Email is by and large insecure. Even Proton has been legally compelled to provide metadata (I think just IP addresses) to the Swiss government (https://proton.me/blog/climate-activist-arrest), so you still need to put effort into hiding your IP when accessing Proton if your threat model involves state actors or law enforcement. You also have to consider that just because YOU'RE using Proton/Tutanota/Hushmail/whatever it doesn't mean the person you're emailing with is, so those emails are only as secure as they are. If you need secure communications email just really isn't the way to do it.

If your goal is just keeping your data away from our Big Tech overlords then there are a lot of options that might offer more features and convenience than the Proton-alikes. Fastmail for example is very popular and has a lot of nice features (like masked email addresses and 1Password integration) but they're based in Australia so you have full exposure to the 5 Eyes.

I'd say try a few out and see which has the best balance of security and features/convenience for whatever your personal threat model is.

    • [deleted]

    I use posteo, it manages contacts, calendar and spam blocking

    It really depends on your threat model, what you are using email for and the information you are passing through it. As others have said, email is not private but unless you are some political dissident, criminal or just want to go down the privacy rabbit hole then something like hosting your own email or using a service like posteo, proton or tutanota is good enough.

    Keep in mind, while you can lock down your phone to the highest degree, we still live in a surveillance economy / state. Use a credit card? It's being tracked and the data sold. Walk on the street? You're likely on a surveillance camera, or some tourist might inadvertently include you in a photo they are taking, then upload it to social media where subsequently your face might be analyzed and possibly tied to your identity (heck even friends and family do likely do this and actually tag you in the photo making it all the easier). Unfortunately, even with the most locked down phone and computer operating system on the planet, big tech still has something on you.

    Depends if the domain is yours. If it is, roll your own server, set
    SPF, DKIM, DMARC, few hours of ducking around but you will have
    the best setup possible.

    3 months later

    [deleted] yandexmail

    Only if you like being blocked. Russian and Chinese service providers are a very poor choice if you want things to actually work. A lot of sysadmins will block everything from that part of the world, so your ability to communicate will be very hit-or-miss.

      • [deleted]

      • Edited

      Choosing to recommend an email provider that is worse in both privacy, security and usability and is based in Russia than something like Proton Mail is just harmful.

        • [deleted]

        csis01 Your response is just a misinformation salad.

        • [deleted]

        • Edited

        csis01 Misinformation, huh? I'll take that as confirmation that everything I said is reasonable, because the only people who use language like that are pathological liars (government) and gaslighters.

        You should take this as a criticism and do better next time because your statements that it's naive to think that Proton Mail is secure and that its closed source is incorrect.

        Categorizing people based on their language and defining them as liars or gaslighters isn't the right thing to do too.

          6 days later
          • [deleted]

          csis01 If, for example, you are French and an activist, I doubt that the Russians will provide your identifiers. I don't see how an email based in Switzerland is more private, after proton provided the connection data to the French police

          [deleted] Prove that it is secure and I will believe it. Unsubstantiated claims that something is secure are WORTHLESS. You are naive.

            [deleted] And for that matter, it uses google services for notifications, which leaks certain data to google. THAT is proof that it is NOT secure.

              • [deleted]

              csis01 It doesn’t leak anything important, and it's a privacy concern, not a security concern, plus it only uses it if you have Google Play Services on your phone, and they're working on their own solution for notifications.

              • [deleted]

              csis01 I don't have time to prove the obvious, and remember that you recommended a less secure and private email that uses FCM for notifications too and is based in Russia.