They’re not doing like proton and close basic stuff like IMAP and SMTP as a way to force you on the official apps
I especially love the feature where you can bounce emails based on domains, keywords or TLDs. My spam folder is finally empty. IMHO bounce back spam is much better, as the spammers get a response that the address is invalid and hopefully stop wasting their limited computing resources on that address.
Zoho is not open source, but proton is a “fake” open source that is mostly used for marketing: they opened only the UI, which communicates with a proprietary protocol to a proprietary server - useless. They also reject or ignore any pull request on GitHub.
I mean, that’s going to be a risk you take with any hosted service. I currently self-host my contacts and calendar, but I have no interest in hosting my own email again.
I don’t self host my email either. I got my registrar, DNS and email separate from each other so if any of them goes bad I can switch with minimum fuss.
But that makes it all the more important to be able to download all your mail from your provider.
Proton currently has two proprietary things you can use to download, a “bridge” PC app that pretends to speak IMAP, and a download tool. The bridge will be discontinued after they launch their propeietary PC mail app so that leaves just the proprietary download tool, which only does .eml. format.
That’s a very broad question that depends a lot on your usage. My needs may be different from yours.
I’m currently using Migadu because:
Unlimited domains, mailboxes, accounts and aliases for a flat fee. I’m managing accounts for myself as well as family and extended family members and it comes out much cheaper this way than services that ask $5-10/account.
Very nice management interface with all the bells and whistles but with reasonable defaults and easy to use.
The company is based in Switzerland and the mail hosted in EU (France).
Standard email service with everything you’d expect (the regular protocols, spam protection, webmail, full compatibility with clients etc.)
i started with the mail basic (10 euro yearly for 10gb) but then because i switched from “secondary email that forwards to gmail” to “primary email that imports from gmail”, i had to move to the more expensive plan
They’re not doing like proton and close basic stuff like IMAP and SMTP as a way to force you on the official apps
The reason Proton cannot do IMAP/SMTP is that they cannot read your emails which is required for both. That’s a feature, not a bug.
PM works with any app as long as the app implements their custom protocol for which there are at least two FOSS implementations as a reference.
proton is a “fake” open source that is mostly used for marketing: they opened only the UI, which communicates with a proprietary protocol to a proprietary server - useless
While I’d also prefer their back-end to be OSS, it’s not nearly as critical as the clients.
As a user, it doesn’t make a difference. I’m paying for an opaque service either way.
All the interesting stuff (E2EE, zero access storage) happen in the clients anyways. The BE is fairly uninteresting; it’s a mail server + zero-access encryption + Proton account handling. If you really wanted to build a mail service similar to Proton, you could build that yourself and probably would have to anyways.
i think instead the opposite. The backend is the real interesting part, and the only way that we can be sure that “they cannot read the emails” (they arrive in clear, saved with reversible encryption and they have a key for it - if you use their services to commit crimes they will collaborate with the law enforcement agencies like everyone else)
imap/smtp can be toggled with a warning, if that’s really their concern. As of now i have the feeling that’s instead blocked to keep users inside (no IMAP = no easy migration to somewhere else) or to limit usage (no SMTP = no sending mass email)
The backend is the real interesting part, and the only way that we can be sure that “they cannot read the emails”
While I’d still prefer it, OSS can’t really help with that because what’s really required here is remote attestation.
That is an unsolved problem to my knowledge; there is no way to know which software they’re actually running. Even if they published the source code, they could trivially apply a patch in their deployment that stores all incoming email somewhere and you’d be none the wiser.
Even if they published source code and could somehow prove to you that they’re running a version derived from it, you would still not be safe from surveillance as one could simply MITM all connections. See i.e. https://notes.valdikss.org.ru/jabber.ru-mitm/.
That’s likely one of the reasons they do everything they can to make PGP accessible to every user.
imap/smtp can be toggled with a warning, if that’s really their concern
It’s plain and simply not how their service works. They’d have to build most of their service a second time but unencrypted.
It’s like asking Signal to build in support for IRC; it does not make sense for them to do that in any way without malicious intent needed.
no IMAP = no easy migration to somewhere else
You have IMAP access via the bridge. That’s what it’s for.
