I’m needing to revise my email provider as I need to expand it to include the whole family.
I’m currently with fastmail but also interested in Protonmail. The cost over 2 years is about £40 more for protonmail, but that does include a whole suite of apps.
I do have a privacy criteria. In this regard Proton is way ahead. Having read both privacy policies, Fastmail is a concern as they state the data may be moved outside the UK to countries that may not have data regulations. They also data profile be it anonymous.
My leaning is toward proton as fastmail isn’t really private.
Proton does not support IMAP so you will need Proton Mail Bridge on Mac to work with 3rd party mail apps and you have to use their app on iOS. If you have your own domain and use some 3rd party services through IMAP, you will need a separate email provider for them.
As I understand the process Protonmail will be secure assuming that the sender and the recipient have exchanged a password through a backchannel. This password protects the encrypted message.
But standard email can never be private because we cannot protect an email message once we click send. There will always be copies of all your unencrypted messages on other servers and in other accounts.
That makes sense. Don’t these messages disappear at some point? Would email messages stored in proton mail that are not encrypted still be visible to others on the server?
I’m not an expert on Protonmail, but I did manage email servers for 25 years. AFAIK encryption basically works two ways:
The first requires both the sender and the receiver to use special software and have a way to share a public key that allows the sender to create an email that can only be read by the intended recipient. You can use this method with Fastmail, Gmail, or any other email provider.
It is secure on any server because it cannot be read by anyone without the recipients private key:
The second method keeps the encrypted message on the senders server and only send a link to that message to the recipient. They use that link and the password they were given by some other method to log into the server and read the message. AFAIK the “disappearing” emails would have to use the second method.
Mail to your grandmother or from amazon, etc. would not be encrypted or any different from standard email. The mail on your server could be kept secure from company employees or hackers but you would have no control over a message you send, for example, to me.
I am saying that if you and I exchange an email, we or anyone that has access to your Mac or mine can read it or forward it, etc. And that there will be copies of that message on your providers servers as well as mine. And still other copies in backups and/or archivers, etc.
If you choose to use Protonmail the messages on your server may be better protected than mine, but that is the only difference when using non-encrypted email.
Think of it this way. Unencrypted email is like a book. Once you sell me a copy you can’t control what I do with it.
I just switched back to Fastmail after trying Proton for a year. It generally works very well, and the integration with Simplelogin is really nice.
However, as mentioned by others, you need to use the bridge on macOS to use IMAP, and you’re stuck with their app on mobile.
Encryption-wise, it’s all encrypted at rest but, as you say, most external senders or recipients don’t have that option, so your mails are out there anyway. Mail is encrypted between proton users and can be to third parties if they use PGP.
What made me switch were little things. The most annoying one being there’s a limit to the number of filters/rules you can have on the server, and I hit it pretty early. But there are others like full-text search not being fantastic outside of using your own email client via the bridge. They are working on the latter, though.
Just for completeness’ sake, sending email can be more secure on protonmail because they automatically PGP encrypt between protonmail users, and it’s easy to set your contacts’ public keys so you only send them encrypted email.
If you aren’t interested in those features, then yes, copies of your sent email are insecure, but encrypted sending is the use case for which protonmail’s intended.
(Protonmail obviously isn’t the only way to send PGP email, but they make it really easy.)
Fwiw, I chose Proton because I found how to require a passcode to open the iOS app. That basic security is more important to me than privacy on a server.
Maybe it can be done in Fastmail, and if so I missed it somehow when testing.
(I don’t want biometrics to unlock my bank email due to that thing about the phone passcode being enough to access pretty much anything)
It really depends on your personal threat model and what privacy means for you.
If you’re politically active, for example, Proton won’t be able to provide the contents of your mail account in response to a court order. Same for the discovery process if you’re ever involved in a lawsuit.
Privacy is a somewhat nebulous concept and I don’t believe there is a one size fits all solution.
IMO the best privacy is achieved by using a messaging app like Signal. Unencrypted email can never be private even if you run your own server.
My personal email domain is hosted by Google. When asked I tell people to select an email provider that offers the services that best match their needs. Fastmail, Google, Microsoft, and many more providers can give you excellent service. But none of them can offer you “private” non-encrypted email.
Even if you use POP mail to download your messages immediately copies of them still exist in backups and the accounts, etc. of the people/businesses with whom you correspond.
I was going to ask that. I tend to archive my email to Devonthink. If I then delete them off the server, I’m assuming the backup will be deleted at some point?
No way to know, storage is cheap. I kept an archive of every message sent or received by each account for seven years. You should expect that every message you’ve ever sent or received will continue to exist somewhere forever.
Apple and others have hyped privacy to the point that people have an unrealistic expectation of existing technology. Today we can have good security on our devices and on many cloud services. But strong security needs to be designed into software, like the Signal app. It can’t be bolted on to a fifty year old product like email without adding a lot of complexity.
