router99 I mentioned my solution. For Proton only download it and use it with an always on VPN with kill swatch. Only use e2e email providers on Android/GOS as the apps don't use JS. You are subject to a JS attack browser based on a laptop to get your key. Even then all the e2e email providers leave a fair amount of metadata which will bite you on court order.

e2e emails are not for high threat model. Use Signal or Session. No useful metadata and Signal has had the encryption code independently audited and their open source encryption code has been gone over by all sorts of security pros and is rock solid. Plus, not only can Signal not see your phone number, they can't see your IP like the e2e email providers can. Snowden recommends Signal. If the phone number is a prob for anyone, use Session. I'm not very high threat model, and like I posted earlier, I want my contacts to see if I use Signal and I want to see if they are. The more the merrier. You can turn off sharing your phone number (I think it downloads without sharing by default) with contacts on Signal and the number you signed up with is a truncated hash on an encrypted Signal server. Signal can't access it and does not know your number.

    MoonshineMidnight

    Mailbox allow you to use your own private key, but you need to trust them to use your public key first without keep a copy of the messages. Mailbox has an important lack with 2FA.

    Yubikey proton's implementation is a joke, i think tutanota did a better work. With Protonmail youcan't disable OTP code and is overpriced.
    Posteo hasn't support for own domains, isn't in the top of privacy mails.

      Icecube Yeah, I mentioned I use Proton and Tuta. Not perfect but better than the alternatives in my view. Like a posted above, e2e email providers are not for high threat model.

      If your threat model involves concerns that Hilldawg level people are interested in you then you shouldn't be using email at all. The highest echelon of perfect opsec 100% of the time in use of supposed private email services will still fall short of what default configurations of newer communication protocols such as Signal and Session offer.

      • zkz likes this.

      So if Signal asks for captcha identification when creating an account it is like sharing some of your information with e.g. Google? What is captcha identification? Who manages it?

        Javcek
        I tried it last night again. Installed the .apk from Signal's website. They have migrated to hCaptcha. Still unacceptable to me, never really liked Signal, tbh. As for whether Google was getting some information back when Signal was using its captcha, I don't know, but any company that would put this in their app is a no-go in my book.

          AlanZ So you are assuming that any app or website that asks for captcha identification may be sharing some data about you?

            I agree with the general “stay away from email if at all possible” approach.

            Proton Mail is only okay if both parties are using it, and even then, I try to shy away.

            I have friends who are real troglodytes, do not text, carry a dumb flip phone, leave it in the vehicle, because it’s for emergencies only. Too old and stubborn to change.

              beammer335d I would also use molly-FOSS if it wasn't draining the battery. Signal with google services uses 3% of the battery overnight i.e. for 7h. In addition I add 2% of running google services which gives a total of 5 to 6% for 7h of sleep. Without google services Molly was using between 15 and 20% for 7h of sleep for me. I should add that this is all on LTE all the time.

                Javcek
                No, not really, I just won't tolerate this behavior, that's all.

                AlanZ
                What are you doing with Signal that brings up a Captcha? I have been using signal since they merged the two original apps, and have not had this problem.

                Nor has anyone with whom I use Signal.

                  Blastoidea Signal usually required captcha when you tried signing up if your IP Address was flagged which happens when you use abused cellular networks or VPN IP's. Not all registrations needed to pass a captcha only flagged IP Addresses or Device strings.

                    Javcek
                    WOW thats crazy battery drain...not having that kinda of issues here, What device are you running P6P here

                      alci

                      I prefer Prosody, is more customizable, ejjaberd is for lazy people who try to pass xmpp test without any effort.
                      Conversations is a very good client, only need a relook.