Thread: Tutanota a ripoff!
View Single Post
Old 2 Jun 2022, 01:54 AM   #29
ioneja
Cornerstone of the Community
 
Join Date: Jul 2011
Posts: 713
Quote:
Originally Posted by truemagic View Post
Hi, appreciate your reply, I have to agree with you that even 10 digits password should be hard to hack (within 30 sec), just not a normal thing and it's the first time I see this. It might be a dated implementation back then, who knows
I don't know if it's dated or not, but it is also the first time I saw that approach. It is odd, but once I rationally thought through it, I was okay with it. Yubikey is the way to go though, but I don't recall what version of Yubikey it supports. There are several generations as you know, as well as versions with FIDO2, which I believe mailbox.org does NOT support.

Quote:
Originally Posted by truemagic View Post
Also did you enable mailbox Guard for your emails, use PGP or without encryption at all? Just curious.
I have tested mailbox.org with encryption and interoperability with some other email services, and I found it worked fine. There were a few hoops I had to jump through, though, and it wasn't as seamless as, say, Proton. I can't remember if I have enabled ALL the mailbox guard options though. There are several settings. It's very flexible, you can take it at your own pace, and TBH I've been a little loose with it. It depends on who I'm emailing.

Additionally, for the highest level of privacy for email (which is a different discussion about the degrees of privacy one can *realistically* achieve with email), you should definitely look at the threat model, business model, payment methods, logging policies, open source vs closed source, and design of the encryption to see if it suits your requirements, not to mention the level of understanding of your email recipients! For me, mailbox.org meets the minimum requirements for good privacy, but some other services are open source and have a more robust design if you want a little more privacy. In the end though, you still have to decide if you want to "trust" your email provider, and for me, mailbox.org has earned my basic trust. I also like their privacy activism approach (see their blog for their comments about legislation, etc.) So I am a fan in general. But if I wanted to tighten up a little bit more on privacy, I'd use Tutanota via a VPN, etc.... hope that makes sense.
ioneja is offline   Reply With Quote