I saw Nubo mentioned in a thread a while back but there were only a few comments. Does anyone use Nubo? What has your experience been like?
Wait for them to be audited. Trusting a company just because they say the right thing is silly.
I know people are up in arms about Andy Yens silly comments, which is fair but, Proton is a proven service.
If your looking for an alternative go for another proven service such as Tuta or Mailbox.org
I heard Tuta is a honeypot. Is this not the case?
It’s actually a good question and you’re getting a lot of shit for it from people who seem to not even know where this accusation comes from.
https://tuta.com/blog/tutanota-not-a-honeypot
“So, I was briefed on a storefront that was being created or had been created in order to attract targets – criminal targets to this online encrypted service that was being created, in order for them to – the criminals or the targets to use this service in order for intelligence to be collected by the agency that created the storefront. … It’s an online end-to-end encryption service called Tutanota.”
It can be a lie, a mistake, or truth. It can even be a false flag accusation to destroy their reputation. We don’t really know.
When looking into this it’s good to also know about Tor Mail: https://en.wikipedia.org/wiki/Tor_Mail
There might have been some confusion between Tutanota and Tor Mail.I don’t think anybody here will be able to actually answer it.
People will tell you that everything is a honeypot. In fact, I am a honeypot
No, a teapot, and Bertrand Russell wants a word…
tuta is legit. there are many dumb people on the internet telling dumb things
It’s obviously not impossible, but you’ll find people calling every single private messaging platform honeypots. I don’t recall seeing any convincing proof for Tuta, personally.
Nobody knows. They’ve existed for a while, I haven’t heard anything of such claims.
If you want to absolute be safe, only download open source clients complied by yourself (and hope that somebody is constantly looking through the source code for potential backdoors). F-Droid comiles the source for you for the Android client. Encryption is done on the client before sent to servers.
However, if Tuta were secretly evil, they could log IPs and know the email addresses you send/receive to/from. Anything in plaintext will be seen, and you are only relying on their promise to not keep a copy of it. And btw, most of your incoming emails from banks / other websites would be in plaintext, so they could theoreticallt store a plain text version before they encrypt and store it in your mailbox.
But even then, all encrypted emails are safe even if Tuta were a honeypot (which you could never know for sure.
Technically, Proton is the same category, if you compile your clients (and someone constantly checks the code for potential backdoors), then its still safe. People are only pre-emptively moving because they don’t feel safe with Proton due to the CEOs comments, and Tuta has never made such political comments.
Tuta has already been through some cases linked to German court orders to decrypt emails received in the inbox of alleged criminals, just like any other company that is subject to the legislation of its respective country (I don’t know the difference with Proton, which until now I only found out about the delivery of IPs, not the content of the emails themselves, based on Swiss court orders), but I don’t believe it is a honeypot because Tuta has clarified the entire issue and still has credibility in the privacy community.
Yes however they have also had servers seized before… I think it’s not unrealistic for some to believe they could be compromised after that.
Consider this: when you were drawn to Proton, what was it that attracted you? Was it not some aspect of its promise or appeal? And now, as you move away from Proton, is it not the same discriminating mind that drives you to seek out another object of attachment?
I haven’t heard about nubo till now! Probably very few people here have experience with them. Looks promising, but kind of risky since we dont really know if its trustworthy or longstanding
The thing I’d look for is encryption by default. I glanced at your link and it did not seem to be encrypted by default, so I don’t like it already. 🤔 Also they block Tor traffic from even seeing their site, kinda annoying when Proton and Tuta both allow Tor traffic, I had to use a non-Tor browser (over VPN) to access it.
https://www.privacyguides.org/en/email/#technology
Privavy Guides .org seems to be what everyone (on Lemmy/Reddit privacy forums) use as a standard guide for privacy.
Basically their recommened besides Proton are:
Tuta
Or Mailbox.org
both seem to be encrypted by default
I can’t seem to find a Mailbox.org client on F-Droid, only Tuta is on F-Droid. So I personally choose Tuta with custom domains. You’ll want custom domains to be able to mvoe providers easily.
Im using Mailbox with K-9 Mail or Thunderbird.
Mailbox.org is closed source unfortunately and I believe the Client is too
Wtf? Then why did PrivacyGuides.org recommended it? 🤔 I didn’t look closely becuase Tuta had a F-Droid client so I just went Tuta (I also heard about them years ago), didn’t look at Mailbox.org.
Mailbox.org works with IMAP so you can use a regular email program. The mailbox is not encrypted by default but I saw that there’s an option to enable it involving PGP keys.
I mean, if its not encrypted by default, I personally would avoid.
I could always use PGP on top on any provider, encrypted or not, might as well also go with ones that also encrypt by default.
From what I see here it can automatically encrypt incoming emails with PGP, which I know Fastmail doesn’t have this, and the advantage would be that you get security similar to Protonmail but you’re not locked into their clients.
AFAIK, Mailbox.org was once open source, but has not very recently become closed source. PrivacyGuides.org recommends it, as does Tresorit (encrypted cloud storage), for example, which is closed source and is one of the services I use. Providers that implement encryption, have been audited, have been on the market for years, and have a clean track record of security or privacy scandals, which there aren’t many of these types of services these days. But I personally don’t like them and try my best to avoid closed source softwares as well.
In conclusion, PrivacyGuides mostly recommends open source software but also recommends some that are not based on their features, reputation, security and maturity.
Seems like it is only for Europeans (and possibly even excluding non-EU citizens)? I have been using Zoho (free account) for many years (since I got rid of GMail) and while not explicitly privacy-focused they are not a data collection operation like Google/Alphabet or Meta. They make their money through providing paid accounts to businesses (competing with Google Suite). I have been very satisfied with them. They provide very good 2FA options and apps and I also use their WorkDrive (previously Docs) and Notebook.
Removed by mod
