I’m trying to get rid of my Google dependency and one of those steps was moving over to Protonmail. Now in the past few days i have been picking up signals that even Protonmail is not as clean as it might be.
Does this really impact the privacy of how i use email and so is moving to Protonmail a step forward from Google, or is Protonmail just as bad?
If so, what could be alternatives?
edit:
Some of the alternatives being mentioned in the comments are:
Email:
VPN:
edit 2 (2023):
There seems to be some new activity around this post. At the time of writing the post (2 years ago) there were some stories going as user @UnfortunateShort described in their comment. This made me question the best options available at that moment. Currently i am still a Proton user, using their Mail and Calendar service, and Mullvad for VPN.
i would say it is a step forward but how much depends on your use case. if you are encrypting all your emails, protonmail allows you to do so with the body of the email (but NOT the headers). there are other providers who make this as easy. tutanota even encrypts your entire email, subjects and senders included but they recently had to comply with a court order to store new incoming emails for a certain user unencrypted.
when it comes down to it, any secure communication should not be done over email. you can always encrypt the body of the message yourself but the sender/receiver information and subject line will not be encrypted.
an alternative vpn would possibly be mullvad. the people over at privacytools also recommend ivpn so that’s another one you could look into
No, the Tutanota court order said that they had to comply with the law if information is needed for a specific use, and they can only give what they have, meaning that if you communicate with other e-mail providers such as Protonmail (who encrypt e-mails by default) they can only give the court encrypt data, which is not so useful, but for example if you get an e-mail from Gmail then they can give them that information since it’s unencrypted.
i was referring to the recent order (late last year) from a german court ruling tutanota had to “spy” on one user. tutanota cannot access the emails in that user’s mailbox because they are already encrypted but they had to comply with the court order so their solution was to write a function that prevents that specific user’s new emails from being encrypted.
Yes, I know you were referring to that case.
This is from the exact article in German you cited at the end:
[Update, Nov. 30, 12 p.m.] As Tutanota emphasized, the monitoring measure only affects newly incoming unencrypted emails. The company cannot decrypt data that is already encrypted, as well as end-to-end encrypted emails in Tutanota. [Update.]
Besides Tutanota, some other providers also store all incoming mail in encrypted form. At Protonmail it is also standard, Posteo and Mailbox.org offer encryption as an option. Tutanota provides an overview of the number of requests from authorities in its transparency report.
you write as if you’re correcting me (first comment began with “no”, second citing what i already stated) but i said nothing in contradiction - already encrypted emails won’t be unencrypted. i did not state otherwise.
It doesn’t say that, it says:
This means only e-mails received after the the monitoring declared by the court was approved which are not encrypted will be sent to them. This is reinforced by the following sentence:
Meaning they can’t do anything with old, encrypted e-mails.
Meaning new encrypted e-mails.
i understood but i now see i wasn’t clear enough in my original comment. sometimes i omit things for sake of clarity but it seems i omitted too much in this case. it was not my intention to imply that all incoming emails, regardless of encryption status, would be unencrypted.
No problem, it’s just I had this exact same discussion in a Privacy Tools issue and I was sure I knew what I was talking about, also I don’t to say X service has been compromised.
deleted by creator