I’ve been using Proton Mail and VPN for a while now, and I’m just wondering how everyone else feels about them. I have this kind of inherent alight distrust of them just because they seem like they offer a lot for free and kind of have a Big Tech vibe about them, but there’s nothing for me to really substantiate that distrust with, its mostly just a feeling. That being said, I do use their services as mentioned and they work pretty well, even on the free teir. So aside from that one instance where they gave that guy’s info to the feds, is there any reason not to trust them with my data?
Wait… okay, I think we’re talking about two different things.
Emails you send or receive are not private. End of story. That’s nothing to do with the provider; they’re just not. SMTP is from the stone age of internet when nothing was private, and the attempts to graft a layer of encryption on top of it are from the bronze age, when encryption wasn’t very standardized or well-tested against real threats, and all of that shows. Even if you put a significant amount of work into grafting full end-to-end PGP encryption on top of the best your provider can do to keep your emails private, it doesn’t work. Emails are not private.
What I assumed you were interested in was in separating your non-private collection of emails from your real world identity. Proton + Tor will do that, bang on. If you’re trying to send and receive messages which are genuinely private, use one of the fairly good options which can do that (Signal or Matrix maybe). If you’re trying to send and receive your non-private emails without it being linked to your real world identity, use Proton + Tor. If you’re trying to send and receive SMTP emails without people being able to read them, you need to rethink what you want, because you’re not going to be able to get that.
Proton can be anonymous, yes, just like every other email service. I think OP was wondering more about how they protect your privacy when you’re using them non-anonymously. I could be wrong though.
But yeah, don’t use email if you don’t trust your email provider. Setting up your own email server for receiving mail isn’t too hard. Most ISPs don’t block incoming traffic on port 25, only outgoing traffic. It’s the sending part that sucks when you run your own server. Even if your ISP doesn’t block outbound port 25, your IP is probably already on several spam blacklists. :(
Not sure how much more I can simplify this: The “if you don’t trust your email provider” has no place in this sentence. Don’t use email if you need the content of your messages to be private. If someone’s looking at Proton because they think it’ll keep their emails private, then yes, that’s a bad idea. But that’s not because of the “Proton” part of that sentence; it’s because of the “emails” part, and setting up your own SMTP service will do nothing to remedy that (in fact it’ll make things worse because it’ll put your own IP address into the “Received-By” headers of every email you send out).
If you’re communicating with someone you know who’s also running their own email server, there is no problem with using email. Email is a good protocol, and it runs over TLS.