I’ve been looking to switch from gmail to a different email provider that’s more private. I’ve been hearing about Tuta, are there any drawbacks to it? Are there better options?
For a while I was planning on making the switch to protonmail but that’s off the table now due to the recent events surrounding them.
I have the feeling people actually need to have the urge from panic to have to migrate all their data.
No PGP support kinda kills it imho
no
Care to elaborate?
yes
chodi joined lemmy 55 minutes ago. Ignore their non-reply and block
I’ve seen two posts by this individual so far. Both useless.
Edit: Make that 3 for 3 in the useless category. There’s one below me here.
I’ve been using it for a few months now. Works just fine, doesn’t do anything fancy but it doesn’t need to. Filter rule creation is pretty limited, which is my only issue so far.
If you don’t want to run your own mail server then there will always be a trade off somewhere. That trade off could be high costs to pay a tech firm to run a private mail server for you, could be lack of features, could be privacy, could be a lot of things. Even with your own mail server there will be trade offs around security etc. depending upon your skillset.
Personally, I have a hybrid approach.
- Business is on a mail server
- Personal with sensitive data (health, bills, etc.) is on a mail server
- Personal - subscriptions, newsletters, etc. is on Proton
- Everything else is on Gmail
I also have other accounts (e.g. DDG, Apple Mail, for specific use cases, but I forward the content I receive there into Gmail.
I’ve had a look at Tuta and haven’t seen enough to convince me to move anything there. I’m not going to move my mail servers to a cloud provider, Gmail is there because the address is 20 years’ old and I can’t be bothered updating everywhere that it’s used, and Proton has been great for years, has grown well, and has a corporate mission that I agree with. DDG, Apple Mail etc. is what the internet sees of me - They generate unique email addresses and then I forward the content I want into Gmail, or sometimes Proton.
Tuta and Posteo are both pretty excellent (posteo is cheaper, but has a few less options that might be a deal breaker if you need them, like custom domain support).
Disroot is a good free option, and they offer custom domains after a one time donation.
Mailbox is okay, though they are known to have a very odd 2fa, and will recycle your address if you ever stop paying, allowing others to claim it and potentially impersonate you.
Posteo is unique in that they’ll never delete your account for inactivity, or even if you stop paying, where they’ll let you access and read emails, but not let you send them until you pay again.
Do they compare similarly in regards to privacy?
From what I understand, Tuta may have a slight edge theoretically, but email itself is a pretty poor protocol when it comes to privacy.
Tuta was forced by court order to implement a message logger for an individual, but AFAIK all of their previous messages were encrypted and could not be read by Tuta, and therefore the Government could only see new unencrypted messages coming in before they were encrypted.
Disroot only recently implemented at-rest encryption, so that should be fairly solid now. Posteo also allows you to encrypt your inbox and calendar at rest.
Even with that, consider all private email providers as mostly just to avoid surveillance capitalism (to prevent your data from being mined and sold), but with only marginal protection from state agents.
@ProdigalFrog@slrpnk.net
Tuta was involved in a Canadian spy case, where in court it was alleged to be a front for an EU Intelligence Agency. Cameron Ortis was the counterintelligence spy on trial. https://gizmodo.com/tuta-email-denies-connection-to-intelligence-services-1851022465 and lots more if one does a search. I know I wouldn’t use them, so you’ve been warned.
@countrypunk@slrpnk.net
Ortis has claimed that some unnamed Five Eyes foreign agent introduced him to the honeypot operation and that he didn’t notify his superiors at the RCMP about it.
How can you trust an unnamed intelligence officer though? For all we know, they might have an actual honeypot competing against Tuta and want to gain marketshare.
After all, intelligence agencies are guaranteed to be the first one’s who discovered Ortis was selling secret information. Might as well give him fake information to spread around and make criminals doubt any previous information sold by him.
@yetAnotherUser@discuss.tchncs.de
Where there’s smoke, there often is fire. If you don’t trust the allegations, fine.
@countrypunk@slrpnk.net @ProdigalFrog@slrpnk.net
Posteo’s lack of custom domain support can be augemented by using Addy.io or other similar email proxy/forward services.
thanks for mentioning disroot, that seems much more like what i was looking for than tuta which i was originally going to try out.
@reksas@sopuli.xyz
Disroot is good, I’ve used them b4.
@countrypunk@slrpnk.net @ProdigalFrog@slrpnk.net
Mailbox.org beta offers regular 2FA setup via authenticator. I’ve been using it for months and I’m yet to run into any issues.
In general, I’ve been with MBO for almost a year and I’m happy with the service. You basically get a complete replacement for the google suite which you can use via your app(s) of choice.
What did proton do wrong? Legit question, I’m out of the loop.
Nothing. It’s just FUD.
Here’s an article about it: https://medium.com/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e
Even if the CEO did support the orange turd, I would personally still be able to separate his personal opinion from what the non profit is doing.
Great source, thanks :)
He explicitly supported the republican party in its current guise. That’s enough for me to run. Fastmail is where I’ve temporarily landed - would prefer somewhere away from Aussie jurisdiction, but it felt like the least-shit.
That was informative, thanks.
I agree with you, I would be extremely surprised if the Proton CEO supported Trump… I would say very unlikely.