Zoho and PM have two entirely different reasons for existence. If you don’t want E2EE (assuming the other sender is on PM) then by all means, use Zoho. And IMAP isn’t E2EE compatible in the slightest, what they’re charging for is the decryption bridge that makes it work with an IMAP client. They had to come up with that, it’s not just a switch you flip at PMs end that makes IMAP work.
My experience with Proton has been really great so far. Constant steady improvements to their services and UI/UX, I wish I had switched to them sooner.
If you’re giving those companies personal info (name, phone, address, CC) they can track you regardless of what emails you use with each of them.
And if you’re not giving them personal info I don’t see how that works. Yeah so I register on both random site A and random site B with aliases @tfyuhegddssgvd.com, so what? How are they going to find out about each other? What will they tell each other even if they did? And why risk a GDPR violation for such silly reasons?
For YouTube, it’s probably not possible to not use its content, but you can try alternate front ends like Piped (and its wonderful Android client, LibreTube, if you’re on Android.)
For Gmail, not sure if this works for you but I set the vacation feature to reply to every email I receive notifying them of my new email. I switched to Vivaldi Webmail (Proton doesn’t let you use 3rd party clients w/o a subscription plan btw, I’d switched to Vivaldi first so not a major thing for me) but Skiff (paid) looks good, Kagi Search is planning an email service, Tutanota has an email service, and I guess you could self host. While you transition, use a client that lets you have a unified inbox (K9 works on Android) and just have both logged in.
The only thing i have done so far is use imap into thunderbird…. All this is valuable. I want to use a self hosted solution but at the moment its all a surface level thought. Thanks a lot for this comment!!
Proton is in the process of removing their PC bridge in favor of a custom app. After they’re done you won’t be able to migrate your email away from their service anymore.
Which is ironic, when people are trying to flee from Google. Out of the fire and into the frying pan…
It’s in restricted beta currently, only available to a small category of users, and still lacking features. They say it will launch early 2024 but it looks more like mid-year to me (at best).
Point is, it won’t happen very soon, but it will happen
@lemmyvore@helenslunch
This is a show stopper for me on any of the big name ‘encrypted’ platforms, Proton, Tuta et al - impossible to import/export data. Moving from one silo’ed walled garden to another arguably worse one is anathema.
The thing that sucks the least for me is to pay to host my own email/contacts/calendar/storage via open source apps in a privacy friendly jurisdiction e.g. Hetzner
mailbox.org might be worth checking out, they’re a German company trying to offer a comprehensive package - mail, calendar, some storage, some collaborative tools etc.
If you have Proton Premium point your domain to SimpleLogin and use it. Its included with Proton Premium. Its helped me root out 2 places so far that have sold my email address or were compromised and failed to disclosure.
i also use proton, but i just use a custom address with every unique vendor/account. i know almost immediately who sold my address. it also prevents hacked systems from matching addresses in other systems.
Yes that’s what SimpleLogin does and its part of the Proton umbrella. You can use your own custom domain or a SimpleLogin domain to create email addresses. It also enables you to send from the custom addresses so the end user never learns your true email address. SimpleLogin also has mobile apps so you can create addresses very easily.
yeah, its like what i do, but with more steps. i guess it makes reply addressing slightly easier, but ive found i rarely need send to most of my vendor addressing
For anyone who wants to do this easily: afaik (ymmv) most mail systems will accept aliases to your account if you put a + after your email username. for example, if you’re foo@example.com, then foo+bar@example.com would still route to your inbox but you’d be able to see that it was sent to a different address than your own. i do this for any email i put into a website I don’t trust (which is most) and if you use the company name it’s a really easy way to see who sold your data
Just be aware that it’s not guaranteed - I’ve had services remove everything after the ‘+something’ on my email address. Some will also not see that as a valid email address, depending on how they do their input validation.
For a spammer it literally takes less than ten seconds to clean a list of one million addresses from “plus addresses” and get back the original one without the source. Only amateur spammers use raw lists without any sanitization
if youre running a full domain, you dont even need to manually create alias’ unless you need to reply/send as.
i’ve found i rarely need to do that, so you can literally just use an email address literally off the top of your head, have it all forwarded to a catch all and youre done. none of this extra service stuff. again, unless you require ‘send as/aliasing’.
