In March I blogged about my “almost disposable email“. I still have improvements to make when dealing with external sites and services. Overall that model works pretty well.
When thinking about my personal email, my dilemma changes a bit. Unlike most people who use the Internet send and receive email for personal use I have changed my address multiple times over the years. Friends and family of mine have commented about the fact that I change probably too often. In reality it’s only once every 3 or 4 years. That apparently is to much for most people. Of course some the people commenting may still be using AOL addresses from the 90s.
In 2014 I blogged about My sudden allergic reaction to all things Google. In that post I wrote about migrating from Google hosted mail to a hosting provider in Switzerland. The Swiss-based provider I selected offers much greater privacy protection vs a US-based company. For what I was looking for the price difference was nominal. By moving to a Swiss-based provider wasn’t a magic bullet. All my data on my website and email stored on their servers is still not encrypted at rest. In other words I am still exposed just less likely to get snooped on by a government. Even that statement has caveat. Let’s say I am better off than before. I still have much to do.
With my mail being hosted in Switzerland I have relatively good level of privacy protection. That means if someone wants to get a hold of my mail they would need some sort of court order. The fact that there is a request should be disclosed to me. That is unlike US hosting providers that would not need to inform me if they were asked to spy on me. To go a step further and make it impossible for anyone to get my email on the mail server I would need to encrypted my email at rest with the hosting provider having no knowledge of the encryption keys. The reality is this is important however not my threat model. I’m more concerned about personal details being intercepted via an unsecured network.
To address both of these problems I have been investigating two different secure email providers. Protonmail & Tutanota. Both in theory provide the same service. They allow you to encrypt email and send it. They also encrypt email at rest on their systems and have no knowledge of how to decrypt. Email sent between two people on let’s say proton mail has the email encrypted completely. If however I am on protonmail and I send an email to someone not using that system messages secure however there is a caveat. What really happens is an email is sent to the recipient telling them that there is a secured message waiting for them and it provides a link to that message. I can send along a password hint if I want as well. The recipient can then click on the link and read and respond to the email. It secure however not super user-friendly to what most people are use to. I experienced similar systems when I briefly worked at a health benefits organization that had to comply with HIPPA rules in the US.
My threat model concerns sending and receiving of secured information via email. I do realize that the use case is not required for most emails i send. In most cases what I’m sending can go “in the clear”. Having the ability to encrypt as needed is the big value to me.
Having stored mail encrypted at rest with the provider having no knowledge of the decrypt keys also makes me feel more comfortable when I am not hosting the data. ProtonMail & Tutanota both offer this fundamental security feature. The challenge with both providers that neither currently have a way to import or export email. I am a person who has most if not all of my mail going back to 1996. For years I was proud to have that stash of mail. I also have gone back to really old messages for information. In today’s world however having that much personal data sitting on a typical mail server is too big of a potential risk and a major liability.
I no longer keep that archive of mail on a live mail server. Instead it is encrypted on a personal computer in a database. At least I still have it. To use ProtonMail or Tutanota would mean I would no longer have correspondence that goes into the system. That limitation is given me a little bit of pause. Since I started playing around with the system late last year proton mail has announced they will be launching a secured IMAP option. I am assuming that will enable me to offload mail from their system. That would make their solution much more viable for me.
As I continue to play around with both systems I have been favoring ProtonMail over Tutanota. I’ve not yet jumped into using one for my personal mail however I am leaning towards protonmail. One of the hesitations I have is that protonmail is not cheap. It costs about half of a full hosting package I have per year. Tutanota is as cheap as one dollar a month per user. Protonmail is around five dollars per month for what I initially need it for. Protonmail also does not allow me to move my entire family using a specific email domain onto an account unless I use a much more expensive account than the five dollars per month plan. Tutanota will let me set up multiple family mailboxes for one dollar per mailbox per month. That makes Tutanota an option if I wanted to continue using the same email domain I currently use for my personal email.
The solution to this issue is for me to switch domain names i use. I have a few other ones I own i can start to use however that brings me back to how I started off this post. I don’t want to change my address, however it is a price i am willing to pay if other factors are positive.
I could make my life easy and just use Tutanota and move my family over to it also. The challenge is I like protonmail much better. The UI is nicer on both the web and iOS app. The iOS app loads faster. It has a few more nifty features versus Tutanota such as tagging. Overall I just get a better feeling about it.
Knowing myself what I likely will end up doing is change my personal email so I can use a different domain name that I have that isn’t being used for anything else and point that the proton mail. I would then leave my existing mail domain where it is and allow my other family members to continue using it.
For now I’m still waffling a bit on what to do. If your friend or family member of mine and you are reading this, you know why in a few months you might get a notice that I changed my mail address yet again. Of course if you read this far kudos to you.