Is Tuta a good alternative to gmail?
-
I've been looking to switch from gmail to a different email provider that's more private. I've been hearing about Tuta, are there any drawbacks to it? Are there better options?
For a while I was planning on making the switch to protonmail but that's off the table now due to the recent events surrounding them.
-
StartPage/StartMail is owned by an adtech company who's website boasts that they "develop & grow our suite of privacy-focused products, and deliver high-intent customers to our advertising partners"
They have a whitepaper which actually does a good job explaining how end-to-end encryption in a web browser (as Tuta, Protonmail, and others do) can be circumvented by a malicious server:
The malleability of the JavaScript runtime environment means that auditing the future security of a piece of JavaScript code is impossible: The server providing the JavaScript could easily place a backdoor in the code, or the code could be modified at runtime through another script. This requires users to place the same measure of trust in the server providing the JavaScript as they would need to do with server-side handling of cryptography.
However (i am not making this up!) they hilariously use this analysis to justify having implemented server-side OpenPGP instead
Wow, that is very disappointing. I had started using startpage as a Google alternative. While it still may be preferable to Google specifically, their mail product is definitely out.
-
No single organization should be trusted. "Emails paint an intimate narrative of ourselves — the people we talk to, the books we read, the politics we practice. This information is powerful. When we lose control over it, it can do great harm to ourselves and our loved ones." https://ideas.ted.com/why-we-should-all-care-about-encryption-really/
-
What’s the practical takeaway here? Just don’t have an email basically
@[email protected] The takeaway here is not "don't use email at all." You can employ OpenPGP, and encrypt your emails. Also, host your own keys. Perhaps don’t allow a single corporation to have your private key and access to your encrypted messages simultaneously.
-
Tuta was involved in a Canadian spy case, where in court it was alleged to be a front for an EU Intelligence Agency. Cameron Ortis was the counterintelligence spy on trial. https://gizmodo.com/tuta-email-denies-connection-to-intelligence-services-1851022465 and lots more if one does a search. I know I wouldn't use them, so you've been warned.
Ortis has claimed that some unnamed Five Eyes foreign agent introduced him to the honeypot operation and that he didn’t notify his superiors at the RCMP about it.
How can you trust an unnamed intelligence officer though? For all we know, they might have an actual honeypot competing against Tuta and want to gain marketshare.
After all, intelligence agencies are guaranteed to be the first one's who discovered Ortis was selling secret information. Might as well give him fake information to spread around and make criminals doubt any previous information sold by him.
-
Thunderbird/Betterbird?
I should re-iterate I download the emails to use in an offline client. Their service doesn't support third party clients to receive and send email.
When I do taxes, I need to search thousands of emails for receipts and the tuta apps make this impossible. This is my workaround.
-
I should re-iterate I download the emails to use in an offline client. Their service doesn't support third party clients to receive and send email.
When I do taxes, I need to search thousands of emails for receipts and the tuta apps make this impossible. This is my workaround.
Right, so I'm wondering what client that is.
-
Take control of your data. Host your own email or use a provider that cares about your privacy.
We talk about this so often in privacy communities because, although emails are particularly difficult to secure, they're so important. Swapping your email provider or hosting your own is so easy to say and so hard to do, but so worth doing. I would suggest taking some steps towards FLOSS/FOSS and other privacy-friendly options in other areas first to get used to the idea of change and some of the difficulties you'll handle in that realm
-
I've been looking to switch from gmail to a different email provider that's more private. I've been hearing about Tuta, are there any drawbacks to it? Are there better options?
For a while I was planning on making the switch to protonmail but that's off the table now due to the recent events surrounding them.
What did proton do wrong? Legit question, I'm out of the loop.
-
What did proton do wrong? Legit question, I'm out of the loop.
Nothing. It's just FUD.
Here's an article about it: https://medium.com/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e
Even if the CEO did support the orange turd, I would personally still be able to separate his personal opinion from what the non profit is doing.
-
I've been looking to switch from gmail to a different email provider that's more private. I've been hearing about Tuta, are there any drawbacks to it? Are there better options?
