Privacy

33499 readers

288 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

So Protonmail / ProtonVPN is not a good option? (lemmy.ml)

submitted 4 years ago* (last edited 2 years ago) by [email protected] to c/[email protected]

71 comments fedilink hide all child comments

I'm trying to get rid of my Google dependency and one of those steps was moving over to Protonmail. Now in the past few days i have been picking up signals that even Protonmail is not as clean as it might be.

Does this really impact the privacy of how i use email and so is moving to Protonmail a step forward from Google, or is Protonmail just as bad?

If so, what could be alternatives?

edit:

Some of the alternatives being mentioned in the comments are:

Email:

VPN:

edit 2 (2023):

There seems to be some new activity around this post. At the time of writing the post (2 years ago) there were some stories going as user @UnfortunateShort described in their comment. This made me question the best options available at that moment. Currently i am still a Proton user, using their Mail and Calendar service, and Mullvad for VPN.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 5 points 4 years ago (2 children)

For email I suggest getting your own domain name. That way you can easily change provider without having to tell all of your contacts to use a new email. I don't know about all domain providers, but some provide email addresses for free with all the domains that you bought from them. It's a really good and way to have an interesting email address, and not be dependant on any tech giant.

I personally gave up on the idea that my email will ever be secure, so I just try to use a provider that seems trustworthy, and avoid using it for anything critical. The email providers that tell you they encrypt your emails don't really improve anything in terms of security, given that they have access to the clear text email before they encrypt it. It's even worse if they offer a web client, they could steal your keys anytime.

There are solutions (PGP), but they are really niche and don't provide some critical security aspects like Forward Secrecy. If you want your communications to be truly secure, use a system that was built for that (Signal, Matrix, etc.. all provide pretty decent security way ahead of whatever you'll get with email).

[–] [email protected] 3 points 4 years ago (1 children)

I like the idea of using a custom domain and changing providers if needed. Going to take that into consideration.

[–] [email protected] 2 points 4 years ago

It's not actually that expensive, most domains can be bought for less than 20€/year. If the registrar provides free email with it, it's often cheaper than using a paying email service.

[–] [email protected] 1 points 4 years ago (1 children)

Or they could try to support this draft of PFS for OpenPGP.

[–] [email protected] 2 points 4 years ago* (last edited 4 years ago) (1 children)

I don't really understand how that does anything to actually add Forward Secrecy. If someone captures all the (encrypted) emails, and then has access to the private key of the receiver, they can decypher the one time key and then decypher the message.

I looked for that before posting the first comment, and found this draft and a few discussion it. But I didn't mention it because it's just a draft, and because of what I said above.

Edit: I noticed it's actually a draft from 2001

[–] [email protected] 2 points 4 years ago

Yes, first versions are from 2001 and last from 2002. Old as you see.