EmailDiscussions.com - View Single Post - Question: will you move to a privacy email following the uptrend?

emoore · 5 Jul 2022, 03:18 AM

To answer the original question, no. I don't see any practical way to significantly increase my privacy. If you search for email providers that support privacy they're really offering better security, not privacy. Not the same thing.

All of the talk about a email provider being based in a nation that is part of 4 or 5 or 12 eyes or court orders or what is logged misses the point. If a nation state wants your mail they will get it one way or another. I mainly worry about data brokers (my ISP for example tries to sell everything they can to data brokers).

I don't use gmail but they're so widely popular that doesn't help much. Mozilla promotes privacy but even they encourage their employees to use google workspace for email. https://arstechnica.com/gadgets/2022...ing-for-users/ (Google Workspace to strip privacy control from admins, re-enable tracking)

I'm using Thunderbird version 102 where its easy to configure OpenPGP. But none of my friends or anybody else I correspond with is willing to configure OpenPGP. Doctors, lawyers, banks, brokers etc. all seem to insist you use their private webmail based secure messaging systems for anything sensitive. If I was exchanging email with somebody who uses Protonmail I'd think about using their public key server. But the OpenPGP support in Thunderbird (easy as it is to use) still prioritizes security too much over ease of use. If I search my messages it will ignore the contents and possibly even the Subject (depends if the sender encrypted the Subject) of any encrypted messages. It won't let me export a decrypted copy of the message. So it becomes awkward to use E2E by default as it disrupts my work flow too much.

I can't easily find out if any mail I receive was only sent over encrypted connections between each server. I'd have to look at all of the Received: headers in the raw message source. Not do I have a easy way to determine if any message I'm going to send will only go over encrypted connections. There was a nice add-on called paranoia that used to let me easily see that information but its based on XPCOM/XUL so it requires a complete rewrite to support the WebExtension API version 78 and later uses.

5 Jul 2022, 03:18 AM	#12
emoore Essential Contributor Join Date: Apr 2002 Posts: 280	To answer the original question, no. I don't see any practical way to significantly increase my privacy. If you search for email providers that support privacy they're really offering better security, not privacy. Not the same thing. All of the talk about a email provider being based in a nation that is part of 4 or 5 or 12 eyes or court orders or what is logged misses the point. If a nation state wants your mail they will get it one way or another. I mainly worry about data brokers (my ISP for example tries to sell everything they can to data brokers). I don't use gmail but they're so widely popular that doesn't help much. Mozilla promotes privacy but even they encourage their employees to use google workspace for email. https://arstechnica.com/gadgets/2022...ing-for-users/ (Google Workspace to strip privacy control from admins, re-enable tracking) I'm using Thunderbird version 102 where its easy to configure OpenPGP. But none of my friends or anybody else I correspond with is willing to configure OpenPGP. Doctors, lawyers, banks, brokers etc. all seem to insist you use their private webmail based secure messaging systems for anything sensitive. If I was exchanging email with somebody who uses Protonmail I'd think about using their public key server. But the OpenPGP support in Thunderbird (easy as it is to use) still prioritizes security too much over ease of use. If I search my messages it will ignore the contents and possibly even the Subject (depends if the sender encrypted the Subject) of any encrypted messages. It won't let me export a decrypted copy of the message. So it becomes awkward to use E2E by default as it disrupts my work flow too much. I can't easily find out if any mail I receive was only sent over encrypted connections between each server. I'd have to look at all of the Received: headers in the raw message source. Not do I have a easy way to determine if any message I'm going to send will only go over encrypted connections. There was a nice add-on called paranoia that used to let me easily see that information but its based on XPCOM/XUL so it requires a complete rewrite to support the WebExtension API version 78 and later uses.