Here is a question, why are you making those assumptions? As in, why not encourage friends to use similar services, why not use PGP on all emails, why not store contacts and calendars and why not create a custom domain?
Your point is what, to say that there is little point so why not stick with what is known? If less people thought that way, a world of encryption and privacy by default might come to be the norm and using anything else would be weird.
TLDR; change habits, shift perspectives.
Life is complicated, time is short, and people have many competing priorities and interests (even within the privacy space) other than trying to convert their contacts to using PGP.
I get the “you do you” sentiment—it’s valid to respect personal choices and priorities —but at some point, it becomes clear that this approach isn’t cutting it. Privacy isn’t just a personal choice; it’s a (neglected) collective responsibility. When someone’s indifference or ignorance about privacy jeopardizes others—whether through leaking information, insecure communication, or reliance on surveillance-based platforms—the conversation can’t remain passive. It’s time to normalize encryption and privacy-conscious behavior as basic, non-negotiable habits. #priv/acc
The framing needs to shift from “why should I if the gains are only x or the effort is y times more?” to “why wouldn’t I?”—because the excuses we hear (“I’m too busy,” “it’s not worth the effort,” or “it works the same for me”) often mask an unwillingness to confront uncomfortable truths. Privacy isn’t a luxury or a niche concern; it’s a foundation for autonomy and security. Those excuses may feel benign, but they enable a status quo that puts all of us—especially privacy minded sorts/advocates—at risk.
This isn’t about gatekeeping or forcing someone to go full-tinfoil-hat overnight. It’s about fostering habits that prioritize privacy as a norm, not an afterthought. Like this site, which emphasizes rigorous, evidence-based recommendations to counter misinformation, we need to adopt a similarly insistent approach toward discussions which seek to normalise and trivialise moving the needle. So many such conversations are rooted in ignorance or indifference so I have to commend the OP for wondering if there was something they were missing and seeking some feedback. The stakes are too high to let inertia win however, and I was less impressed with their insistence on doubling down on misguided rhetoric.
We know how data is exploited against us. We’ve seen the tangible harm that arises when privacy is neglected. So why do we still entertain arguments that trivialize this reality? It’s time to change the narrative and make privacy-first choices not just acceptable, but expected.
But I digress…
I absolutely agree that it’s a collective responsibility. The thing is, there are a lot of collective responsibilities that one can spend their time, energy, and social capital on: climate change, animal welfare, political transformations, etc.
Even within just the privacy space one might spend their time, energy, and social capital switching others to E2EE messengers like Signal, promoting private options for cloud sharing between friends/family, or asking others not to surveil them with smarthome devices.
That’s the point: life is complex, we all have many priorities, and there isn’t enough time or energy in a lifetime to get to everything that’s a worthy cause.
I like that you acknowledge the many demands on our social capital, and when you get right down to it, if everything is the “greatest crisis of our time,” then nothing is. Fair point.
However, what I choose not to agree with is the notion that we can allow conversations of “why bother?” to continue proliferating. The OP asked for reasons, the reasons were given to them, and yet they still doubled down on the indifference. My response was not about adoption and advocacy; it was about collective indifference, and that it’s high time we changed the narrative on how we allow such indifference to fester under the guise of “privacy is a personal choice,” because most privacy accelerationists believe that ship sailed when one’s indifference endangers others. The right to be lazy and contemplative, telling yourself the lie that it’s all too hectic and we’ve got too much on our plate, is no longer an excuse because you can’t claim such things while engaging with external stimuli. Adjusting the way we think isn’t a time commitment; it’s a choice.
Let’s leave it there perhaps? I do appreciate your responses.
Your opinions are all good. But they are only true from your own perspective, from your own community. So your community is different from mine.
Even IT pros rarely use PGP. Just look at how many people use PGP email to reach you.
Even with ProtonMail/Tuta, how many people encrypt their emails when sending to non-ProtonMail/Tuta users?
Your right but only if you’re assuming email CAN be made private and thats never going to be true.
Using a privacy focused service provides a critical part of a multi-layered defense against many things.
Block Beacon Attacks. These are invisible pixel-sized images or links used for marketing that are automatically opened when email is downloaded. In other words, before you open the email. These get your geolocation using a reverse IP lookup.
