On Saturday 28 April 2018 23:33:39 deloptes wrote:
> William Morder wrote:
> > So far it's the best option for private, secure email. You'll have to do
> > some reading about it (and compare with other email services) to know
> > why. Either you want end-to-end encryption, and other privacy/security
> > features, or you don't (yet) care that much.
> >
> > My only other option seems to be to roll my own (that is, host my own
> > email server on my own machine). I know of several people who do that
> > (such as Richard Stallman, if I recall), but it's a pain in the behind,
> > and a lot of work just to host your own email accounts with your own
> > domain, etc.
> >
> > I will try to make some enquiries about what is involved, if anybody else
> > really wants to know. So far, I've just been doing a lot of reading, and
> > it seems a little too much trouble. In lieu of that kind of hassle, then,
> > there is ProtonMail.
>
> You are welcome to use the hosting service of a friend or so. If you don't
> have such, we have one here, just let me know. I pay for 5 domains 140/y.

Thanks, but no money to spend at present. 

> What I do not understand in the whole picture is how you get "encryption
> end to end" - it means the other end must also be encrypted. So what is the
> difference between this ProtonMail and using normal GnuPG.
>

I think the problem here (and in another email you answer to somebody else, 
dep, I think) is the conflation of two ideas: 1. end-to-end encryption (which 
you're right, Kmail offers, but you have to do some work yourself, whereas 
Proton is encrypted by default); and 2. a secure email service where all 
emails are encrypted, and content or contact information cannot be read even 
by the admins. And it is much better to download emails to my own computer, 
rather than to leave them on the server where they could be read by who 
knows? 

Gmail, for example, can be used with Kmail, and properly encrypted; but if any 
emails are left on the server, all data is gathered and reused by Google, as 
I have discovered myself due to some targeted ads - which were obviously 
related to recent emails that I had received. 

Our querent here, dep, as a journalist, would like to keep his sources and 
contacts confidential. And while I am not a journalist as such, I am engaged 
in research and writing (mostly history, anthropology, etc.), which, in the 
wrong hands, might be twisted and misused to make my work appear to be 
something it is not. 

Lavabit used to offer a similar service, and got shut down. ProtonMail, 
because they are located in Switzerland, promise (or hope) not to succumb to 
pressure to snoop on users, or to create backdoors, etc. 

I have no clue if they are as good as they promise, but my mode of operation 
is first to do a little research, then usually to try them out, and find out 
by experience. Until I get a 32-bit bridge package and a free account, 
ProtonMail is out for me, but I'll be watching what others have to say. 

Someday, we can only hope, secure, private emails will be the norm, rather 
than the exceptions. 

Bill