!
We’ll setup 3 services, (using open source software, all on the same VPS):
1) Email
2) Chat (Your choice of XMPP or SimpleX)
3) Team cloud docs w/ CryptPad (like Google docs but encrypted)
4) With a full YEAR of tech support after.
5) Includes domain name registration AND the first month of VPS costs.
All for just a one-time $99 setup fee, and then after the first month you take over paying the VPS directly (like $8 a month).
See screenshots and learn more:
https://simplifiedprivacy.com/email-cloud-combo/
This isnt really good arguments.
You still can access the cloud, unless there is some tech that allows your users to lock you out.
I personally do believe that your solution might be better than proton mail.
But trying to get privacy on email is inherently hard, since the protocol is unencrypted and has holes for metadata (like mastodon).
I personally dont think being full paranoid is good, trusting nobody.
One should simply limit their use of email in general, and should try to control their data.
When you say emails allow you to reset your password, that you can say is a problem with the services.
Services like firefox account,telegram,signal have protection against password resetting (ok not quite sure about telegram).
I personally use gmail for services that I dont personally feel are private.
This is not only email, but also cryptpad cloud (replace google docs) and XMPP.
Self-hosting XMPP or SimpleX is far more private and secure than relying on a random third party server.
While I agree email isn't that private to begin with, this protects you against passive AI surveillance to a far greater degree. And email has a big risk of aggregating all information about you.
The real benefit of our product is getting all of these services on a single tiny VPS, so you get the most bang for your buck
Yeah I think it's a good idea. I absolutely hate setting up self hosted email, so if I needed to self host I'd definitely rather pay someone to set it all up for me. It's like the best of both worlds: you get the security of self hosted without the pain of having to do it. Bonus points, you get xmpp?
I personally dislike email, but the fact is you're stuck with it, and if you're all about your privacy and security, self hosting is the way to go.
I'd like to add that even though a self hosted email provides better privacy, not all service providers accept it.
Some of them require your sign-up email to be from a "known" email provider, and not your own.
It is outrageous but what can you do?
I've got to disagree. I will never (again) host my own email. It's my last line of communication. It doesn't need to rely on my maintenance, it just needs to be there. I'd rather pay for hosted email. I'm not maintaining a server and updating dependencies for a communication channel that I basically use for marketing spam and just in case I lose contact in other ways. I absolutely hate email, but I have it, same as a phone number. I honestly don't want either, so I'm going to put minimal effort into keeping them. With regard to email, the farthest I'll go is paying something monthly and not using the big two email services.
If you're someone seriously using email for secure communications all the time, yeah you should probably put the effort in and self host. But most people don't use it like that anymore. Most people use it to confirm sign ups for accounts they sign up for to order a single thing from a web shop. If you don't like your purchasing habits being snooped, avoiding google and Microsoft is about all you need to do. The only people I know that use email seriously are people contributing to FOSS projects with git the old school way, via mailing lists.
If you really want privacy in your communications, just use something that isn't email.
vps offer hardly any secrets from the provider. the ram is dumpable, the diskspace can be cloned on the press of a button, and network traffic is 100% visible (okay, tls here, but keys are known to hoster)
I'm all for self hosting, and a vps is a great start, but I can hardly imagine how you want to deliver on your promises. #opsec
First of all, we’re talking about a combination of email, XMPP, and Cryptpad docs. So the XMPP/SimpleX and Cryptpad are genuinely encrypted, and the email prevents against passive surveillance. You can not honestly tell me that trusting random strangers for XMPP chat is better than self-hosting. We deliver value by configuring all of these services to run a single 1 core VPS.
Your criticisms of ALL email are valid, but that doesn’t mean that controlling the software doesn’t offer stronger self-sovereignty and control over your communications, data, and accounts doesn’t have a leg up over just purely trusting proton. Proton is a bigger risk for passive surveillance with it all being scanned, while as a VPS they have to go out of their way for it.
some of the protocols don't require trusted servers, but the picture you paint as the user locking you out is simply not true. I believe you offer a good service, but if users choose you under the impression of having sole access to the server/ram/disk/... it's just wrong, and that's what you are saying.
I believe we have a miscommunication, that’s alright let me clarify.
Simplified Privacy is technical support. We don’t run the VPS.
We setup for you/customers services you like on a third party VPS that you pick, with your domain choice.
So we aren’t hosting the email, we’re providing the software and technical support.
The challenge is getting 3 services, with different web panels, to all work without issue.
So once we set it up, you lock US, meaning Simplified Privacy out.
admittedly I didn't know that, but it just changes the name of the entity that has full access to ones system. you should offer support to run this stack on a fully encrypted root server.
We do offer it on a root w/ encryption. But as you just said, they can still snapshot memory as ALL email has this issue.
But there is still privacy above what proton has, and you get other services such as XMPP and Cryptpad with it, so its good for small businesses that need email to function
I meant root server as in contrary to vps. of you have exclusive hardware, you have a shot at real privacy.
Oh. That'd be hella expensive for just email only. But if you have a bunch of other stuff running too, then yeah
Shame we don't actually own the domains either 😢
That’s true, this is why I am a huge fan of Session and Unstoppable domains. We have domains for sale on Session
NOTE: you can use both an ICANN domain and raw authenticated IPv6 with self-hosted email - going to the same mailboxes.
Also note that TLS is also a scam. Any CA listed by the shadowy TLS cabal can forge any domain for any browser using the default list of totally trusted for absolutely everything CAs provided by said cabal. Solution? Learn about PKCS#11 policies to NOT trust the cabal CAs for private TLDs (or any domain signed by private CAs). Trust private CAs only for associated TLDs or domains. (This is how it used to work before the cabal.)
Oddbean new post about login | logout