Nubo as a Proton Replacement?

onyx376@lemmy.ml

Mailbox.org is closed source unfortunately and I believe the Client is too

idkwhatusernametoputherelolol@lemmy.dbzer0.com

Wtf? Then why did PrivacyGuides.org recommended it? I didn't look closely becuase Tuta had a F-Droid client so I just went Tuta (I also heard about them years ago), didn't look at Mailbox.org.

potaytoes@sh.itjust.works

It's obviously not impossible, but you'll find people calling every single private messaging platform honeypots.
I don't recall seeing any convincing proof for Tuta, personally.

onyx376@lemmy.ml

Tuta has already been through some cases linked to German court orders to decrypt emails received in the inbox of alleged criminals, just like any other company that is subject to the legislation of its respective country (I don't know the difference with Proton, which until now I only found out about the delivery of IPs, not the content of the emails themselves, based on Swiss court orders), but I don't believe it is a honeypot because Tuta has clarified the entire issue and still has credibility in the privacy community.

idkwhatusernametoputherelolol@lemmy.dbzer0.com

Nobody knows. They've existed for a while, I haven't heard anything of such claims.

If you want to absolute be safe, only download open source clients complied by yourself (and hope that somebody is constantly looking through the source code for potential backdoors). F-Droid comiles the source for you for the Android client. Encryption is done on the client before sent to servers.

However, if Tuta were secretly evil, they could log IPs and know the email addresses you send/receive to/from. Anything in plaintext will be seen, and you are only relying on their promise to not keep a copy of it. And btw, most of your incoming emails from banks / other websites would be in plaintext, so they could theoreticallt store a plain text version before they encrypt and store it in your mailbox.

But even then, all encrypted emails are safe even if Tuta were a honeypot (which you could never know for sure.

Technically, Proton is the same category, if you compile your clients (and someone constantly checks the code for potential backdoors), then its still safe. People are only pre-emptively moving because they don't feel safe with Proton due to the CEOs comments, and Tuta has never made such political comments.

onyx376@lemmy.ml

AFAIK, Mailbox.org was once open source, but has not very recently become closed source.
PrivacyGuides.org recommends it, as does Tresorit (encrypted cloud storage), for example, which is closed source and is one of the services I use.
Providers that implement encryption, have been audited, have been on the market for years, and have a clean track record of security or privacy scandals, which there aren't many of these types of services these days.
But I personally don't like them and try my best to avoid closed source softwares as well.

sudoer777@lemmy.ml

Mailbox.org works with IMAP so you can use a regular email program

idkwhatusernametoputherelolol@lemmy.dbzer0.com

I mean, if its not encrypted by default, I personally would avoid.

I could always use PGP on top on any provider, encrypted or not, might as well also go with ones that also encrypt by default.

sudoer777@lemmy.ml

From what I see here it can automatically encrypt incoming emails with PGP, which I know Fastmail doesn't have this, and the advantage would be that you get security similar to Protonmail but you're not locked into their clients.

kiuyn@lemmy.ml

People will tell you that everything is a honeypot. In fact, I am a honeypot

kekmacska@lemmy.zip

tuta is legit. there are many dumb people on the internet telling dumb things

hanrahan@slrpnk.net

No, a teapot, and Bertrand Russell wants a word..

yuki@programming.dev

I haven't heard about nubo till now! Probably very few people here have experience with them. Looks promising, but kind of risky since we dont really know if its trustworthy or longstanding

termight@lemmy.ml

Consider this: when you were drawn to Proton, what was it that attracted you? Was it not some aspect of its promise or appeal? And now, as you move away from Proton, is it not the same discriminating mind that drives you to seek out another object of attachment?

refalo@programming.dev

Yes however they have also had servers seized before... I think it's not unrealistic for some to believe they could be compromised after that.

x00z@lemmy.world

It's actually a good question and you're getting a lot of shit for it from people who seem to not even know where this accusation comes from.

https://tuta.com/blog/tutanota-not-a-honeypot

“So, I was briefed on a storefront that was being created or had been created in order to attract targets – criminal targets to this online encrypted service that was being created, in order for them to – the criminals or the targets to use this service in order for intelligence to be collected by the agency that created the storefront. … It’s an online end-to-end encryption service called Tutanota.”

It can be a lie, a mistake, or truth. It can even be a false flag accusation to destroy their reputation. We don't really know.

When looking into this it's good to also know about Tor Mail: https://en.wikipedia.org/wiki/Tor_Mail
There might have been some confusion between Tutanota and Tor Mail.

I don't think anybody here will be able to actually answer it.

getawaywiththis@lemmy.dbzer0.com

After registering I wasn't even able to pay for a sub to check out their offering for myself.
English docs are lacking. I think they are focusing on fr and nl regions.
Support e-mail autoreply also only replies in those languages.
They are really small scale, ~2000 users by their own admission. Which is ok, but if you advertise a service, at least let people pay for it, so they can start using it, however janky it is.