I’m considering finally jumping off gmail. I’m not going to host my own email since I just don’t have the skill to secure that thing well enough myself. Any mail server I set up would become a botnest within hours. So that has me looking at third party stuff.
Proton has a mostly good reputation, though their CEO’s twitter post a while back praising the Trump regime makes me question if I should trust them with anything. I don’t know enough about the entire situation to know if its just internet drama or a real concern, but anything involving Trump is a huge red flag for me.
Tuta looks pretty nice but I’ve read there are concerns about it being in a country that’s part of the 14 eyes collaboration, so it might not matter what the organization wants if the government of the region they are in says fuck off and do what we tell you.
On the lower end of concerns, I am in the Apple ecosystem. (boo hiss I know). I like the clean and simple built in apps like email and calendar and how the notifications all work across my watch, phone, mac and homepods. I like how safari can just jump in and throw an email alias at things for me. I like how all my stuff is managed. But I also know Apple could piss me off at any moment and make wild sweeping changes I might not like, so relying on them too much could screw me over someday. I dont know, right now I really like their setup but portability does seem to matter more ultimately so this switch does seem like a better idea in the long run, even if I’m giving up features I may enjoy.
What are your opinions on the privacy email and calendar services in 2025? Should I even both with a cloud based calendar in the first place?
You must log in or register to comment.
Personally I don’t think there’s a good e-mail provider, e-mail by itself is unsecure. Most you can do is self hosting one but again that takes time maintaing and can be unsecure if you don’t configure it properly. I just find one that allows me to use IMAP and POP3 ports so I can use any client. But if I had to recommend one I’d say posteo, it’s 1 euro per month or if you don’t want to pay there’s also disroot.
Rent a mail-hotel, set up your own mail there. That’s easy, and you are in full control.
migadu.com still works greta for my private domain. $19/yr plus whatever the domain costs ($1.90 in my case)
I’ve been on migadu for like 2 years now. It’s been pretty solid and I really like all the control and features they give you. I also really like they’re using standard protocols, so no lock in.
Although, they’re missing WebDAV, but I guess that’s out of scope for them. And they don’t have all the privacy features other players do, which I’m ok with.
I have calendars and contacts hosted at northmail.ca, which again doesn’t have the most private/security features, but for me that’s ok. I like that northmail.ca is just a Nextcloud provider. I also tried nubo.coop, another Nextcloud provider, but they were slow for me in the US.
Whichever service to decide to switch to I’d recommend not deleting your gmail, just let it rot, you never know if you need access to that email again.
I jumped over to runbox with my custom domain. It costs me ~10€ per year and I had no issues thus far. IMAP works great which hasn’t been the case with gmail so I’m very satisfied.
I think the whole Proton drama has been way overexaggerated. And he doesn’t have a majority share in Proton. I think Proton Mail and Drive are great. If you choose Proton or Tutanota, you won’t be able to use external email clients (Proton has support for some if you pay). If you want to be able to use an external email client, I would recommend mailbox.org.
I’ve been migrating to Soverin and like it thus far. I’ve only done email and my calendaring though.
It’s not free but it’s also not overly costly.
Looks neat. Do they use standard IMAP/POP for email? Are they writing their own email/webdav software or just using Nextcloud?
I’m using disroot.org as my email provider, with a custom domain to easily switch if needed, but so far it’s been great It’s free for a little storage and you can buy more, it’s a non profit based in Netherlands
There is also riseup.net as a non profit email provider, servers in the US I think
There is also riseup.net as a non profit email provider, servers in the US I think
You are correct and that was the deciding factor in scratching them off my list.
Whatever your choice, go for one that supports personalized domains – and buy your own.
That way it’ll be less of a hassle if you need to change provider later.Coming up with a decent domain name has been the challenge for me. You can’t really put on to your cv or so something like me@thebestmfofalltime.com. You can but that doesn’t sound very professional.
I also learned the hard way that you should probably pick a
.com(preferred) or.netTLD. Other TLDs may be blocked by smaller companies, especially.xyz. I had my emails go into a blackhole when I tried to email my town’s garbage company from a.xyzemail.You gotta pick something:
- that sounds neutral or professional
- that people can pronounce
- that isn’t a homophone
- that isn’t hard to spell
And probably a domain that doesn’t include your real name.
It can look professional when you aren’t posting a gmail address and the domain isn’t poopypants.net
Pick something neutral that isn’t your name. Try a band name generator. JupiterEvolition.net or IdealMachine.XYZ,.which sound better than herpderp common gutter trash Gmail.com
Having a custom domain means you get things like me@IdealMachine.XYZ and also chosen.one@… And bestcandidate@… Etc. So you can make something for professional stuff, and then chocolate.starfish@IdealMachine.xyz to be funny.
