• @Lunacy@lemmy.ml
    2 years ago

    Email has not been designed with security in mind. Even if the content is encrypted, email still leaks a lot of metadata, including:

    • To, From, Cc, Date and Subject.

    Using PGP is not helping since it is a phased out - and obsolete - technology which has a lot of problems:

    If you need secure communication a good solution is E2EE which is enabled by default in signal and in element. Ideally, you should use e-mail to receive newsletter, sign in to sites and nothing more.

    That being said, the whole situation about ProtonMail is quite overblown. As detailed in their transparency report, and privacy policy they MUST provide account’s information like the IP address if the Swiss criminal investigation requires them. By default, they don’t log the IP of the users.

    Now, if this is a real concern for you, then you should not using their service. Otherwise, go for it. ProtonMail is still a valid choice.

    Edit: However, it’s important to understand that every time you visit a website, you automatically send a set of features to it , including your IP address. It’s just how internet works. The whole “no log policy” is not something you can verify. You have to fully and blindly trust the provider whether it is located in a 5 Eyes country or in Iceland.

    Edit: self hosting a email server it’s actually really, really difficult. It’s not something that a unskilled person could do.