I can’t really speak to the privacy aspect, but if you just want a Gmail replacement, I can highly recommend Fastmail. I can also recommend getting your own domain, so you can seamlessly port your email to a new provider.
Personally, my threat model is just « please don’t do really creepy things » which fits Fastmail well. If a government wanted to find me, there is nothing I am doing to successfully stop them. Fastmail also support open standards in a way that protonmail has not, at least in the past. I was using proton during the poor launch of their imap bridge software. Even if it works now, having to use a bridge software is a clunky workaround. Fastmail just supports imap out of the box (and the newer jmap standard).
Same, and the ability to have unlimited domains linked to one account has been a life-saver for adding "professional-looking" email addresses to projects.
+1 for Fastmail. I have been using them for a few years now very happily. They also integrate with 1Password for 1-click email alias creation. Their support is amazing as well if you run in to any issues.
This is where I landed as well. I gave Proton a shot first, but I found their apps to have an unacceptable amount of jank and I just don't have a need for the features that differentiate Proton from a theoretically less secure BYO domain email host.
Proton, to me, seems like a lot to simply escape the grubby hands of google and having a bit more privacy in the process. It also feels a lot like vendor lock-in considering how a lot of features are not necessarily standard.
That's not to say they don't provide value to some people. But to me it also did seem too much. So what I went for instead is getting my own domain and host my mail on mailbox.org. For similar reasons I am also not always behind a VPN and have limited my extensions in the browser to just uBlock origin and Privacy Badger.
But to more directly answer your points
Well that all depends what you use mail for and with who you are in contact. There is something to be said for your conversations being private even if they don't contain sensitive data. But, this also brings me back to proton having their own flavor of encryption.
Here you are overthinking things. Using a specific alias per website allows you to identify where spam and scam mails come from (who leaked your data) and mitigate that by simply blocking that alias. Also, aliases are not a proton specific thing.
Only when those accounts are already linked and constantly leaked. And again, using aliases can give you insights of what services actually do leak your details to data brokers and all that.
tl;dr I think trying to be entirely anonymous isn't possible without jumping through a lot of hoops. To the point that to me it is more about reducing the way my data can be abused and giving me at least some reasonable tools to lessen the impact of data being leaked.
But, this also brings me back to proton having their own flavor of encryption.
Unless something has changed recently, this isn't really the case. Proton, unlike Tutanota, does use standard PGP, and they are interoperable with PGP generally. They make it a bit annoying, but you can send and receive PGP-encrypted emails with correspondents who are not using Proton: the annoyance is that if I recall, you need to pretty much add each public key manually to contacts in your address book under "advanced PGP settings". Also annoyingly, they don't really have any way of accessing emails with the encryption still there: their bridge decrypts and encrypts automatically. However, you can export both your public and private PGP keys, and could put your key up on a keyserver for others. In principle, if you're using your own domain, you could migrate off of Proton entirely, while keeping the same keys.
Honestly I really like the idea of mailbox.org, and they do have encryption as well. I already have my own domain, so I might actually look into that. But it also begs the question of what make Proton different than doing what you're doing?
I guess I'm just struggling to see the appeal of Proton.
Yeah I do like the idea of privacy even without sensitive information, but at the end of the day that doesn't give me any peace of mind since I'm not doing or discussing anything illegal anyways.
Yeah I remember reading that, and the thing is Proton allows you to pay with cash by mailing cash to them with your account details. Which is great, but again doesn't address the other ways you can find identity if that's something you're worried about.
So I already use '+' symbol with my gmail when I sign up for things for that exact reason, that and data leaks.
So yeah all of those accounts just by existing as something I signed up for, are already linked to my old email or information.
And I do plan on using a service like Insigni soon, one that sends data removal letters to data brokers, but then I have to ask myself, if I use aliases in the future, will I not be able to easily request data to be removed that are tied to those aliases? Have I just made it even harder to remove my information?
I think you are too hung up on an abstract concept of databrokers to be honest. To me it is simple, if I get spam I want to see where it comes from and be able to block it. Aliases allow me to do so and also determine what services I should stop using if it appears they are selling my data. Hacks and data leaks are also a thing, but then I expect services to be transparant and report my data is out there (required by EU law actually).
I honestly don't think it is possible to get your information removed from data brokers. Certainly not the shady ones. So that part of using my own domain and having my mail hosted elsewhere never has been part of my reasoning.
My bigger reasoning was not wanting to have all my eggs in one basket stored at Alphabet/Google HQ. Having my own domain keeps google's grubby fingers off my data but more importantly allows me to switch mailhosting providers as I don't want to risk being locked out just because Google decides so for whatever reason.
And no, I don't think proton necessarily does provide anything meaningful to you other than being a mail hosting service. Which can be enough, but there are also other parties out there.
But see, I already do that by adding a '+' to my gmail addresses I use to sign up for things, like this for example: "example+tildesnet@gmail.com"
It's probably impossible to get rid of everything, but most data brokers have avenues for requesting removal, but the problem is they'll just harvest your data again or collect it again from another data broker who still has the information you requested.
As I said, I've been looking into InsigniIncogni and other similar services that automate the removal requests and track the progress of them, then continues to monitor and send removal requests if your data pops back up. Might not be perfect, but it would probably reduce a very large amount of one's data being out there.
Edit: I've been saying Insigni, but I really meant Incogni. haha
But see, I already do that by adding a '+' to my gmail addresses I use to sign up for things, like this for example: "example+tildesnet@gmail.com"
Well yeah, but it is trivial for spammers to remove the +addition bit and know you will still receive the mail. With aliases that isn't the case.
As far as Incogni goes, I feel like the service they offer is actually more of a "aesthetic front" compared to the services Proton offers. I am sure they are good at pestering legit databrokers within areas where they have to comply (so those based in the EU and other areas of the world with decent privacy laws). But I also firmly believe that most shady databrokers are located in other parts of the world where no such laws exist.
As an example. I am often mailed by shady recruiters on a private mail address. Which at one point was the address I used for linkedin and that was leaked in 2016 there is simply no legitimate way to get mail address other than from brokers who are already not following the law.
I use proton mail mostly because it’s not Gmail. It’s nice to have built in pgp encryption for talking to people that also have that set up. And if you are emailing other proton users it’s much more secure than that as the message never leaves their servers.
I would recommend self hosting your email if you are really this interested in privacy and control. It will however be a huge hassle. And you’ll need to purchase a domain name which isn’t anonymous. So maybe get a friend to buy one and you tell them what records to add.
