💾 Archived View for tilde.pink › ~shardiame › 2021 › email_indecision.gmi captured on 2023-01-29 at 17:02:07. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
Email has been driving me crazy.
Perfect is the enemy of good.
-- Voltaire
I've been trying to figure out what I want to do about personal email. The rough requirements rattling around in my brain are:
At the moment, I'm considering the following providers:
My initial email account was with Disroot. They provide a handful of internet services (including XMPP and email) without a whole lot of questions. Perfect for bootstrapping that pseudonymous identity. They also provide IMAP/SMTP so I can use native mail applications, and manage my own GnuPG keys. They are fantastic!
However, I don't trust my email at Disroot. It's not that I think they are nefarious (I don't), nor do I think they are incompetent (I don't). From what I understand, Disroot is not a zero-knowledge system and the admins could have access to my email. In addition, securing services is hard and I'd feel more comfortable with a service with a larger dedicated security team. It's not so much that I'm terrified about someone reading my email (if it's sensitive, I'll encrypt it or use Signal or something), but rather that because email is often used for password resets, a compromise of my email account can have other consequences. I would also like to be reasonable protected from a future server breach compromising all of my previous emails.
Protonmail is interesting. They claim to be zero-knowledge and supposedly my email is encrypted with keys that I own. In theory, nobody at Protonmail should have access to my email. I do realize that this isn't perfect:
That all said. I think it's fairly likely that Protonmail isn't malicious. Their business model is providing paid privacy focused email accounts. Much of their platform is open source and audited. They have dedicated security teams. Their model makes me feel fairly comfortable that:
I like their web-based UI, and really like the availability of the Protonmail Bridge which lets me use Desktop MUAs. I like the ability to use custom domains, etc. I can pay them with Bitcoin. They support 2FA (although TOTP and not U2F...).
It's so close to what I want...
But...
The Protonmail Apps for mobile are (sorry guys), not great. They feel second class. They feel buggy. I'll archive messages in the Web UI only to have it stay behind in the mobile app. I am absurdly picky when it comes to mobile apps. I have fallen in love with K-9 mail and I'd MUCH prefer to use that.
I am tempted to run the Protonmail bridge on a Linux box somewhere and allow my phone to connect to that so I can use K-9. I'm worried, of course, that the Protonmail Bridge isn't designed to be exposed on the Internet in that way. Hiding it behind a VPN seems like a pain.
I spent a bit of time playing with Mailbox.org and it honestly looked pretty interesting.
I really dislike the UI and scope of features. I just want mail. It's so busy.
The price is good, but unfortunately they don't accept payments via. crypto. I'm not about to pay them via VISA or paypal (see earlier comments about anonymity).
They do have Mailbox Guard which allows incoming email to be immediately encrypted with a GnuPG key. This gets pretty close to what Protonmail offers but has the advantage of allowing you to use your local MUA to handle message decryption (you can connect via. IMAP and rely on your MUA for decrypting messages).
It's... almost... exactly what I want. I just don't love it.
I know I'm making a big deal out of something that doesn't really matter that much. I'm hung up on making a decision because nothing is perfect.
I think the TL;DR; is:
I think I'm going to go forward with Protonmail as my mail email provider, but I need to think about / resolve the following:
If you have been going through some similar struggles with email providers and have some thoughts / comments, don't hesitate to get in touch!