privacyguides.org vs. privacytools.io

Which is more based?

  • PrivacyGuides.org

    Votes: 27 69.2%

  • PrivacyTools.io

    Votes: 12 30.8%
  • Total voters
    39
serious n00b said:
I laughed so much when Protonmail supporters were shocked silly after it turned out that a centralised website that held all of the keys can and does work with law enforcement.
Click to expand...
Source on them decrypting emails for law enforcement?
I don't even believe they can't, I'm just not aware of it happening.

As for OP, privacyguides.org is the better one now just based off of the content so it's what I link people looking for relevant material.
 
  • Agree
  • Informative
Reactions: Fomo Hoire, seri0us and Mister Uno
Useful_Mistake said:
They share all sorts of stuff with authorities (some of which is US authorities that Protonmail confirms would be in violation of swiss law)

Registration details, IP adress and device usage details.

I am convinced that if they can, they probably share emails too.
Click to expand...
Protonmail Ads.jpg
 
  • Informative
Reactions: Useful_Mistake
Useful_Mistake said:
They share all sorts of stuff with authorities (some of which is US authorities that Protonmail confirms would be in violation of swiss law)

Registration details, IP adress and device usage details.

I am convinced that if they can, they probably share emails too.
Click to expand...
"Source on them decrypting emails for law enforcement?"
"They share all sorts of stuff with authorities..."

This is why I asked. If anything, there's evidence so far to support that they can't, or at least couldn't, hand over emails to authorities. This isn't me shilling the service, I'm just tired of people making unverifiable claims about privacy this and that.
 
  • Like
Reactions: rareblacklobster and Old English Roast Beef
Aidan said:
"Source on them decrypting emails for law enforcement?"
"They share all sorts of stuff with authorities..."

This is why I asked. If anything, there's evidence so far to support that they can't, or at least couldn't, hand over emails to authorities. This isn't me shilling the service, I'm just tired of people making unverifiable claims about privacy this and that.
Click to expand...
ProtonMail's claim is that the private key for their user inboxes is generated from the user passwords, or some shit like that, right?

They can claim that this all happens on the client all they want... but if they're doing things like monitoring IPs for law enforcement, they can also serve up a different login page to certain IPs, one that logs your password to the server so that all your mail can be decrypted. And that vulnerability's only required to read older emails! If they get told to monitor your account by American or other pigs, they could just send any new emails to a completely unencrypted log to pass to the pigs.

Basically, if they cooperate with LEOs at all, their privacy claims are void.
 
  • Like
Reactions: anustart76 and Useful_Mistake
⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛ said:
ProtonMail's claim is that the private key for their user inboxes is generated from the user passwords, or some shit like that, right?

They can claim that this all happens on the client all they want... but if they're doing things like monitoring IPs for law enforcement, they can also serve up a different login page to certain IPs, one that logs your password to the server so that all your mail can be decrypted. And that vulnerability's only required to read older emails! If they get told to monitor your account by American or other pigs, they could just send any new emails to a completely unencrypted log to pass to the pigs.

Basically, if they cooperate with LEOs at all, their privacy claims are void.
Click to expand...
Basically, know your threat model, act accordingly. ProtonMail for all its reputation isn't FOSS and even if it were, you wouldn't know that the version on their server is exactly identical to the version they allow you to evaluate. If you need things to be 110% anon/secure/whatever, you're going to have to self encrypt and self host, but that comes at the cost of deliverability and anonymity.

Email is truly the triangle-pick-2 problem. You know, te thing where you can get it done quick, right, or cheap. You can even get 2/3, but never 3/3. You have to sacrifice something.
 
  • Like
  • Agree
Reactions: Aidan and anustart76
X Prime said:
I was wondering about this myself. If not Protonmail, then who is suggested?
Click to expand...
Again, Email is a triangle-pick-2 deal (get it done right, cheap, or fast. Maybe 2/3 but never 3/3).

What do you value, what is your threat model, what is your budget?

I really want to make an autistic thread about the triangle-pick-2 conundrum in Internet and Technology but I can never sit down and do the whole thing. I will focus on one part of the question that I've thought a lot about however:

Reliability and Anonymity are basically mutually exclusive. The epitome of reliability is basically owning your own domain - if your email provider deplatforms you, you can take your domain to another provider or even self host and you'll be able to get all future emails without having to recover literally each account individually. You don't have to tell your acquaintances what your new inbox is. You just need to point to the new provider.

But you have to dox yourself to a registrar to buy a domain. It is possible to register a domain without doxing yourself, but those services essentially purchase "your" domain for themself and allow you to administer it. If they want to give you the boot, they don't have to let you transfer the domain out because it was never really your domain in the first place. (If you register with faulty information and they have trouble forwarding abuse complaints to you, I think they are allowed to cancel your registration).

But depending on who you're worried about, maybe it's good enough to buy whois privacy so only your registrar knows who you are. Absolute top tier anonymity might not be necessary.

