Privacy

33192 readers

244 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

So Protonmail / ProtonVPN is not a good option? (lemmy.ml)

submitted 4 years ago* (last edited 2 years ago) by [email protected] to c/[email protected]

71 comments fedilink hide all child comments

I'm trying to get rid of my Google dependency and one of those steps was moving over to Protonmail. Now in the past few days i have been picking up signals that even Protonmail is not as clean as it might be.

Does this really impact the privacy of how i use email and so is moving to Protonmail a step forward from Google, or is Protonmail just as bad?

If so, what could be alternatives?

edit:

Some of the alternatives being mentioned in the comments are:

Email:

VPN:

edit 2 (2023):

There seems to be some new activity around this post. At the time of writing the post (2 years ago) there were some stories going as user @UnfortunateShort described in their comment. This made me question the best options available at that moment. Currently i am still a Proton user, using their Mail and Calendar service, and Mullvad for VPN.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 4 years ago (1 children)

No, the Tutanota court order said that they had to comply with the law if information is needed for a specific use, and they can only give what they have, meaning that if you communicate with other e-mail providers such as Protonmail (who encrypt e-mails by default) they can only give the court encrypt data, which is not so useful, but for example if you get an e-mail from Gmail then they can give them that information since it's unencrypted.

[–] [email protected] 3 points 4 years ago (2 children)

i was referring to the recent order (late last year) from a german court ruling tutanota had to "spy" on one user. tutanota cannot access the emails in that user's mailbox because they are already encrypted but they had to comply with the court order so their solution was to write a function that prevents that specific user's new emails from being encrypted.

[–] [email protected] 2 points 4 years ago (1 children)

Yes, I know you were referring to that case.

This is from the exact article in German you cited at the end:

[Update, Nov. 30, 12 p.m.] As Tutanota emphasized, the monitoring measure only affects newly incoming unencrypted emails. The company cannot decrypt data that is already encrypted, as well as end-to-end encrypted emails in Tutanota. [Update.]

Besides Tutanota, some other providers also store all incoming mail in encrypted form. At Protonmail it is also standard, Posteo and Mailbox.org offer encryption as an option. Tutanota provides an overview of the number of requests from authorities in its transparency report.

[–] [email protected] 1 points 4 years ago (1 children)

you write as if you're correcting me (first comment began with "no", second citing what i already stated) but i said nothing in contradiction - already encrypted emails won't be unencrypted. i did not state otherwise.

[–] [email protected] 1 points 4 years ago (1 children)

It doesn't say that, it says:

As Tutanota emphasized, the monitoring measure only affects newly incoming unencrypted emails.

This means only e-mails received after the the monitoring declared by the court was approved which are not encrypted will be sent to them. This is reinforced by the following sentence:

The company cannot decrypt data that is already encrypted,

Meaning they can't do anything with old, encrypted e-mails.

as well as **end-to-end encrypted emails ** in Tutanota.

Meaning new encrypted e-mails.

[–] [email protected] 1 points 4 years ago* (last edited 4 years ago) (1 children)

i understood but i now see i wasn't clear enough in my original comment. sometimes i omit things for sake of clarity but it seems i omitted too much in this case. it was not my intention to imply that all incoming emails, regardless of encryption status, would be unencrypted.

[–] [email protected] 2 points 4 years ago

No problem, it's just I had this exact same discussion in a Privacy Tools issue and I was sure I knew what I was talking about, also I don't to say X service has been compromised.