I’ve been looking to switch from gmail to a different email provider that’s more private. I’ve been hearing about Tuta, are there any drawbacks to it? Are there better options?

For a while I was planning on making the switch to protonmail but that’s off the table now due to the recent events surrounding them.

  • Coldcell
    link
    fedilink
    arrow-up
    2
    ·
    6 hours ago

    Is there anything about Startmail (company that does Startpage.com) that is worth avoiding? I’ve never paid for mail but if it’s solid and avoids Google I might.

    • Arthur Besse@lemmy.ml
      link
      fedilink
      English
      arrow-up
      4
      ·
      6 hours ago

      StartPage/StartMail is owned by an adtech company who’s website boasts that they “develop & grow our suite of privacy-focused products, and deliver high-intent customers to our advertising partners” 🤔

      They have a whitepaper which actually does a good job explaining how end-to-end encryption in a web browser (as Tuta, Protonmail, and others do) can be circumvented by a malicious server:

      The malleability of the JavaScript runtime environment means that auditing the future security of a piece of JavaScript code is impossible: The server providing the JavaScript could easily place a backdoor in the code, or the code could be modified at runtime through another script. This requires users to place the same measure of trust in the server providing the JavaScript as they would need to do with server-side handling of cryptography.

      However (i am not making this up!) they hilariously use this analysis to justify having implemented server-side OpenPGP instead 🤡

      • zod000@lemmy.ml
        link
        fedilink
        arrow-up
        4
        ·
        2 hours ago

        Wow, that is very disappointing. I had started using startpage as a Google alternative. While it still may be preferable to Google specifically, their mail product is definitely out.