[rootsandstones]

What are some secure alternatives? I changed from gmail to protonmail a year ago thinking it was better.

[input_sh]

There is none. Email is insecure by design and it will always remain that way. Even if you develop something secure (whatever that may be), you still have to communicate with other email providers that are not gonna implement your security features.

GPG is a slight improvement that you can use on top of any provider and it will encrypt the content of emails (and content only, metadata will still be there and even subject lines in certain implementations), but both you and the recipient will have to use it and good luck convincing non-IT people to deal with its absolutely atrocious user experience.

In other words, treat it like a physical mailbox. Good enough for various notifications, useless if you're trying to protect anything valuable in it.

[upofadown]

You can't really just shop for privacy. If it is important you really have to do the encryption using software under your control on the end devices. For email this would involve local email clients supporting OpenPGP or S/MIME.

For a closed group like a business you can simplify things by having a self hosted email server kept in a secure location. Less secure than end to end encrypted email, but then, few things are as secure as E2EE email. It's hard to beat a medium where the encryption can be done completely offline.

[nyolfen]

i think tutanota has a better reputation, but email should be thought of as generally pwned

[normaler]

I tried tutanto last year, coming from self hosted mail. It is terrible.

They only allow interaction via the web site or their apps. The apps are nice. But they act more like an IM client.

The biggest issue i had with it, is that they don't support subfolder. So you only habe one level of E-Mail directories.

I moved to mailbox.org now and it seems fine now.

[jazzyjackson]

log into the same account as your recipient and communicate in the drafts folder xD

[normaler]

I read that pedophile groups used to do that with Gmail.

[pessimizer]

So may groups have done it, from spies to terrorists to secret lovers. It works well. While providers might be constantly combing your drafts for ad suggestions or statistics (unlikely), what brings an email to someone's attention are one or both of the endpoints. I don't think that threats are often actively thinking of the IPs of webmail visitors as endpoints, or recording the order of access in an easy to digest or process manner.

They probably would be if you were targeted, though, but that's what Tor and VPNs are for.

[jazzyjackson]

(just to defend myself of why I heard of this): it was used by General Patraeus during his affair with his biographer.

"The former CIA director used a trick often used by terrorists and teenagers to make e-mails harder to trace, the Associated Press reports."

https://www.cnet.com/tech/services-and-software/petraeus-rep...