I am very happy with Proton.
In comparison to Gmail? Yes, but that’s a very low bar to clear. You need to be aware that Tuta are currently enshittifying. The product is getting worse and the price increases. It’s slow, but it’s happening. I switched to disroot.org after 2 years of Tuta because I got fed up with it.
It is in my Scrolls of Grudge, and I quote:
Ads in web UI for paying user.
Made it hard to cancel payment.
Newsletter is just upselling.
Can’t unsub from newsletter.NOOOOOOO! Shit! Ah, for the love of cthulu … damnit!
Sigh … this just bummed me out. Thanks for the info.
I am a paid user of Tuta and I have never seen any ads. Where did you see them and what kind of ads?
_drkt provided no proof of Tuta’s enshittification. There are no paid ads for third party products in any Tuta UI. Don’t panic yet. Read all the comments here, maybe.
no paid ads for third party products
Haha you almost fucking got me, I actually wrote a whole thing about how those are ads but then I read your comment again and noticed that clever little write-off. Ads for their own products are still ads and I don’t want to fucking see it. Get that shit off my eyeballs, I paid for this product.
The newsletter is an ad, it’s not news. They’re just advertising their products to you and you can’t unsubscribe and you can’t ignore it because they very deliberately have a special styling for the newsletters that makes it stand out from normal emails.
I don’t know why you want to defend this company. I’m glad you’re okay with the level of shitty behavior they engage in; it’s definitely less than most email providers do- I’m just letting people know that Tuta aren’t angels. They’re a company, and they used to be better. Proton was exactly the same. It was a good service and then it became shitty.
I would love to log back in and show you the 3 separate buttons on my UI that did nothing except link to a “Please pay us for this feature” page because I was a legacy premium user because I didn’t want all those new bullshit they made. I stress that it’s not a case of them implementing a button in the UI for all users and because I’m a legacy user I get it too even if I can’t use it- the buttons had special CSS to make them stand out. They were ads. Why couldn’t Tuta just leave me alone? I could still be paying them to this day if they had just not gone down that path. I just want an email that is an email and nothing more and doesn’t get in my way. Tuta had that, and then they took it away and asked for more money to put it back.
I think the misunderstanding here is that I was a legacy premium user. I was paying less to get only the email+calendar because that’s what I signed up for, originally. When people sign up today, that’s not an option. People who are new to Tuta (relatively) haven’t seen this change happen and haven’t witnessed how obviously desperate Tuta was to get people off the legacy premium plan.
Also my name is drkt_ but I’m sure you tried your best.
Get that shit off my eyeballs, I paid for this product.
You should try Proton, then /s
Proton constantly tries to push you to upgrade to the next plaid plan too. So much so that that couplet with still zero fucking support for Proton Drive under Linux are the two reasons I have cancelled my paid Proton plan… and I had been paying for years.
Yeah, I know! Don’t say that too loud, though. Proton and Tuta are the precious baby boys who can do no wrong in most “privacy” communities.
Those two services have strengths but they also have some drawbacks, that are more or less painful depending one’s needs. If there are people out there who feel so empty that they can’t stand any critics concerning a product they think is great, well, what can I say? I’m so sorry for them.
I’ve tried tuta before. It seems pretty okay, but it doesn’t support IMAP meaning you have to use their app, and (at least for me) it was SLOW.
I personally use disroot, but there’s loads of other options, like mailfence seems like a decent alternative. Just pick one that supports IMAP
I’m using Tuta and their app for a few years now. The app was slow indeed but it’s good now, no problems so far. Lack of IMAP support is justified with security, they say. I personaly don’t need IMAP as I’m completely satisfied with the app, which is available officially in f-droid btw.
yk, fair enough. if you like it, that’s fine by me
Yes.
I recommend mailbox.org instead.
I started using fastmail, best thing I decided to do in awhile
Tuta’s product is snake oil.
If you don’t care about their (nonstandard, incompatible, and snake oil) end-to-end encryption feature and just want a free email provider which protects your privacy in other ways, the fact that their flagship feature is snake oil should still be a red flag.
Is there anything about Startmail (company that does Startpage.com) that is worth avoiding? I’ve never paid for mail but if it’s solid and avoids Google I might.
StartPage/StartMail is owned by an adtech company who’s website boasts that they “develop & grow our suite of privacy-focused products, and deliver high-intent customers to our advertising partners” 🤔
They have a whitepaper which actually does a good job explaining how end-to-end encryption in a web browser (as Tuta, Protonmail, and others do) can be circumvented by a malicious server:
The malleability of the JavaScript runtime environment means that auditing the future security of a piece of JavaScript code is impossible: The server providing the JavaScript could easily place a backdoor in the code, or the code could be modified at runtime through another script. This requires users to place the same measure of trust in the server providing the JavaScript as they would need to do with server-side handling of cryptography.
However (i am not making this up!) they hilariously use this analysis to justify having implemented server-side OpenPGP instead 🤡
Wow, that is very disappointing. I had started using startpage as a Google alternative. While it still may be preferable to Google specifically, their mail product is definitely out.
Haven’t read anything bad about Tuta so I guess it’s fine. Other good ones are Proton, mailbox.org or posteo.de. Anything that’s not by Google, Microsoft, and so on.
