I’m not a fan of ProtonMail’s mobile app (Yeah I know most enjoy it) I hate the short delay every time I open my email client. I’ve been using ProtonMail for a very long time and just can’t find myself to like it.
1 Like
Have you looked into the other e-mail service providers that Privacy Guides recommends?
3 Likes
Yea I was looking at Mailbox.org now. Tuta I wasn’t a fan of either. As long as I can use an email client I’m good with it.
1 Like
Pay attention to this topic before deciding to choose mailbox.org
I advise you to watch the progression of events carefully.
2 Likes
If Proton, Tuta and Mailbox.org aren’t an option you may be on a dead-end. The only other one that I can remember that could be considered is Startmail but if I’m not mistaken that was removed because of lacking true zero-knowledge.
I’m not sure if any of those alternatives may have a better mobile app than Proton. If the app doesn’t refresh fast enough maybe you can delete it and use a PWA?
What kind of delay do you have with Proton Mail? Is it more than a second or two it takes to refresh?
It’s I’d say roughly 2-3 sec refresh before loading my mail. I thought it would be fixed after all these years but it hasn’t. Small issue, but it bothers me alot.
This. I don’t think you’ll find a better alternative to Proton. Also, have you reported this to them? If not, consider reporting it.
The best alternative to Proton Mail is Fastmail – more in terms of a mail provider rather than privacy and security. And it is fast.
Of course, it’s not as private as any PG recommendations, but it’s fantastic and much more private than Gmail, Outlook etc.
So here it really comes down to whether you want your mail to be as private and secure as possible with E2EE (Proton Mail) or you want an excellent and private mail provider (Fastmail) away from the eyes and data collection of Google, Microsoft etc.
Some links:
Values: Our values | Fastmail
Security: Security with substance | Fastmail
Proton: Fastmail vs Proton | Fastmail
Comparison by Fastmail: Fastmail vs. ProtonMail: A Comparison | Fastmail
4 Likes
I too recommend fastmail. I assume most of the email communications you do are with people outside ProtonMail and don’t use OpenPGP, so they leave ProtonMail unencrypted and live unencrypted on the other end. All the metadata, including the subject, is also unencrypted in OpenPGP.
At that point, I’d just treat email as an inherently insecure communication medium, only use it when there’s no alternative. Which at least in my case, means receiving purchase/booking confirmations, contacting customer support or data protection officers and if I were looking for a job or in the process of getting hired, I guess I’d talk to them via email. In most of those things, most of what an adversary would want to know is in the metadata and subject, which OpenPGP doesn’t protect, and all of those communications will be unencrypted on their end anyway.
So I choose email providers mainly based on their privacy statements. Encryption is a nice bonus, but for most of the email communications, it will be mostly futile, so I don’t think is a must.
So on that end, I find Fastmail as a great option. It has a great app and a great webapp, and it’s accessible through open standard protocols, so you can use clients of your choosing.
3 Likes
Main issue with Fastmail is, they are not encrypting your mailbox. Considering they are based on Australia, one of the worst privacy friendly countries around the globe, I don’t want to hand over my mailbox unencrypted to them.
They are having SSL and TLS for incoming and outcoming connections like all other mail companies but no encryption on mailbox level like Proton and Tuta
3 Likes
Yes, as already mentioned there is no E2EE. OP hasn’t specified, but the choice depends on whether they value speed and reliability more than this.
Regarding E2EE:
Fastmail customers looking for end-to-end encryption can use PGP or s/mime in many popular 3rd party apps. We don’t offer end-to-end encryption in our own apps, as we don’t believe it provides a meaningful increase in security for most users, while the trade-offs are significant.
End-to-end encryption is not just a checkbox. To work, it requires both sender and receiver to support it, and have a secure and private way of exchanging keys. This infrastructure simply doesn’t exist right now. Adding end-to-end support in our webmail also provides little extra security against server compromise, as the code doing the decryption is itself deployed from the server. Meanwhile, the trade-offs are severe: if the server can’t access the contents of the email it can’t offer fast, full text search. It can’t show message previews efficiently in your inbox. Spam checking can’t analyse the content. If you lose your private key, we can’t help you recover access to your email history.
Ultimately, if you trust the server then end-to-end encryption doesn’t add any extra security (as emails are already encrypted at rest and in transit). If you don’t trust the server, you can’t trust it to load uncompromised code, so you should be using a third party app to do end-to-end encryption, which we fully support. And if you really need end-to-end encryption, we highly recommend you don’t use email at all and use Signal, which was designed for this kind of use case.
2 Likes
If we need speed and reliability, we should have chosen Google or Microsoft but here we are talking about privacy, right? It won’t make much sense if we can encrypt emails when sending or receiving them because if Fastmail gives whole mailbox to some government agency in plain text format, everything goes to waste.
If I am aiming for privacy, I can wait few seconds longer when searching my mailbox due to encryption but making everything readable to other parties and asking for trusting the provider blindly won’t make any sense.
5 Likes
Fastmail’s privacy isn’t comparable to Microsoft or Google. None of them use E2EE, but Fastmail’s privacy policy is compatible with a threat model that worries about corporate surveillance, but not about government surveillance. Privacy isn’t about a single threat model where it is all or nothing.
2 Likes
You can get business products of Google and Microsoft, which have different privacy and security policies compared to consumer versions, for a little price. For example M365 Business Basic costs 5,60 Euro, and Fastmail cost 5 Euro. (Non-EU prices will be cheaper)
3 Likes
Pretty much this. Privacy isn’t a one size fits all. We can’t assume OP’s threat model. If they don’t use email for confidential communication, E2EE is irrelevant. Proton also isn’t even E2EE by default if you’re sending emails to a non-Proton user. Both Proton and Fastmail are independent privacy-focused mail providers and ensure your emails will be away from corporate surveillance, profiling and data collection to share with advertising partners.
For my own needs, Proton is perfect. But if people aren’t worried about keeping their emails confidential (especially from the government) and the performance overhead and drawbacks added by E2EE are a dealbreaker (such as the slowness for OP), then Fastmail is a great option that surpasses Gmail and Outlook in several areas and privacy controls, including masked email addresses and aliases, 1Password integration and ease of use compared to Google and Microsoft business suites.
Regardless, this isn’t to argue over which option is better or more secure than another, but mainly to give OP the information and options available for them to make an informed decision on what suits their needs and threat model and fits them best.
2 Likes
some services Ive heard of :
Not too sure if they encrypt at rest, but other than Tuta and Proton, who really does?