Pale Moon forum

Tharn wrote:You can't have both convenience and security. Meaningful security measures will usually introduce a stopgap into a workflow. UAC does this, Windows login password does this, Palemoon master password does this. If you're serious about wanting a secure service with encrypted e-mails that the service provider cannot decrypt, then you are going to need a password that is separate from your login credentials. So you suck it up and use two. If this becomes so inconvenient that you won't use their service, then I assume you didn't really need it in the first place.

And I'm talking about the hypothetical you here, not you personally CharmCityCrab. Because a lot of people think along those same lines. People want security but they don't want to invest anything to get it. That's not security, that's willfully and lazily placing your trust in someone else.

I want something that is as secure as possible within the bounds of not inconveniencing me much. Second password? Fine, but at least let me click something to stay persistently logged in on my own computer so I only have to enter the passwords once a week or less. See, doing that, right there, would not be a huge sacrifice to convenience (I don't mind typing in a username and two passwords once a week), but would make it more secure than the average email provider (Assuming the average email provider has one password, no encryption, and persistent log-ins that last several weeks). But if I have to enter my username and both passwords, or even if it were just a username and password, every single time I check my mail, often a half dozen times an hour, they've just crossed the line into something that is too inconvenient to tolerate for me personally (Still waiting and seeing if they implement a "Remember Me" feature before totally bailing on my account, though. It's still in beta. They have persistent log-in for Android, it could be added for the web. But while I wait I am primarily sticking to my old address).

You're right when you say I don't really need their service in the first place. I like security and privacy, but I am not actually doing anything that requires it beyond basic stuff that everyone should be watching out for like avoidance of identity theft and the like. The key lures of Proton Mail for me are:

1) No advertisements (Which is key because Yahoo and another email provider I tried for about 5 minutes stopped playing nice with Android's email app for me and I am stuck using Yahoo Mail's app with ads)

2) Not a big corporation

3) Providing email and not constantly trying to siphon me off into signing up for other things (Which is itself a form of advertising)

4) Open-source

5) Yahoo Mail has been annoying me lately

6) I do feel good about the privacy and security stuff because I think they should be there on principle to some degree and it's my data and not some corporations to use to sell things to me and such. I am also against things like warrantless wiretaps. So, I'd like to see something like this take off on principle. But I am only willing to deal with security measures when they are not horribly inconvenient for me, because generally what I am doing is forwarding news and sports links around or having casual conversations with people and don't really *need* security or privacy beyond basic guards against identity theft.

If some email service just said we offer mail without ads with webmail and apps on all major platforms, without added privacy and security (But just as private and secure as the major providers), that might win my business- if it's a reliable company. But I've looked into all the major platforms, and none are a better fit for me than Yahoo, which I've had for like 17 years. Yet, Yahoo has some issues, increasingly (Not worth stretching out this post any longer to list them ).

So, I'm sort of hoping to use Proton Mail "off-label", using it for reliability and lack of advertisements and constant upselling, instead of primarily using it for it's primary selling point of security and privacy (Though those are nice "extras" for me). I also like that it's open-source. And, hey, it's a cool domain name. But I'm not James Bond, like I said. I don't need security that is going to make things a real hassle for me.

Still, I think there is a middle ground between a lot of email services now, which are very insecure and openly take, use, and sell all your data; versus something so locked down that I have to fill out three fields when I log-in, and then do it again after reading an article or checking a forum elsewhere when I want to see if I got any new emails and then again, and again, and so on.

The question is ultimately is Proton Mail trying to be a *more* private and secure email service (Retaining most conveniences of other providers) or is it trying to be the most private and secure email service possible (Making using it a pain in the ass). If they are doing the former, they could be a good fit for me. If they are doing the latter, it's not for me. Their documentation goes back and forth on that point- but it seems like they are willing to make some concessions to useability over privacy and security at times (For example, they have an Android app. Also, their Android app runs on Google services. Also, you can send email in the clear to non-Proton Mail users, which is what I was doing while testing it- I don't want people to have to click a web link, I want to send it through as regular email even if it means less security.), which is a good sign that it might be something decent that is useable for the average Joe.

Actually, that users, myself included, are allowed to send email in the clear with no encryption by default to non-Proton Mail users and that Proton Mail users who want or desire more security at the expense of useability (In this case useability to recipients) can change the default for their personal account to send emails as web links to encrypted messages, is a good sign. That's a good compromise. Let users make the determination between privacy/security and convenience according to their own needs and desires on each thing. That's what I'm hoping for with a "remember me" log-in feature- let me and users like me use it on our home computers and stuff, and people who need or want more privacy/security than that can not use it and have their account set to never stay logged in. Making it optional would be consistent with their early approach to things- but I can't get a commitment out of them to include a "Remember Me" feature for users who want one, so I'm going to wait and see.

They recently switched from .ch to .com for their main website, which some view as a potential privacy hazard, but they wanted to rank higher on Google search results. If they can make that trade off, adding an optional "Remember Me" feature shouldn't be a problem, I wouldn't think- though indications so far are that they won't (Nothing definitive).

