Email provider?
Hi,
well I am so sorry, I know this topic was been disscused many times over and over but... yea...
honestly I am running in circles at this point,...
Sadly email is in todays economy main communication tool with companies and also anchor to most online services, so it is important.
So I did quite a research but I always find something that preventing me to go for it. I am sure there is nothing like 100% perfection but... I mostly deciding on acceptable vs non-acceptable (questionable)
And thats why I am looking for a new provider to improve security because some providers are basicly sleeping...
I found out that only 4 providers currently support HW keys as 2FA:
Gmail
Outlook
Proton
Tuta
Mailbox looks decent but... (I will explain later)
What is my current personal point of view on given providers (from point of email and callendar, no other services, because I do not care about them):
Gmail:
+ top-league security practices
+ reliability/recovery
+ deliverability
? missing support (question is if it is needed if automation handles it smoothly from differen angles)
- privacy nightmare
- aliases
- AI in mail
Outlook:
+ also great security practices
+ reliability/recovery
+ deliverability
? aliases
? also missing support (but again auto options decent)
- also privacy nightmare
- AI in mail
Proton:
+ great security
+ aliases solution
+? privacy/policies*
? reliability/recovery (read stories about random lock outs)
? deliverability
? support
? quality of products/ somehow going big tech direction
? anti-spam etc.?
?- AI in mail
- paying for features that are not needed
- not as transparent and clear on some topics and policies
Tuta:
+ great security/post-quantum
+ simple few core services without extra nonsense
+ privacy/policies
+ No AI in mail
? reliability/recovery (read stories about random lock outs)
? deliverability
? support (having support-like forum on reddit does not look profesional to me)
? anti-spam etc.?
-? aliases
- generaly feeling like they are rougher (tech view as well as customer service) and not so smooth compare to Proton and others
- not compatible with PGP if needed
Mailbox:
+ I would say good enough security with some improvements, caveats
+ encrypted emails storage
+ PGP ok
? privacy/policies
? aliases
? support
? reliability/recovery
? deliverability
- bad policy of reusing email addresses after account deletion (problematic)
- no HW keys/weird 2FA till recent
Some details:
Big tech is big tech with all the privacy issues etc. but other than that I think there is a reason why they are reliable and secure.
*About Proton policies, trancparency and anti-big tech mentality:
I read a privacy policy and ToS, also find a detailed review of it on yt, you can find it by yourself. I understand that from a point of business it is necessity and generally better to outsource certain things but I wonder, having like 5+ data processors which majority is 3rd (all of them are processing data outside of Swiss) Again I understand it is global thing, but still this makes me questioning really. Also their polcies are not that simple (this would be expected by big tech i guess)
About policies updates, does Proton send notification on diffs if they are updated or do really one has to do this constantly? Official reading "As long as you are using the Services, you are responsible for regularly reviewing this Privacy Policy. Continued use of the Services after such changes are performed shall constitute your consent to it." This is quite weird really... Also I understand that it is how it goes in global service business but still it feels really questionable about trust: "No warranity, no liability" etc. you know typical corporate-speak...
Tuta:
Quite simple policies, understandable, some things and processes are not clear but this is whole thing about Tuta really, like to me the service is great in core principle and privacy but it feels like even they are there longer than Proton... they feel like punk-like-startup in some important cases
Mailbox:
I guess profesional aproach, but lacking in some security principles/proceses (mostly that recycling of addresses and no HW 2FA support)
In conclusion, E2EE is just buzzword in practice, nobody really uses it especially institutions or services when comunicating with customers/users (mostly automation), so that is not a selling point.
Reliability and security is a big one ofc and also profiling/scaning of mail content for ads etc.
So what is your view on this, what would you recommend and why in the sense that you have to use email for important services/accounts/institutions + official communication, documents and so on with institutions + maybe shopping with aliases?
Also I am not sure but I read that permanent aliases on Tuta and Proton also serves as alternative logins, is that right and is it problematic?
Thank you for help...