Hey all, I’ve been taking my digital privacy and security much more seriously this year, but the one thing I’ve been stuck on and feels overwhelming to me is email. So I wanted to know what do you guys use or what practices do you follow? Do you keep a separate email or alias for every single account, or just compartmentalize, like one email address for online shopping, one for business, one personal correspondence, and etc.

What services do you use? Right now I have a free Tutanota and ProtonMail account but haven’t decided which one to pay for, if either. ProtonMail makes me iffy with the amount of controversy and debate that has come out of them in recent years even though it comes with a lot of other nice stuff like cloud storage and a vpn. Tutanota I just dislike the fact I can’t add it to third party mail apps like Thunderbird, but this might not be a deal breaker. I know there are others, so what do you guys use? I don’t need something to protect my emails from the NSA or organizations like that but definitely something more private and secure than gmail. Thanks.

  • Mikina@programming.dev
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 year ago

    I have one generic company-sounding domain, and use catch-all email address for it, so I can set up randomized name.surename@<randomcorp>.com combinations for every service I need an account for. While it probably doesn’t even make a difference with all the advanced fingerprinting methods that are around nowadays, it feels a little bit smoother than generating a random obviously throwaway email address with some of the disposable email services that are around, and for a fraction of a cost.

    Then I have my work emails and one official domain with my name that I use whenever is something important enough that I want to use my real info for. And I also have an email for cases where I need to say my email out loud, which is just spam@<myname>.email. Efficient, and people usually get it right at first try. (But I did encountered a few cases where .email was not a valid TLD, since the filter was set up based on character count -.-)

    I’ve been using ProtonMail, and I’m pretty happy with them. I have not heard about the controversies up until now, but I think that it’s understandable that they have to comply with court orders, and unless I’m mistaken they can’t hand over your actual emails, since they are encrypted at rest by your password, right? Since I’m not really worried about having to do anything with police, it’s not a threat model I need to take in consideration. But thanks for the info, I’ll probably find a different provider if something happens with our local political situation. For now, what’s the most important for me is that my emails and data are not used to teach any kind of ML bullshit about how to manipulate or impersonate people, and I think that’s what the ProtonMail encryption provides sufficiently.

    • sro2112@programming.devOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Cool, thank you. Yeah I need to buy a domain for email at some point

      unless I’m mistaken they can’t hand over your actual emails, since they are encrypted at rest by your password, right?

      That is true I believe, they can use the address to identify you but if the email content is encrypted they can’t get the contents. The subject line though is not encrypted.

      Same though, I’m not necessarily trying to avoid the police or government but mainly advertising/AI bullshit/ less reliance on google. Do you use proton’s other services, like the cloud storage and VPN?

      • Mikina@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I have my own NAS where I store most of my files that’s open to internet through a geoblocked Cloudflare Tunnel, and if I need to share something I just use the Synology Drive. I tried setting up Nextcloud, but my NAS is too weak for it and didn’t support it by default, and manual instalation didn’t really work properly so I gave up.

        VPN I’ve never found the need for. I was thinking about Mullvad Browser+VPN, since I really like the idea they are going for, but I was too lazy to setup yet another browser. I don’t know how verified Mullvad is, since I haven’t heard much people talking about it and only found it on the new version of privacytools.io - I think it was something like https://www.privacyguides.org/en/. I don’t really know what happened between them and privacytools, or which one is more trustworthy - especially since they have mostly different recommandations.

        But the main idea of Mullvad is that it’s I think a fork of Tor Browser for internet, that’s set up to work without needing any extensions and has the same fingerprint for every user, which stays the same since you don’t need a stack of privacy extensions. And it works in tandem with Mullvad VPN, which means that it’s really hard to fingeprint you based on your browser+VPN provider combination, because while you may have be one of the few users of i.e. ProtonVPN that uses Firefox with uBlock, Decentralyes and CookieAutoDelete, so you can still be eventually identified, all the users of Mullvad use the same browser with same origin IP and same fingerprint. And that idea actually makes a lot of sense on paper.

        • sro2112@programming.devOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I’m actually a current Mullvad VPN customer, I know of their browser but I haven’t tried it. They’re very privacy friendly, no email required for sign up, and you can even mail them cash to pay. While I like what stand for and think they’re awesome, recently they decided to stop offering port forwarding for their VPN, so I need to find an alternative. My main use case for VPNs is torrenting, so port forwarding helps with that a lot. Proton VPN offers port forwarding which was why I was considering just using them for both email and VPN.

          Their browser sounds interesting though, from what I’ve heard it’s basically Tor browser but without the Tor network. The fingerprinting protection sounds awesome, I think one issue with my current browser setup is that I’m probably very unique and easy to fingerprint. So will look into that.