This may be way off topic but you could always roll your own solution.. Grab a cheap VPS from Afterburst and a domain name and set it all up the way you want it.

Dude, just go to openmailbox.org. It's a French service provided by a reasonably privacy-conscious guy and it's free. GMX advertisements were one of the big reasons I ditched that service, along with the fact that as an address ages and you use it for plenty of one-time credentials across the web, you're going to end up on spam lists.

Tharn wrote: GMX advertisements were one of the big reasons I ditched that service, along with the fact that as an address ages and you use it for plenty of one-time credentials across the web, you're going to end up on spam lists.

GMX.com has been clean of adverts/spam for me, compared to GMX.de, which was awful.

Matt A Tobin wrote:This may be way off topic but you could always roll your own solution.. Grab a cheap VPS from Afterburst and a domain name and set it all up the way you want it.

It's tempting, but not a great fit for me because it requires a consistent fee to keep hosting up and running for my email. I expect to have that $10 a month or so, but there have been times in my life where I haven't, and it's not impossible that those times could come again. I'd like to still be able to access my email on an old deactivated phone via wifi in a public library or a gutter or something if it comes down to that. I know that probably sounds a little bit overblown, but there have certainly been times where I've had to check my email on other people's machines or connections in years past (Bad financial and housing situations brought on by bad health, essentially). Seems like a long time ago now, and hopefully not something I'll be going back to, but I'm cautious- kind of like people who lived through the Great Depression and never trusted the banks again. I like to stick to free things where possible and legal, especially where they deliver a similar quality of serice, and have fallbacks and such. Even if everything is fine in a broader sense and I'm still living in my own place with a phone plan and a home Internet plan and whatnot, I don't really make enough that it makes sense to take on unnecessary expenses (i.e. I'm still poor by American standards) that don't qualify as entertainment or something to distract myself from said poverty. Either something I need or something I want- and hosting my own email server is kind of neither fish nor fowl. Also, there may be being my own technical support end of things that I don't have the skills to easily maintain (I actually did buy a website and host a message forum for a while years ago, but it was extremely difficult and time consuming for me, and an inability to keep up with troubleshooting software and server problems adequately was probably 50% of why the venture failed).

It would probably take a lot to move me from the model of a free email account that I don't have to pay for or do the technical work on. I could see a set of circumstances that could push me that way, but it'd take a very specific set of things, because I very highly value having an email service that operates independently of my ability to pay or maintain it- that'll be there even if I go through some very rough times, and that just works without intervention of my part to maintain and fix things frequently.

If you have no budget and still want to get something as free as the sun with no strings, profiling or ads (email services have to sustain themselves somehow as well, you know), you have the option to run your own mail server on something in your own house, even on a dynamic IP. I've done that in the past using a free dynamic IP DNS service, and it's served me fine for years - you just have to have an always-on internet connection for it, and an ISP that allows you to run your own private server on it.

If one were to host their email services on a VPS, what would be involved? Is this very difficult or involved to pull off for a single person?

(The reason I ask this is because, there are many articles on the web which discourage people from setting up their own email server, usually stating that a good amount of system administration being required -- I don't have a problem with spending small amounts of money and allocating time for the occasional server administration, but I don't want to keep myself involved all the time in it.)

It's not too difficult, but some knowledge definitely helps. And if you don't need to change things, it's not too far from "set it and forget it".

As for things not directly on your server, you need public IP address (or at least tcp/25 port forwarded), some domain and MX DNS record for it pointing to your server (in theory, you don't even need that and could live with just A record, but I wouldn't count on it always working nowadays). You should also have matching PTR record for your IP, but that's not strictly necessary for communicating with most other mail servers (but some picky ones might require it).

All the rest is about mail server software (MTA) installed on your server, which ranges from simple bare minimum to complex systems. If you're happy with just sending and receiving mail, you can probably do it with minimally modified (set your domain name, etc) default install of pretty much anything non-outdated. Everything should have sane defaults, like not allowing open relay. The fun stuff begins when you want to add extra things like antispam, DKIM signing, and other nice to have things. A lot depends on the chosen software, e.g. some Windows MTAs have nice GUIs that give even a beginner good chance to do things right. On the other hand, Windows with higher system requirements (compared to some small Linux) is not the first choice for VPS OS.

If you like the idea, experiment. You don't need anything special and can do it even from home with a just for testing (sub)domain at first.

Moonchild wrote:...you have the option to run your own mail server on something in your own house...

I've not done it myself, but one low-cost option would be to run a home mail server on a Raspberry Pi - for example https://samhobbs.co.uk/raspberry-pi-email-server.

Try Zoho.com

I have been using them for sometime. Had no trouble.

You can use personal or business.

Has anyone here experimented with Virtru encryption?
I know it is still incompatible with Pale Moon.
If you have dabbled with it, do you have thoughts or opinions you could share?

@Vultural: You mean https://www.virtru.com ?
This doesn't look secure. Better you use a provider which support PGP encryption. Posteo does it for example.

Edit: I found on this site a lot of email provider: https://www.privacytools.io (scroll down a little)