You cannot turn off the proton aliases, one of my aliases (those with +) got compromised and I’m still getting phishing emails on that one. You can create a rule for that mail but you cannot completely disable it. There is also Proton Pass which does the same as SimpleLogin and also stores Passwords. You should check it out as well.
Domain naming authorities require identification for the registration of domains. You cannot purchase domains anonymously. You can pay Njalla and they own the domain, and they’ll tell you that you can control it, but you have no rights to it in any kind of dispute.
All my <TLD> are redacted and I still full own. in the .nz space there has to be a real contact person, and I’m ok with that as I’m a big boy that has been online for over 1/4 of a century now.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
I moved off to zoho
Much cheaper than proton and offers much more.
They’re not doing like proton and close basic stuff like IMAP and SMTP as a way to force you on the official apps
I especially love the feature where you can bounce emails based on domains, keywords or TLDs. My spam folder is finally empty. IMHO bounce back spam is much better, as the spammers get a response that the address is invalid and hopefully stop wasting their limited computing resources on that address.
Zoho is not open source, but proton is a “fake” open source that is mostly used for marketing: they opened only the UI, which communicates with a proprietary protocol to a proprietary server - useless. They also reject or ignore any pull request on GitHub.
What Zoho plan are you using? I can’t quite tell what the difference between the free and lite tiers is except for IMAP/POP support.
I moved over to Proton earlier this year and have had a good experience so far, but I’m not married to it or anything.
Proton has been gradually closing down access to proprietary apps only. After they’re done you won’t be able to take your email anywhere else.
If you have your own domain you’ll be able to host it elsewhere but you would leave behind email, calendar, aliases etc. and restarting from scratch.
At that point “encrypted” starts smelling more like “hostage”. It’s generally a bad idea to be tied down to a specific email provider.
You could wake up tomorrow to find out Proton has been acquired and the new owners can charge anything yet want for continued service.
I mean, that’s going to be a risk you take with any hosted service. I currently self-host my contacts and calendar, but I have no interest in hosting my own email again.
I don’t self host my email either. I got my registrar, DNS and email separate from each other so if any of them goes bad I can switch with minimum fuss.
But that makes it all the more important to be able to download all your mail from your provider.
Proton currently has two proprietary things you can use to download, a “bridge” PC app that pretends to speak IMAP, and a download tool. The bridge will be discontinued after they launch their propeietary PC mail app so that leaves just the proprietary download tool, which only does .eml. format.
Okay, I’m following. So who would you recommend as an email provider?
That’s a very broad question that depends a lot on your usage. My needs may be different from yours.
I’m currently using Migadu because:
i started with the mail basic (10 euro yearly for 10gb) but then because i switched from “secondary email that forwards to gmail” to “primary email that imports from gmail”, i had to move to the more expensive plan
The reason Proton cannot do IMAP/SMTP is that they cannot read your emails which is required for both. That’s a feature, not a bug.
PM works with any app as long as the app implements their custom protocol for which there are at least two FOSS implementations as a reference.
While I’d also prefer their back-end to be OSS, it’s not nearly as critical as the clients.
As a user, it doesn’t make a difference. I’m paying for an opaque service either way.
All the interesting stuff (E2EE, zero access storage) happen in the clients anyways. The BE is fairly uninteresting; it’s a mail server + zero-access encryption + Proton account handling. If you really wanted to build a mail service similar to Proton, you could build that yourself and probably would have to anyways.
i think instead the opposite. The backend is the real interesting part, and the only way that we can be sure that “they cannot read the emails” (they arrive in clear, saved with reversible encryption and they have a key for it - if you use their services to commit crimes they will collaborate with the law enforcement agencies like everyone else)
imap/smtp can be toggled with a warning, if that’s really their concern. As of now i have the feeling that’s instead blocked to keep users inside (no IMAP = no easy migration to somewhere else) or to limit usage (no SMTP = no sending mass email)
While I’d still prefer it, OSS can’t really help with that because what’s really required here is remote attestation.
That is an unsolved problem to my knowledge; there is no way to know which software they’re actually running. Even if they published the source code, they could trivially apply a patch in their deployment that stores all incoming email somewhere and you’d be none the wiser.
