Pro/Con of “Private” Email
Protonmail
Pro: Allows Tor, Many use it so network effect of proton to proton encryption
Con: Huge increases in data handoffs to governments makes you question how much data they can get, some question if it’s a honeypot. Even if not, you’re potentially targeted for even being there, and they have a bad track record.
Tutanota
Pros: Better track record than Protonmail
Cons: Bans Tor and many VPNs. Severe Browser fingerprinting annoyance when signing up. They auto-delete your account if you don’t login for 6 months, but you can get around this by adding 2-factor authentication TOTP with KeePass XC
Skiff
Pro: Fast sign-ups, very easy to get a burner account
Con: They use Cloudflare. Cloudflare intercepts all traffic, so 0% private. This company is essentially propaganda.
Mail in a Box (software)
This is self-hosting using open source software on a VPS
Pro: More private than any provider. It does most of the setup work for you
Con: Requires $5 to 15 a month on a VPS (but can be split among friends). VPS provider can still access emails by snapshots of memory. Unless you put it in a docker container, you can’t do anything else on the VPS
Luke Smith Scripts (software)
Pro: Fast way to get an email VPS setup
Con: Requires it to be put directly on the server, which can mess up OTHER things you got going on there, like using aaPanel
aaPanel (software)
Pro: Easy to manage a lot of services going on, including WordPress or databases with your email
Con: Not worth setting up this whole thing up for JUST email.
Follow on Nostr for more!
Interested in learning what you recommend...
I personally recommend self hosting on a VPS you control, not in your home
Proton, bad track record because of the French activist incident?
https://proton.me/legal/transparency
https://proton.me/legal/privacy
I think for most use cases their security is pretty good. The transparency seems to show a fairly proportional increase in accommodation of requests as the user base has expanded. Almost anything is better than running unencrypted traffic through your ISP directly.
😃
Protonmail has your private keys😃
And...
Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, attachment name, message subject, and message sent and received times. We do NOT have access to encrypted message content, but unencrypted messages sent from external providers to your Account, or from Proton Mail to external unencrypted email services, are scanned for spam and viruses to pursue the legitimate interest of protecting the integrity of our Services and users. Such inbound messages are scanned for spam in memory, and then encrypted and written to disk.
Not perfect. In the case of the disclosure of information about the French activist, Proton stated that if he had used the Proton VPN in conjunction with the email service there would have been no viable information to disclose. Improper use of the technology isn’t the fault of the provider necessarily, but having the necessary technology to attain the privacy claims of the system integrated together would be a logical, but rarely utilized approach to product development.
Can you review #mailcow and #stalwartlabs mail server as well please? Also, #murena cloud's fork of nostr:npub1d68csfa6zedqy8snkapyavfgsfv07szsj304w5h3eerh7k3v7y6q36zk0pincludes a mail server...
Protonmail scans e-mails.
Evidence?
Account Activity: Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, attachment name, message subject, and message sent and received times. We do NOT have access to encrypted message content, but unencrypted messages sent from external providers to your Account, or from Proton Mail to external unencrypted email services, are scanned for spam and viruses to pursue the legitimate interest of protecting the integrity of our Services and users. Such inbound messages are scanned for spam in memory, and then encrypted and written to disk
Great point. I knew it came in unencrypted, didn't realize they scanned it. Great find
To be clear.
They scan both sent and received.
"from external providers to your Account, or from Proton Mail to external unencrypted email services"
Thats the way all emaill providers are doing. Nothing special here 😉
Yes, but many people assume that Protonmail is special.
This is mostly marketing gibberish.
Using GPG/PGP or DeltaChat with Gmail is more secure than using ProtonMail with external providers.
Don't use GMail JFC
I don't use it. I wrote that Gmail with Delta Chat or GPG was more secure that Protonmail or Tutanota.
GMail is a horror with privacy. Proton is much much better
Start using GPG or Delta Chat
I guess I'll chime in here too, because no one seems to have any technically correct info in this thread. The post is correct regarding SMTP. But not PGP encrypted emails.
PGP encrypted with private keys stored in ProtonMail?
This is another point not mentioned before.
External pgp is stronger than protons in house version via web browser
If it's gmail to protonmail, it comes in unencrypted then they encrypt it
the last 3 all share the con that comes with VPS, but you only list them for the first. can be mitigated by running on non-shared servers. even at home on a #raspberryPi if you feel like tackling the non-dialup-ip problem
Any of these are better than gmail. Using pidgins is probably more private than gmail.
Seriously, don't use gmail for your emails.
Using Gmail with GPG/PGP or with Delta.chat is more secure than using Protonmail or Tutanota.
Caprover is easier to set up, and works better than aaPanel, which is garbage software.
Self-custody your email!
https://hub.docker.com/r/mailserver/docker-mailserver#!
Its a bit of a nuisance setting it all up, and you need some kind of domain name.
But do it once and put a Tor hidden service in front of it for access and you've got your own Protonmail. TLS is enabled by default, too.
If you need to hide your IP, don't do this, you need a hosted service and your ability to protect the contents of your email against snooping is minimal then.
Any free options that allows separate clients like using smtp?
nostr:nevent1qqs9maky3nkn2yv7ysgxsrg7tacfw8lcvnx2edvpj675gsfj0wyhnuspz3mhxue69uhhyetvv9ujuerpd46hxtnfdupzptpldtlpwkflvxqs2y76exs7238g0wwwjxe86dac3mzclw4fq992qvzqqqqqqyty422y
Specific to skiff, Is the traffic that cloud flare intercepts encrypted though or are they seeing plain text?
Sorry - this is total BS. The poster doesn't know what they're talking about. Cloudflare is a CDN and doesn't see your traffic. It also never would see any plaintext data. Laughably ridiculous here.
pleased to meet you,
when apk ?
when Linux ?
when skiff on Nostr?
lot's of haters out there ? prove them wrong.
like your approach
Really looking forward to having Linux apps. One of the main problems with me transitioning fully to Skiff
Cloudflare has a domain point to their servers, then proxies it off the original. This is how the CDN works. Therefore it strips httpS encryption
Hey! I'm one of the founders of Skiff. Your post here is completely technically incorrect (total BS)
1. Cloudflare doesn't intercept traffic. They're a CDN, and ProtonMail has been considering using them as well (see reddit threads).
2. Google Tutanota in the news this week. Pretty big miss on this one.
3. Not sure what you mean by "better track record" too.
Anyway, please don't share advice unless you know what you're talking about.
Amazing write up. Do you see any issues regarding mailbox warmup with the VPS routes? I know for businesses it’s critical that they send tons of test emails to ensure they’re not marked as spam as well as setting up DKIM DMARC etc
I am a little confused by your question.
You have to setup dkim and dmarc and SPF records to avoid spam filters. Services like mail-tester.com can help you test it. Then send tests to proton or corrupt gmail, ect
I’m wondering if the warm up process is more challenging for a VPS since it would be a new mail services vs some of the other providers like Skiff and proton
Warm up process meaning how long it takes to turn on? You're running software on a vps that has setup time
Warming up meaning sending sufficient email traffic that is recognized as not spam by other service providers so that it can be used for any purpose including business.
It is very common for new domains to be marked as spam if they don’t do it properly