26 comments

[ 3.2 ms ] story [ 61.2 ms ] thread
I recently moved to ProtonMail and I am very happy about it.
Protonmail seems fine, but their prices are way too high. Comparable service charge a tenth of what they ask.
Also they don't support open protocols, last I checked -- specifically POP3, imap, and SMTP. I still use Protonmail, but it's a consideration to factor in.
We do support IMAP/SMTP via the ProtonMail Bridge.
It's a proprietary binary, and I need to email you for the Linux version (although I'm sure the latter will change once it's more stable).

My understanding is also that it's not intended to be exposed on the internet, which leaves my Blackberry a bit out of luck.

Not to diminish your work, but the ProtonMail Bridge solution doesn't really meet my needs in the same way native POP3 support would.

Does it matter if your email is encrypted at rest when every recipient you email will store it unencrypted and it is unencrypted in transit?
The first step of getting a critical mass on the other side of the encryption line is a slow stream of people migrating and seeing no immediate benefit.

This defeatist attitude is something the surveillance companies have taught you to have. Stemming the tide is possible.

In the case of email, the only way I can see a critical mass being reached is if both Google and Microsoft start encrypting. Does anyone else even compare to them in terms of volume of email accounts? I just find it very difficult to imagine the general public making this happen. I think it must come from the top down as most people don't understand or don't care.

For SSL to hit critical mass, it took the major browsers to start flagging pages as insecure coupled with the proliferation of let's encrypt. All the personal web pages in the world switching to SSL would not have forced the major players in the same way.

Encryption is done at the client level, not the account level. Yes, a large majority of Google and MS users probably use the web uis of the service itself, or Google/ms clients, but the point is that switching client doesn't mandate switching provider. You can even manage your Google account via a 3rd-party web ui.
Mail is very often encrypted in transit. There is a lack of authentication, so a man-in-middle attack is often possible. But passively listening doesn't work.

It is not clear how mail should be stored at rest. A mail server at your own home is one solution. Encrypting all mail with pgp another.

Neither solution is likely to scale in the coming years.

Maybe it is better to say truely private things only over encrypted chat at the moment.

No, but it's not your email provider's job to police your associates' use of data you share with them. Don't give information to people you don't trust.
I was considering the cheapest plan on Fastmail even though it's more than double the cost of Posteo, mainly because of the number of aliases Fastmail provides. But this recent development and my discomfort with what's been happening in the U.S. (Fastmail's servers are in the U.S.) have made it easier to look beyond Fastmail.

It looks like governments in democratic countries around the world have decided that they must deny privacy (despite the Universal Declaration of Human Rights having an article on privacy [1]) and have control over who's talking to who, when, where, how (what apps/platforms they use), how often, and about what. All these laws and lawless surveillance is very disturbing. Except for some courts of law (and in certain cases the whims of the judges), the public at large is at a big risk, both by being kept ignorant and by activists being silenced.

On email, if custom domain support is not a must, I would recommend Posteo.de. For custom domains, providers like mailbox.org, mailfence and runbox might work. I wouldn't recommend ProtonMail or Tutanota because they make porting email data to another provider cumbersome and impossible, respectively (IMAP support in ProtonMail is through a bridge application, while there is no IMAP support in Tutanota).

[1]: https://en.wikipedia.org/wiki/Right_to_privacy#Universal_Dec...

If this shows anything then it’s that a custom domain is a must. Moving email provider without a custom domain is much harder as you’ll need to update your registration in a bagazillion places. With a custom domain you can just say “goodbye”, cancel, and move change your DNS to point to a new email provider.
I’ve moved to Mailbox.org. It’s not perfect, but they have a ton of unique privacy features like encrypting all incoming emails with PGP (at-rest-encryption).

They just introduced a new web interface and it’s quite buggy. However, it’s just 12€/yr for 5 GB storage and up to three aliases (where an alias could be a catch-all custom domain, so an unlimited number of addresses on a custom domain).

I've been using Migadu for a while and I'm extremely happy with it. Might be something to consider.
What does the recent Australian legislation change?

If the mail wasn’t encrypted, FastMail already had the duty to provide the Australian government with whatever asked (through NSL equivalents)

And if you pgp encrypt before sending, they can’t read the content even if they really want to.

Recent legislation in Australia is horrible, and affects a lot of things but somehow Email service doesn’t seem to be one of them. (Don’t let an Australian mail app do the encryption for you, though; those should be considered compromised)

Companies have to build tools that grants any law enforcement agency access to whatever data they want on whomever they want. For an email provider, these tools could include a search function that lets them look through every email on the platform. Or they could just ask them to mail them a daily dump of all new messages on a floppy disk. The point being, FastMail can’t tell the world what assistance and access their granting the government and there is no oversight or even transparency that could spark public debates on what is reasonable and what isn’t.

This satirical video is a good introduction to the changes: https://www.youtube.com/watch?v=eW-OMR-iWOE

So I already have a protonmail account for more sensitive emails, but I would like a cheaper "primary" email account.

Mailbox.org and tutanoa seems to be the current leaders after fastmail?

Your government is overstepping? Revolt! Oh wait, you didn't fight back when they confiscated your firearms. Never mind.
Assuming you're a US citizen, do you not think your government has overstepped already?

Also, I would be really interested to know what effect you think your firearm would have on the US military, assuming your government becomes hostile.

Be real. Nobody would be shooting guns over this in any developed nation.

Like assuming I had a gun what would it help? Should I shoot an Member of Parliment and then if I'm lucky only go to jail for a really long time and not get shot to death by the police?

That's worked so well for the US, beacon of democracy and individual liberties.
exactly! son of a gun

I just signed in, I was so happy, just till 1hr ago when my collegue reminded me of this Australian issue: now I see this post.

great would be if they move some server in EU

As an Australian, it makes me happy to see people documenting their disdain for these insane new laws, which are a massive risk to security for everyone, and of course privacy for anyone within five eyes, not only Australians.

99.7% of the submissions in the consultation period were against these laws. This was not the will of the Australian people and is the result of an increasingly desperate outgoing government.

Please complain loudly and often, and take your business elsewhere. Honestly, the whole technology world should just boycott us.

Australia is clearly now a malicious actor in the worldwide tech community, and deserves to be shunned.

IMO that's the only possible chance we have for the average joe to realise how bad these laws are, and for common sense to eventually prevail.

I find this AA bill very concerning. I have been of Fastmail for over 5 years, love the aliases features but gosh, I didn't realise how bad this encryption backdoor bill is. It's like being on gmail. I found another provider that is in Canada and allows unlimited aliases for a better price that Fastmail.

https://www.thexyz.com