Even if they published source code and could somehow prove to you that they’re running a version derived from it, you would still not be safe from surveillance as one could simply MITM all connections. See i.e. https://notes.valdikss.org.ru/jabber.ru-mitm/.
That’s likely one of the reasons they do everything they can to make PGP accessible to every user.
It’s plain and simply not how their service works. They’d have to build most of their service a second time but unencrypted.
It’s like asking Signal to build in support for IRC; it does not make sense for them to do that in any way without malicious intent needed.
You have IMAP access via the bridge. That’s what it’s for.
Zoho and PM have two entirely different reasons for existence. If you don’t want E2EE (assuming the other sender is on PM) then by all means, use Zoho. And IMAP isn’t E2EE compatible in the slightest, what they’re charging for is the decryption bridge that makes it work with an IMAP client. They had to come up with that, it’s not just a switch you flip at PMs end that makes IMAP work.
My experience with Proton has been really great so far. Constant steady improvements to their services and UI/UX, I wish I had switched to them sooner.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
3 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.
[Thread #396 for this sub, first seen 2nd Jan 2024, 10:25] [FAQ] [Full list] [Contact] [Source code]
Thank u for using a transparent gif. It’s refreshing and delicious.
Wait till you try transparent pngs. It’ll be like it should have always been.
Aaaaaa I meant png this whole time. My life is ogre.
Not a good idea to use your own domain. Use Proton Pass with domains you share with all the other users.
Why do you think it’s not a good idea to use your own domain? I’ve been doing it for years with Tutanota, it’s great.
I already answered this question
I’m curious to know why, can you explain or point to an article?
I could but it’s pretty simple. You’re the owner of that domain. Any accounts/communications with that domain can be traced back to you.
As opposed to an email address that can be traced back to you?
And who and why are we talking about anyway? Who’s tracking you if you have a domain?
That’s what aliases are for.
About a thousand different companies and a few dozen governments.
If you’re giving those companies personal info (name, phone, address, CC) they can track you regardless of what emails you use with each of them.
And if you’re not giving them personal info I don’t see how that works. Yeah so I register on both random site A and random site B with aliases @tfyuhegddssgvd.com, so what? How are they going to find out about each other? What will they tell each other even if they did? And why risk a GDPR violation for such silly reasons?
Good thing I’m not doing that.
…how what works, exactly?
You ever look at the Privacy Policy on any website ever? They all sell your information to data brokers.
It’s not a GDPR violation. And even if it was, that only applies inside the EU.
Ah, that makes sense. Thanks!
What makes you think Proton is trustworthy?
I don’t trust anyone. You don’t have to trust them. That’s the point. Everything is open source and encrypted.
But aside from that they’ve been audited several times and they have a good reputation in the community.
The one thing i use google is youtube and gmail. Idk how to move away from that…
For YouTube, it’s probably not possible to not use its content, but you can try alternate front ends like Piped (and its wonderful Android client, LibreTube, if you’re on Android.)
For Gmail, not sure if this works for you but I set the vacation feature to reply to every email I receive notifying them of my new email. I switched to Vivaldi Webmail (Proton doesn’t let you use 3rd party clients w/o a subscription plan btw, I’d switched to Vivaldi first so not a major thing for me) but Skiff (paid) looks good, Kagi Search is planning an email service, Tutanota has an email service, and I guess you could self host. While you transition, use a client that lets you have a unified inbox (K9 works on Android) and just have both logged in.
The only thing i have done so far is use imap into thunderbird…. All this is valuable. I want to use a self hosted solution but at the moment its all a surface level thought. Thanks a lot for this comment!!
YouTube:
Gmail:
EZPZ what else ya got?
Mailbox.org > proton. Fite me
Never heard of it.
Proton is in the process of removing their PC bridge in favor of a custom app. After they’re done you won’t be able to migrate your email away from their service anymore.
Which is ironic, when people are trying to flee from Google. Out of the fire and into the frying pan…
That’s a bold claim. Got a source for this move?
They’ve announced they’re trialing the custom app currently, after which they’ll discontinue the IMAP/SMTP bridge.
I’ve just skimmed through the proton blog briefly and I couldn’t see anything referencing this. Do you have a link by chance?
