Ask HN: Protonmail Alternatives?

I use Tutanota.

Like others have said, I've accepted that email will never be secure, so I swapped from PM to Migadu just to get away from having to use that annoying bridge, as well as the fact they have no restrictions on the amount of domains and users you can have - just the amount of emails you send/receive.

For reference, here's two I've found:

CTemplar: https://ctemplar.com/features/

Helm Personal Server: https://thehelm.com/

I use Hey [1] and I am completely satisfied. There is also a plan that allows custom domains. The flow might be something to get used to but there are a lot of cool features like spypixel blocking, adding sticky notes to emails or editing the subject of an email thread.

[1] https://hey.com

Lavabit

Riseup.net

There is probably not going to be an email service that does not share protonmail's threat model, i.e. national police investigation. A nation state has leverage, if the people running the service don't want to go to jail for you (and let's be real, people who would are outliers), they're going to comply with legal demands.

What people are looking for is a technical solution to a political problem.

So I like Protonmail a lot, but what I do not like is the "closed" ecosystem it has (you need Proton Calendar, Proton Mail, ...) - It does not integrate with other protocols. I know some people that use https://mailbox.org/ for that reason.

Isn’t it easier to use any of these email services but download and delete all email? I’m not sure how many email providers are expecting that, in terms of serving up its users to law enforcement, in the way that’s so objectionable here on HN.

What is your threat model? Because for almost all truly sensitive information, email is the wrong choice versus Matrix protocol.

I have problems trusting alternatives like Tutanota and Mailbox. Both of which are in Germany, which has been policing speech for the past 100 years. If a Swiss company will comply with law enforcement, then a German company absolutely will.

There’s also riseup, which I avoid because instead of being at the behest of a Governments politics, you have to deal with theirs instead. I don’t want to be involved or associated with politics outside of my local voting booths (although inevitably unavoidable when you’re talking about free speech and privacy)

I think the solution is to host your own or find another protocol. At the end of the day only you have your best interests in mind.

https://gpgtools.org/ GPGtools. If you use a mac, it can hook into your native mail app and encrypt/sign things with your private key. Sure, whatever provider you use knows you send or receive encrypted mails, and the metadata will always be unencrypted, but these are always the case regardless of email provider.

There seem to be other GPG mail tools out there for different contexts (maybe one that runs in the gmail web interface?) too.

An acquaintance tipped me to Posteo[1] which appears to be very privacy focused. One issue (for me) is that they don't (won't) do custom domains (for privacy reasons). Other than that it seems to be a very ideal solution for people who need that kind of paranoid set-up.

[1]: https://posteo.de/en

Pay for gmail, that's it. You can pay for hotmail as well. If you are curious how safe are emails then spin up a VPS for a few bucks in your currency. Now sit and watch as emails come in and go out.

In the United States, law enforcement essentially has read and write privileges over your cloud accounts. It's not impossible for this to happen with foreign services too but it's at least less likely due to the many more hoops someone has to go through.

I use Signal and Gmail. (And Whatsapp.)

Meet in person in a public place, memorize everything.