this post was submitted on 04 Mar 2025
56 points (95.2% liked)
Privacy
34773 readers
401 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
As far as I’m aware, there is a huge difference between these three in that Mailbox.org is not end-to-end encrypted. So if that is an important feature for your use case, that may disqualify them from your options.
However, mailbox can still be encrypted with pgp, and has some built in supports which make this easier.
One problem I had with proton/tuta is that you cannot use a third party app due to the encryption, which you can with mailbox. A problem I have with mailbox is that it does not support fido2 for login or 2fa, which could be a security concern.
Thanks, these are the kind of valid points I'm looking for. I noticed the lack of 2fa when I was registering for the demo, they only asked for a backup email or a phone number...neither too privacy-friendly there. But I guess I can live with that.
Yep, good point.
Email is never "end to end encrypted" outside of layering something else on like PGP- which you could use with any email service.
It is under certain circumstances. Specific to ProtonMail, it is E2E encrypted if you send a message to another ProtonMail user. They also have a feature where you can send an encrypted email to an outside address. I think in that case the recipient gets a link where they can then input the decryption password to read the message.
But you’re right about any email you receive (from a non-ProtonMail address). Those can not be E2E encrypted and are only stored encrypted at rest.
Protonmail uses pgp under the hood. Their encryption was only ever within proton accounts because they had an automatic key lookup system. You can of course add your own keys, but most didn't. Still pgp.
Huge beginner here, but privacytools.io says Mailbox is encrypted? Is it the "end to end" part? How did you find out they're not? https://www.privacytools.io/privacy-email
Mailbox encrypts the email at rest on their servers but with the encryption keys they own. Protonmail, in contrast, uses zero access encryption where they encrypt your data with your public key and they do not know or have access to your private key to be able to decrypt the data even if they wanted to.
Mailbox has a zero access encryption service called (I think) Guard that basically encrypts the email with PGP where they would no longer be able to decrypt your email. But it’s not enabled by default.
That's true once it's received, but it's still processed by proton and now we know they are pro-nazi so who knows what they would do.
You can avoid this with pgp as stated (default for proton to proton messages), but I don't think it's worth considering the at rest encryption at proton anymore.