this post was submitted on 27 Nov 2023
540 points (88.7% liked)
DeGoogle Yourself
7743 readers
8 users here now
A community for those that would like to get away from Google.
Here you may post anything related to DeGoogling, why we should do it or good software alternatives!
Rules
-
Be respectful even in disagreement
-
No advertising unless it is very relevent and justified. Do not do this excessively.
-
No low value posts / memes. We or you need to learn, or discuss something.
Related communities
!privacyguides@lemmy.one !privacy@lemmy.ml !privatelife@lemmy.ml !linuxphones@lemmy.ml !fossdroid@social.fossware.space !fdroid@lemmy.ml
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I suggest Tutanota or Protonmail.
A email provider shouldn’t require a closed, premium-only, lock-in-required sidecar program just to use IMAP/SMTP. I don’t think the release these bridge apps on BSDs or smaller OSs & you’re forced to use their apps on Android & iOS (no support for KaiOS or other smaller mobile OSs). This should be a giant red flag—kinda like waiving around a Swiss flag as more secure when they will sell you out just as fast as others.
These free-tier-loss-leading strategies are expensive too. If you bump up to premium it’s like $5/mo, but less marketing-heavy options where everyone pays get you all the features–like what I’m using @ 1€/mo.
https://github.com/ProtonMail/proton-bridge
As long as your weird OS is supported by Go, you should be able to build and use it.
I don't see them not releasing binary builds for such niche platforms as a strong argument.
I see nothing preventing the use of an alternative client.
Besides, both clients are FOSS:
https://github.com/ProtonMail/proton-mail-android
https://github.com/ProtonMail/ios-mail
As a paying PM user, I think it's fine. I can afford to pay ~$50/year for something as basic as e-mail. Not everyone is as privileged as me though and it's great that they can have a slightly less featureful version for free.
Privacy in the most basic element of modern communication shouldn't be reserved for the privileged.
Could you point me to the "heavy" advertising? I've yet to see any.
I didn’t do more due dilligence than looking at the ProtonMail downloads page + system requirements page—neither of which mentioned source which would instill better trust. So you’ve got me there, but really dumb there isn’t a link.
Open source or not, you still have to use their clients on mobile OSs even if you prefer running a client like K-9 & can’t run on a low-spec OS KaiOS (I suspect the site wouldn’t scale down to this either), etc. Mail protocols are old & should be able to run on a potato without many hoops.
Where I definitely don’t agree tho is the free-tier thing. Having access to the bridge cut off as well as not {Cal,Card}DAV is a real pain that forces the premium subscription, switching providers, or using something like Google for calender/contact defeating much of the purpose. If there was no free tier to subsidize everyone could pay a lot less & get “premium” features others deem as essential. $50 annually is a lot—$12, not so much.
If you made K-9 speak their protocol, I'm sure that would work. Additionally, there's also nothing preventing you from running the bridge on your Android (or whatever) device; it's a statically linked Go binary.
What your point boils down to is basically that they don't use or support IMAP. In order for IMAP to work however, the mail server must have access to all of your emails in plain text.
Do you see how that's an issue when your service is intended to provide privacy to the user? The fact that PM cannot read your emails at rest (even if they wanted to) is one of PM's explicit selling points. See https://proton.me/blog/zero-access-encryption
This is the primary reason why PM (and Tutanota for that matter) don't support IMAP. As a software engineer, I can also imagine they wouldn't want to base their entire operations around such an old and crufty protocol though.
That's fine. I can see both sides. Though, as stated, I'm clearly in the "socialistic" "pay more to support less affluent people" approach to commercial services product camp.
For us power users who need that, yes, that's the point. We should pay.
For your average Joe, they get a fancy web UI calendar and calendar app for free; just like they do with Google but private. I personally find that quite amazing.
[citation needed]
It’s also not altruistic to pay more for to subsidize in the manner you are alluding too since it misses the larger picture of how these wide free tiers have allowed contemporary services to gobble up users to impress investors with growth despite loss-leading products (in code forges look at the publicly-traded GitLab free model vs. SourceHut where everyone pays a small amount to keep servers running (post-beta plan)).
My affordable provider encrypts their servers & the account storage just fine without needing to reinvent the old, tested protocol (might just be a ZFS pool encryption passphrase). But it isn’t security/privacy that’s in question but the accessibility of this standardized protocols with years of tooling built around it & a business model that I don’t think is sustainable.
Whether something is altruistic or not is more of a philosophical debate.
Fact of the matter remains that unprivileged people using PM for free is only possible because us paying users pay at least slightly more. I don't care whether that's altruistic or not.
That's nice but that's just simple disk encryption at rest. That's not at all comparable to zero-access encryption. Please read the Link in my last reply.