EmailDiscussions.com  

Go Back   EmailDiscussions.com > Discussions about Email Services > Email Comments, Questions and Miscellaneous
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

Email Comments, Questions and Miscellaneous Share your opinion of the email service you're using. Post general email questions and discussions that don't fit elsewhere.

Reply
 
Thread Tools
Old 24 Jun 2022, 01:47 PM   #1
truemagic
Member
 
Join Date: Dec 2013
Posts: 33
Question: will you move to a privacy email following the uptrend?

Just curious to see what your opinion is on this.

Seeing the recent uptrend of pursuing "secured and private" email service (at least that's how I read it from various sources), and they say every major big players including Gmail too will jump on the bandwagon with "email encryption" thingy, we shall also see a shift in focus when new players in email world to offer the "basics" such as E2E encryption, starting from this year (2022) onwards.

If you're still using a non E2E capable email service, do you see yourself looking for a replacement this year or soon?

There are already a handy of such email services available including the recently rebranded ProtonMail, along with other good ones such as Tutanota, Mailfence, StartMail, CounterMail, HushMail, and not forgetting my personal favourite mailbox.org.

Optional youtube video (not my opinion of course): https://www.youtube.com/watch?v=XNIU1vqdVIE
truemagic is offline   Reply With Quote

Old 24 Jun 2022, 02:08 PM   #2
somdcomputerguy
Cornerstone of the Community
 
Join Date: Jun 2004
Location: Rupert, WV
Posts: 802
I guess that depends on one's definition of a "secured and private" service, email or other. I use a couple of the free plans of the services you mentioned, and I also pay for the service that Fastmail offers. As far as security and privacy, IMO anyway, I am familiar with various 'crypto tools', but I am familiar with phone calls and talking quietly as well..

- bruce
somdcomputerguy is offline   Reply With Quote
Old 25 Jun 2022, 08:42 AM   #3
TenFour
Master of the @
 
Join Date: Feb 2017
Posts: 1,367
No. Doesn't gain the average person any real privacy or security. Does lighten wallets though.
TenFour is offline   Reply With Quote
Old 25 Jun 2022, 01:30 PM   #4
jarland
Essential Contributor
 
Join Date: Apr 2014
Posts: 358

Representative of:
MXRoute.com
It's an interesting topic. I've always been of the opinion that it should be handled client side by things like this: https://mailvelope.com (or less simplistic email client features). The main reason being that I don't trust anyone who claims to handle it all for you on the server side, as a service. Years of emails and then "oops, by the way we gave the key to the police." You don't know what they do really, and even if you do then you don't know what the person who acquires their company does later. The only person you can truly trust with your privacy is you.
jarland is offline   Reply With Quote
Old 28 Jun 2022, 05:26 AM   #5
Csin
Senior Member
 
Join Date: Oct 2007
Posts: 184
Quote:
Originally Posted by truemagic View Post
Just curious to see what your opinion is on this.

Seeing the recent uptrend of pursuing "secured and private" email service (at least that's how I read it from various sources), and they say every major big players including Gmail too will jump on the bandwagon with "email encryption" thingy, we shall also see a shift in focus when new players in email world to offer the "basics" such as E2E encryption, starting from this year (2022) onwards.

If you're still using a non E2E capable email service, do you see yourself looking for a replacement this year or soon?

There are already a handy of such email services available including the recently rebranded ProtonMail, along with other good ones such as Tutanota, Mailfence, StartMail, CounterMail, HushMail, and not forgetting my personal favourite mailbox.org.

Optional youtube video (not my opinion of course): https://www.youtube.com/watch?v=XNIU1vqdVIE
Gmail, Ymail, or Live.com offering secure email is like the fox offering to provide security checks for the chicken coop! I still have Protonmail. With the recent debacle of Tutanota, I probably should replace it with Lavabit, but I rarely used tutanota, so its a low priority.
Csin is offline   Reply With Quote
Old 28 Jun 2022, 05:32 AM   #6
TenFour
Master of the @
 
Join Date: Feb 2017
Posts: 1,367
I have to point out the obvious, but security and privacy are not the same things and just because a service advertises itself as providing one or the other doesn't mean it really makes a difference. Just for example, if you use an encrypted email provider it makes little difference if the people you are communicating with aren't also using encryption. Myself, I found that exactly 0 of the people I regularly communicate with have either the skill or the desire to use anything other than regular email channels.
TenFour is offline   Reply With Quote
Old 2 Jul 2022, 07:11 PM   #7
Dutchie007
Essential Contributor
 
Join Date: Jun 2010
Location: The Netherlands
Posts: 384
To answer the OP question....NO!

Its an illusion that people think they could get 100% privecy with ANY email provider.

I am very satisfied with the services i use for me as a person which are Yandex,Mail.ru and Gmail. They are all very good technicaly. I still feel no need to pay for email usage in any way.

And if I realy have urgent or very important data to share with a person/company (which is rarely the case) I can send a snailmail letter or I call that person over the phone.

my 2 eurocents.

