Please explain to me how Fastmail is more secure if you can easily set up any client without encryption? Or am I missing something? And when Fastmail sends or receives email, isn’t it also sent in plain text because of the SMTP protocol anyway?
Comment on YouTube deleting videos documenting Israeli human rights violations
isVeryLoud@lemmy.ca 4 days agoI migrated off of Proton Mail, they have no way to access your calendar from outside Proton’s apps and web services, you can’t access Proton Drive on Linux (and the workarounds never worked for me), and you need to keep running their decryptor tool if you want to use an email client other than their mail client.
Email is inherently insecure, zero knowledge encryption is worth nothing when 99% of your emails are being sent and received in plaintext. I’m on Fastmail now.
cyborganism@lemmy.ca 3 days ago
PlexSheep@infosec.pub 3 days ago
IMAP and SMTP, the protocols mainly used for emails besides whatever weird shit Microsoft is doing, nowadays all have variants going through a TLS encrypted session like HTTPS.
That doesn’t change the fact that email is not up to the task of modern secure communication (TLS is not end to end encryption for example, and smime and pgp are super user unfriendly and have their own weirdnesses), but makes it better at least.
isVeryLoud@lemmy.ca 3 days ago
It’s not. Proton’s “security” is basically pointless and induces a huge hassle if you’d like to use anything else than the web client.
As you said, both Proton and any other mail client send mail in plain text over SMTP unless encrypted using PGP/GPG.
Fastmail is just a much nicer email provider IMO, and I can consume emails / calendar / files using third party clients. There’s also Tuta and other mail clients, I’m just warning you to maybe steer clear of Proton unless you intend to use Proton-specific features.
Ideally, I’d pick an email provider with data sovereignty in Canada, but short of self-hosting (which isn’t a great idea with email), there are basically no decent options.
cyborganism@lemmy.ca 3 days ago
I’m already migrating all my shit to Proton and it’s fine for me, so I won’t change providers again unless something really bad happens.
Also, data sovereignty in Canada isn’t much better than in the U.S. I’d rather have my stuff stored in a place with better privacy rights than Canada.
isVeryLoud@lemmy.ca 3 days ago
Fair enough, YMMV, and yeah I would probably prefer my data in Europe rather than Canada, but Canada is a good start.
NauticalNoodle@lemmy.ml 3 days ago
I often find the need for Proton’s encrypted email to be sonewhat dubious when Proton can’t (or won’t) fight secret court orders to collect logs on users.
isVeryLoud@lemmy.ca 3 days ago
Agreed, and these rarely come anyway because most of the time, the US courts can simply subpoena Google or Microsoft for access to the interlocutor’s sent and received emails, this only really occurs with Proton to Proton communication, which I have personally never done as no one I know uses Protonmail.
Bref, better off just GPG signing and encrypting your emails and using a different provider. US courts can’t decrypt your mail more just because they subpoena’d it