Tutanota

No, thanks. I use disroot.

At least they're not autistic.

--
Securely sent with Tutanota. Get your own encrypted, ad-free mailbox:

tutanota.com

premium is very comfy, atleast the custom domain and catch-all
I'd advise waiting till they implement crypto payments though.

you know you can change your signature with 2 clicks, right?

Also, them using pop/imap means the server must have the mails decrypted at least for the time of being logged in.
That's not the case for tutanota

last sentence meant to

>the server must have the mails decrypted
That's why I use PGP.

>Tutanota requires javascript to be enabled.
no

G Suite Gmail sweaty :)

No thanks, I use posteo

Why don't you take the ultimate truth when it comes to email: Self hosting.

>Free version
I never like to see that. I'm more inclined to use startmail.

>All your free encrypted emails are stored on our own servers in highly secured data centers in Germany.
you're aware that germany is on it's way to less internet privacy and more direct state control (no more anonymity), right?

cause google is a bitch and drops your mails
used to selfhost

they still lack a lot of oppressive laws like mandatory decryption, gag orders, etc.. that exist at a lot of other places.
plus, they have technically no way to decrypt anything from you, unlike with a lot other providers.

Trust me when I tell you the BND couldn't decrypt the emails even IF they had the encrypted emails on their own servers in Berlin. The CIA might be retarded but god damn our security agencies are a bad fucking joke.

7, all of them fucking registered in childhood and loaded with shit and important stuff. Oh man, i need to clear them.

Unless the sender and receiver are using end to end encryption that they solely control, it doesn't fucking matter what service provider provides the email service. Stop falling for this faggy fud bullshit you literally insignificant faggots.

This is literally no better, if not potentially worse, than gmail.

No one that actually has a clue what they are doing is still using email for anything remotely sensitive anymore. Even companies are slowly getting the hint that email might as well be clear text on a site called pleasedontreadme.com

Of course.

Hat tip Fash the Nation

between tutanota users it is automatically end-to-end encrypted. otherwise you can use PGP.
Also, tutanota automatically encrypts messages on receiving with your public key.

>Also, tutanota automatically encrypts messages on receiving with your public key.
After receiving, and you'd have to trust them that they don't keep the unencrypted messages.

If you receive unencrypted messages it doesn't matter if you selfhost or what provider you use, because you are already fucked from the start.
Don't send sensitive shit unencrypted and don't rely on your providers encryption.

Sure, I'm just saying that Tutanota saying they encrypt everything means shit.

exactly, you have to trust all of them to some extent. this is the fault of SMTP amd email. Tuta is just the least bad option out there.
this is still a lot better than many others, where viewing your mailbox results with decryption on serverside. Here no matter what they tamper, there is no way to decrypt messages received prior.

Well yeah I completely agree. Just because a provider says they encrypt something doesn't mean jack shit.

>Tuta is just the least bad option out there.
No, there's no reason to believe this. There are a couple of others that at least rival Tutanota.

>Here no matter what they tamper, there is no way to decrypt messages received prior.
Again, they could just keep the unecrypted messages.

.
>Again, they could just keep the unecrypted messages.

I was referring to LE involvelemnt, implying tuta is trustable and they signal when they are no longer (which is feasible due to lack of gag orders in germany)

There are also options that are much more secure than Tutanota simply because they aren't hosted in Germany which is still a part of 14 eyes even if their laws are better than some other countries.

Well if Tutanota keeps the unencrypted messages, then they could very well hand those over to LE. No reason to trust them in that either I think.

yeah, you need to have some faith.
that goes even for selfhosting, it requires certificates from a CA, LE could probably get a fake one.
the problem is with email in general, it was not made to be end-to-end encrypted

You are completely right. With Email (that you really shouldn't use for sensitive stuff) you need to put a lot of faith into a lot of things and parties involved.

>free
>open source
So how do these unscrupulous fucks make money?

No, because tutanota is backdoored/placebo. When you register your account, you're given a mandatory decryption code, and the German government is given a copy too. You're a retard if you think you're safe for using this.

the paid plans

Funny you say that because tutanota is being decrypted and is under a gag order by the German government.

How do they make money of the free plan though?

you're a retard.
if you checked the actual source (I did) you'd see the code is made from the actual key (the one that is encrypted by your password to provide password change feature) and is never networked unencrypted. And "mandatory" my ass, you can just simply not write it down, the two level key has always existed since that's the only way you can change password without complete reencryption, just like how ot is with LUKS for example.

>Germany
no thanks! can't be trusted.
Yet another surveillance obsessed shithole just like USA, Australia, England and China.

Fuck.those.places

gag orders are not a thing in German law.

You can't know the source you looked at is what's being used by Tutanota though.

>You can't know the source you looked at is what's being used by Tutanota though.
I can, i compiled it myself

You did not compile the Tutanota server software.

the thing we were talking about is client. the entire backup key thing is a clientside addition.
basically now the master key is no longer only encrypted by your password and sent to the master server to store, but they let you write it down on a paper.

Why don't you Jow Forumsuys use Mailo.com?

I wasn't aware they let you create an account via a client, I figured it was just on their website.

fairly sure the web client is also built from the same node.js source just like phone and desktop.
Obviously its hard to verify its source so I'd never use it, but it *should* be secure that way too.

Reminder that unless you encrypt your emails, it's all unsecure.
And if you encrypt, even fucking gmail is fine.

Been using it for quite a while, cheapest non free plan. I like it, but i dislike a few things like for example how often there's an update i have to accept (sometimes it feels like it's every day), and how long time it takes to delete lots of mails, such as when clearing the trash and spam folders. All-in-all I'm happy though. Almost completely migrated from google mail at this point.

been thinking about writing a custom client that runs an IMAP server, to make other clients work while staying safe and secure

Same. How to clear them. If I just abandon them, is it a security breach? It doesn't sound good. Requesting strategy to tackle the 10+ mail situation most people find themselves

They don't. Paid plans support the free one.

I lost my password

i just went from 2008 and GDPR requested deletion of accounts i didn't need, changed email in rest. only took a week

I'm going through a clean-up and it's a chore. I only have 4 old accounts that I'm planning to delete and it's already overwhelming sometimes. Instarted the process few months ago and have been scrupulously uncovering the loads of websites I registered at over the years. It is time-consuming and annoying to make sense of this mess, but most services by now have decent search engines and filters that help. Going to the registered websites and closing the accounts to go full GDPR-style is a different story.

1) shopping and gov ID
2) friends
3) work
4) spam

You'd still need an email account for shops and other services, and those won't encrypt their emails. In those cases, I'd still rather use a service that (supposedly) doesn't scan them for data to sell, even if it's not 100% secure.

dig deeper suggested disroot over tutanota so I registered an account with them. Did I make a mistake?

since they use IMAP, at some point other than receiving the mails are decrypted on their servers. Tutanota is better at this, if it gets compromised (by LE for example) they still can't read older emails regardless what you do, given that before the compromise they were trustable. Same doesn't hold up for disroot.

But ultimately its up to faith partially, read the replies in the thread, theres a conversation about this.

B-but... I'll be banned for using more than 1 account!

you can have up to 5 aliases with the cheapest plan