I’m trying to get rid of my Google dependency and one of those steps was moving over to Protonmail. Now in the past few days i have been picking up signals that even Protonmail is not as clean as it might be.

Does this really impact the privacy of how i use email and so is moving to Protonmail a step forward from Google, or is Protonmail just as bad?

If so, what could be alternatives?


edit:

Some of the alternatives being mentioned in the comments are:

Email:

VPN:

edit 2 (2023):

There seems to be some new activity around this post. At the time of writing the post (2 years ago) there were some stories going as user @UnfortunateShort described in their comment. This made me question the best options available at that moment. Currently i am still a Proton user, using their Mail and Calendar service, and Mullvad for VPN.

  • ghost_laptop
    link
    fedilink
    arrow-up
    2
    ·
    4 years ago

    Yes, I know you were referring to that case.

    This is from the exact article in German you cited at the end:

    [Update, Nov. 30, 12 p.m.] As Tutanota emphasized, the monitoring measure only affects newly incoming unencrypted emails. The company cannot decrypt data that is already encrypted, as well as end-to-end encrypted emails in Tutanota. [Update.]

    Besides Tutanota, some other providers also store all incoming mail in encrypted form. At Protonmail it is also standard, Posteo and Mailbox.org offer encryption as an option. Tutanota provides an overview of the number of requests from authorities in its transparency report.

    • dengismceo
      link
      fedilink
      arrow-up
      1
      ·
      4 years ago

      you write as if you’re correcting me (first comment began with “no”, second citing what i already stated) but i said nothing in contradiction - already encrypted emails won’t be unencrypted. i did not state otherwise.

      • ghost_laptop
        link
        fedilink
        arrow-up
        1
        ·
        4 years ago

        It doesn’t say that, it says:

        As Tutanota emphasized, the monitoring measure only affects newly incoming unencrypted emails.

        This means only e-mails received after the the monitoring declared by the court was approved which are not encrypted will be sent to them. This is reinforced by the following sentence:

        The company cannot decrypt data that is already encrypted,

        Meaning they can’t do anything with old, encrypted e-mails.

        as well as **end-to-end encrypted emails ** in Tutanota.

        Meaning new encrypted e-mails.

        • dengismceo
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          4 years ago

          i understood but i now see i wasn’t clear enough in my original comment. sometimes i omit things for sake of clarity but it seems i omitted too much in this case. it was not my intention to imply that all incoming emails, regardless of encryption status, would be unencrypted.

          • ghost_laptop
            link
            fedilink
            arrow-up
            2
            ·
            4 years ago

            No problem, it’s just I had this exact same discussion in a Privacy Tools issue and I was sure I knew what I was talking about, also I don’t to say X service has been compromised.