Accounts with third-party service providers were used “for exfiltration or infrastructure,” according to a post by law enforcement on LockBit’s seized darkweb domain.
Everyone should ask themselves what is their actual threat model. That will tell you whether not this news truly affects you. Any criminal worth their salt probably wouldn’t roll with Proton or Tuta if they practice good OpSec
What’s wrong with both Tuta and Proton? I’m by no means involved in any crime or anything, but I degooglefied and moved to Tuta for mail. Was considering self hosting, but I’ve been procrastinating it.
As you can see from this piece of news, an encrypted email service does nothing for your privacy. But at the same time it limits you and makes you a captive user. Which is ironic considering that’s probably why you left Google.
You don’t have to self host. Just use a regular email service, perhaps hosted in a country with decent privacy laws if you want, but download your email on your PC instead of keeping it online on theirs. This way you get to backup your email too.
The most simple way to do this is to pull your email with a POP connection but set it to only delete messages after a few days not instantly (this way you can still access them over IMAP for a while from mobile or webmail).
Another approach is to pull your incoming email to your server, set up your own private IMAP server and webmail, but use the service’s SMTP. This is a form of email self-hosting that gives you the best parts of privacy and control but you don’t have to deal with the risk of having your SMTP blocked for spam.
I mean, I left Google because I hated them tracking me 24/7, and trying to sell me stuff based on my profile, though privacy is indeed a concern. Any option you may recommend i could use while k move to a privet email server? I wanted to get out of Tuta anyway since their platform feels stiff.
Party of the snowden leaks were that the five eyes capture and record everything.
Everything.
Your pop solution with deletion only deletes your copy; not the one the NSA has. Maybe that’s not part of your threat model, which is fine, but it’s part of mine
Then you need to stop using email altogether. Encrypting only one server like Tuta or Proton does nothing if you correspond with people who are not on it.
Everyone should ask themselves what is their actual threat model. That will tell you whether not this news truly affects you. Any criminal worth their salt probably wouldn’t roll with Proton or Tuta if they practice good OpSec
What’s wrong with both Tuta and Proton? I’m by no means involved in any crime or anything, but I degooglefied and moved to Tuta for mail. Was considering self hosting, but I’ve been procrastinating it.
As you can see from this piece of news, an encrypted email service does nothing for your privacy. But at the same time it limits you and makes you a captive user. Which is ironic considering that’s probably why you left Google.
You don’t have to self host. Just use a regular email service, perhaps hosted in a country with decent privacy laws if you want, but download your email on your PC instead of keeping it online on theirs. This way you get to backup your email too.
The most simple way to do this is to pull your email with a POP connection but set it to only delete messages after a few days not instantly (this way you can still access them over IMAP for a while from mobile or webmail).
Another approach is to pull your incoming email to your server, set up your own private IMAP server and webmail, but use the service’s SMTP. This is a form of email self-hosting that gives you the best parts of privacy and control but you don’t have to deal with the risk of having your SMTP blocked for spam.
I mean, I left Google because I hated them tracking me 24/7, and trying to sell me stuff based on my profile, though privacy is indeed a concern. Any option you may recommend i could use while k move to a privet email server? I wanted to get out of Tuta anyway since their platform feels stiff.
Party of the snowden leaks were that the five eyes capture and record everything.
Everything.
Your pop solution with deletion only deletes your copy; not the one the NSA has. Maybe that’s not part of your threat model, which is fine, but it’s part of mine
Then you need to stop using email altogether. Encrypting only one server like Tuta or Proton does nothing if you correspond with people who are not on it.
100% agree
Which is why I am not the one advocating personal hosting and POP + deletion as a privacy solution
I’ve been trying to explain this to people for years, but there’s so much blind love for Proton here that my comments are usually drowned out.