I recently started migrating my email and went with mailbox.org. I opted for it based on it having a good balance of ethical/environmental stances, support for custom email domain (so email doesn’t feel like vendor lock in in the future), and a business model focusing on paid service.
There were a lot of options but ultimately I just wanted something “good enough” rather than spending weeks on comparing. A part of that decision was realizing I didn’t care about getting something with the best possible privacy - email is predominantly an insecure medium and things with E2EE work only if the recipient is in the same ecosystem, which is rare. In practice I’m not going to trust anything sensitive to email regardless, so I might as well prioritize picking something that looks like a decent and stable balance.
Mailbox.org has calendar but I haven’t really played with it much. I’m realistically going to look in to look in to something self hosted since I will require more features than most email providers will offer, so I don’t want to tether the two services. That was a part of the reasoning for Mailbox.org over something with more services - I wanted email, not something trying to be the next ecosystem - that’s what I was trying to get away from!
Chiming in from a USA user. Their webmail and suite run slow in the USA. Once it loads the page initially though, it uses localstorage.
However, back when I used them less than a year ago, they had random periods where the websuite did not load.
Finally, they have a really bad 2fa implementation that is not documented and I had to search Reddit to figure out how to log in.
Mailbox.org is widely recommended.
Can’t recommend them enough. You can have your entire inbox encrypted without them holding the private key, unlike Tuta and Proton; which also allows use of open protocols instead of proprietary apps
As they use imap, caldav and carddav for email, calendar and contacts you can use any app you want e.g. thunderbird.
Edit: They even have a moving service so you can move your existing emails from gmail to them.
This may be helpful: https://www.privacyguides.org/en/email/#recommended-providers
already being an apple user maybe you can buy your own domain and tie it to apple’s mail service. when you want exit just connect the domain to something else.
I use Tuta combined with Addy.io, and it’s been great. I never hand out the main email at Tuta, and if I ever want to pack up and move, I just tell Addy to change where to forward email.
I don’t think you need to worry about Tuta. Iirc, all of the encryption/decryption happens on your device, so they can’t see the content of your inbox, even if they wanted to. Their free tier is enough for me, and I just make sure to clean out any unwanted emails so I don’t hit the 1GB limit.
Now, there’s the caveat that encrypted email needs to be able to work with unencrypted email, so somewhere along the way, it’s possible somebody could figure out who you are and what you’re talking about by intercepting traffic or the endpoint, but if you need that level of privacy, email shouldn’t be trusted anyway.
The biggest benefit of encrypted email is a judge can’t force the company to hand over your inbox (because it’s encrypted), and you don’t have to worry about the parent company or whoever data mining it. But even if it’s in a country that could order data collection, and you “aim to misbehave,” I think it’s moot, since you should know better than to use email for that purpose.
anonaddy and simplelogin seem to replicate what I already do with icloud+ hide my email feature, but they also seem to have the same problem. data flows through them meaning they can all keep copies and sell that data, train AI on it, etc. all it takes is a shitty corporate merger and that security feature becomes a risk. So it looks like I would want to find an email provider that already offers unlimited email aliases since that would reduce the number of people handling the data.
an email provider that already offers unlimited email aliases
Migadu offers unlimited aliases for $20/year. The aliases can be receiving-only or sending-and-receving aliases.
If you’re willing to pay for it, Mailbox.org would be my choice. No provider will give that feature away for free (which I’m sure you know). My threat model can tolerate an extra hand via Addy, so I don’t mind them being there.
But no matter who you choose, email just isn’t the best option for true privacy. There will always be some cleartext email somewhere in the process, even if only sometimes. And as somebody once said, “No company is going to break the law for you.”
If you need an extra level of privacy with email specifically, your best option is to self host. That way you control both the server and the database/storage.
I wont self host email. I just don’t have the skill to properly protect a public-facing server. I’m smart, but only enough to know I’m outgunned there. I’m not running some grand criminal enterprise. It’s more of a concern that I’ve been a bit lax in my online privacy and with the worldwide rise in fascism, I feel I need to resist (or at the very least, inconvenience) those who could do me harm.
Use either Tuta or ProtonMail (I use both) with SimpleLogin aliases 
I. like the idea of simplelogin as it seems to do what I’m already doing with icloud plus but it suffers the same problem. the messages are flowing through a third party before they get to me. why would I trust a third party?
