Secure and Private Email Services

A couple of our members were discussing privacy issues on a different thread, and they brought up some of the issues connected with BIG TECH data collection & email intrusion. This got me thinking about how secure is our electronic communications & who has access to it.
We discussed alternatives to Google/Gmail on a different thread as well. However, all this got me thinking:
Do you ever think about where your email service is located and how this may affect your data and privacy?
Some jurisdictions have laws to protect data privacy, while others don’t really pay attention to it that much.
What are your favorite alternatives to BIG TECH email servers?
What do you like about them? What could they do better?
I recently discovered Tutanota, a private and secure email service out of Germany. It’s really cool, but there are issues with downtime.

7 Likes

There are some great services out there for people with concerns over security and privacy.

For Emails Protonmail https://protonmail.com has is a reliable and excellent service based in Switzerland. I find it excellent with a wonderful app.

For Cloud storage pCloud https://www.pcloud.com/ is my favourite cloud service. Also an encrypted cloud storage solution like google drive, or dropbox, but based in Switzerland, it has amazing lifetime plans too so you dont need to worry about subscriptions.

Operating system wise, Linux operating systems are more flexible, fun and easy to use use days. I use a combo of:
PopOS https://pop.system76.com/
Deepin https://www.deepin.org/en/download/
Ubuntu https://ubuntu.com/
KDE Neon https://neon.kde.org/

Search Engine wise I use DuckDuckGo https://duckduckgo.com/ which doesn’t track users but offers excellent search results really, what I found most frustrating was how little faith I placed in it, google has spent billions making it so that you only trust its services and designing its pages to get you hooked, but in ‘blind tests’ DDG performs very well for most users. Qwant https://www.qwant.com/ is also located in France and I know some people swear by it, and there is ecosia https://www.ecosia.org/ from Germany I believe.

Laptops and Computers wise, I use Starlabs https://starlabs.systems/ but there are also some fantastic European companies like Slimbook https://slimbook.es/en/store

Finally Web Browsers, Instead of Google Chrome, Brave or Firefox both have better privacy, and faster speeds. https://www.mozilla.org/en-GB/firefox/new/ and https://brave.com/.

Regarding Jurisdictions if you absolutely care about states not acquiring data, the EU and Five Eyes (UK mainland, Australia, USA, Canada, and New Zealand) are suspect, Switzerland or offshore UK jurisdictions are typically the best I believe. However, I care far less about state actors and more about corporate actors when it comes to data collection.

6 Likes

In France, i use a private cloud and a email service : la mère zaclys. Serveurs are in France. It’s an association. I Can also Sync contacts and agendas easily.

3 Likes

I’m not up to date with current technology regarding how secure and encrypted email services works in detail. But to me it seems that if cloud services are the pinnacle of secure storage, then there would be no breached firewalls and leaked databases containing passwords and credit card information.
Back in the day when we used POP3 , the mail was downloaded locally to your computer and deleted from the server. A bit like how regular mail works, it’s either in transit, at the post office, in the mailmans bag or delivered to your mailbox. The idea is simple and easy to understand. You needed to make your own backups though.
I still like the idea, but for the masses convenience always wins.
Personally I use Protonmail, swiss laws on personal integrity are pretty solid due to the financial sector and not being a EU member.

2 Likes

For lots of info on email and other services, check out some of the info on these lists:

And, for the tinfoil hats among us, you can look at this summary of email providers:

3 Likes

@Bobby_Hiltz Thanks for these suggestions.
This made me giggle :slight_smile:

1 Like

Thank you, very useful information! …also time to switch from Protonmail… :joy:

Edit: Has anyone watched https://www.thesocialdilemma.com/ ?

3 Likes

When you switch to a more private email service, how do you transition from gmail to let’s say Protonmail? Do you just forward your emails? I’m wanting to see how people do it. I’ve had my email for over 20 years. Is it hard to make the switch?

1 Like
  1. Login with your gmail account in a desktop mail application.
  2. Download all email
  3. Login with your new email account in a desktop mail application.
  4. Move all the downloaded emails from your gmail account to your new email account.

Most desktop mail applications can also export .mbox archives of all your emails. Some email providers can import those archive files.