As I said, it's less that I'm concerned with privacy, and more that their marketing points don't make sense outside of what I'm calling "Aesthetic privacy" which is things like encryption, which if you're not doing anything illegal or working with a lot of high-level confidential information over email, then it's more of an aesthetic "peace of mind" feature than it is a functional and useful feature for the average person.
Which I get it if that's your thing, I appreciate that kind of thing too, but it's not going to drastically change my day-to-day life or make me feel safer or more comfortable with Proton over Gmail over instances where encryption would matter.
Like if the US government subpoena'd my non-encrypted Gmail tomorrow, I wouldn't be worried because there's nothing in there that would get me in trouble. And if there were I'd be more concerned with the sender/reciever/timestamps than I would the body content.
which if you're not doing anything illegal or working with a lot of high-level confidential information over email, then it's more of an aesthetic "peace of mind" feature than it is a functional and useful feature for the average person.
Eh, here I do have to disagree as you are now, very aesthetically, are pulling a "I have nothing to hide" line. Which is is a a bit of a fallacy in itself.
I guess my outlook on privacy is that it's something I'd prefer and seek out but it's not a compulsion.
I had a roommate who absolutely REFUSED to tell me where he got his COVID vaccine when we were living together in 2020, and I didn't even want to know that badly I was more trying to see if I could go to the same place so I'd know what to look for. He did a lot of things like that, I'd ask him what he did that day and he'd be incredibly vague about details, like won't tell me what grocery store he went to, just that he went shopping. Half the time I didn't even care that much, just was curious. When pressed he said he just valued his privacy.
That's something I just didn't and still don't understand, privacy for the sake of privacy. It's fine, no judgement, everyone has a right to privacy and I'm not arguing against that, the kind of compulsion he had to be private is just not something I personally understand.
I DO understand privacy to be in control of the access to personal information, and if you're handling confidential information or doing anything illegal, privacy in that regard serves an actual functional purpose. Like I wouldn't want an email service that just puts my information out on the open internet either.
So I DO see the appeal of something like Proton to someone like my old roommate. But if you're not just private for the sake of being private AND not doing anything clandestine, I don't see the huge benefit.
I think privacy for the sake of privacy, even if one can't understand its applicability in that form, is a principle that is worth protecting on its own, because then it's available for any particular situation where it's needed, and the situations in which it is beneficial or useful are a wide variety, and sometimes complex or not obvious. Sort-of an idea of "it's better to err on the side of privacy". Some people I think freely offer up too much information online because they don't understand the implications of doing so. I don't know your roommate, but maybe at some point they (or someone they knew) were burnt in some way by others having some details of their life and that has made them more guarded now
But that's all tangential to whether an everyday user less concerned about it should move to or sign up for services that claim to provide it. I more think that everyday users should be aware of how what they're currently doing or what they're currently using could be impacting their privacy more than they would be comfortable with, and the limitations of what they can protect and how. I think people should be privacy-literate, but the levels of usefulness of "private" <product/service> will differ depending on the person (and on what said product/service truly provides)
For me, I moved to Fastmail, not because it's private or even a privacy service at all, but because I wanted out of the hands of Google and I'd rather be with a company where I'm not the product (and importantly, use my own domain, so that I can change email providers at any time while keeping the same address, instead of being permanently tied to a particular company). No ads, I pay a small amount, no AI, etc. I don't want Google vacuuming my email into their AI systems, I don't want them to serve ads based on the content of my email, and I wanted away from their ecosystem entirely, especially for things like email.
That said, I probably think and care about it a lot more than an everyday user, just because I'm tech-savvy and have a lot of thoughts about how companies use our data and so on. Would anyone in my family care nearly as much? Nope.
And you are right that using Proton mail on its own is not really going to impact your privacy much, at least in terms of not having an account or IP or whatever tied to other things. It's true that the web is a clusterfk of a privacy mess and having a more private email won't solve it.
Haha Don't get me wrong, I understand how important privacy is especially online. That's a fight I'm currently very passionate about, so don't take this as me saying privacy doesn't matter.
It's one thing to offer up personal or private details in public online spaces, but it's another thing entirely when talking about encrypting the body of an email and how tangibly useful that is to the everyday person outside of the peace of mind and personal satisfaction of it being private.
how tangibly useful that is to the everyday person outside of the peace of mind and personal satisfaction of it being private.
It’s not, particularly. It will potentially make you slightly less vulnerable to having your identity compromised or theoretically being blackmailed; but probably not much less vulnerable, given how large of a digital footprint nearly everyone has - willingly or not.
It’s realistically just about how much that marginal difference means to you. It sounds like the answer is “not much”, which is totally fine! It’s a personal decision regarding your risk tolerance, what you consider “secure enough”, etc.
I completely understand being principled about valuing your privacy online and in person, but not even being willing to discuss which grocery store you like with someone you live with is bizarre.
I do think it’s important for everyone to maintain a certain level of privacy in your email/communication though.
It’s the difference between sending a postcard and a sealed letter. You wouldn’t send a deeply personal message via a postcard, where anyone can read it, right? A private email service is like having that sealed letter, except vastly more secure than a paper with some glue on it.
I will say, I don’t use Proton mail, but I get it.
I'll add that Proton does a good job at blocking email trackers. Gmail does not. I know a previous employer used a tracker to tell when their emails were opened by me during my time interviewing, and was told that of all the people involved mine was the only one where they had no notifications of the emails getting opened.
I agree with you, which is why I didn't go with protonmail.
Email is not a secure form of communication. It cannot be made into a secure form of communication without jumping through a lot of hoops and fundmentally breaking large portions of how email works, and it shouldn't be used as a secure form of communication.
As soon as your message leaves protons servers, it's cleartext smtp, just like any other email message. Anyone that intercepts it can read your whole email, including metadata.
Sure, you can do pgp, but realistically, who are you talking to with pgp?
If you need secure communications, use something other than email.
If you want an email provider that just doesn't harvest your inbox, in my opinion, there are other providers that are better alternatives than proton.
Pay for Proton for the VPN and get email with aliases, a password manager, and cloud storage “for free.”
(1) Yeah, for 99.9% of the emails you’d send and receive there’s no difference.
(2) I feel like you’re over thinking it, maybe, but yeah if you’re like the dude in Georgia it’s a speed bump.
