> Hacker news has a rule about not editorializing headlines, they have to be posted as they are on the linked site.
I added some small editorialising to a headline I posted a few hours ago, and it wasn't removed... But changed into different, and IMO worse, editorialising: https://news.ycombinator.com/item?id=29342306 went from "Is the new 16-inch MacBook Pro a pro-only machine? (+Video)", where the addition in parentheses was meant to indicate "Also includes video", to "Is the new 16-inch MacBook Pro a pro-only machine? [video]", which to me seems to imply it's only a video clip.
But Idunno, maybe the latter idiom is usually read in the sense I meant on here.
I want to like Tutanota but the UI is really bad. Basic things like search, threaded emails, resizing/changing the viewport are buggy or impossible and there’s no alternative desktop client. I don’t think it’s a realistic option for heavy email users at the moment.
It's the Berlin, or Hannover, probably, cynicism. If they can't have a good mileu, you can't have any good things, as a client or user. Berlin and Hannover are cynical people you know! < 3
I don't understand this thing about encrypting stored email if the other person receives it or saves a copy in the clear. Most of the time, the other person is on gmail, so there is a plaintext copy of your email on a google server, and everything that implies.
The two big hassles of self-hosting email are incoming spam on the receiving side, and deliverability issues on the sending due to very aggressive antispam measures at the big email providers. Hosted email services' product is basically continuous maintenance of spam filtering on the receiving side, and e.g. building IP reputation and retrying failed deliveries through a clean IP pool on the sending side. Merely running an IMAP or SMTP server without these efforts is comparatively easy.
So it seems to me sufficient to use a privacy-conscious hosted provider for filtering and SMTP but not for storage, and handle storage yourself. I'm currently not doing that due to laziness but it seems like a proper and feasible thing to do. There isn't much point going overboard when the traffic is general purpose email, where the weakest link will usually be at the other person's end (and out of your control) rather than at your end.
If you opt to send an encrypted message outside of Tutanota, first you set a password, then it sends a link to a special inbox where the user can use the password to log in and reply. The message's contents don't ever get sent in the clear, and only their encrypted contents get stored on Tutanota's servers.
That's not really email then (in the sense of interoperating with the email standards). It's more like a web based private message system with everything on one server. In that case though, why store anything on servers at all? Store everything on the clients instead. I believe there are some systems that do that.
It is more like that, but from the Tutanota user's standpoint, it acts like regular email and shows up in their inbox. It's all stored on their server so you can log in from any browser.
> the weakest link will usually be at the other person's end (and out of your control)
By that logic, no one should ever switch from an insecure service to a secure service. The advantage of being backwards compatible with email is that you don't lose anything by upgrading, and for some messages you do gain something. (You shouldn't change your behaviour based on a false sense of security, though).
Ideally, the person you are communicating with would use PGP, for example if their provider is ProtonMail, so you could have end-to-end encrypted communication without having to worry about keyservers or encryption settings. Unfortunately, however, Tutanota has chosen not to use PGP because of fears of "attacks from quantum computers"[0]. Of course, their own proprietary system is vulnerable to those attacks too, but that's a minor details, and you should ignore it...
When all of my email is accessible in one place, it is very easy to use that data to generate a model of my activity. Yes, the recipients of my email probably won't protect it well, but it's distributed across multiple providers.
I know that data will likely be mined from my email at one end or the other, but I might as well not serve it up on a silver platter.
> When all of my email is accessible in one place, it is very easy to use that data to generate a model of my activity. Yes, the recipients of my email probably won't protect it well, but it's distributed across multiple providers.
Chances are that most (> 50%) of it is on one provider (gmail), or maybe two or three providers. Getting those will make almost as good a profile of you as getting everything. And it's not just your email: it's also the stuff that you communicate in it, that can further spread among careless recipients, unless you live your life like a paranoid fugitive and silo all your information including (e.g.) from your family members. That, in turn, is completely neurosis inducing. It's a conundrum that I don't have an answer to, beyond "surveillance sucks".
