Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
Not exactly. Maybe you benefit from an additional virus scan (if Proton does this). What you certainly benefit from is the "only load external resources when told to" feature. This prevents tracking since loading the external resource == the mail was opened.
What exactly do you want to achieve in terms of security?
What exactly do you want to achieve in terms of security?
I'm beginning to think many people here just want to throw money at a vague concept of "security" without having a crumb of a threat model in mind.
IMO people mainly just want big tech to quit snooping on everything they do.
On the other hand, it is a lot of hoops and a large learning curve for those to whom have no idea where to start other than having big tech stop snooping.
Yep, you hit nail on the head. This is currently me.
The problem with a late stage capitalist world is that the moment you realize you want to escape Big Tech, there are already numerous of services selling pseudo or marketable privacy-respecting product with comparable convenience to the competing Big Tech counterpart. This appeal to non-technical consumers means their willingness to "vote" with their wallet what they thinks is the best replacement.
The drawback of this, for non-technical consumers, is that it's hard to distinguish between no-nonsense actual privacy-respecting services (with caveats laid out before you pay), where you're forced to do research, and those filled with buzzwords and marketable features, where it's easy to completely put your trust in these companies.
By definition, if you don't feel like putting in the homework, you are ceding control to someone else. At that point, all bets are off. Even trustworthy entities can turn on a dime. Ease and full control are mutually exclusive.
No. Gmail scans all messages as they come in, so if there's anything secret in there it's too late already.
You can enable PGP to encrypt messages for free, but that only protects your email when the receiving end also enables PGP and has given you their public key beforehand and marked them as sufficiently trusted.
If your recipient has an S/MIME certificate, you can use that to encrypt messages. These certificates cost money, though. Again you'll need their public key, but you don't need to mess with any webs of trust.
Email encryption is a pain in the ass to use securely. If you want to share messages safely, use Signal or another secure messenger. Even WhatsApp is more secure than standard email.
Technically you still have a web of trust with S/MIME. You just don't say "I trust you because X said you're good and I trust X" but you say "I trust you, because you paid X money and X did probably a good background check on you". So rather a tree than a web.
I guess it is philosophical to argue if a tree can be considered a net as well.
Very true, but with S/MIME you have the advantage of not needing to maintain that stuff yourself. Both PGP and S/MIME have huge impersonation risks in theory, but in practice S/MIME is just the expensive, corporate PGP that normal people can actually use for their business email.
Basically Let's encrypt and geotrust certificates :D
Oooh, something like let's encrypt but for mails would be nice
No. Proton only encrypts message content to/from other Protonmail users. Message subject, sender, and recipient aren't encryptable for email.
It'll be stored off of Google servers but they'll see it anyways. Still, it's best to do that while migrating emails. Have your old one forward to the new one.
Your emails are already scanned by Gmail at that point, so you're defeating the purpose
No it's not more secure going via Gmail. But what I did was to get the paid Proton Mail and I used my own domain name. So yes plenty pain and time now to slowly update my email address everywhere away from Gmail to my own domain name with Proton Mail.
But hopefully it's the last time I have to update the email address everywhere, because even if I leave Proton Mail, my mail address is not tied to them, but to my own domain name so I can point that to any other mail provider.
So every mail address I'm changing now, is one away from Gmail. But if course 99.9% of businesses don't Encrypt mail, so I'm only really cutting Google out of the loop (assuming the other party is not using Gmail of course).
If you're forwarding from Gmail, then Google can still see all of your emails.