(3) That site might have whatever data they collect but Google doesn’t have all of it, in theory anyway. Or Microsoft. Or whoever else is providing free email at a volume that matters? And you’d be browsing using the VPN and private mode in Firefox with JavaScript disabled and and and…
(4) Yeah, realistically you’d want to sign up for everything again. But you’d be using that VPN and browsing in private mode and and and…
FWIW I similarly wanted to escape Gmail (and vendor lock-in for email generally) about 10 years ago. I signed up with Fastmail, using my own domain, and I haven't looked back. It's pretty affordable, it integrates well with mobile devices (and they have an app if you prefer that), and I could jump ship to another provider with my domain whenever I want (I do suggest paying to register the domain for the max your registrar will do, just so you don't randomly forget). Fastmail isn't specifically targeted to the security conscious. But, as you pointed out, when you're working with an open ecosystem, the added security is kind of dubious anyway.
Fastmail has the problem that it is not only not targeted to the security conscious, but is Australian. Australia's laws are particularly bad for privacy and security; there was a significant discussion of this around the Assistance and Access bill a few years ago.
Like other than not having my emails used to train AI or data being sold to data brokers, I can't find a functional improvement or benefit to my daily life to use Proton outside of thinking "Yeah, fuck The Man" every time I log in.
This seems peculiar framing to me, in part because of how you approach other aspects of anonymity and privacy. You completely negate a huge component of privacy by saying it doesn't functionally do anything for you. Now if it were consistent that you only compared about the functional aspect of things, then it would make sense. But in other areas you talk about your advertising profile and aliases being connected and piercing your anonymity. So how is the content of your emails being sold to data brokers or being used as part of your advertising profile not more significant?
Don't get me wrong, I get it, there's another side to those emails. You explained how you sign up for one service and that service can sell your data, so it wouldn't matter if Google knows you signed up on godotshaders.com from the email you receive because godotshaders already sold that information. However, you're also locking yourself into a transaction where you can continue justifying inaction because you lack control over the situation. If your email service isn't selling your data, then you might be more inclined to look for sites/services that also respect your data and don't sell your information.
Regarding 2.) I don't think that type of anonymization is intended for a primary email. If you're trying to evade authorities, you're better off separating actions you suspect authorities would have interest in to designated accounts for those actions.
Regarding 3.) Similar to the initial concern, I think by justifying not switching to a more private email provider, you're locking yourself into a situation where you can justify inaction. The other components that you listed that could tie your alias to your primary email, those are components you could eliminate as being an issue if you wanted, but if you keep Gmail, you wouldn't be inclined to because Google still then would have all your data and nothing else you do matters. Mullvad Browser can beat fingerprinting, VPN can potentially save your IP from being collected, changing browser settings with regards to cookies can defeat cookie tracking. Maybe you won't do any of those things so it feels pointless, but part of why you wouldn't do anything is because it feels like too much work to do it. If you put yourself in a situation where you have to change everything all at once, then of course you'll be inclined to never do it because it's too hard. If you're signing up for godotshaders.com, you're not going to stop everything you're doing to do this and sign up for Proton mail or any other service, then go get a VPN, then download another browser, and so on, just to sign up for godshotshaders. But if you already have the email part sorted out, and later on you switch your browser, then sometime later you set up a VPN, eventually you can reach a point where everything you sign up for is more secured and anonymous without it feeling overwhelming to do so. And what's more, you might feel more empowered to pick and choose what services you sign up for if you have all your other bases covered and you're simply worried that one service doesn't respect your data or privacy.
If you put yourself in a situation where you have to change everything all at once, then of course you'll be inclined to never do it because it's too hard.
This was the biggest thing for me—you gotta start somewhere. Part of it involves an appreciation of delayed gratification, but the more practical fact is that you simply can't do it all at once. Privacy isn't a house you build in a day, you do it one brick at a time until eventually you've got a home.
Again, I want to be clear that me talking about privacy within this topic is entirely within the context of Proton and encrypted emails, SPECIFICALLY about Proton's marketing gimmicks around privacy.
It is not talking about or even intending to touch upon broader or overall importance of privacy in our world today. That's an entirely different conversation, one where I would put money that our opinions would align on.
But in this context I'm asking what the appeal of Proton is considering that Proton's advertised privacy doesn't actually make anything significantly more private or useful for the average person. The two things people are generally most concerned about privacy wise is data brokers and governments, which are two aspects Proton and people who advocate for Proton bring up as selling points, which is where the focus on those two came in.
I speak about functionality because Proton is a product that I would be paying for, and as such I expect to be able to compare how Proton helps me functionally over alternatives. Not just so I can have brownie points that I'm using a "private" email.
In general I am privacy conscious, I use uBlock origin, NoScript, Facebook Container, Trackmenot, and practice privacy focused habits, I use a VPN, etc. I want to move away from Gmail for exactly that reason. However I am smelling a lot of snake oil coming from Proton's marketing and advertised features, as most seem to be about "Aesthetic privacy".
And I guess that's the crux of the purpose of this post, and my opinion for that matter, that I think you're missing, is that I'm all for ACTUAL privacy when it's actually protecting users, but Proton seems like "Performative Privacy" or "Aesthetic Privacy". Where sure, it's more private than gmail, but for everything where you really want your privacy to matter in a way that could tangibly affect your life, it's sort of useless.
For instance, the appeal for using Proton to me would be if they operated like logless VPNs, if they just kept zero data to give to any governments upon asking, that ENTIRE email accounts from the ground up were encrypted, including metadata stored in that account, so they couldn't get any information to connect a real person to an email even if they wanted to. THAT would make me take them seriously when they try to sell me privacy.
To be metaphorical, I feel it's kind of like someone trying to sell me invisible ink to write letters by telling me it'll be more private than normal ink. Like sure I'm sure it's more private than normal ink in the mail, but I can't write the return address and recipient address with invisible ink. So it's still not entirely private, and what exactly am I protecting to justify writing every letter with invisible ink other than upholding the general concept of privacy?
Also, please don't mistake me arguing against Proton as me arguing FOR gmail. Haha I'm here because I'm looking for a gmail alternative. I'm not even trying to argue against proton, things just aren't jiving between my understanding of privacy and Proton's advertised "privacy".
Currently though I think there are better ways to be private than Proton and some people have offered some really good suggestions I'm looking into.
I think others (myself included) went off on privacy-related talk because it's hard to avoid on a topic like this. In describing your questions/concerns about "what does Proton actually offer me", you touched on a lot of key ideas when it comes to privacy/security which have more general implications and Proton is a drop in the bucket overall of considering products/services of varying usefulness.
