Hey all, I’ve been taking my digital privacy and security much more seriously this year, but the one thing I’ve been stuck on and feels overwhelming to me is email. So I wanted to know what do you guys use or what practices do you follow? Do you keep a separate email or alias for every single account, or just compartmentalize, like one email address for online shopping, one for business, one personal correspondence, and etc.
What services do you use? Right now I have a free Tutanota and ProtonMail account but haven’t decided which one to pay for, if either. ProtonMail makes me iffy with the amount of controversy and debate that has come out of them in recent years even though it comes with a lot of other nice stuff like cloud storage and a vpn. Tutanota I just dislike the fact I can’t add it to third party mail apps like Thunderbird, but this might not be a deal breaker. I know there are others, so what do you guys use? I don’t need something to protect my emails from the NSA or organizations like that but definitely something more private and secure than gmail. Thanks.
I have one generic company-sounding domain, and use catch-all email address for it, so I can set up randomized name.surename@<randomcorp>.com combinations for every service I need an account for. While it probably doesn’t even make a difference with all the advanced fingerprinting methods that are around nowadays, it feels a little bit smoother than generating a random obviously throwaway email address with some of the disposable email services that are around, and for a fraction of a cost.
Then I have my work emails and one official domain with my name that I use whenever is something important enough that I want to use my real info for. And I also have an email for cases where I need to say my email out loud, which is just spam@<myname>.email. Efficient, and people usually get it right at first try. (But I did encountered a few cases where .email was not a valid TLD, since the filter was set up based on character count -.-)
I’ve been using ProtonMail, and I’m pretty happy with them. I have not heard about the controversies up until now, but I think that it’s understandable that they have to comply with court orders, and unless I’m mistaken they can’t hand over your actual emails, since they are encrypted at rest by your password, right? Since I’m not really worried about having to do anything with police, it’s not a threat model I need to take in consideration. But thanks for the info, I’ll probably find a different provider if something happens with our local political situation. For now, what’s the most important for me is that my emails and data are not used to teach any kind of ML bullshit about how to manipulate or impersonate people, and I think that’s what the ProtonMail encryption provides sufficiently.
Cool, thank you. Yeah I need to buy a domain for email at some point
unless I’m mistaken they can’t hand over your actual emails, since they are encrypted at rest by your password, right?
That is true I believe, they can use the address to identify you but if the email content is encrypted they can’t get the contents. The subject line though is not encrypted.
Same though, I’m not necessarily trying to avoid the police or government but mainly advertising/AI bullshit/ less reliance on google. Do you use proton’s other services, like the cloud storage and VPN?
I have my own NAS where I store most of my files that’s open to internet through a geoblocked Cloudflare Tunnel, and if I need to share something I just use the Synology Drive. I tried setting up Nextcloud, but my NAS is too weak for it and didn’t support it by default, and manual instalation didn’t really work properly so I gave up.
VPN I’ve never found the need for. I was thinking about Mullvad Browser+VPN, since I really like the idea they are going for, but I was too lazy to setup yet another browser. I don’t know how verified Mullvad is, since I haven’t heard much people talking about it and only found it on the new version of privacytools.io - I think it was something like https://www.privacyguides.org/en/. I don’t really know what happened between them and privacytools, or which one is more trustworthy - especially since they have mostly different recommandations.
But the main idea of Mullvad is that it’s I think a fork of Tor Browser for internet, that’s set up to work without needing any extensions and has the same fingerprint for every user, which stays the same since you don’t need a stack of privacy extensions. And it works in tandem with Mullvad VPN, which means that it’s really hard to fingeprint you based on your browser+VPN provider combination, because while you may have be one of the few users of i.e. ProtonVPN that uses Firefox with uBlock, Decentralyes and CookieAutoDelete, so you can still be eventually identified, all the users of Mullvad use the same browser with same origin IP and same fingerprint. And that idea actually makes a lot of sense on paper.
I’m actually a current Mullvad VPN customer, I know of their browser but I haven’t tried it. They’re very privacy friendly, no email required for sign up, and you can even mail them cash to pay. While I like what stand for and think they’re awesome, recently they decided to stop offering port forwarding for their VPN, so I need to find an alternative. My main use case for VPNs is torrenting, so port forwarding helps with that a lot. Proton VPN offers port forwarding which was why I was considering just using them for both email and VPN.
Their browser sounds interesting though, from what I’ve heard it’s basically Tor browser but without the Tor network. The fingerprinting protection sounds awesome, I think one issue with my current browser setup is that I’m probably very unique and easy to fingerprint. So will look into that.
I’m not aware of the controversies regarding ProtonMail, yet they’re my main email provider. I have one main email for everything, and an alias for public-facing email. ProtonMail has a free service called SimpleLogin that allows you to create on-the-spot email for a specific service (even comes with a browser extension). I don’t have anything else regarding emails, those two services really cover all my bases.
I’d be interested to know which controversies you’re referring to though?
Probably referring to these reports:
I think OP is going to have a tough time finding an email provider which won’t comply with court orders
There is always the option of setting up your own e-mail server. Have been using “docker mail server” for testing purposes and it’s relatively easy to setup locally.
Haven’t deployed it to a server yet though.
Helm used to be one such service. They hosted the IP address and smtp gateway, but you hosted the actual email server. They had no data to hand over; it was in your home. Unfortunately, their service went offline last year.