I’ve been using Proton Mail and VPN for a while now, and I’m just wondering how everyone else feels about them. I have this kind of inherent alight distrust of them just because they seem like they offer a lot for free and kind of have a Big Tech vibe about them, but there’s nothing for me to really substantiate that distrust with, its mostly just a feeling. That being said, I do use their services as mentioned and they work pretty well, even on the free teir. So aside from that one instance where they gave that guy’s info to the feds, is there any reason not to trust them with my data?
Ill get straight to the question: what should i use? I use proton currently but they are pretty sus.
Tutanota is nice and a bit cheaper too. A bit limited in features compared to proton but I still like it.
Skiff looks cool
Are you referring to email?
I thought it was obvious from the context but ues
In that case, the email provider that you use makes little difference at all. Because of the way that email works, it will always be visible in plain text (unless manually encrypted through PGP) by a third party other than the recipient at some point. There is of course the exception of, for example, direct communication happening between two Proton Mail accounts, but this is really hardly worth mentioning in any practical sense.
The long and short of it is that email should never be used for secure communications.
Fastmail looks nice in terms of features/cost - it is also owned by the people who run it, which is a big green flag.
But I am in the same boat, looking for a new service, haven’t made a switch yet
The ownership of a service, ideally, should make no difference to that service’s trustworthiness.
That makes absolutely no sense - at the very least, this is unimplementable for an email provider.
I am trusting someone for my data. Ownership belonging to the people running it, who just want to make a living, has the meaning that our interests are better aligned than a multinational ad agency or a nation state whose subject I not even am. That relationship is more healthy, the contract is clearer and more balanced.
If one ignores the collection of metadata, then this is the very purpose of PGP.
The point that I am trying to make is that one should never have to trust someone with their data – if all data is encrypted, for example, from a privacy perspective, it really doesn’t matter where it is stored. Of course, metadata can still be gathered, but that is, in my opinion, a lesser issue, and the user has some, if not complete control over it.
I should also say that it depends on what you mean by “trust”. My response, and original comment are under the assumption that “trust” is referring only to privacy.
After the WhatsApp scandals, my trust in encryption is limited. I’m not a mathematician (which is a goddamn shame), and if there is a backdoor in the mathematics themselves, I wouldn’t be able to catch it even if I read the source code. And there is always the possibility of decryption by quantum computers…
So where we store our data is very important, even if it is decrypted. Encryption is just a secondary defense, the primary is limiting the accessibility to the data itself. And where you store the data, and to whom you allow access, determines the accessibility