I guess if you want a simple focused answer to the question overall: yes, for a normal everyday person, Proton Mail (and many other services for that matter including VPNs, etc) have an abundance of marketing about privacy that ultimately may not have a material effect on your privacy on their own. Proton is certainly not alone in this. Security/privacy is a market and will be saturated with companies vying for everyone's dollar and they will make promises that may even technically be true while giving people a false sense of privacy/security. It doesn't mean everything they market in terms of features is inherently pointless, because those features may matter WHEN combined with other considerations, but yes marketing can blow them out of proportion by making services sound like some magic privacy cure-all
I still think a lot of it comes down to privacy/security-literacy. I think even when marketing has restraint- people want a magic pill. People make assumptions and have unreasonable expectations all the time. So, people will sometimes think they're getting more benefit than they are. I think using something like Proton mail might incrementally help one's privacy, simply just for the fact that they at least have slightly less info to give up than another service would. Does this tangibly mean much when metadata can be tied to you, and if you're mailing addresses outside of Proton, those messages are easily captured elsewhere? No. It does mean if two people want to converse strictly from one Proton address to another there's some extra privacy there potentially.
But yeah, if you're not considering every other factor involved and mitigating those (payment providers, IP logging, other vectors for your data to be obtained and linked to your identity, etc), it might not do much for you on its own. Especially since Proton does give up the information they do have when they're legally required to do so. This includes "backup/recovery" email addresses, payment stuff, etc. I think one has to look at a private email service like "one step of many" in an entire security/privacy process and yeah a lot of people don't realize that.
This topic may interest you, I asked other Tildes users abozt paid e-mail providers and personal experiences with them. There isn't just Proton, there are others that may work for you (or not).
I joined Proton back in 2017 using their free tier, but didn't switch to using it as my primary until around 2020. As others have mentioned, it's mainly about getting out of the hands of companies like Google and Microsoft, and having my email encrypted (even at rest) means I know that Proton isn't scraping my emails for data. I've started paying because the increased benefits are nice, plus it helps keep the free tier available for new users (and I'm grandfathered in on a lower price).
I think your threat model is oddly skewed. It seems that you're concerned about governments and "data brokers" hunting you down specifically, which isn't really what they do. They connect the dots between visible identities, but unless you've made yourself a target they're generally not hunting down individuals' data to fill in gaps. If you're actively getting hunted down, then Proton or other publicly-available mail services are not your best option.
Individually, switching to Proton (or any other private mail provider) will only close some gaps. However, it's a step, and an easy one that most people can take. It's a single layer of privacy for an average individual, not an end-all solution for all problems. As the saying goes: if someone want to Mossad you, you’re gonna get Mossaded.
I use Runbox. I did used to use Proton but their encryption necessitates using their own client software or the ridiculously unreliable (at the time, for me) desktop bridge software.
I also wanted to get rid of google, and I did, but for me, the technical cost of Proton Mail was just too high. So I went with Runbox email, and my own domain. For me this was the right mix of privacy and usability. There's always a trade off somewhere.
It did take a long time for me to get all accounts migrated to new emails (email as login identity can get in the bin, frankly). And I was never quite sure I got them all so the old gmail is still there, collecting spam.
Plug for mxroute. It's reliable and relatively inexpensive if you want to host a few accounts on a lot of different domains.
Whatever service you choose, while you're going through the trouble to change your email address, you should register a domain and set it up with the new service before you make the switch. This way, you will not be tied to a service provider in the future. You just set the accounts up on the new service, change the mx records to point month to the new server, wait about 3 days for dns propagation, migrate the old mail to the new server, and shut down / cancel the old service. Externally there's no change. People still email you at the same address.
Relevant to your discussion of using + addresses with @creesch, an even better solution (which mxroute supports) is to set up subdomain with a catch-all rule that forwards all mail into a single mailbox. Then you use the source as the part before the @. Example:
You register example.com and set up joe@example.com as the address you use for corresponding with other humans.
You make a second account called ads@example.com, then you configure MX records for the subdomain ads.example.com.
You configure a catch all rule with the mail provider to route all mail addressed to (anything)@ads.example.com into the ads@example.com.
You turn off all spam filtering (client and server side) for the ads@example.com account.
Everything will show up in your ads@ account, separate from your real correspondence.
Because your spam filters are off, you won't lost important notification emails. If you get phished or start getting spam, its easy to tell what address was leaked. For example, I got bank password resets sent to zappos@ads.example.com, so I knew they were not legit. I canceled my zappos account, signed up again with zappos2@ads.example.com, then I go into the mail config and set zappos@ to :blackhole:. You can do this with any address where unsubscribing doesn't work as well.
You almost never need to reply to the commercial emails, just click links or copy codes. A few times, I have set up aliases so I could send mail from one of the @ads.example.com addresses, but this is rare, probably 3 times in 25 years of using this method.
This is superior to the +name method because it doesn't leak your real address, and you can easily block individual aliases. There are devices that provide this, but unless them use your own domain and have a way to export all the message mappings, you can't easily migrate off of it. Thus method works by default as soon as you configure it on a new provider, and all you need to migrate (if you want) are your black lists from the old server.
Also, there are almost no spammers guessing addresses on second level domains. For example, I'll get someguy@example.com spam where people are just testing to see what addresses are active. I finally had to turn off my catch-all on my top level domain because of it. But I never see someguy@ads.example.com spam because there's simply too many second level domains.
I have had a Proton Visionary account for about 7 years now.
With Gmail, since it was free, I wasn't really the customer, I was more the product. The amount of data Google could collect about me and potentially monetize from just scanning my e-mails is huge - everything from very detailed financial information, shopping habits, my social network (people I interact with) - I don't feel comfortable with Google having all this information about me, and do not trust how they might use this information or who they might sell it to and for what purpose.
There were also cases of people being locked out of their Gmail due to interacting with other parts of Google, like Youtube. And if that did happen, it was next to impossible to get access to real support from Google to try to regain access. It even happened to high profile people, who managed to get their Gmail restored by using their social media reach, but for a regular person like me, if something happened to my Gmail account, even accidentally, I would be pretty screwed, and possibly with no recourse.
So my solution was to move to a service where I pay for e-mail - Proton is a much smaller company, and I am the paying customer and can access customer support if something goes wrong. I also moved everything to my own domains, and backup all my mail locally as well, so that even if somehow I was locked out of Proton (which has happened to people as well, this is not a Google only problem unfortunately) I could easily recover. It took some time to move everything over (several years), but overall I feel much better now having done it and not depending on Google for my e-mail.
I do trust Proton to not read my mails and build a profile of me based on them - this is the main aspect of privacy I care about.
I also use the Proton VPN and Proton Drive, since they came free with the Visionary account - these services are a nice bonus.
Weldawadyathink | a day ago
I can’t really speak to the privacy aspect, but if you just want a Gmail replacement, I can highly recommend Fastmail. I can also recommend getting your own domain, so you can seamlessly port your email to a new provider.
