I just came across these "disturbing facts about proton mail". Let's say, hypothetically, that I administer a small org that now wants to move away from proton.

I guess I should just learn pgp, but that would be a tough sell for any boomer members.

EDIT: thanks for all the responses! It seems like my intuition was correct: email is inherently insecure, and proton is no worse than other email providers insofaras you don't let their marketing cause you to drop your guard. If it's illegal, keep it offline.

  • drhead [he/him]
    ·
    2 years ago

    Depending on what specific part of privacy you're worried about, self-hosting is probably the best way. You will still have payment info linked to the hosting company, obviously, so your emails will still be tied to you if someone has a warrant, but the content of your inbox will be yours alone, and Google or Microsoft will not have access to it. You'll also have control over things like hiding sender IP from the headers if you know how to set that up.

    You can set up an AWS EC2 free tier server that will be more than adequate, and will be free for one year -- if you don't want to give Bezos your money, you could use any VPS host or even dedicated email services, but going with a host like EC2 guarantees you full control. You would need to register a domain name -- this could cost about $10-15 per month or more depending on a number of factors. Using self hosting on your own domain means you can have as many email addresses as you'd like on that domain, and you can also set up a catch-all address so you can have different emails for each service. My annual costs for the hosting are a total of $60/yr with a reserved instance. A bit expensive, but I think it is worth it since this offers some measure of protection from accounts on different services being linked (useful for password leaks if your email is your username), and I've also literally caught my state's DMV leaking my email address to spammers because I've gotten spam on an address I've only given to them.

    This is an excellent four-part guide I followed for this. You could also go with something like Mailcow which would be much faster to set up, but which won't give you the same understanding as following the guide will.

    https://arstechnica.com/information-technology/2014/02/how-to-run-your-own-e-mail-server-with-your-own-domain-part-1/