Privacy

35633 readers

1176 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Is Tuta a good alternative to gmail? (slrpnk.net)

submitted 18 hours ago by [email protected] to c/[email protected]

59 comments fedilink hide all child comments

I've been looking to switch from gmail to a different email provider that's more private. I've been hearing about Tuta, are there any drawbacks to it? Are there better options?

For a while I was planning on making the switch to protonmail but that's off the table now due to the recent events surrounding them.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 4 points 9 hours ago* (last edited 8 hours ago) (1 children)

Tuta's product is snake oil.

A cryptosystem is incoherent if its implementation is distributed by the same entity which it purports to secure against.

If you don't care about their (nonstandard, incompatible, and snake oil) end-to-end encryption feature and just want a freemium email provider which (purports to) protect your privacy in other ways, the fact that their flagship feature is snake oil should still be a red flag.

[–] [email protected] 2 points 6 hours ago (1 children)

Is there anything about Startmail (company that does Startpage.com) that is worth avoiding? I've never paid for mail but if it's solid and avoids Google I might.

[–] [email protected] 4 points 6 hours ago (1 children)

StartPage/StartMail is owned by an adtech company who's website boasts that they "develop & grow our suite of privacy-focused products, and deliver high-intent customers to our advertising partners" 🤔

They have a whitepaper which actually does a good job explaining how end-to-end encryption in a web browser (as Tuta, Protonmail, and others do) can be circumvented by a malicious server:

The malleability of the JavaScript runtime environment means that auditing the future security of a piece of JavaScript code is impossible: The server providing the JavaScript could easily place a backdoor in the code, or the code could be modified at runtime through another script. This requires users to place the same measure of trust in the server providing the JavaScript as they would need to do with server-side handling of cryptography.

However (i am not making this up!) they hilariously use this analysis to justify having implemented server-side OpenPGP instead 🤡

[–] [email protected] 4 points 2 hours ago

Wow, that is very disappointing. I had started using startpage as a Google alternative. While it still may be preferable to Google specifically, their mail product is definitely out.