this post was submitted on 29 Jul 2023
87 points (97.8% liked)
DeGoogle Yourself
8799 readers
2 users here now
A community for those that would like to get away from Google.
Here you may post anything related to DeGoogling, why we should do it or good software alternatives!
Rules
-
Be respectful even in disagreement
-
No advertising unless it is very relevent and justified. Do not do this excessively.
-
No low value posts / memes. We or you need to learn, or discuss something.
Related communities
[email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Seems a bit nearsighted to accuse every service of malice and then completely ignore that tutanota fixes lackluster pgp encryption by also encrypting the subject line.
further read
Not sure if this is entirely true, it is possible Proton mail is encrypting everything at rest (with the users public key) and only following PGP mail limitations during transit.
Like for example plaintext emails are encrypted at rest on Proton mail, what isn't ideally (compared to e2ee) but still minimizes the attack surface.
Actually for reference this is exactly the case
https://proton.me/support/proton-mail-encryption-explained
Cool, thank you for clearing that up!
I do like Tutanota's approach to encryption, but communication outside of other Tutanota addresses is less secure than PGP. It's just a symmetric, password-based scheme.
Since you will probably deal with a lot of non-tuta email providers, it's a hard sell for me. In network, though, it's good.
Second issue I had with it was the email client. I like my third party client and it's built into my workflow. Tuta doesn't support third party clients because they consider the storage of emails on your local drive a security risk. (That's only true if your hard drive isn't encrypted, and setting up encryption isn't all that hard to do)