Personally, my threat model is just « please don’t do really creepy things » which fits Fastmail well. If a government wanted to find me, there is nothing I am doing to successfully stop them. Fastmail also support open standards in a way that protonmail has not, at least in the past. I was using proton during the poor launch of their imap bridge software. Even if it works now, having to use a bridge software is a clunky workaround. Fastmail just supports imap out of the box (and the newer jmap standard).
TurtleCracker | 22 hours ago
Moved off of Gmail and into Fastmail a few years ago and haven't regretted it. I use the masked email feature all the time.
itsthejoker | 4 hours ago
Same, and the ability to have unlimited domains linked to one account has been a life-saver for adding "professional-looking" email addresses to projects.
BrewBit | a day ago
+1 for Fastmail. I have been using them for a few years now very happily. They also integrate with 1Password for 1-click email alias creation. Their support is amazing as well if you run in to any issues.
goose | 20 hours ago
BitWarden, too!
j3n | 23 hours ago
This is where I landed as well. I gave Proton a shot first, but I found their apps to have an unacceptable amount of jank and I just don't have a need for the features that differentiate Proton from a theoretically less secure BYO domain email host.
creesch | a day ago
Proton, to me, seems like a lot to simply escape the grubby hands of google and having a bit more privacy in the process. It also feels a lot like vendor lock-in considering how a lot of features are not necessarily standard.
That's not to say they don't provide value to some people. But to me it also did seem too much. So what I went for instead is getting my own domain and host my mail on mailbox.org. For similar reasons I am also not always behind a VPN and have limited my extensions in the browser to just uBlock origin and Privacy Badger.
But to more directly answer your points
tl;dr I think trying to be entirely anonymous isn't possible without jumping through a lot of hoops. To the point that to me it is more about reducing the way my data can be abused and giving me at least some reasonable tools to lessen the impact of data being leaked.
pallas | a day ago
Unless something has changed recently, this isn't really the case. Proton, unlike Tutanota, does use standard PGP, and they are interoperable with PGP generally. They make it a bit annoying, but you can send and receive PGP-encrypted emails with correspondents who are not using Proton: the annoyance is that if I recall, you need to pretty much add each public key manually to contacts in your address book under "advanced PGP settings". Also annoyingly, they don't really have any way of accessing emails with the encryption still there: their bridge decrypts and encrypts automatically. However, you can export both your public and private PGP keys, and could put your key up on a keyserver for others. In principle, if you're using your own domain, you could migrate off of Proton entirely, while keeping the same keys.
teaearlgraycold | 19 hours ago
I correspond with one person using pgp and it was very easy. Honestly so easy I had to check the raw email to confirm it was encrypted.
[OP] CrypticCuriosity629 | a day ago
Honestly I really like the idea of mailbox.org, and they do have encryption as well. I already have my own domain, so I might actually look into that. But it also begs the question of what make Proton different than doing what you're doing?
I guess I'm just struggling to see the appeal of Proton.
Yeah I do like the idea of privacy even without sensitive information, but at the end of the day that doesn't give me any peace of mind since I'm not doing or discussing anything illegal anyways.
Yeah I remember reading that, and the thing is Proton allows you to pay with cash by mailing cash to them with your account details. Which is great, but again doesn't address the other ways you can find identity if that's something you're worried about.
So I already use '+' symbol with my gmail when I sign up for things for that exact reason, that and data leaks.
So yeah all of those accounts just by existing as something I signed up for, are already linked to my old email or information.
And I do plan on using a service like Insigni soon, one that sends data removal letters to data brokers, but then I have to ask myself, if I use aliases in the future, will I not be able to easily request data to be removed that are tied to those aliases? Have I just made it even harder to remove my information?
creesch | a day ago
I think you are too hung up on an abstract concept of databrokers to be honest. To me it is simple, if I get spam I want to see where it comes from and be able to block it. Aliases allow me to do so and also determine what services I should stop using if it appears they are selling my data. Hacks and data leaks are also a thing, but then I expect services to be transparant and report my data is out there (required by EU law actually).
I honestly don't think it is possible to get your information removed from data brokers. Certainly not the shady ones. So that part of using my own domain and having my mail hosted elsewhere never has been part of my reasoning.
My bigger reasoning was not wanting to have all my eggs in one basket stored at Alphabet/Google HQ. Having my own domain keeps google's grubby fingers off my data but more importantly allows me to switch mailhosting providers as I don't want to risk being locked out just because Google decides so for whatever reason.
And no, I don't think proton necessarily does provide anything meaningful to you other than being a mail hosting service. Which can be enough, but there are also other parties out there.
[OP] CrypticCuriosity629 | a day ago
But see, I already do that by adding a '+' to my gmail addresses I use to sign up for things, like this for example: "example+tildesnet@gmail.com"
It's probably impossible to get rid of everything, but most data brokers have avenues for requesting removal, but the problem is they'll just harvest your data again or collect it again from another data broker who still has the information you requested.
As I said, I've been looking into
InsigniIncogni and other similar services that automate the removal requests and track the progress of them, then continues to monitor and send removal requests if your data pops back up. Might not be perfect, but it would probably reduce a very large amount of one's data being out there.Edit: I've been saying Insigni, but I really meant Incogni. haha
creesch | a day ago
Well yeah, but it is trivial for spammers to remove the
+additionbit and know you will still receive the mail. With aliases that isn't the case.As far as Incogni goes, I feel like the service they offer is actually more of a "aesthetic front" compared to the services Proton offers. I am sure they are good at pestering legit databrokers within areas where they have to comply (so those based in the EU and other areas of the world with decent privacy laws). But I also firmly believe that most shady databrokers are located in other parts of the world where no such laws exist.
As an example. I am often mailed by shady recruiters on a private mail address. Which at one point was the address I used for linkedin and that was leaked in 2016 there is simply no legitimate way to get mail address other than from brokers who are already not following the law.
DeaconBlue | a day ago
This is incredibly straightforward to sanitize and won't actually do anything.
kari | a day ago
+1 for mailbox, I've been with them for a few years and really like the service for the cost.
teaearlgraycold | a day ago
I use proton mail mostly because it’s not Gmail. It’s nice to have built in pgp encryption for talking to people that also have that set up. And if you are emailing other proton users it’s much more secure than that as the message never leaves their servers.
I would recommend self hosting your email if you are really this interested in privacy and control. It will however be a huge hassle. And you’ll need to purchase a domain name which isn’t anonymous. So maybe get a friend to buy one and you tell them what records to add.
