• blank_sl8
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    3 years ago

    But without the key feature of Protonmail, e2e encryption at rest. Almost all protonmail alternatives (tutanota being the exception) talk about “privacy” but don’t actually take this critical step.

    If posteo is served a warrant or whatnot in whichever country it’s based, do you really think they’ll do anything differently than Protonmail anyway?

    EDIT: I stand corrected. Posteo does in fact support encryption at rest (though I think it’s disabled by default): https://posteo.de/en/site/encryption#cryptomailstorage

    • ysu
      link
      fedilink
      arrow-up
      1
      ·
      3 years ago

      Protonmail only has e2e if you email another protonmail email. It’s impossible to have it across domains, if you actually care about security just use pgp.

      • blank_sl8
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        3 years ago

        Correct me if I’m wrong, but I believe Protonmail stores emails encrypted on disk. So yes, Protonmail could store the unencrypted messages as they arrive, but as long as they don’t have a warrant at the time the message is received, they can’t access it later.

    • Graveyard Leprechaun
      link
      fedilink
      arrow-up
      1
      ·
      3 years ago

      I cannot ask any mail service to break the law (and jeopardize their own families, businesses, etc) just to protect my data. If Posteo is legally served a warrant, I expect them to comply with the legally authorized authorities. HOWEVER, all they can turn over is my encrypted data, because my account is set to automatically encrypt all saved data. Period. If the authorities want to waste their time and energy trying to decrypt that data (of which, only I posses the encryption keys), then have at it - they’ll be super disappointed (and really bored) by whatever they find, but whatever.