At the core, google and other companies sell your data for advertisements, at best, at worst they're sending it all the NSA or some other black box.<p>I recommend everyone BUY A DOMAIN. Then switch providers. you can always switch with your own domain.<p>The select a provider based on thier offering be it protonmail, fastmail (shameless plug), or others
On a related note, DuckDuckGo's growth trajectory is amazing:<p><a href="https://duckduckgo.com/traffic" rel="nofollow">https://duckduckgo.com/traffic</a><p>Maybe a desire for privacy is driving this. Or maybe Google's increasing bias, or ad saturation, or AMP, or something else...
I don't trust Proton Mail.<p>There's nothing stopping them from sending your browser Javascript that completely compromises your keys.<p>They've admitted as much when I asked them about this years ago.
I see people discussing different alternatives, but for me there are very few viable solutions that would be nearly as good as gmail. And actually I don't like it this way. I hate to use the m word here, but it's kind of monopolistic for me.<p>And seriously, this is an email period it was invented how many decades ago? It should be easy to have something that works very well with offerings from multiple providers.<p>As you dig deeper, there are a lot of little details that give Google the advantage. I'm not expert enough to describe all of them in detail, but certainly part of it is we have big players who are dominant on Android and Apple making it difficult for small players to catch up. We also have, as one person pointed out, blacklists and not being easy to get around that with other providers because Google is so dominant in this space too.
There is one rather ugly privacy threat that I seldom see discussed even on HN.<p>The spam fighting services. First of all, I'm not sure whether they are being run locally on the mail servers or maybe the mail servers forward our emails body to a third party anti-spam service to get a "spam score".<p>And secondly, after being assigned a "spam score" a part of your email may end up in the headers as "X-something" where the anti-spam service describes why it didn't like your email. And we know that many 3-letter agencies collect as much email metadata (e.g. headers) as they can sniff out. So, you should know that the first X bytes of your unencrypted emails are less private than the remaining part, because they can be part of the metadata.
I see that Lavabit also reopened as an email service (they famously shut down rather than release the SSL keys for Snowden to US intelligence agencies[1]).<p><a href="https://en.wikipedia.org/wiki/Lavabit#Connection_to_Edward_Snowden" rel="nofollow">https://en.wikipedia.org/wiki/Lavabit#Connection_to_Edward_S...</a>
> The number of Google searches in all languages for privacy-focused Gmail alternatives<p>The irony here. I wonder if the number of people searching for Google search alternatives on Google is up as well?
anyone in a FVEYs, or 14EYs, or 22EYs country should use Yandex mail. hosted in Moscow.<p>FBI cant issue an NSL to read every email you sent or received to construct your patterns of life to more easily parellel construct you or blackmail/coerce you into compliance.<p>even NSA has to tread lightly, and cant just casually feed your emails into XKEYSCORE, because if they get caught, then Yandex with the assistance of FSB will kick out NSA and/or hack back or retaliate with active measures. so NSA would only risk blowing their Yandex collection for very high National Priority targets. not you.<p>in a sense, the smartest surveillance evasion tactic is to hide in the fog of cyber war between the Nation States. if you're not Baghdadi or Carter Page, you wont have to worry as much.<p>plus, Yandex mail is better than gmail. Yandex is what gmail was 10 years ago--simple UI, no bloat, no ads, no spam, no BS. Yandex has a mobile email app too. better, you can host your private DNS on Yandex, then use Yandex for your private domain's emails.<p>and unlike Google, who is probably selling your info about you from your emails to an ecosystems of ad spammers and "database of ruin" analytics spy companies, Yandex is not. thanks to US sanctions on Russia, your data is effectively siloed off from the US market.<p>finally, consider the Shadowbroker hacker used Yandex to leak the stolen NSA EQGRP files. has the Shadowbroker been caught? nope. Yandex security looks better than anyone else's.<p>we live in interesting times, when Russia is now a safer place to store your data than the US. the world has gone mad.
My problem with ProtonMail is their requirement to use their bridge software for 3rd party mail apps and their requirement to use only their mobile application.<p>I get the limitation because of the encryption, but I wish I can just turn off the encryption for specific apps. I don’t need my mail encrypted in flight, I just don’t want it sitting on Google servers. For that ProtonMail is overkill.
I wasted a good bit of time looking through their page to see if ProtonMail bridge would work with arbitrary tools like offlineimap and found it nowhere there so for anyone else with the same question. It appears it does.<p><a href="https://spaceandtim.es/code/protonmail_mutt/" rel="nofollow">https://spaceandtim.es/code/protonmail_mutt/</a>
What is the real appetite for privacy? It's talked about a lot and I believe in it personally. Everyone I talk to says it is important to them but are totally uninterested even in modifying settings with existing providers let alone changing. There is a very strong disconnect between what people say and do on privacy.
Unfortunately it's rather hard to open an account on Proton Mail, probably for reasons of fighting spam, but it still doesn't help. They e.g. require already existing email, which defeats part of the purpose.
Services like Proton do a good job of keeping the body of the email private, but is there anything they can do about protecting the header information?<p>Metadata can reveal a great deal.
Mine has been working out well for the past, I don't know, close to 10 years: exim4 + dovecot running on Debian. I'm the only one with access to the OS, software, and data, and TLS works, so I'm pretty confident that it's at least as or more private than any hosted solution. It feels weird that self-hosting is seen as such an outlier case these days, but it's not difficult to set up and maintain.
I barely use email anymore, and I don't really use any chat apps.<p>I think about moving off Gmail, but 99% of my emails are from retailers I shop with.<p>Newsletters are now RSS, email with humans.. doesn't happen much, etc etc.<p>Business emails are not very interesting -- we use secure methods to share info when needed.<p>Email is.. to me personally, not very important anymore.<p>(I show up to my accountant's office to sign things.. I keep looking for something that I need to secure.)
Perhaps a bit off topic, but I created a service that at least hides your real email address when signing up to services.<p>Its not a new idea, but I wanted to build something mostly for myself. So it is rudimental, but works.<p><a href="https://mailphantom.com/" rel="nofollow">https://mailphantom.com/</a>
Unfortunately with encrypted mail like ProtonMail you can't setup email filters that act on the contents of the email; only the headers. This makes it harder to keep organised and fight unwanted mail so I've gone with fastmail