So the first question I ask myself when trying to imagine a perfect email system is "Is it more important that this address still works a decade from now, or that it can't be traced back to me?

I've basically decided that to be autistic enough for me, I'll probably need to have at least 3 email systems that all forward into a unified inbox.

... Get me started on if you ever want to send emails, that's another mess that causes people grief even when they aren't being paranoid freaks.

No matter what you prioritize, you will probably need to go beyond emails. You know, use VPNs and PGP. Even if you can't be 100% impenetrable, you can at least limit the potential harm when it does finally happen.
 
  • Like
Reactions: Aidan
⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛ said:
ProtonMail's claim is that the private key for their user inboxes is generated from the user passwords, or some shit like that, right?

They can claim that this all happens on the client all they want... but if they're doing things like monitoring IPs for law enforcement, they can also serve up a different login page to certain IPs, one that logs your password to the server so that all your mail can be decrypted. And that vulnerability's only required to read older emails! If they get told to monitor your account by American or other pigs, they could just send any new emails to a completely unencrypted log to pass to the pigs.

Basically, if they cooperate with LEOs at all, their privacy claims are void.
Click to expand...
Outside scope and I'm going to guess there's no proof of the "if" at the end. Anyone can do anything "if..." when it comes to servers outside of your control.

The claim: Protonmail can and does hand over plaintext emails to law enforcement.
The source: many asses

Dergint's reply on threat modeling is what matters the most. If you blindly trust any email provider and expect them not to comply with law enforcement then you're not taking yourself seriously enough. On the flip side, there's no proof of Protonmail handing over plaintext email while evidence against them doing this exists where what they have provided was metadata, so when someone says Protonmail does share email content I have to ask.

X Prime said:
I was wondering about this myself. If not Protonmail, then who is suggested?
Click to expand...
I'm not using email to avoid governments or anything so am ok using Protonmail and Tutanota but Michael Bazzell has said he uses Fastmail (paid) and domains to forward custom email addresses to his Fastmail emails*. In a recent podcast episode he covered this a bit with regard to domain ownership and why it may matter, though Dergint touched on it above as well.

If my direct link is wrong then maybe check the past 10 eps' show notes.


*Made this more explicit
 
Last edited:
  • Informative
  • Like
Reactions: anotherguy247 and Sparkling Yuzu
Sparkling Yuzu said:
Does anyone know if fastmail is worth paying for? Especially for a tech illiterate normie?
Click to expand...
I haven't used them, but I can say from having looked at a bunch of providers circa 2018, the price seems good for email hosting.

I think of $5/month/inbox as being the baseline price, based off of big tech providers like Gmail and Outlook. More raw email providers are maybe $3/m/inbox, but they'll tend to be just email, no office suite or anything.

The Fastmail basic plan paid annually puts it in the expected range, but it has one feature in particular that I don't think is standard: "600+ alias addresses for even more privacy"

I assume most providers allow inboxless forwarders, but they don't typically market them that way and the expectation is that you to forward customercare@dicks.us to Doug; you only have to do that once, so you it can be buried really far into the settings. An actual alias feature won't be nearly as buried. If you can create these aliases on different domains than your real inbox, then even better. I would say that's like adding free forwardemail.net functionality to your subscription, minus the jackass admin whom I don't want to trust with my emails. Not as awesome as a simplelogin forwarder however; I don't see any mention of encrypting the messages.

Setting up email isn't that hard, if you don't insist on something fully self hosted then the nerdiest step you'll have to do is updating your DNS.
 
Dergint said:
I haven't used them, but I can say from having looked at a bunch of providers circa 2018, the price seems good for email hosting.

I think of $5/month/inbox as being the baseline price, based off of big tech providers like Gmail and Outlook. More raw email providers are maybe $3/m/inbox, but they'll tend to be just email, no office suite or anything.

The Fastmail basic plan paid annually puts it in the expected range, but it has one feature in particular that I don't think is standard: "600+ alias addresses for even more privacy"

I assume most providers allow inboxless forwarders, but they don't typically market them that way and the expectation is that you to forward customercare@dicks.us to Doug; you only have to do that once, so you it can be buried really far into the settings. An actual alias feature won't be nearly as buried. If you can create these aliases on different domains than your real inbox, then even better. I would say that's like adding free forwardemail.net functionality to your subscription, minus the jackass admin whom I don't want to trust with my emails. Not as awesome as a simplelogin forwarder however; I don't see any mention of encrypting the messages.

Setting up email isn't that hard, if you don't insist on something fully self hosted then the nerdiest step you'll have to do is updating your DNS.
Click to expand...
I like Fastmail and I've been a customer of theirs for several years. The alias feature does have a few dozen different domains you can use, plus you can use your own domains with it. It even has DNS service although it's not the most fully-featured out there.
 
  • Informative
Reactions: Aidan and Fomo Hoire
You must log in or register to reply here.
Back