A lot of people who are moving away from Proton due to the recent controversy are switching to Tuta
this post was submitted on 31 Jan 2025
71 points (94.9% liked)
Ask Lemmy
27901 readers
752 users here now
A Fediverse community for open-ended, thought provoking questions
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com.
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.
6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
founded 2 years ago
MODERATORS
This is the way
Email, as a suite of protocols, was designed long before we thought deeply about encryption. In 2025, you can count on email encryption in transit and encryption at rest from providers, although try to verify it. E2EE like Proton and Tuta offer is severely limited. I was recently looking up if Proton and Tuta were even compatible with each other in terms of PGP encryption. I could find no confirmation that they are.
If you use Proton and you email another Proton user it’ll be encrypted with PGP. Otherwise your email is sent unencrypted, and email you receive is unencrypted, then Proton stores it on their server encrypted. All of this paragraph applies to Tuta as well.
You can get most of the same benefits from other providers by downloading your email locally and deleting off the mail servers. The benefit of regular email servers is open standards and compatibility with your preferred mail and calendar applications.
I use Fastmail and love it. I know many people mention using burner addressed with a custom domain, but I prefer generating a burner email with a FastMail domain for signing up to websites. Using my own domain would make it easier to identify me.
I'll vouch for Proton. The recent controversy wasn't great but it's also a single negative incident for a company that has otherwise had a pretty stellar track record. I recommend reading his responses in the reddit AMA he did after the incident. I still think he's a fool, but I don't think he's fascist or that there's any reason at all to doubt the privacy, security, or direction of the company, which is both partly open source and regularly audited.
I've been using ProtonMail for probably around 7 years now and it's been great.
Lots of Lemmy is reactionary. I mean, they're on lemmy, so they're generally going to be the quickest to jump ship on anything. I don't think his takes are bad either tbh - They've still proven themselves to be quite reliable.
His takes aren‘t bad either? Don‘t be silly
I still thinks his takes were bad and tone-deaf. I get that he liked a certain appointee Trump made that's relevant to his industry. And, knowing nothing at all about the appointee myself, they may in actuality be a good pick. But he went well beyond praising the appointee, to praising Trump and Republicans in general - albeit for the specific narrow topic of "reigning in big tech".
While his takes were arguably valid given recent history (I'd still say not), it was completely tone deaf to the reality of what the present-day Republican party and Trump mean for America, and especially ignorant of the obvious buddying-up big tech has done with Trump in the past few months.
I think if he narrowly aimed his praise at the appointee herself, without then making sweeping generalities about Republicans vs. Democrats, that nobody here would even be aware of who he is, let alone what he said.
I do think the internet in general tends to be very reactionary - I don't think Lemmy is any more reactionary than, say, reddit, but both are very reactionary. Anyone who jumps ship over this guy's comment will just end up jumping ship again from whatever their new ship is, after that company makes some move they see as imperfect in a few months or years. No company is perfect. Proton is at least great.
I think you're using the word reactionary there to mean something that it doesn't normally mean:
You're right, based on those definitions the word doesn't mean what I intended. I don't know what the right word would be. I used it to mean one who overreacts to relatively minor or inconsequential transgressions, taking drastic, often out-of-proportion or only tangentially relevant actions to rectify perceived harms.
One example would include people ditching the entire company Proton, an entity with a stellar track record of improving the state of privacy on the internet, after a single member of their board made some dipshit comments. Another example might include the general reaction a few months ago when that misleading story about Mozilla and ad tracking was making the rounds. Other more extreme examples would be the passing of the Patriot Act and invasion of Iraq and Afghanistan following 9/11, or the Israeli response to 2023's attack on them.
either you try staying ahead or be blindsided when shit hits the fan. Sometimes its nothing but at least you are better prepared if you were right.
Pick a provider which lets you bring your own domain and you’ll never need to change address again if you move providers.
Plus you can give out really stupid email addresses that work
Rather make the domain odd.
Whats odd about that domain, much better then weird shit like apple.com
I would say Tuta or Runbox or Posteo, but the truth is that any paid account that is not Google or Microsoft is way better than anything so as not to be profiled too much with their trackers and privacy-invasive practices.
On the technical side, no email is ever safe from being read either by the sending server or the receiving one. Email hasn't changed for the past 50 years.
no email is ever safe from being read either by the sending server or the receiving one
Which is why you should learn to set up PGP
Which is why ~~you~~ you and your recipient (which makes it a lot more difficult) should learn to set up PGP
So it sounds like, we need a push for someone to set up a system that makes that easier to do; like Let's Encrypt! did for SSL certs.
Indeed. That's kind of what Tuta, Proton and others are trying to do alas without worrying much about being compatible with one another.
The contents can be read, sure, but unless ChatGPT is doing a lot of hallucinating at least a few providers support e2e encryption and don't manage the private keys.
Edit: To avoid reading the whole thread, providers may support E2EE but can't guarantee it in all cases. A guarantee requires the clients on each end to manage the encryption and decryption so no plaintext enters the network.
a few providers support e2e encryption
There is no such thing with the email protocol, and most providers don't have that kind of hack.
To be clear, this page is a lie? https://proton.me/security/end-to-end-encryption
So even if I have the recipients public key the message actually goes to Proton servers in plaintext before it is encrypted?
Messages you send to other Proton Mail accounts
That's a small but important detail. If you have public keys from people at other providers, AND you trust their security (JS thing I guess), then fine. But 99.99% of the world do not have that and don't know what it means.
If you want full trust, use Thunderbird and GnuPG. Proton is a nice package but you don't control it, so no trust IMHO.
mailbox.org
any service that let you use your own domain (custom domain email) + imap/pop3
Protonmail
Just make sure you buy a domain and use that as your mail MX. So when you eventually have to switch again, it's easy
Posteo and Tuta are pretty decent!
Not sure if relevant to OP but in my case, I needed a way to route multiple emails (Gmail and own domain) to a catch all account. Found ForwardEmail service and after a very easy setup, it works fantastic. They even have SMTP.
For client, I use Thunderbird and Vivaldi's own email features.