Which Secure Email Provider?

Discussion in 'privacy general' started by TomAZ, Dec 28, 2017.

  1. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    89
    Imagine this: I'm on the phone with someone, they ask for my email
    I spell it out for them: name.surname@tutanota.com
    I get the response "tuta what?"
    Tutte means tit in Swedish which doesn't make it any better btw.

    Didn't know they had other domains, will check it out for sure!

    Keemail is too close to keymail so that won't cut it either.
     
  2. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,227
    Yes I see where your coming from but when giving someone an email address over the phone, unless you are lucky enough to have a name like john.smith@whatever.com it is usually a matter of spelling it out letter by letter anyway.
     
  3. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    89
    With posteo I can spell it out as post-e-o which is a lot easier than t-u-t-a-n-o-t-a
     
  4. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,227
    I had to laugh when you said tutte means tit in Swedish, I can imagine the scenario.
    Having said that, some years ago one of my work collegues, who had me in his contact list told me his wife took issue with it because my email address was myname@hotmail.com
    She misread it as, "hot male" dot com and accused him of joining gay porn sites! :argh:
     
  5. klarm

    klarm Registered Member

    Joined:
    Apr 7, 2012
    Posts:
    45
    Location:
    europe
    what about startmail guys?
    didn't see that mentioned. are they bad in some way?
     
  6. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    89
    https://www.startmail.com/en/privacy/
    They mention absolutely nothing about whether or not they can access your emails. Also, they are ~6 times more expensive than Posteo.
     
  7. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,197
    Yes, and even easier is mailbox.org as in https://mailbox.org/en/. It's an excellent alternative to posteo.de. I've been using it for several years.
     
  8. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    89
    Yes I considered those at first, but from what I could gather from their site they can access your emails if they want to. Posteo can't access your emails at all if you've encrypted your inbox.
     
  9. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,197
    Neither can mailbox.org.
     
  10. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,262
    There're some old info. Protonmail don't require 2 passwords anymore tho you can still use 2 passwd if want.
    I saw someone in Malwaretips said Tutanota uses AES128, but it's long time since they pushed change to AES256 tho their official page still says it uses AES128.
    (IMO, AES128 is secure enough in foreseeable furure, don't be too scared by quantum computer)
    Another web site says (but with caveat) registering Proton requires GSM phone number, but it's not true and unlike the caveat, using CAPTCHA should not be much problem.

    I'll highlight diff btwn Proton & Tutanota.

    Proton:
    While web app is opensource, their mobile apps are still closed source(!!). There's no ETA about open sourcing.

    They follow OpenPGP standard so there're more eyes to monitor vulnerability. Attachments & contacts are also encrypted.

    They have bug bounty program tho ammount is a little. It seems they're more constantly scrutinized.

    They have option to choose RSA4096, so you'll be safe even after 2030. I know 12 years is almost eternity in IT and am sure Tutanota will change their RSA2048 key until then.

    Their Android app requires more permission than Tutanota, especially it requires Sticky broadcast which is deprecated and not recommended. I hope they don't include ANY sensitive info in the broadcast. IDK why they still use it, bit concerning.

    Their mobile apps allow you to put PIN protection.

    You can view authentication log (login succeeded or failed, etc.) if you enabled it, tho potentially have privacy concern.

    They offer ProtonVPN, but free plan is very limited.

    They plan to add option to contain others' public key in contacts. IDK if it means we can communicate to other PGP user.


    Tutanota:
    Full OSS

    They reinvented the wheel. While it enables them to encrypt subject line which is not ecrypted in Proton, it also introduced vuln in past (it seems a link to the vuln is dead?).

    They were audited by Syss Gmbh in 2011, but it's not clear if they're constantly audited.

    They offer FIDO U2F as a 2FA which is the most secure 2FA method. Their mobile app currently doesn't support 2FA but it's planned.

    They seems to have stringent password policy not to allow user to use weak passwd.

    They plan to add encrypted calender, storage, etc.
     
    Last edited: Jan 12, 2018
  11. netbook0tr

    netbook0tr Registered Member

    Joined:
    Nov 7, 2010
    Posts:
    24
    Location:
    england
    I used ProtonMail and MailBox in the past but I am now using Tutanota.
     
  12. ZMsiXone

    ZMsiXone Registered Member

    Joined:
    Mar 30, 2017
    Posts:
    33
    Location:
    EUROPE/poland/germany
    i'm using Protonmail. This provider seems to have a quite good reputation and also seems to be very popular.
     
  13. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    293
    Location:
    USA
    I've been using Proton mail (on the desktop only) for about a year, very happy with it so far.
     
Loading...