[OP] CrypticCuriosity629 | a day ago
As I said, it's less that I'm concerned with privacy, and more that their marketing points don't make sense outside of what I'm calling "Aesthetic privacy" which is things like encryption, which if you're not doing anything illegal or working with a lot of high-level confidential information over email, then it's more of an aesthetic "peace of mind" feature than it is a functional and useful feature for the average person.
Which I get it if that's your thing, I appreciate that kind of thing too, but it's not going to drastically change my day-to-day life or make me feel safer or more comfortable with Proton over Gmail over instances where encryption would matter.
Like if the US government subpoena'd my non-encrypted Gmail tomorrow, I wouldn't be worried because there's nothing in there that would get me in trouble. And if there were I'd be more concerned with the sender/reciever/timestamps than I would the body content.
creesch | a day ago
Eh, here I do have to disagree as you are now, very aesthetically, are pulling a "I have nothing to hide" line. Which is is a a bit of a fallacy in itself.
[OP] CrypticCuriosity629 | a day ago
I guess my outlook on privacy is that it's something I'd prefer and seek out but it's not a compulsion.
I had a roommate who absolutely REFUSED to tell me where he got his COVID vaccine when we were living together in 2020, and I didn't even want to know that badly I was more trying to see if I could go to the same place so I'd know what to look for. He did a lot of things like that, I'd ask him what he did that day and he'd be incredibly vague about details, like won't tell me what grocery store he went to, just that he went shopping. Half the time I didn't even care that much, just was curious. When pressed he said he just valued his privacy.
That's something I just didn't and still don't understand, privacy for the sake of privacy. It's fine, no judgement, everyone has a right to privacy and I'm not arguing against that, the kind of compulsion he had to be private is just not something I personally understand.
I DO understand privacy to be in control of the access to personal information, and if you're handling confidential information or doing anything illegal, privacy in that regard serves an actual functional purpose. Like I wouldn't want an email service that just puts my information out on the open internet either.
So I DO see the appeal of something like Proton to someone like my old roommate. But if you're not just private for the sake of being private AND not doing anything clandestine, I don't see the huge benefit.
I hope that makes sense.
0x29A | a day ago
I think privacy for the sake of privacy, even if one can't understand its applicability in that form, is a principle that is worth protecting on its own, because then it's available for any particular situation where it's needed, and the situations in which it is beneficial or useful are a wide variety, and sometimes complex or not obvious. Sort-of an idea of "it's better to err on the side of privacy". Some people I think freely offer up too much information online because they don't understand the implications of doing so. I don't know your roommate, but maybe at some point they (or someone they knew) were burnt in some way by others having some details of their life and that has made them more guarded now
But that's all tangential to whether an everyday user less concerned about it should move to or sign up for services that claim to provide it. I more think that everyday users should be aware of how what they're currently doing or what they're currently using could be impacting their privacy more than they would be comfortable with, and the limitations of what they can protect and how. I think people should be privacy-literate, but the levels of usefulness of "private" <product/service> will differ depending on the person (and on what said product/service truly provides)
For me, I moved to Fastmail, not because it's private or even a privacy service at all, but because I wanted out of the hands of Google and I'd rather be with a company where I'm not the product (and importantly, use my own domain, so that I can change email providers at any time while keeping the same address, instead of being permanently tied to a particular company). No ads, I pay a small amount, no AI, etc. I don't want Google vacuuming my email into their AI systems, I don't want them to serve ads based on the content of my email, and I wanted away from their ecosystem entirely, especially for things like email.
That said, I probably think and care about it a lot more than an everyday user, just because I'm tech-savvy and have a lot of thoughts about how companies use our data and so on. Would anyone in my family care nearly as much? Nope.
And you are right that using Proton mail on its own is not really going to impact your privacy much, at least in terms of not having an account or IP or whatever tied to other things. It's true that the web is a clusterfk of a privacy mess and having a more private email won't solve it.
[OP] CrypticCuriosity629 | a day ago
Haha Don't get me wrong, I understand how important privacy is especially online. That's a fight I'm currently very passionate about, so don't take this as me saying privacy doesn't matter.
It's one thing to offer up personal or private details in public online spaces, but it's another thing entirely when talking about encrypting the body of an email and how tangibly useful that is to the everyday person outside of the peace of mind and personal satisfaction of it being private.
steezyaspie | 4 hours ago
It’s not, particularly. It will potentially make you slightly less vulnerable to having your identity compromised or theoretically being blackmailed; but probably not much less vulnerable, given how large of a digital footprint nearly everyone has - willingly or not.
It’s realistically just about how much that marginal difference means to you. It sounds like the answer is “not much”, which is totally fine! It’s a personal decision regarding your risk tolerance, what you consider “secure enough”, etc.
steezyaspie | 4 hours ago
This is a bit of an aside.
I completely understand being principled about valuing your privacy online and in person, but not even being willing to discuss which grocery store you like with someone you live with is bizarre.
I do think it’s important for everyone to maintain a certain level of privacy in your email/communication though.
It’s the difference between sending a postcard and a sealed letter. You wouldn’t send a deeply personal message via a postcard, where anyone can read it, right? A private email service is like having that sealed letter, except vastly more secure than a paper with some glue on it.
I will say, I don’t use Proton mail, but I get it.
teaearlgraycold | a day ago
I'll add that Proton does a good job at blocking email trackers. Gmail does not. I know a previous employer used a tracker to tell when their emails were opened by me during my time interviewing, and was told that of all the people involved mine was the only one where they had no notifications of the emails getting opened.
[OP] CrypticCuriosity629 | a day ago
Interesting!
papasquat | a day ago
I agree with you, which is why I didn't go with protonmail.
Email is not a secure form of communication. It cannot be made into a secure form of communication without jumping through a lot of hoops and fundmentally breaking large portions of how email works, and it shouldn't be used as a secure form of communication.
As soon as your message leaves protons servers, it's cleartext smtp, just like any other email message. Anyone that intercepts it can read your whole email, including metadata.
Sure, you can do pgp, but realistically, who are you talking to with pgp?
If you need secure communications, use something other than email.
If you want an email provider that just doesn't harvest your inbox, in my opinion, there are other providers that are better alternatives than proton.
kovboydan | a day ago
Pay for Proton for the VPN and get email with aliases, a password manager, and cloud storage “for free.”
(1) Yeah, for 99.9% of the emails you’d send and receive there’s no difference.
(2) I feel like you’re over thinking it, maybe, but yeah if you’re like the dude in Georgia it’s a speed bump.
