There is probably not going to be an email service that does not share protonmail's threat model, i.e. national police investigation. A nation state has leverage, if the people running the service don't want to go to jail for you (and let's be real, people who would are outliers), they're going to comply with legal demands.
What people are looking for is a technical solution to a political problem.
So I like Protonmail a lot, but what I do not like is the "closed" ecosystem it has (you need Proton Calendar, Proton Mail, ...) - It does not integrate with other protocols. I know some people that use
https://mailbox.org/
for that reason.
Isn’t it easier to use any of these email services but download and delete all email? I’m not sure how many email providers are expecting that, in terms of serving up its users to law enforcement, in the way that’s so objectionable here on HN.
I have problems trusting alternatives like Tutanota and Mailbox. Both of which are in Germany, which has been policing speech for the past 100 years. If a Swiss company will comply with law enforcement, then a German company absolutely will.
There’s also riseup, which I avoid because instead of being at the behest of a Governments politics, you have to deal with theirs instead. I don’t want to be involved or associated with politics outside of my local voting booths (although inevitably unavoidable when you’re talking about free speech and privacy)
I think the solution is to host your own or find another protocol. At the end of the day only you have your best interests in mind.
https://gpgtools.org/ GPGtools. If you use a mac, it can hook into your native mail app and encrypt/sign things with your private key. Sure, whatever provider you use knows you send or receive encrypted mails, and the metadata will always be unencrypted, but these are always the case regardless of email provider.
There seem to be other GPG mail tools out there for different contexts (maybe one that runs in the gmail web interface?) too.
An acquaintance tipped me to Posteo[1] which appears to be very privacy focused. One issue (for me) is that they don't (won't) do custom domains (for privacy reasons). Other than that it seems to be a very ideal solution for people who need that kind of paranoid set-up.
Like others have said, I've accepted that email will never be secure, so I swapped from PM to Migadu just to get away from having to use that annoying bridge, as well as the fact they have no restrictions on the amount of domains and users you can have - just the amount of emails you send/receive.
Pay for gmail, that's it. You can pay for hotmail as well. If you are curious how safe are emails then spin up a VPS for a few bucks in your currency. Now sit and watch as emails come in and go out.
How do you like it? How does it compare to Protonmail?
I've seen the name here a little but first time looking them up. The page title "Secure email: Tutanota..." is super similar to "Secure email: Protonmail..." Even the page layout is similar.
And I'm trying to sign up and the whole flow is super similar to Proton. By design?
> How do you like it? How does it compare to Protonmail?
For a start you can't use PGP, which means external people cannot send you encrypted email unless they use a "temporary inbox" feature. Often they won't do that so the email you receive will be unencrypted at the point Tutanota's servers receive it.
Also Tutanota does not allow you to use email clients. You also can't import your email, and can only export per-folder.
It's also worth noting Tutanota, and Posteo (mentions TKU), and Mailbox and all the other providers will comply with lawful interception requests. Tutanota in the past has handed over email before it was encrypted.
In the United States, law enforcement essentially has read and write privileges over your cloud accounts.
It's not impossible for this to happen with foreign services too but it's at least less likely due to the many more hoops someone has to go through.
I use Hey [1] and I am completely satisfied. There is also a plan that allows custom domains.
The flow might be something to get used to but there are a lot of cool features like spypixel blocking, adding sticky notes to emails or editing the subject of an email thread.
"Lavabit will not release any information related to an individual user unless legally compelled to do so."
"On a final note, the Lavabit e-mail servers do record the IP address used to send an outgoing message in the header of an outgoing e-mail. Because of this, it is possible for the recipient of a message to identify what IP was used to send a message."
I love the final note... The worst is always at the end...
What people are looking for is a technical solution to a political problem.