[rexreed]

Am I a weirdo for using POP mail on an Android? I don't trust any third party with storing my email. Is there a reason why I should move to IMAP?

I mean I know the technical reasons. But it says on the FairEmail page: "FairEmail might be for you if you value your privacy." and also says "works with virtually all email providers, including Gmail, Outlook and Yahoo!"

For me, privacy is more than what's on the client - the server matters too. POP has seemed to work for me for 25+ yrs.

[deckard1]

If you don't trust Google to store your email, I have bad news for you.

You will never escape having some of your email stored on Gmail servers. Most people you email are using a gmail address, whether direct or via forwarding.

End-to-end encryption is your only true ally. In this regard, email is hopeless. I personally feel that all these privacy mechanisms on top of email are a) hopelessly pointless and b) give people false comfort. They do more harm than good. It would be better if people saw email as a plaintext, insecure protocol and treated it that way at all times. Just imagine whatever you write in an email is the same as a message you send out to the world on Twitter. Doing it this way ensures you never send a message you will regret and will guarantee your protection rather than the security theater of privacy mechanisms layered on top of a fundamentally broken protocol.

[upofadown]

There is nothing particularly insecure about encrypted email these days. The network stuff is all TLS protected. Pretty much the same as encrypted XMPP. There is nothing broken about SMTP.

[t0astbread]

You're absolutely right but unfortunately, my biggest use-case for email is still sending my own personal data to businesses I (more or less) have to interact with that don't offer an alternative.

Also, I'm not sure most email users know what a "plaintext, insecure protocol" is and what it would imply.

[flopunctro]

IMAP is not an email provider, it's just another protocol for reading your mail. It is the successor of POP3, having several key improvements. Somewhat like HTTP2 is to HTTP.

If both your email provider and your client (aka mail reading software) support it, there really is no reason to use POP instead of IMAP.

[rexreed]

Yes, I'm aware of IMAP as a protocol. My point has to do with the location and trust. I need to be able to trust the server as a point of mail storage.

While I agree that POP still uses the server as a go-between, at least the mail doesn't reside on POP servers forever. Whereas with IMAP, if I have 25+ years of email I'd like to be able to view and archive and search, all of that has to sit at the server rather than at the client.

[jedberg]

> at least the mail doesn't reside on POP servers forever.

That's very dependent on the POP server. The protocol only tells the server that it is allowed to delete the message, not that it must.

I'm pretty sure if you use POP on gmail it just does an "archive" on the backend and the mail is still there, for example.

[t0astbread]

I'm not at all educated on POP/IMAP but I always thought the deletion thing with POP was just by convention and there's nothing in IMAP preventing you from doing the same there.

getmail supports deletion as an IMAP client, for example.

[sokoloff]

The convenience of having the same view (via IMAP) of my email from multiple devices is worthwhile for me. It also makes supporting my parents from hundreds of miles away much easier when they are on IMAP vs when I had them on POP3 before. "Mom, your email is also on your phone, your laptop, your desktop, and on Dad's computer. It's all the same."

I already trust my provider to handle my email once; there doesn't seem to be a vastly larger trust requirement on my part for them to handle it multiple times. (And epsilon additional privacy concern.)

[lisper]

If you don't trust your provider then POP won't help you because you can't trust them not to keep copies. The only solution is to run your own SMTP server, at which point you might as well use IMAP.

[rexreed]

I'm in control of my server (host) which is a shared-hosting account. While it is possible for them to store copies of the email, it is much more cumbersome for them to do that than if I just had my entire IMAP store residing on their server. For POP copies to work, they would have to purposefully copy and store all the email, whereas with IMAP they would just need to query the data store.

[lisper]

Ah, so you do trust them. You trust that they are too lazy to take the initiative to keep a copy, but merely untrustworthy enough that they might sneak a peek if they can do so without having to put forth even the minor effort of making backups of the spool directories.

Fair enough, but that strikes me as a very odd risk posture to take. Either your email privacy is valuable to you, in which case I would think you would want to protect it against non-lazy people as well, or it isn't, in which case what difference does it make?

But it's obviously your call.

[tjoff]

There are tons of situations where not having everything on the server is beneficial.

A hack will barely get them anything, neither a warrant or a bored employee.

Of course any of those situations could result in an active tap that stores everything. But that is orders of magnitude more effort and still doesn't get any history.

Just minimizing the attack surface.

[rexreed]

This is my sentiment exactly. Why should I store decades of email history with an untrusted third party?

[xearl]

FairEmail does support POP3 accounts.