Dutchie.
Dutchie007 is offline   Reply With Quote
Old 2 Jul 2022, 10:42 PM   #8
hadaso
The "e" in e-mail
 
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,658
If someone is going to tap into my email communications they are much more likely to do it at the weakest point, that is either my equipment (phone or computer) or the other party's equipment. If someone is able to compromise my equipment they can record all my I/O, and it doesn't matter if what I type goes into Gmail or into some E2E encrypted service.
hadaso is offline   Reply With Quote
Old 3 Jul 2022, 02:49 AM   #9
placebo
Cornerstone of the Community
 
Join Date: Jun 2004
Posts: 727
Quote:
Originally Posted by jarland View Post
It's an interesting topic. I've always been of the opinion that it should be handled client side by things like this: https://mailvelope.com (or less simplistic email client features). The main reason being that I don't trust anyone who claims to handle it all for you on the server side, as a service. Years of emails and then "oops, by the way we gave the key to the police." You don't know what they do really, and even if you do then you don't know what the person who acquires their company does later. The only person you can truly trust with your privacy is you.
The flip side is that most of us don't want to live like that, where the only person we trust is ourselves and view everyone else with suspicion. So it becomes a decision about extending trust to an email provider but with the risk of eventually learning you made a poor choice.
placebo is offline   Reply With Quote
Old 4 Jul 2022, 10:27 AM   #10
jarland
Essential Contributor
 
Join Date: Apr 2014
Posts: 358

Representative of:
MXRoute.com
Quote:
Originally Posted by placebo View Post
The flip side is that most of us don't want to live like that, where the only person we trust is ourselves and view everyone else with suspicion. So it becomes a decision about extending trust to an email provider but with the risk of eventually learning you made a poor choice.
Aye. Though I understand where it comes from. For example if you trust me then you have to trust everyone I trust as well. Everyone with access to the facility which houses a wealth of brands, etc. Even an encrypted file system decrypts and people with physical data center access could compromise it. Then you could add on top that not only do you extend trust in that way, but you have to also trust them to be competent enough to not make a mistake that breaks trust by accident. Viruses, putting keys on GitHub (scary how common that is).

I'm with you but I totally get where people come from.
jarland is offline   Reply With Quote
Old 4 Jul 2022, 01:46 PM   #11
truemagic
Member
 
Join Date: Dec 2013
Posts: 33
I agree is down to personal choice and preference when it comes to whether you wanted to FOLLOW the trend

Not only that, degoogling is also part of the recent trend I've noticed but I would not want to do that yet, as it involves completely reflash of your phone to a no-so-googlish OS (grapheneOS) and a lot more to do to decouple from google ecosystem.

I'm interested of how this is heading but I'm not sure how far and how many people will join in to "fight the big tech" as Proton CEO said
truemagic is offline   Reply With Quote
Old 5 Jul 2022, 03:18 AM   #12
emoore
Essential Contributor
 
Join Date: Apr 2002
Posts: 273
To answer the original question, no. I don't see any practical way to significantly increase my privacy. If you search for email providers that support privacy they're really offering better security, not privacy. Not the same thing.

All of the talk about a email provider being based in a nation that is part of 4 or 5 or 12 eyes or court orders or what is logged misses the point. If a nation state wants your mail they will get it one way or another. I mainly worry about data brokers (my ISP for example tries to sell everything they can to data brokers).

I don't use gmail but they're so widely popular that doesn't help much. Mozilla promotes privacy but even they encourage their employees to use google workspace for email. https://arstechnica.com/gadgets/2022...ing-for-users/ (Google Workspace to strip privacy control from admins, re-enable tracking)

I'm using Thunderbird version 102 where its easy to configure OpenPGP. But none of my friends or anybody else I correspond with is willing to configure OpenPGP. Doctors, lawyers, banks, brokers etc. all seem to insist you use their private webmail based secure messaging systems for anything sensitive. If I was exchanging email with somebody who uses Protonmail I'd think about using their public key server. But the OpenPGP support in Thunderbird (easy as it is to use) still prioritizes security too much over ease of use. If I search my messages it will ignore the contents and possibly even the Subject (depends if the sender encrypted the Subject) of any encrypted messages. It won't let me export a decrypted copy of the message. So it becomes awkward to use E2E by default as it disrupts my work flow too much.

I can't easily find out if any mail I receive was only sent over encrypted connections between each server. I'd have to look at all of the Received: headers in the raw message source. Not do I have a easy way to determine if any message I'm going to send will only go over encrypted connections. There was a nice add-on called paranoia that used to let me easily see that information but its based on XPCOM/XUL so it requires a complete rewrite to support the WebExtension API version 78 and later uses.
emoore is offline   Reply With Quote
Old 5 Jul 2022, 05:33 PM   #13
JeremyNicoll
Essential Contributor
 
Join Date: Dec 2017
Location: Scotland
Posts: 382
Quote:
Originally Posted by emoore View Post

I can't easily find out if any mail I receive was only sent over encrypted connections between each server. I'd have to look at all of the Received: headers in the raw message source.
That wouldn't prove anything at all. The way the headers are added, and the info in them only applies to properly written RFC-compliant servers. If someone was deliberately running a spying server in the middle of a chain of servers you couldn't expect them to insert a header confessing what they were doing. Most likely they'd put in a fake header, but they could omit it completely, and if they spoofed their ip address when passing it on the next header wouldn't tell you where the last server had really been.
JeremyNicoll is offline   Reply With Quote
Old 6 Jul 2022, 09:55 AM   #14
jarland
Essential Contributor
 
Join Date: Apr 2014
Posts: 358

Representative of:
MXRoute.com
Quote:
Originally Posted by JeremyNicoll View Post
That wouldn't prove anything at all. The way the headers are added, and the info in them only applies to properly written RFC-compliant servers. If someone was deliberately running a spying server in the middle of a chain of servers you couldn't expect them to insert a header confessing what they were doing. Most likely they'd put in a fake header, but they could omit it completely, and if they spoofed their ip address when passing it on the next header wouldn't tell you where the last server had really been.
Widespread understanding of this combined with malicious intent could destroy the email ecosystem as we know it in a week. Similar to how some upstreams still handle BGP can and frequently does do to the internet as a whole for brief moments now and again. Clock is running out on trust based systems.
jarland is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 12:04 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy