Hello, I am trying to pick a better email provider.
My question is, is there actually an email provider or strategy that can fully mitigate a data breach from leaking information about you?
I ask this because to my understanding, Protonmail’s protection is weakened by the headers not being end-to-end encrypted ( Proton Mail encryption explained | Proton ), which means that (however unlikely), a data breach could expose who you’ve been emailing with. To me, that seems like a significant weakness.
It makes me think that maybe the best strategy would be sticking with a standard mail provider like gmail and then use an email client like Thunderbird to automatically download and remove the emails from the server. But I was hoping there might be a less clunky alternative.
Messages (including metadata) in ProtonMail inboxes are still stored with zero-access encryption after being received though.
That’s not notably any better than using Proton. Google still gets to scan any incoming messages, and is more likely to retain some data about that even if the full message gets removed.
if you send from an alias to an alias, nobody will known who you’re sending the email to (given the content of it doesn’t share personal info) hence anonymity is preserved.[1]
I wasn’t aware of zero-access encryption. Thank you for pointing that out.
But am I misunderstanding their docs? They seem to always drop the zero-access qualifier when mentioning metadata.
Even if an adversary went through the expensive and time-consuming procedure of obtaining such an order, Proton Mail’s zero-access cryptography means we would not be able to release decrypted data, apart from metadata.
. Proton Mail is still a step up regardless.