this post was submitted on 29 Jul 2023
87 points (97.8% liked)

DeGoogle Yourself

8799 readers
1 users here now

A community for those that would like to get away from Google.

Here you may post anything related to DeGoogling, why we should do it or good software alternatives!

Rules

  1. Be respectful even in disagreement

  2. No advertising unless it is very relevent and justified. Do not do this excessively.

  3. No low value posts / memes. We or you need to learn, or discuss something.

Related communities

[email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

founded 4 years ago
MODERATORS
 

This guy can be pretty harsh at times, but he's clearly very knowledgeable..

However, not all providers have a recent review, and his priorities are skewed heavily to the "paranoid" side of the tech world. For example, he considers being able to mail cash to a provider a significant pro. The overwhelming majority of users aren't mailing cash to pay for their email.

Overall, it's good info that's worth sharing.

top 31 comments
sorted by: hot top controversial new old
[–] [email protected] 15 points 1 year ago

Hmm, looks like proton isn't too bad. Unless you are living in a cave using tor and bots you are tracked.

[–] [email protected] 12 points 1 year ago (2 children)

I enjoyed the read. I'm a fastmail user and I didn't pick it for real privacy but because it's not Google. It's better than Gmail, more features, looks better, faster etc.

I don't know how any email provider can provide real privacy since they have to scan for spam, malware, and so on.

Fastmail is part of the 5 eyes surveillance network as well: https://en.m.wikipedia.org/wiki/Five_Eyes

[–] [email protected] 5 points 1 year ago (2 children)

Yeah, his requirements for an email provider are well above what most people need.

Email is not a secure means of communication in most cases. If the recipient isn't encrypting, then your communications to them are vulnerable anyway. And in the vast majority of cases, they probably aren't.

Really, the best thing about getting a more privacy conscious provider is not giving all your data over to Google.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

Yeah and getting away from Google is worth so much actually. People don't seem to realize how important it is to simply not use Google and block their tracking scripts (on the web), and don't use their free email service, naturally.

[–] [email protected] 3 points 1 year ago

Yeah, I switched to Posteo mainly so all of my emails aren't scanned by an advertising company.

The main thing I dislike about the encrypted email providers is that I can't use my own client, I'm stuck with whatever features they want to give me.

[–] [email protected] 2 points 1 year ago

Exactly my reasoning. Get away from Google and advertising (though they said they are not using Gmail for that), get a better interface, masked emails. Fastmail is great.

[–] [email protected] 9 points 1 year ago (2 children)

Seems a bit nearsighted to accuse every service of malice and then completely ignore that tutanota fixes lackluster pgp encryption by also encrypting the subject line.

This works virtually identically between both providers, except that Tutanota encrypts both the message body and subject line, whereas ProtonMail only encrypts the message body. This doesn't pose a huge risk if you use the former service. Just make sure that your subject lines don't contain any sensitive information. source

[–] [email protected] 4 points 1 year ago (1 children)
[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

Not sure if this is entirely true, it is possible Proton mail is encrypting everything at rest (with the users public key) and only following PGP mail limitations during transit.

Like for example plaintext emails are encrypted at rest on Proton mail, what isn't ideally (compared to e2ee) but still minimizes the attack surface.

Actually for reference this is exactly the case

Message storage All messages in your Proton Mail mailbox are stored with zero-access encryption. This means we cannot read any of your messages or hand them over to third parties. This includes messages sent to you by non-Proton Mail users, although keep in mind if an email is sent to you from Gmail, Gmail likely retains a copy of that message as well. Password-protected Emails are also stored end-to-end encrypted. Subject lines and recipient/sender email addresses are encrypted but not end-to-end encrypted.

https://proton.me/support/proton-mail-encryption-explained

[–] [email protected] 2 points 1 year ago

Cool, thank you for clearing that up!

[–] [email protected] 2 points 1 year ago

I do like Tutanota's approach to encryption, but communication outside of other Tutanota addresses is less secure than PGP. It's just a symmetric, password-based scheme.

Since you will probably deal with a lot of non-tuta email providers, it's a hard sell for me. In network, though, it's good.

Second issue I had with it was the email client. I like my third party client and it's built into my workflow. Tuta doesn't support third party clients because they consider the storage of emails on your local drive a security risk. (That's only true if your hard drive isn't encrypted, and setting up encryption isn't all that hard to do)

[–] [email protected] 9 points 1 year ago* (last edited 1 year ago)

Thought this comment he made was odd about Proton mail.

The site is filled by beautiful black screen without JavaScript enabled.

Like yes, its a bit difficult implementing local encryption or decryption without js enabled.

Has some good messaging, I'd say most of his comments are pretty widely known concerns or limitations.

Like obviously web apps still rely on trust from the host, but it minimizes the attack surface massively.

[–] [email protected] 4 points 1 year ago

Interesting read. Makes me reconsider my choice of Proton ha ha

[–] [email protected] 4 points 1 year ago (1 children)

Laugh all you like, I've had the same AOL email address since 1997 and haven't had problems with leaked information or spam. It doesn't cost me anything, so I'm just going to carry on using it.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (1 children)

I'm glad you like it, but I'm just going to point out that Yahoo, which the AOL privacy policy page refers to, has probably the single most invasive email policy of any major provider.

Yahoo analyzes and stores all communications content, including email content from incoming and outgoing mail. This allows us to deliver, personalize and develop relevant features, content, advertising and Services.

They allude to telemetry, and use additional tracking even when not signed in. I hate saying this, but even Google has a better privacy policy.

That's kind of the point for a lot of us who opt to pay for an email. When email is free, it's because your data is the product.

[–] [email protected] 3 points 1 year ago

That's a shame, though being in the EU I wonder how much they're legally allowed to keep.

I guess I should make better use of my Proton mail account

[–] [email protected] 3 points 1 year ago

I wish alternative services like Proton weren't so expensive for their family plans.

[–] [email protected] 3 points 1 year ago (1 children)

Any idea how old that article is? Couldn't find a date but the mention of Windows 7 tells me it's not recent.

I still have my netscape.net address (AOL) and all the others (Yahoo, MS Live, Outlook). Also a second GMail address that was created/converted when TheBat service shutdown.

I use Thexyz and Purely Mail for normal use though.

[–] [email protected] 2 points 1 year ago

It's got updates from earlier this year. It appears to be updated periodically since it was first written. Some sections are old, while others are fairly new.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

Great article. I was looking for a way to start degoogling myself. It seems Disroot and Riseup are their favoured services and Riseup requires an invite.

Any recommendations for mail apps (on android) to use with disroot?

[–] [email protected] 3 points 1 year ago (2 children)
[–] [email protected] 3 points 1 year ago (2 children)

Ah, didn't see that page, thanks! I will give both their recommendations a try (K9 and Fair).

[–] [email protected] 2 points 1 year ago
[–] [email protected] 2 points 1 year ago

I use K9. It went through a rough patch a few years ago with the UI, but it's much better now. Mozilla is involved and K9 is in the process of becoming the Thunderbird app.

[–] [email protected] 1 points 1 year ago

That dog looks like Loukanikos, the beloved riot dog from Greece.

[–] [email protected] 2 points 1 year ago

Proton has been completely reworked recently and it’s now a quite good looking app/website.

[–] [email protected] 1 points 1 year ago

can use any email provider other than G, just make sure you isolate email. For example, use personal stuff for mail 1, use work related to mail 2 and anything else to mail 3 or so.

load more comments
view more: next ›