I’m trying to get rid of my Google dependency and one of those steps was moving over to Protonmail. Now in the past few days i have been picking up signals that even Protonmail is not as clean as it might be.
Does this really impact the privacy of how i use email and so is moving to Protonmail a step forward from Google, or is Protonmail just as bad?
If so, what could be alternatives?
edit:
Some of the alternatives being mentioned in the comments are:
Email:
VPN:
edit 2 (2023):
There seems to be some new activity around this post. At the time of writing the post (2 years ago) there were some stories going as user @UnfortunateShort described in their comment. This made me question the best options available at that moment. Currently i am still a Proton user, using their Mail and Calendar service, and Mullvad for VPN.
Yes, I know you were referring to that case.
This is from the exact article in German you cited at the end:
[Update, Nov. 30, 12 p.m.] As Tutanota emphasized, the monitoring measure only affects newly incoming unencrypted emails. The company cannot decrypt data that is already encrypted, as well as end-to-end encrypted emails in Tutanota. [Update.]
Besides Tutanota, some other providers also store all incoming mail in encrypted form. At Protonmail it is also standard, Posteo and Mailbox.org offer encryption as an option. Tutanota provides an overview of the number of requests from authorities in its transparency report.
you write as if you’re correcting me (first comment began with “no”, second citing what i already stated) but i said nothing in contradiction - already encrypted emails won’t be unencrypted. i did not state otherwise.
It doesn’t say that, it says:
This means only e-mails received after the the monitoring declared by the court was approved which are not encrypted will be sent to them. This is reinforced by the following sentence:
Meaning they can’t do anything with old, encrypted e-mails.
Meaning new encrypted e-mails.
i understood but i now see i wasn’t clear enough in my original comment. sometimes i omit things for sake of clarity but it seems i omitted too much in this case. it was not my intention to imply that all incoming emails, regardless of encryption status, would be unencrypted.
No problem, it’s just I had this exact same discussion in a Privacy Tools issue and I was sure I knew what I was talking about, also I don’t to say X service has been compromised.