this post was submitted on 16 Mar 2025
98 points (95.4% liked)

Privacy

35633 readers
858 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I've been looking to switch from gmail to a different email provider that's more private. I've been hearing about Tuta, are there any drawbacks to it? Are there better options?

For a while I was planning on making the switch to protonmail but that's off the table now due to the recent events surrounding them.

you are viewing a single comment's thread
view the rest of the comments
[–] cypherpunks@lemmy.ml 6 points 14 hours ago* (last edited 13 hours ago) (1 children)

Tuta's product is snake oil.

A cryptosystem is incoherent if its implementation is distributed by the same entity which it purports to secure against.

If you don't care about their (nonstandard, incompatible, and snake oil) end-to-end encryption feature and just want a freemium email provider which (purports to) protect your privacy in other ways, the fact that their flagship feature is snake oil should still be a red flag.

[–] Coldcell@sh.itjust.works 2 points 11 hours ago (1 children)

Is there anything about Startmail (company that does Startpage.com) that is worth avoiding? I've never paid for mail but if it's solid and avoids Google I might.

[–] cypherpunks@lemmy.ml 5 points 11 hours ago (1 children)

StartPage/StartMail is owned by an adtech company who's website boasts that they "develop & grow our suite of privacy-focused products, and deliver high-intent customers to our advertising partners" 🤔

They have a whitepaper which actually does a good job explaining how end-to-end encryption in a web browser (as Tuta, Protonmail, and others do) can be circumvented by a malicious server:

The malleability of the JavaScript runtime environment means that auditing the future security of a piece of JavaScript code is impossible: The server providing the JavaScript could easily place a backdoor in the code, or the code could be modified at runtime through another script. This requires users to place the same measure of trust in the server providing the JavaScript as they would need to do with server-side handling of cryptography.

However (i am not making this up!) they hilariously use this analysis to justify having implemented server-side OpenPGP instead 🤡

[–] zod000@lemmy.ml 4 points 7 hours ago

Wow, that is very disappointing. I had started using startpage as a Google alternative. While it still may be preferable to Google specifically, their mail product is definitely out.