(3) That site might have whatever data they collect but Google doesn’t have all of it, in theory anyway. Or Microsoft. Or whoever else is providing free email at a volume that matters? And you’d be browsing using the VPN and private mode in Firefox with JavaScript disabled and and and…
(4) Yeah, realistically you’d want to sign up for everything again. But you’d be using that VPN and browsing in private mode and and and…
glesica | a day ago
FWIW I similarly wanted to escape Gmail (and vendor lock-in for email generally) about 10 years ago. I signed up with Fastmail, using my own domain, and I haven't looked back. It's pretty affordable, it integrates well with mobile devices (and they have an app if you prefer that), and I could jump ship to another provider with my domain whenever I want (I do suggest paying to register the domain for the max your registrar will do, just so you don't randomly forget). Fastmail isn't specifically targeted to the security conscious. But, as you pointed out, when you're working with an open ecosystem, the added security is kind of dubious anyway.
pallas | a day ago
Fastmail has the problem that it is not only not targeted to the security conscious, but is Australian. Australia's laws are particularly bad for privacy and security; there was a significant discussion of this around the Assistance and Access bill a few years ago.
Grumble4681 | a day ago
This seems peculiar framing to me, in part because of how you approach other aspects of anonymity and privacy. You completely negate a huge component of privacy by saying it doesn't functionally do anything for you. Now if it were consistent that you only compared about the functional aspect of things, then it would make sense. But in other areas you talk about your advertising profile and aliases being connected and piercing your anonymity. So how is the content of your emails being sold to data brokers or being used as part of your advertising profile not more significant?
Don't get me wrong, I get it, there's another side to those emails. You explained how you sign up for one service and that service can sell your data, so it wouldn't matter if Google knows you signed up on godotshaders.com from the email you receive because godotshaders already sold that information. However, you're also locking yourself into a transaction where you can continue justifying inaction because you lack control over the situation. If your email service isn't selling your data, then you might be more inclined to look for sites/services that also respect your data and don't sell your information.
Regarding 2.) I don't think that type of anonymization is intended for a primary email. If you're trying to evade authorities, you're better off separating actions you suspect authorities would have interest in to designated accounts for those actions.
Regarding 3.) Similar to the initial concern, I think by justifying not switching to a more private email provider, you're locking yourself into a situation where you can justify inaction. The other components that you listed that could tie your alias to your primary email, those are components you could eliminate as being an issue if you wanted, but if you keep Gmail, you wouldn't be inclined to because Google still then would have all your data and nothing else you do matters. Mullvad Browser can beat fingerprinting, VPN can potentially save your IP from being collected, changing browser settings with regards to cookies can defeat cookie tracking. Maybe you won't do any of those things so it feels pointless, but part of why you wouldn't do anything is because it feels like too much work to do it. If you put yourself in a situation where you have to change everything all at once, then of course you'll be inclined to never do it because it's too hard. If you're signing up for godotshaders.com, you're not going to stop everything you're doing to do this and sign up for Proton mail or any other service, then go get a VPN, then download another browser, and so on, just to sign up for godshotshaders. But if you already have the email part sorted out, and later on you switch your browser, then sometime later you set up a VPN, eventually you can reach a point where everything you sign up for is more secured and anonymous without it feeling overwhelming to do so. And what's more, you might feel more empowered to pick and choose what services you sign up for if you have all your other bases covered and you're simply worried that one service doesn't respect your data or privacy.
all_summer_beauty | 22 hours ago
This was the biggest thing for me—you gotta start somewhere. Part of it involves an appreciation of delayed gratification, but the more practical fact is that you simply can't do it all at once. Privacy isn't a house you build in a day, you do it one brick at a time until eventually you've got a home.
[OP] CrypticCuriosity629 | 22 hours ago
Again, I want to be clear that me talking about privacy within this topic is entirely within the context of Proton and encrypted emails, SPECIFICALLY about Proton's marketing gimmicks around privacy.
It is not talking about or even intending to touch upon broader or overall importance of privacy in our world today. That's an entirely different conversation, one where I would put money that our opinions would align on.
But in this context I'm asking what the appeal of Proton is considering that Proton's advertised privacy doesn't actually make anything significantly more private or useful for the average person. The two things people are generally most concerned about privacy wise is data brokers and governments, which are two aspects Proton and people who advocate for Proton bring up as selling points, which is where the focus on those two came in.
I speak about functionality because Proton is a product that I would be paying for, and as such I expect to be able to compare how Proton helps me functionally over alternatives. Not just so I can have brownie points that I'm using a "private" email.
In general I am privacy conscious, I use uBlock origin, NoScript, Facebook Container, Trackmenot, and practice privacy focused habits, I use a VPN, etc. I want to move away from Gmail for exactly that reason. However I am smelling a lot of snake oil coming from Proton's marketing and advertised features, as most seem to be about "Aesthetic privacy".
And I guess that's the crux of the purpose of this post, and my opinion for that matter, that I think you're missing, is that I'm all for ACTUAL privacy when it's actually protecting users, but Proton seems like "Performative Privacy" or "Aesthetic Privacy". Where sure, it's more private than gmail, but for everything where you really want your privacy to matter in a way that could tangibly affect your life, it's sort of useless.
For instance, the appeal for using Proton to me would be if they operated like logless VPNs, if they just kept zero data to give to any governments upon asking, that ENTIRE email accounts from the ground up were encrypted, including metadata stored in that account, so they couldn't get any information to connect a real person to an email even if they wanted to. THAT would make me take them seriously when they try to sell me privacy.
To be metaphorical, I feel it's kind of like someone trying to sell me invisible ink to write letters by telling me it'll be more private than normal ink. Like sure I'm sure it's more private than normal ink in the mail, but I can't write the return address and recipient address with invisible ink. So it's still not entirely private, and what exactly am I protecting to justify writing every letter with invisible ink other than upholding the general concept of privacy?
Also, please don't mistake me arguing against Proton as me arguing FOR gmail. Haha I'm here because I'm looking for a gmail alternative. I'm not even trying to argue against proton, things just aren't jiving between my understanding of privacy and Proton's advertised "privacy".
Currently though I think there are better ways to be private than Proton and some people have offered some really good suggestions I'm looking into.
0x29A | 21 hours ago
I think others (myself included) went off on privacy-related talk because it's hard to avoid on a topic like this. In describing your questions/concerns about "what does Proton actually offer me", you touched on a lot of key ideas when it comes to privacy/security which have more general implications and Proton is a drop in the bucket overall of considering products/services of varying usefulness.