For ProtonMail you need the ProtonMail Bridge app to use your ProtonMail account with a desktop mail application.

I used ProtonMail for 2 years. But eventually switched to Fastmail. (if you want 10% off the first year use this link) It is a paid service… so you pay with money and not with your data. They use all the latest security and privacy mechanisms. Fastmail integrates with almost every device. I am really happy with them, cannot recommend it enough.

With ProtonMail you are stuck with their apps. Also 99% of the people/companies don’t use email encryption. For the few GPG die hards I encrypt the emails local… no need for a special provider.

5 Likes

I just came across this article: Court rules encrypted email provider Tutanota must monitor messages in blackmail case
I remember @pablojimpas suggested this email provider as a good privacy alternative to google. What do you guys think about banning encryption as a reason for “national security” or for any legal reasons for that matter.

4 Likes

This is not good news. Governments or any law enforcement hiding behind laws to surveil its citizens is appalling. It’s such a cop-out imho…That is all.

5 Likes

Definitely bad news. I use ProtonMail but trust(ed) Tutanota… still trust the company but no longer their services until we see how this and related cases play out (cases using this as precedent or appeals of this case).

This ruling may set a precedent for weakening other services’ offerings such as ProtonMail (which I still recommend overall). Though the ruling affects only unencrypted messages through Tutanota, that constitutes the majority of messages any individual receives at this point.

Banning encryption is never a good idea. Simply because I and others have nothing to hide does not mean that we have to show everything to everyone and anyone. Finally, I say that the average individual does have a lot of things to hide, just that they don’t acknowledge it. If they hide it from their friends and family, who they trust the most, why should they not hide it from random strangers, some of who will use it for bad deeds?

2 Likes

Sad news, end to end encryption might not be enough if it is provided by a third party actor like Tutanota in this case and they are ruled by a court to ban their technology for some some users.

Setting up a mail server and managing your own PGP keys is something not just anyone can do. We have to use, build and support technologies that are uncensurable by design and people first, see https://small-tech.org principles for more info.

4 Likes

I would be happy with encrypted txt messaging instead. :grinning:

3 Likes

@rsthree Have your heard of encrochat? https://encro.co.uk/

2 Likes

As in, encrypted SMS?

The SMS protocol doesn’t support encryption. 2 people could use an external application to encrypt plaintext message contents and send those contents to one another and reverse the process to decrypt it but that’s quite a hassle.

That whole process could be automated, but building out that automation to make it generalizable would basically be recreating the wheel of Signal, Element, etc.

Ergo, the easiest solution is to just incorporate one of those solutions natively. I am especially fond of both Signal (widely used and easy to use) and Element (decentralized communications, becoming easier to use by the quarter).

2 Likes

EncroChat seems sus: they’re not open source and provide only sparse and vague info on website, leaving no way to verify any of these tall claims.

My take: they offer somewhat-hardened devices that reduce the attack vectors by removing components, have their business logistics set up to where they blind themselves to which customer receives what phone and SIM number, and have some proprietary messaging application that allows for features such as destructible messages.

So… they just offer a “hardened” hardware/software solution with a proprietary alternative to Signal mixed with the logistics of Purism’s Librem AweSIM solution. That’s a whole lot of compromises for not a lot of return… and that sticker price is pretty high for such a neutered product and service!

2 Likes

Encrochat is highly suspect! It has a reputation for being used by criminals and investigation bodies from the UK and France have experienced many issues with it. https://nationalcrimeagency.gov.uk/news/operation-venetic

I think there is a key difference between being mindful of privacy and security vs going to such extremes with it as to make you look suspect yourself which is where Encrochat I think comes in over something like Signal

The wiki page for encrochat is actually pretty fun to read. https://en.wikipedia.org/wiki/EncroChat

3 Likes

@rhysjones I’ll check it out. Thanks. Encrochat came on my radar after I came across this article: https://www.computerweekly.com/news/252499373/UK-accused-of-damaging-confidence-by-disclosing-EncroChat-collaboration

3 Likes

Ah yes! I saw this too! The whole encrochat operation was really interesting for a number of reasons. Has the making of a tv special, a bit of foreign relations, crime, special police operations. Reminds me a little bit of the Mechanism (Brazillian TV drama on Netflix).

3 Likes