Oh those "expiring e-mails" in GMail even require Google login to view as webpage? Wow, fuck that shit. That's too obvious

@Gargron I was told protonmail has been doing this since forever.. idk .. if maintaining an E-Mail, Calendar and whatnot server with proper spam-filtering was that easy, I would switch in a blink of an eye, but GMail for Business just works so damn reliably and the whole suite is so good :(

@walialu I'm on Fastmail it's really good. Better than GMail imo

@Gargron @walialu Love fastmail. It's one of those things that just work (plus no tracking)

@Gargron @walialu was considering switching to Fastmail recently but havent quite made the jump.

It feels like google had an opportunity here to push better webmail encryption standards and ease-of-use for something like PGP, and instead fell right on their face and did email encryption how Microsoft does. I'd like to see a blog post on their reasoning in this case, if one's been posted.

Now, both Micro$oft and G👀gle use cases for this type of email protection do work in corporate and business environments, but is very much in their own interested when it comes to home users.

@crazypedia @Gargron They have an "end-to-end team," or at least they did. The dates on these commits should tell you how...committed...Google is to end-to-end encryption in Gmail. (Spoiler alert: they're not.)

@Gargron I can understand Google sending links in their eMails like ProtonMail does, but requiring a login? No way.

Afterall eMail does require extension, not for self-destructing eMails (that security is akin to DRM and can't properly make it's way into standards) but for real security. But then again, the links should be a fallback implementation and not the main one.

@Gargron Do you have a source for this? I'm not sure if it is verified.

@Gargron We've been using protonmail for a while, mainly because they made, in our opinion, a sensible choice to allow IMAP on the understanding that this desecures end-to-end, but allows business decisions on level of risk, rather than enforcing their client usage.

Tutanota haven't caught up here yet.

For password and certificate exchange type of thing, we drop out to Signal, which we install for each server/user, so each server/user has their own phone number.

It's setup-intensive, in our current form difficult to scale, but for personal and smaller SMB usage quite workable.

There are obvious compliance issues with archiving, still working on this.

@Gargron Google-centric app suites are fine if your productivity decisions are ok with being the product, ie having your data harvested, AND you're prepared to pay real money for the privilege as well.

Sign in to participate in the conversation

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!