this post was submitted on 16 Mar 2025
93 points (95.1% liked)

Privacy

35633 readers
826 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I've been looking to switch from gmail to a different email provider that's more private. I've been hearing about Tuta, are there any drawbacks to it? Are there better options?

For a while I was planning on making the switch to protonmail but that's off the table now due to the recent events surrounding them.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Coldcell@sh.itjust.works 2 points 9 hours ago (1 children)

Is there anything about Startmail (company that does Startpage.com) that is worth avoiding? I've never paid for mail but if it's solid and avoids Google I might.

[โ€“] cypherpunks@lemmy.ml 5 points 8 hours ago (1 children)

StartPage/StartMail is owned by an adtech company who's website boasts that they "develop & grow our suite of privacy-focused products, and deliver high-intent customers to our advertising partners" ๐Ÿค”

They have a whitepaper which actually does a good job explaining how end-to-end encryption in a web browser (as Tuta, Protonmail, and others do) can be circumvented by a malicious server:

The malleability of the JavaScript runtime environment means that auditing the future security of a piece of JavaScript code is impossible: The server providing the JavaScript could easily place a backdoor in the code, or the code could be modified at runtime through another script. This requires users to place the same measure of trust in the server providing the JavaScript as they would need to do with server-side handling of cryptography.

However (i am not making this up!) they hilariously use this analysis to justify having implemented server-side OpenPGP instead ๐Ÿคก

[โ€“] zod000@lemmy.ml 4 points 4 hours ago

Wow, that is very disappointing. I had started using startpage as a Google alternative. While it still may be preferable to Google specifically, their mail product is definitely out.