Solutions: Use a VPN or your carriers data network or a privacy oriented email client like Thunderbird on the desktop and K-9 Mail for Android. Also set your clients not to auto-download remote images.
Resist BigTech Relationship Mapping
Solutions: Use a Gmail address for all Google related maintenance & app logins and for nonsense sites but don’t include your real name, phone# or physical address in it and make sure its an email address that isn’t in your contact lists. Or use a paid email provider and don’t give that address to anyone including your real contacts.
Don’t Feed BigTech Profilers
Email left on the server is scanned for keywords.
Solutions: Use POP3 to auto-delete server-side email when you download them not IMAP. Set up an auto-purge on the ISP’s inbox and trash.
Prevent IP Leak on Send
Email headers contain your IP address. These are used for geolocation via reverse IP lookup.
Solution: use a VPN or your mobile carrier’s data network or StarLink.
## Email Forwarding services
Forwarding / aliasing services such as SimpleLogin and Anon.io solve multiple problems.
Help determine where a breach occurred. Remediation differs if it’s a newsletter or a bank, for instance…
Facilitates the immediate shut off of spam and phishing attempts by simply deleting the address.
Makes Credential stuffing much more difficult. On sites that force you to use an email address as your user ID a bad actor only has to figure out what your password is and if you used the same one in multiple places your burnt.
There are sites that search the net to find all the places where your email has been used.
Make it harder for data brokers and advertisers to link accounts and track activity.
Some sites make it difficult or impossible to unsubscribe so just disable the alias instead.
While you’re right that unless you’re using PGP or emailing someone on the same platform, emails aren’t fully encrypted, privacy-focused providers like ProtonMail and Tutanota still offer key benefits:
So even if full end-to-end encryption isn’t possible, you still get a stronger privacy shield and security than with Gmail or Outlook. It’s not perfect, but it’s a step in the right direction
You make some valid points but there are clear advantages to using Tuta & Proton.
1) They both allow you to send E2EE emails to non Proton/Tuta users.
Most people may feel uncomfortable sending E2EE encrypted emails to non Proton/Tuta users because it might annoy them, but I do. If I have your phone number or can reach you from any other 2nd communication channel where I can send you the password, I’m encrypting my email. It’s a good way to teach people about privacy.
2) Most people I communicate with via email are not friends and family but businesses.
Most businesses have their own domains and do not use commercial Big Tech email addresses. Yes, I’ve encountered small businesses that do, and I don’t have a problem encrypting my email with a password, especially if it’s sensitive.
3) Proton and Tuta can be used powerfully with other privacy tools.
Sometimes, I find myself in situations when I cannot encrypt an email because I do not have a second communication channel to send the recipient the password.
What I do instead is send them a non-encrypted email, either from a Proton address or from an alias, in which I provide a Notesnook link to a note contains the sensitive message. The Notesnook link is protected with a password, that I provide in the email, but the link can only be opened once, after which it will expire.
Notesnook is a E2EE notes app for those who don’t know.
This narrative will never end.
Everyone follows their own path and solves their own challenges. Email is not designed to be safe; whether e2ee or not, it still has significant drawbacks (metadata, for example) as compared to other communication methods. Personally, I will balance everything, perhaps 4-6 today or 6-4 tomorrow, depending on the circumstances of the day.
I’ve returned to using the Google and Microsoft ecosystems, as well as some of their goods, however with different settings to decrease privacy risks. Because I know email is not safe, I use a few tiny providers that are enough to maintain communication seamless. Protonmail and Tutanota are not on my list. Of course, email aliases are essential (Duck, Addy, SimpleLogin used to exist, but I abandoned it due to several limitations).
I hope you quickly understand the genuine nature of scenarios and find your paths soon.
Can I ask who you do use instead of those providers? And what influenced your choices?
I never trust services that promote themselves and disparage their competition. Look at how many blog posts they have. Read and digest them.
Choose the service that best meets your needs from this list. As I previously stated regarding email insecurity, I ignored the colors and scores; it’s great that I discovered the appropriate one.
Looks like this was last updated almost 5 years ago. Are you certain all of this information is accurate?
Last update: 2020-01-02
Personally, I still refer to.
You can refer, verify, pick, or ignore.
Good luck!