For a while I was planning on making the switch to protonmail but that's off the table now due to the recent events surrounding them.
-
Tuta and Posteo are both pretty excellent (posteo is cheaper, but has a few less options that might be a deal breaker if you need them, like custom domain support).
Disroot is a good free option, and they offer custom domains after a one time donation.
Mailbox is okay, though they are known to have a very odd 2fa, and will recycle your address if you ever stop paying, allowing others to claim it and potentially impersonate you.
Posteo is unique in that they'll never delete your account for inactivity, or even if you stop paying, where they'll let you access and read emails, but not let you send them until you pay again.
Mailbox.org beta offers regular 2FA setup via authenticator. I've been using it for months and I'm yet to run into any issues.
In general, I've been with MBO for almost a year and I'm happy with the service. You basically get a complete replacement for the google suite which you can use via your app(s) of choice.
-
Mailbox.org beta offers regular 2FA setup via authenticator. I've been using it for months and I'm yet to run into any issues.
In general, I've been with MBO for almost a year and I'm happy with the service. You basically get a complete replacement for the google suite which you can use via your app(s) of choice.
Glad to hear they're improving the 2FA! I did forget about their office suite and file storage ability, which does set them apart from all except Proton.
-
I've been looking to switch from gmail to a different email provider that's more private. I've been hearing about Tuta, are there any drawbacks to it? Are there better options?
For a while I was planning on making the switch to protonmail but that's off the table now due to the recent events surrounding them.
If you don’t want to run your own mail server then there will always be a trade off somewhere. That trade off could be high costs to pay a tech firm to run a private mail server for you, could be lack of features, could be privacy, could be a lot of things. Even with your own mail server there will be trade offs around security etc. depending upon your skillset.
Personally, I have a hybrid approach.
- Business is on a mail server
- Personal with sensitive data (health, bills, etc.) is on a mail server
- Personal - subscriptions, newsletters, etc. is on Proton
- Everything else is on Gmail
I also have other accounts (e.g. DDG, Apple Mail, for specific use cases, but I forward the content I receive there into Gmail.
I’ve had a look at Tuta and haven’t seen enough to convince me to move anything there. I’m not going to move my mail servers to a cloud provider, Gmail is there because the address is 20 years’ old and I can’t be bothered updating everywhere that it’s used, and Proton has been great for years, has grown well, and has a corporate mission that I agree with. DDG, Apple Mail etc. is what the internet sees of me - They generate unique email addresses and then I forward the content I want into Gmail, or sometimes Proton.
-
Nothing. It's just FUD.
Here's an article about it: https://medium.com/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e
Even if the CEO did support the orange turd, I would personally still be able to separate his personal opinion from what the non profit is doing.
That was informative, thanks.
I agree with you, I would be extremely surprised if the Proton CEO supported Trump.. I would say very unlikely.
-
I'm using Tuta and their app for a few years now. The app was slow indeed but it's good now, no problems so far. Lack of IMAP support is justified with security, they say. I personaly don't need IMAP as I'm completely satisfied with the app, which is available officially in f-droid btw.
yk, fair enough. if you like it, that’s fine by me
-
Right, so I'm wondering what client that is.
My bad. Its been a while, but Thunderbird at one point. If I remember right there was an update relatively recently that made it much more difficult to import offline emails, so if you find a better alternative let me know.
-
My bad. Its been a while, but Thunderbird at one point. If I remember right there was an update relatively recently that made it much more difficult to import offline emails, so if you find a better alternative let me know.
Hmm, I wonder if Betterbird has solved that problem... I've actually only ever used webmail as I didn't understand the benefit of a desktop platform—until these (increasingly) privacy-invasive times!
-
Nothing. It's just FUD.
Here's an article about it: https://medium.com/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e
Even if the CEO did support the orange turd, I would personally still be able to separate his personal opinion from what the non profit is doing.
Great source, thanks
-
It's not Tuta but I adore Fastmail.
No BS. No gimmicks. Just privacy aware, protocol conformant E-mail at a reasonable price.
5€/month for email?
