The POP3 support in @k9mail is bad 😢 I'm putting on some band-aids now. But I'm pretty sure we'll remove support for it in the future.

If you're using a POP3 account with K-9 Mail, now is a good time to switch to IMAP or to start looking for a different email app.

@cketti @k9mail
Hopefully @purism 's fork decides to actually fix it instead of dropping support, given how awful IMAP is for privacy.

@neneko @cketti Imap is no worse than pop3 privacy wise... you need to trust the server anyhow. Even with pop3 the server admins can happily copy your email or simply hide the message when your client requests the deletion.

@reto @cketti With POP3, you only need to trust that the server admins aren't outright malicious. With IMAP, if the server gets hacked, or the drives are subpoena'd, all your emails are right there in plaintext.

@neneko @reto You could have your mail server encrypt all incoming emails for you. Even some commercial email providers support this option.

@cketti @neneko sure, but you'd *still* be trusting the provider... unless you use an end to end encrypted scheme (say pgp) you always need to trust the admins of the mail server.
The point is that the protocol you use to access the email doesn't really matter
Follow

@reto @cketti
I never said that you didn't have to trust the provider. My point is that with IMAP requires a lot more trust, which is worse for privacy.

@neneko @cketti Not necessarily... you can encrypt the files on the imap server just fine. It depends how the encryption is setup though. Some encryption methods just protect against an intruder who doesn't have access to the user DB, others use an encryption key which is encrypted with the users account password. Against a subpoena you'd be out of luck anyhow... that level of access usually means game over

@reto
@cketti
I'm not sure what a subpoena against the provider would do if your emails are only kept on the client. They'd only get like 5 or 10 minutes worth of emails, depending on how frequently your client retrieves them.

@neneko @reto
If we assume point in time snapshots they won't get access to any message contents if emails are properly encrypted[1] on arrival, i.e. the client's poll interval is irrelevant.

[1]: granted, with current solutions the metadata is still available on the server; but that's mainly an ecosystem problem, not a technical necessity

@cketti @neneko @reto I use POP3 with no issues. What's the matter in leaving it as it is now?

@marco @cketti @reto It doesn't actually delete the emails from the server after retrieving them. So it behaves more like IMAP but with none of the benefits.

@neneko @cketti @reto That's not the answer to the question. There are (free) mail provides who do not offer IMAP for free. And most mail users are free mail users, I assume. I like that behavior and finally fetch mails from the desktop.

@marco The app is changing constantly. There's no such thing as leaving POP3 support as it is now and only changing the rest of the app.

@neneko @cketti >I'm not sure what a subpoena against the provider would do if your emails are only kept on the client

Assuming the provider has no way of restoring past email nothing for past emails. However from the point of the subpoena they can force the provider to carbon copy the email to them. So any future email you receive will be in the clear.
Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!