Gmail is a small percentage of the mail in/out of my inbox, because those are mostly personal hand-written emails. There's probably a few businesses that Google Apps that I've communicated with, but there aren't many.
Most of the email exchanged with my account is with mass mailing platforms, of which there's more than a few. Business/marketing email hasn't consolidated as much as the consumer market has.
For incoming unencrypted email you can encrypt it to an OpenPGP identity for storage. Some providers offer this as an option. Anonaddy can do this as part of their forwarding service.
Storing email as ciphertext makes it awfully hard to search. You really want to store it as plaintext on a computer that you control. Historically that meant your client computer. Storing email on servers (even your own) seems like asking for trouble, though it can work if you control the server and are careful enough.
What made me end up choosing Tutanota over Protonmail was that the free tier gave 1GB of storage (compared to Protonmail's 500MB). I've been using it for my primary email for over a year now and haven't had any major issues with it. The desktop and mobile apps feel pretty solid to me though I'm not a particularly heavy email user.
The only email provider worth 2 shits is unironically cock.li. Tutanota is some wacky shit that deletes your email address after inactivity, asks you to pay to get it back, and doesn't support POP3/IMAP/SMTP. All in the name of the nonsense that is website based e2e crypto. This is how dead email is (dead as in insufferable, not unprofitable). And there is no alternative. This is how dead software is. Blame wh*tes. How many hapas have you seen setup such a cesspool of an industry in the field with the lowest capital requirements for innovation?
24 comments
[ 3.4 ms ] story [ 70.1 ms ] threadA lot of the users this affects are most likely also familiar with tutanota's services I'd guess.
I added some small editorialising to a headline I posted a few hours ago, and it wasn't removed... But changed into different, and IMO worse, editorialising: https://news.ycombinator.com/item?id=29342306 went from "Is the new 16-inch MacBook Pro a pro-only machine? (+Video)", where the addition in parentheses was meant to indicate "Also includes video", to "Is the new 16-inch MacBook Pro a pro-only machine? [video]", which to me seems to imply it's only a video clip.
But Idunno, maybe the latter idiom is usually read in the sense I meant on here.
The two big hassles of self-hosting email are incoming spam on the receiving side, and deliverability issues on the sending due to very aggressive antispam measures at the big email providers. Hosted email services' product is basically continuous maintenance of spam filtering on the receiving side, and e.g. building IP reputation and retrying failed deliveries through a clean IP pool on the sending side. Merely running an IMAP or SMTP server without these efforts is comparatively easy.
So it seems to me sufficient to use a privacy-conscious hosted provider for filtering and SMTP but not for storage, and handle storage yourself. I'm currently not doing that due to laziness but it seems like a proper and feasible thing to do. There isn't much point going overboard when the traffic is general purpose email, where the weakest link will usually be at the other person's end (and out of your control) rather than at your end.
By that logic, no one should ever switch from an insecure service to a secure service. The advantage of being backwards compatible with email is that you don't lose anything by upgrading, and for some messages you do gain something. (You shouldn't change your behaviour based on a false sense of security, though).
Ideally, the person you are communicating with would use PGP, for example if their provider is ProtonMail, so you could have end-to-end encrypted communication without having to worry about keyservers or encryption settings. Unfortunately, however, Tutanota has chosen not to use PGP because of fears of "attacks from quantum computers"[0]. Of course, their own proprietary system is vulnerable to those attacks too, but that's a minor details, and you should ignore it...
[0] https://tutanota.com/faq/#pgp
I know that data will likely be mined from my email at one end or the other, but I might as well not serve it up on a silver platter.
Chances are that most (> 50%) of it is on one provider (gmail), or maybe two or three providers. Getting those will make almost as good a profile of you as getting everything. And it's not just your email: it's also the stuff that you communicate in it, that can further spread among careless recipients, unless you live your life like a paranoid fugitive and silo all your information including (e.g.) from your family members. That, in turn, is completely neurosis inducing. It's a conundrum that I don't have an answer to, beyond "surveillance sucks".
Most of the email exchanged with my account is with mass mailing platforms, of which there's more than a few. Business/marketing email hasn't consolidated as much as the consumer market has.