Is Protonmail Safe for Security and Privacy?

I will dedicate the live stream this coming Friday 8pm Pacific to analyzing the many choices you can make with email. There are too many possibilities in email and it depends on how much risk you accept.

How do I know you aren't a government agent trying to get me to your email service?

Yandex mail is safer if you are not an enemy of Russia. I use Yandex, Gmail and Proton. But I prefer Yandex.

I'm guessing alternatives to sending emails like Slack are also read by the provides but not affecting by SMTP?
Thx for the video! Guess I'll be hiding in plain sight w/ google

I assume such claims aren't true if it involves an internet connection even a tiny bit, haha. Anyway, I use Protonmail, and Hotmail. Protonmail is only really used for a few account registrations and such - but I have a Hotmail account for 25 years - still the same one, so I assume my privacy is totally compromised either way, haha.

I don't LIKE it and I don't CONDONE the breach of privacy, and I certainly don't accept it, but I also acknowledge the net is wide.

Thanks for the video. I've run my own mail server for a long time. It is not for the technical illiterate or easily frustrated. While maybe you touch on this point in other videos, just because some traffic is unencrypted doesn't mean that the attacker necessarily has access to it. Yes, you should assume they do. Yes, there are lots of vectors. But things aren't as bad as they used to be, monitoring local switched LAN traffic is not the same as sniffing a shared bus, for instance. The parties involved would have to be complicit, like ISPs providing access to it on either end, or high speed interconnects being watched. If we're saying that bulk email collection is happening even nationwide, beyond just metadata, then storage, indexing, and search becomes a real issue. I'm just saying that raising the bar of your understanding, general opsec, and taking some precautions goes a long way in thwarting practical attacks. In general, if you piss off an unlimited budget attacker, you've got problems beyond SMTP being unencrypted by default.

I lost a Protonmail account when I updated my icloud password.
I updated my icloud password inside an ATT retail store in Bishop, Ca- using ATTs in house computers and phones.
My Protonmail account was then stolen and upgraded to a business account using the same bank account I used to pay for my ATT contract phone.
Then my Redbubble account was stolen...then my Linked In account...then Facebook page. ALL from a breach inside an ATT retail outlet and there is more...

perhaps this is possibly the same reason why Jet shout down vampirefreaks as a gothic profile site, and just focused on poser goth, emo, sine kid retail site, the grandfather of profile sites before myspace and modern socal media

Ladies and Gentlemen, the truth is that pretty much anything that has been developed up until 2023, be it opensource or closed source, if it is for the general public - it is not anonymous by itself. I never seen a software which could by itself provide anonymity, as even if it is encrypted, if glowies are monitoring on at least one end (which is usually what they do) or even at the middle, they can distinguish who is communicated with what. Moreover, if you could feed solid AI system with all packet contents AND metadata, then train it to separate noise, I'm sure it could come up with the actual content, the reason behind is because no software is generating so called "cover traffic", so a message could be 5 packets EVERY SINGLE TIME and work spoken by humans with various tones could also be certain amount of packets and if you add already that you know which cipher is being used and few more other things which I don't want to mention (but they are well known), you don't need to decrypt anything using old math way, because you can have what you want in just a different way. This my friends is not a delusion, but a reality we live in. Welcome to 2023, welcome to Orwellian Nightmare

Most of these other mail systems is that they are Browser based and that is a HUGE NO NO for me i use a dedicated mail client on the PC i also am only interested in SMTP/POP . I also refuse HTML mail only accept plain text attachments are not automatically stripped and opened .
Err you can do that using SMTP/POP just set the clients NOT to delete mails when read only set that switch on one client .

My greatest concern for security is not the prying eyes of our governments, it is use of my personal information and time to make other people money.

If you want privacy dont use email.

What about vivaldi email? Thx Rob.

No one talks about this because it’s not true. Nearly all MTA’s use TLS on port 25, where the message body is absolutely encrypted. This isn’t SMS or smtp 10 years ago. The message header isn’t encrypted because it’s needed for routing, but the body absolutely is.

thanks!

I am using Startmail, on my IMac. Now when I want to use dictation in the program "Notes" the system wants to use startmail login and password, should I be concerned? Thank you. I pay 6.00 a month for this e-mail service. Think of changing my e-mail server.

I was only an exchange admin and I can tell you running your own email server is difficult for sure.

I was using gmail for the longest time... now i switched to proton mail but it seems the government can always spy on us! This is criminal!
Amazing video man.. liked and subscribed! Btw have you guys known that when you go and buy a laptop or just any pc... it always comes preloaded with WINDOWS.. the worst bill gates product! LINUX is the answear! im getting one of those !