I guess if you want a simple focused answer to the question overall: yes, for a normal everyday person, Proton Mail (and many other services for that matter including VPNs, etc) have an abundance of marketing about privacy that ultimately may not have a material effect on your privacy on their own. Proton is certainly not alone in this. Security/privacy is a market and will be saturated with companies vying for everyone's dollar and they will make promises that may even technically be true while giving people a false sense of privacy/security. It doesn't mean everything they market in terms of features is inherently pointless, because those features may matter WHEN combined with other considerations, but yes marketing can blow them out of proportion by making services sound like some magic privacy cure-all
I still think a lot of it comes down to privacy/security-literacy. I think even when marketing has restraint- people want a magic pill. People make assumptions and have unreasonable expectations all the time. So, people will sometimes think they're getting more benefit than they are. I think using something like Proton mail might incrementally help one's privacy, simply just for the fact that they at least have slightly less info to give up than another service would. Does this tangibly mean much when metadata can be tied to you, and if you're mailing addresses outside of Proton, those messages are easily captured elsewhere? No. It does mean if two people want to converse strictly from one Proton address to another there's some extra privacy there potentially.
But yeah, if you're not considering every other factor involved and mitigating those (payment providers, IP logging, other vectors for your data to be obtained and linked to your identity, etc), it might not do much for you on its own. Especially since Proton does give up the information they do have when they're legally required to do so. This includes "backup/recovery" email addresses, payment stuff, etc. I think one has to look at a private email service like "one step of many" in an entire security/privacy process and yeah a lot of people don't realize that.
Pavouk106 | a day ago
This topic may interest you, I asked other Tildes users abozt paid e-mail providers and personal experiences with them. There isn't just Proton, there are others that may work for you (or not).
Banazir | a day ago
I joined Proton back in 2017 using their free tier, but didn't switch to using it as my primary until around 2020. As others have mentioned, it's mainly about getting out of the hands of companies like Google and Microsoft, and having my email encrypted (even at rest) means I know that Proton isn't scraping my emails for data. I've started paying because the increased benefits are nice, plus it helps keep the free tier available for new users (and I'm grandfathered in on a lower price).
I think your threat model is oddly skewed. It seems that you're concerned about governments and "data brokers" hunting you down specifically, which isn't really what they do. They connect the dots between visible identities, but unless you've made yourself a target they're generally not hunting down individuals' data to fill in gaps. If you're actively getting hunted down, then Proton or other publicly-available mail services are not your best option.
Individually, switching to Proton (or any other private mail provider) will only close some gaps. However, it's a step, and an easy one that most people can take. It's a single layer of privacy for an average individual, not an end-all solution for all problems. As the saying goes: if someone want to Mossad you, you’re gonna get Mossaded.
trim | a day ago
I use Runbox. I did used to use Proton but their encryption necessitates using their own client software or the ridiculously unreliable (at the time, for me) desktop bridge software.
I also wanted to get rid of google, and I did, but for me, the technical cost of Proton Mail was just too high. So I went with Runbox email, and my own domain. For me this was the right mix of privacy and usability. There's always a trade off somewhere.
It did take a long time for me to get all accounts migrated to new emails (email as login identity can get in the bin, frankly). And I was never quite sure I got them all so the old gmail is still there, collecting spam.
first-must-burn | 21 hours ago
Plug for mxroute. It's reliable and relatively inexpensive if you want to host a few accounts on a lot of different domains.
Whatever service you choose, while you're going through the trouble to change your email address, you should register a domain and set it up with the new service before you make the switch. This way, you will not be tied to a service provider in the future. You just set the accounts up on the new service, change the mx records to point month to the new server, wait about 3 days for dns propagation, migrate the old mail to the new server, and shut down / cancel the old service. Externally there's no change. People still email you at the same address.
Relevant to your discussion of using + addresses with @creesch, an even better solution (which mxroute supports) is to set up subdomain with a catch-all rule that forwards all mail into a single mailbox. Then you use the source as the part before the @. Example:
Because your spam filters are off, you won't lost important notification emails. If you get phished or start getting spam, its easy to tell what address was leaked. For example, I got bank password resets sent to zappos@ads.example.com, so I knew they were not legit. I canceled my zappos account, signed up again with zappos2@ads.example.com, then I go into the mail config and set zappos@ to
:blackhole:. You can do this with any address where unsubscribing doesn't work as well.You almost never need to reply to the commercial emails, just click links or copy codes. A few times, I have set up aliases so I could send mail from one of the @ads.example.com addresses, but this is rare, probably 3 times in 25 years of using this method.
This is superior to the +name method because it doesn't leak your real address, and you can easily block individual aliases. There are devices that provide this, but unless them use your own domain and have a way to export all the message mappings, you can't easily migrate off of it. Thus method works by default as soon as you configure it on a new provider, and all you need to migrate (if you want) are your black lists from the old server.
Also, there are almost no spammers guessing addresses on second level domains. For example, I'll get someguy@example.com spam where people are just testing to see what addresses are active. I finally had to turn off my catch-all on my top level domain because of it. But I never see someguy@ads.example.com spam because there's simply too many second level domains.
ylph | 20 hours ago
I have had a Proton Visionary account for about 7 years now.
With Gmail, since it was free, I wasn't really the customer, I was more the product. The amount of data Google could collect about me and potentially monetize from just scanning my e-mails is huge - everything from very detailed financial information, shopping habits, my social network (people I interact with) - I don't feel comfortable with Google having all this information about me, and do not trust how they might use this information or who they might sell it to and for what purpose.
There were also cases of people being locked out of their Gmail due to interacting with other parts of Google, like Youtube. And if that did happen, it was next to impossible to get access to real support from Google to try to regain access. It even happened to high profile people, who managed to get their Gmail restored by using their social media reach, but for a regular person like me, if something happened to my Gmail account, even accidentally, I would be pretty screwed, and possibly with no recourse.
So my solution was to move to a service where I pay for e-mail - Proton is a much smaller company, and I am the paying customer and can access customer support if something goes wrong. I also moved everything to my own domains, and backup all my mail locally as well, so that even if somehow I was locked out of Proton (which has happened to people as well, this is not a Google only problem unfortunately) I could easily recover. It took some time to move everything over (several years), but overall I feel much better now having done it and not depending on Google for my e-mail.
I do trust Proton to not read my mails and build a profile of me based on them - this is the main aspect of privacy I care about.
I also use the Proton VPN and Proton Drive, since they came free with the Visionary account - these services are a nice bonus.
Eji1700 | 21 hours ago
I have proton(mail, pass, vpn) since my brother pays for the family plan thing.
It's fine. I have some complaints, but it keeps me out of google. In my case it's not so bad I'm going to say "nah i don't want to split the bill".
moonwalker | 3 hours ago
I think you are correct on all accounts. That being said, perfect is the enemy of good.