[ahje]

While you're absolutely right, details that are sensitive in nature should be encrypted using end-to-end encryption. Otherwise you won't be safe regardless of email provider, as the other correspondents will often be using a US email provider anyway.

If your threat model includes an actual threat from organizations like the NSA, then I'd say you have bigger problems than the choice of email provider.

EDIT: I self host.

[brongondwana]

Interestingly, as a self-hoster your email is much more prone to metadata analysis than anybody who is hosted at one of the big providers and has most of their email transferred to other big providers down TLS-protected port 25 streams.

[ahje]

Absolutely! Everyone has their own usage case, and one has to adapt accordingly -- even me! :)

My point was that simply selecting an email provider outside the US does not make email safe in any way and that end-to-end encryption is the only way to prevent providers from accessing the content.

[brongondwana]

Absolutely. Our argument (and to be fair, we are a provider) is that if you don't trust your provider then they're basically just a dumb blob transit pipeline. There's not much value add you can do there.

So we have focused on building the best thing we can for people who _do_ trust their provider, and also on having a business model which means that we can be a trustworthy provider because we have no secondary "customer" who is actually paying the bills. We don't have split loyalties.

[lsh]

This would be a privacy Vs anonymity tradeoff, right?

[bunderbunder]

They're not cleanly separable. You can tell a lot about a person by simply looking at what's written on the outsides of the envelopes in their mail. No need to actually open them up and read the insides.

[bonestamp2]

Agreed. Anonymity and privacy come from lots of little actions, none of which provide much value on their own.

For example, our return mail address labels don't have our names on them... and I use them on the back of the envelope to seal the envelope.

Our trash and recycling is emptied into our bins loose, so all our trash is not isolated to its own bags, it mingles with the rest of the trash.

Neither of these provide a lot of value on their own, but they're easy to do and provide a little value.

[your-nanny]

would you expand on this please?

[ahje]

Quite simple: If someone were to sniff the encrypted traffic between Hotmail and Gmail then they wouldn't have any idea who was talking to whom.

If someone sniffs the traffic between Hotmail and my server, it's trivial to see that a Hotmail user talked to me or one of the few others using my email server.