John McAfee is a weird dude I don't trust offhand. US companies that shut down is a bit different for what companies in other countries can do. The question is whether ProtonMail is better than many other alternatives. And despite email being old it is still used for a LOT. Is MTA always port 25 and plain text or does TLS etc change this? 100% disagree that it is better to not even try or be wide open to not be paid attention to. That is the ridiculous and dangerous suggestion. Yes, I have something to hide, that is stuff I don't want everyone and anyone to know. EVERYONE DOES! This nothing to hide stuff is pernicious bullshit. The question with my own server is if that server and its ownership is traceable to me then government just needs to hack or grab that server which they aren't shy about. Why not simply drop IMAP and use a modern version of POP where there is nothing that stays on the server, metadata or otherwise and the POP stuff is delivered encrypted? Home server device say on a PI could make the mail privately available on other devices from there. If not then why not?

So, then what email provider is relatively safer?

I just had an email hack. Never thought it would happen to me but they probably did a brute force of my password to get in. I was able to keep the account and set up two factor. They tried to scam me with the information they got. Be careful guys.

No one of the worst paid email

I use ProtonMail, just for fun and stuff.

Answer is NO it's not safe. A kid skipped school and the police just asked protonmail to get into the child's email account without a warrant and protonmail just said yes.

I still remember being stuck with dial-up. It was maybe 20 years ago that was one of the only options here. Of course if there was any alternative it would be expensive and likely not available here. I am thinking to the point that even if you could get it the price was just too high to justify it.

I have heard that messages stored there are encrypted and if you lose your password you are SOL. I don't know how secure it really is. There is also ProtonVPN but how secure is that too?

Who the hell uses "SMTP port 25" have you never heard of STARTTLS and SMTPS?

Thank you

TY.
280123/

thats why google investing in translation of any language

All email should be considered public-facing. Save your privacy for private messengers, or in person.

I'm embarrassed to ask - but does anybody know an email-provider that includes a sense-able recovery-method? By that I mean a method of recovery that does not allow to change the internal data with the fucking password, when the mail-address got hacked. Or in other words: When I put up a phone number to recover my account, I do not want anybody to change the telephone number without having access to the phone, but only the password. The same goes for secret questions, you can change without actually having the answer to it, or "recovery codes" that can be accessed inside the mailbox by simple putting in the password again. So I want a recovery method as a second line of defense. I'm really glad for any helpful answers I can get.

🤔 ..so, it's back to the pigeons than..

Can you do a video on Lavabit?

The answer to these questions is quite simply NO IT IS NOT SECURE OR PRIVATE AT ALL!!! and in case you people still do not quite get it yet PRIVACY DOES NOT EXIST!!!! the government ect can snoop into our private lives and business as much as they like BUT DON'T DARE DO IT BACK TO THEM OR THE HOUNDS OF HELL WITH COME BASHING YOUR DOORS IN!!!! all you need to do is look at how many messages & e-mails ect you get from all of these marketing companies you have never heard of and not applied for information from to prove beyond any doubt that your personal mobiles, computers, Facebook, e-mails ect are constantly being snooped into and hacked by these governing bodies, these people are THE PUREST SCUM OF THIS EARTH AND NEED TO BE PUT TO DEATH!!!!

these videos are so good!

What about Eprivo Encrypted Email? Any comments would be appreciated. This app has been out for a while now - but why no reviews on it. It sure looks pretty good and secure and has some good features…

after watching this i feel lost as to what email sever to use

I'd believe you if that brax site was decentralized.

His what service? Brackmee what?

Unless someone uses encryption such as PGP for all their e-mail, I don't believe they are serious about encryption. All they are doing is whining like little babies.

A few years ago, I set an e-mail account of mine to only accept message that was encrypted with PGP. Everything else was deleted automatically. That was a major success in getting rid of spam, but not so much in getting people to encrypt their e-mail to me.

Might it be time to do another review, or has nothing changed Rob?

When I watch your videos I start thinking that there is no way to keep my privacy and protect myself; just let the Big Tech do whatever they want to do with my data. Your content is very informative, but combined with a huge factor of fear!

.Protonmail is the WORST email service!

Encryption is a pain, but if you give other users decryption keys, then Protonmail, Tutanota, etc do offer a lot more security. There marketing is true given that one caveat. Tutanota does not use PGP so they can encrypt the subject line (and they say they are looking into ways to encrypt other metadata). Yes, almost everything you are sent likely is being recorded somewhere so shopping privacy is nil, but at least the mail company isn’t involved - you’re reducing the number of people who have access not eliminating it altogether.

I'ts 2022 and maybe some viewers don't want to go through old comments but nowadays, technically, MTA to MTA traffic can be encrypted if both mail providers agree to do so. Encrypted POP/IMPA/SMTP is possible between MTAs. I think the video requires an update.

Whether or not mail providers do so correctly is another story.

And also, even with encryption in transit, I'd assume mail provider can read all emails I've sent/received despite what they say - if this is technically possible, assume they are doing this.

I have been looking for a reliable service for communication for a long time and now I recommend the Utopia and uMail ecosystem to everyone. Peer-to-peer network, a new type of data encryption, anonymity are the main advantages of this project.

Most companies we do business with want an email to send statements, bills, etc. What email should be used to communicate with who we do business with?