On Private Email

2021/07/07

Tags: Opinions Privacy Security 100DaysToOffload

You don’t understand email (maybe).

A lot of criticisms I see from email services from the paranoid is that there is little to no email services that provide total privacy. And if there are services that try to provide this, they always have a flaw that can make it fall short.

ProtonMail has been getting a lot of proper news coverage recently, I might go as far as to say it will become the next NordVPN, with Brave, Nord, and Proton being the big three “privacy” companies. Personally, I kind of like it, and a lot of disposable or non-attributable emails are just ProtonMail accounts I make using a VPN. Would I completely recommend it? Not always, there are serious issues I have distaste with like no support for other email clients.

E-Mail is fundamentally flawed and services like ProtonMail use their own additional software over the original E-Mail protocol to make it secure. Its an E-Mail service that adds automated PGP encryption functionality, the downside: Not many people use PGP encryption, so if you email someone who isn’t using PGP or a ProtonMail address, the flaws of normal E-Mail still apply, and you’re just using a normal email service with an improved privacy policy. Saying ‘Secure E-Mail’ is like saying a ‘Secure Phone’ - Email is like A5 encryption (a broken cipher used in cellular networks), there have to be either serious mitigations that change it’s functionality completely, or it’s a lie.

The privacy policy of some email services may be better than the sins of privacy policies like GMail or iCloud, but they still all run on a framework. I have seen criticism online on ProtonMail providing information when receiving a swiss court order. Yes, of course they would, its the law isn’t it?

You could use an Email service that refuses to provide court orders and would shut itself down, like Riseup would. However, this means elevated risk in using a service that openly admits it would be gone at any time. A service like Posteo also has an excellent privacy policy, but it also costs money.

What I’m trying to say in short terms is, when it comes to private email you don’t really have much of a choice, unless:

It’s also worth noting that any company or service could be a complete dick and block the domains of these services, requiring you to use GMail or something. When I spoke about privacy guidance, I said that you cannot use something like this without avoiding the possibility you may stand out more than someone who just uses something mainstream/what you’re uncomfortable with.

Not to mention they are all vulnerable to the flaw I wrote about above, you NEED to have your other person use PGP with you. There is no email service with the perfect privacy policy, reputation, free access, promotes security and promises a very long lifespan.

Personally? I think Posteo is the best, I use it for personal matters, but for brett.icu domain emails, I use ProtonMail as the latter two services dont support custom domains. (Yes, I’m aware of disroot) If I am using accounts, I’d like to say you’re better off just making several non-attributable emails that you can use for just the accounts until such a perfect service existed.

If you ever want to email me, I have attached PGP on this website, that key is used separately to my ProtonMail one if you do not trust them, you could also use it to get in touch with me elsewhere if that is the case.

>> Home