So i am attempting to make a more privacy respecting setup, but maintaining some security.
So, Google probs have the best security for an email service, not privacy, but Gsuite being designed for business will have to have some improved privacy.
My thinking is this, use a custom domain with Gsuite to take advantage of the increased security and privacy (advanced protection program), and services like tailscale (use to access home) which require an SSO login.
That may be true but really, Google? The same company that likes to mine your data? Why even give money to the company that started this whole privacy nightmare surveillance capitalism in the first place?
Iād suggest that you think of security in the same way as you are thinking of privacy (balance).
Keep things in perspective. We are talking about e-mail here. Which on the one hand is a pretty core piece of your digital presence that should be protected well. But on the other hand, its just e-mail, not rocket science. In my eyes, if you follow some basic best practices*, and use a reputable secure+private e-mail provider, you will be sufficiently secure, and unless you believe you (as an individual or organization) are at risk a targeted attack from a motivated & capable actor, there probably isnāt too much security to gain from using Gmail.
If you use:
A strong, complex, unique password
Enable 2FA
Donāt open attachments from unknown senders, be careful opening links, know the basics of how phishing works, and how to protect yourself from it.
Use an e-mail aliasing service (primarily for spam prevention, but also privacy & security)
Use an e-mail service where your inbox is encrypted at rest.
Use a network or device wide content blocker, set to block both tracking and malicious domains/threats.
All of these points are important whether you use a service like Proton, Skiff, Mailbox,.org or some other secure+privacy-respecting email service or whether you use a secure+anti-privacy service like gmail.
Are there specific aspects of Googleās Security that you are attracted to? Or things I may have overlooked?
In my experience this is true, Google has good anti-spam filters, but for me, relying on spam filters isnāt a effective or ideal solution. Using an e-mail aliasing service is my primary method of spam prevention. This combined with consistently āunsubscribingā from things I donāt want to be subscribed to or no longer need, has made it so not only is my inbox virtually spam free, but even my spam folder is virtually spam free.
The short summary of my perspective is that Googleās security and anti-spam is very good especially for unsophisticated users. (if part of your threat model is protecting yourself from yourself (and your own bad decisions/habits, Google is great). But for more knowledgeable users, the same or higher levels of security can be attained without Google.
Youre seemingly conflating googleās operational security with your dataās security when you use their services. The two are not necessarily synonymous. When google mines your data and hands it out to anyone who asks and has the power to make laws that hurt their business, it is not exactly āsecureā, is it? State actors normally request data so that they can in some way hurt the person whose data is being requested. Note that said data requests are increasingly related to minor offenses, you dont need to be some kind of gang leader to be affected. It is a case where privacy and security overlap.
As for spam, I rarely ever receive it to begin with, if youre receiving a lot of spam Id suggest finding its source, not hiding it with a spam filterā¦ Having said that, the little spam I get proton seems to detect it just fine. I find it no worse than google in that respect except for way less false positives. Additionally, proton allows you to block trackers and disable remote image loading. Other alternatives exist, skiff being an example. Proton is just what Im personally using as my main inbox