I saw Nubo mentioned in a thread a while back but there were only a few comments. Does anyone use Nubo? What has your experience been like?
Seems like it is only for Europeans (and possibly even excluding non-EU citizens)? I have been using Zoho (free account) for many years (since I got rid of GMail) and while not explicitly privacy-focused they are not a data collection operation like Google/Alphabet or Meta. They make their money through providing paid accounts to businesses (competing with Google Suite). I have been very satisfied with them. They provide very good 2FA options and apps and I also use their WorkDrive (previously Docs) and Notebook.
Wait for them to be audited. Trusting a company just because they say the right thing is silly.
I know people are up in arms about Andy Yens silly comments, which is fair but, Proton is a proven service.
If your looking for an alternative go for another proven service such as Tuta or Mailbox.org
Nobody knows. They’ve existed for a while, I haven’t heard anything of such claims.
If you want to absolute be safe, only download open source clients complied by yourself (and hope that somebody is constantly looking through the source code for potential backdoors). F-Droid comiles the source for you for the Android client. Encryption is done on the client before sent to servers.
However, if Tuta were secretly evil, they could log IPs and know the email addresses you send/receive to/from. Anything in plaintext will be seen, and you are only relying on their promise to not keep a copy of it. And btw, most of your incoming emails from banks / other websites would be in plaintext, so they could theoreticallt store a plain text version before they encrypt and store it in your mailbox.
But even then, all encrypted emails are safe even if Tuta were a honeypot (which you could never know for sure.
Technically, Proton is the same category, if you compile your clients (and someone constantly checks the code for potential backdoors), then its still safe. People are only pre-emptively moving because they don’t feel safe with Proton due to the CEOs comments, and Tuta has never made such political comments.
It’s actually a good question and you’re getting a lot of shit for it from people who seem to not even know where this accusation comes from.
https://tuta.com/blog/tutanota-not-a-honeypot
“So, I was briefed on a storefront that was being created or had been created in order to attract targets – criminal targets to this online encrypted service that was being created, in order for them to – the criminals or the targets to use this service in order for intelligence to be collected by the agency that created the storefront. … It’s an online end-to-end encryption service called Tutanota.”
It can be a lie, a mistake, or truth. It can even be a false flag accusation to destroy their reputation. We don’t really know.
When looking into this it’s good to also know about Tor Mail: https://en.wikipedia.org/wiki/Tor_Mail
There might have been some confusion between Tutanota and Tor Mail.
I don’t think anybody here will be able to actually answer it.
Tuta has already been through some cases linked to German court orders to decrypt emails received in the inbox of alleged criminals, just like any other company that is subject to the legislation of its respective country (I don’t know the difference with Proton, which until now I only found out about the delivery of IPs, not the content of the emails themselves, based on Swiss court orders), but I don’t believe it is a honeypot because Tuta has clarified the entire issue and still has credibility in the privacy community.
Consider this: when you were drawn to Proton, what was it that attracted you? Was it not some aspect of its promise or appeal? And now, as you move away from Proton, is it not the same discriminating mind that drives you to seek out another object of attachment?
Mailbox.org is closed source unfortunately and I believe the Client is too
Mailbox.org works with IMAP so you can use a regular email program. The mailbox is not encrypted by default but I saw that there’s an option to enable it involving PGP keys.
AFAIK, Mailbox.org was once open source, but has not very recently become closed source. PrivacyGuides.org recommends it, as does Tresorit (encrypted cloud storage), for example, which is closed source and is one of the services I use. Providers that implement encryption, have been audited, have been on the market for years, and have a clean track record of security or privacy scandals, which there aren’t many of these types of services these days. But I personally don’t like them and try my best to avoid closed source softwares as well.
In conclusion, PrivacyGuides mostly recommends open source software but also recommends some that are not based on their features, reputation, security and maturity.