It’s in restricted beta currently, only available to a small category of users, and still lacking features. They say it will launch early 2024 but it looks more like mid-year to me (at best).
Point is, it won’t happen very soon, but it will happen
Thanks,
So they haven’t made an announcement about retiring the proton bridge app yet.
I think I’ll wait until I see them actually remove it before I believe they’re locking us in.
@lemmyvore @helenslunch
This is a show stopper for me on any of the big name ‘encrypted’ platforms, Proton, Tuta et al - impossible to import/export data. Moving from one silo’ed walled garden to another arguably worse one is anathema.
The thing that sucks the least for me is to pay to host my own email/contacts/calendar/storage via open source apps in a privacy friendly jurisdiction e.g. Hetzner
Going full DIY at home is not practical.
mailbox.org might be worth checking out, they’re a German company trying to offer a comprehensive package - mail, calendar, some storage, some collaborative tools etc.
If you have Proton Premium point your domain to SimpleLogin and use it. Its included with Proton Premium. Its helped me root out 2 places so far that have sold my email address or were compromised and failed to disclosure.
i also use proton, but i just use a custom address with every unique vendor/account. i know almost immediately who sold my address. it also prevents hacked systems from matching addresses in other systems.
Yes that’s what SimpleLogin does and its part of the Proton umbrella. You can use your own custom domain or a SimpleLogin domain to create email addresses. It also enables you to send from the custom addresses so the end user never learns your true email address. SimpleLogin also has mobile apps so you can create addresses very easily.
yeah, its like what i do, but with more steps. i guess it makes reply addressing slightly easier, but ive found i rarely need send to most of my vendor addressing
For anyone who wants to do this easily: afaik (ymmv) most mail systems will accept aliases to your account if you put a + after your email username. for example, if you’re foo@example.com, then foo+bar@example.com would still route to your inbox but you’d be able to see that it was sent to a different address than your own. i do this for any email i put into a website I don’t trust (which is most) and if you use the company name it’s a really easy way to see who sold your data
Just be aware that it’s not guaranteed - I’ve had services remove everything after the ‘+something’ on my email address. Some will also not see that as a valid email address, depending on how they do their input validation.
For a spammer it literally takes less than ten seconds to clean a list of one million addresses from “plus addresses” and get back the original one without the source. Only amateur spammers use raw lists without any sanitization
Serious question, why SimpleLogin vs Proton aliases?
if youre running a full domain, you dont even need to manually create alias’ unless you need to reply/send as.
i’ve found i rarely need to do that, so you can literally just use an email address literally off the top of your head, have it all forwarded to a catch all and youre done. none of this extra service stuff. again, unless you require ‘send as/aliasing’.
Yeah, my bad, that’s what I do - so I just wasn’t sure what the benefit of SimpleLogin was…fully open to admit maybe I’m missing something though.
I basically create an email alias for every service I use and when leaks happen I know exactly who the offender is - which is nice…I guess.
You cannot turn off the proton aliases, one of my aliases (those with +) got compromised and I’m still getting phishing emails on that one. You can create a rule for that mail but you cannot completely disable it. There is also Proton Pass which does the same as SimpleLogin and also stores Passwords. You should check it out as well.
Ahh, okay, that makes some sense. Thanks!
What do you mean? Of course you can.
I’ve caught a couple but they weren’t subtle about it at all. I got an email from Norton antivirus that referenced the seller directly. No shame.
I recommend transferring the Domain from your current registrar to Njalla, they allow you to buy domains anonymously
Domain naming authorities require identification for the registration of domains. You cannot purchase domains anonymously. You can pay Njalla and they own the domain, and they’ll tell you that you can control it, but you have no rights to it in any kind of dispute.
It’s a risk that I’m willing to take, personally.
But tbf I do make sure that I own my primary mail domain.
Website hosting and such thing? Njal.la all the way. Never had an issue with them.
Edit: oof, clearly some irrational hate for njal.la here. I state my personal preference and get downvoted… is this reddit now?!
All my <TLD> are redacted and I still full own. in the .nz space there has to be a real contact person, and I’m ok with that as I’m a big boy that has been online for over 1/4 of a century now.