Is the use of 3rd party email clients a privacy threat?

According to a Reddit post, email providers can technically view encrypted emails which are decrypted through a 3rd party client such as Thunderbird or Evolution. The person says at least Riseup and Startmail admit this, and it seems to be the case with Posteo although they refuse to answer (and apparently deleted this person’s account for asking about it)

Honestly, I don’t understand the post, but it (and its upvotes) turned me off from Posteo entirely, and made me think Tutanota was the only private Linux option if I want my emails to be stored locally, since it has its own Flatpack client.

Maybe someone can explain to me what is going on here? Is this Reddit post onto something?

If i understand correctly, Yes if they were not encrypted by the sender then they can be decrypted by the provider since they are the ones who decrypt it (but they promise they wont do so). If using pgp for E2EE, then they cant read your mail. Email is a very insecure protocol anyway, best not to be doing sensitive communications over it at all

Tuta and a couple others use special encryption system so they might not be able to see your mail (im not sure on this point), but iirc, that comes with the downside of not being able to use a 3rd party app or pgp.

I’m not sure I understand your response.

So is my privacy weakened with the use of a third party client with a PGP supported private email provider? I know I can select an option for for Proton and Posteo where all incoming mail is automatically encrypted, if not already encrypted. Does the use of a 3rd party email client undermine this?

1 Like