What is Reddit's opinion of
Posteo?
From 3.5 billion Reddit comments
100 reviews of this app found across Reddit:
You shouldn't pay anymore as you can't contact the owner.
It has a flaw tho
> If it can runs as admin, it willl encrypt mbr, but not the files on disk.
So a simple FIXMBR should get you back in.
Use an email provider that actually cares about your privacy and is not based in the USA. Even if you have to pay for it. I personally use Posteo which is based in Germany, it costs 1€ ($1.11) per month. Dirt cheap considering what you get for it - fully encrypted mail, calendar, address book. No ads. You don't have to give them any personal info about you. And you can literally pay them by sending cash by mail. Doesn't get much more anonymous than that. But PayPal works too. ;)
Also, use end-to-end encryption. PGP is a good start. It works like this: you generate a pair of keys, a private and a public key. The public key is then uploaded to several key databases. Other people can encrypt emails they send to you with your public key, which they can get from a database server, and only your private key can decrypt the text. And you can use other people's public keys to send them encrypted mails. It's basically impervious to any man-in-the-middle attacks because your email will just contain a mess of random letters and numbers that would take ages to decrypt without the key.
Look up how to set up Thunderbird with Enigmail, it makes the whole thing very simple.
Also, don't use Windows if possible. Ubuntu is easier to use than Windows (seriously) and doesn't send your data to the NSA. A six y/o kid could install it. If you need certain software that only works on Windows (that includes games), dual booting is easy enough. Don't do online banking and other sensitive stuff on Windows, ever. Hell, even an Android phone is safer for that. If you absolutely don't want to use Linux then get a Mac, it's expensive but it's still safe (as far as I know). Of course then you have to deal with the walled garden of Apple, while you would have a lot more freedom on Linux, but at least Apple still care a bit about their customers' privacy.
I think ProtonMail is the obvious answer and I don't see anything to worry much about wrt their logging policy. They say in your link that your IP address will only ever be retained if you're involved in attacking their infrastructure. Obviously you have to trust them on that, but you do with any webmail provider.
That said, you might find Posteo interesting. They have very respectable policies around data security and privacy.
I have tested Autocrypt on both K-9 Mail and Enigmail, and the implementations work, but still need polishing around the edges.
Regarding providers, at least Posteo has implemented Autocrypt. I hope Protonmail and Tutanota will follow.
Last time I asked on /r/ProtonMail, they didn't have concrete plans. Perhaps time to put it on the roadmap, /u/protonmail? :)
> VDS ist ja verpflichtend ab einer bestimmten Nutzeranzahl.
>>Posteo ist von der Vorratsdatenspeicherung nicht betroffen. E-Mail-Anbieter wie Posteo (Dienste der elektronischen Post) sind von der Pflicht zur Vorratsdatenspeicherung explizit ausgenommen.
Cloud weiß ich nicht, aber ich bin mit Posteo als Mailanbieter super zufrieden.
Mail, Adressbuch, Kalender usw.. Nie down, technisch prima, alles verschlüsselt, transparent, 1€/Monat, die anonym zu bezahlen sind.
I use Posteo; no problems, nice features and they really value your privacy. I especially like that they release transparency reports with information regarding user data requests by authorities.
https://posteo.de wird oft wohlmeinend erwähnt. Besser wär's natürlich, eine eigenen Root/VPS-Server mit eigener Domain zu haben, da kann man selbst entscheiden, wie paranoid man das System aufsetzt. Ist ab so ungefähr fünf Euro im Monat realisierbar, erfordert aber auch einiges an Kenntnis und Fertigkeiten.
Huch, ist heute wohl zu spät für mich. Sorry, hab es schlicht zu schnell überflogen. Nichts für ungut.
Hier ist ein FAQ wo auch die Frage nach einem Umzugsservice erklärt wird.
The GDPR is not applicable if the German police requests the ip logging due to a very very high likelihood of serious crimes.
BTW posteo has a full transparency policy and they publicly release the requests from the German government and also from foreign governments.
https://posteo.de/en/site/transparency_report
They even officially requested a law that forces all providers to do the same because transparency is a universal right.
Here is the official document including the answer of the German gov (which, due to its nature, is in German)
I use https://posteo.de/en (germany based) You pay 1€ per month. It offers a calendar (CalDav), contacts, notes, full encryption and encryption of incoming mails with your private key (if desired). They also support privacy-actions and make good pr against surveillance.
They don't store data they don't need and offer anonymous payment methodes.
Don't just push ProtonMail, read post first. Proton doesn't have imap on mobile and requires bridge on desktop. Also parts of ProtonMail isn't encrypted at all so unless you use PGP they have your sending address and email of person you are sending. Also ProtonMail doesn't fully encrypt contacts like Posteo does. u/024b9e3bf07bda971d34 For using Posteo E2E encryption you have to use PGP https://posteo.de/en/help?tag=end-to-end you can use it with your desktop app or in their webapp (with plugins). Read more there. I also really like Tutanota because its so simple and communication with other Tutanota users is encrypted or you can send emails to lets say gmail user and they will get a link to open with password you have agreed and they will get temporary email account without registration. That's great feature! Since Tutanota is free with basic features you can use both! So maybe use Posteo for "imporant" stuff and Tutanota for leisure :) or since nota is also 1e why not support both services! Thats one starbucks a month! ps. I was thinking of aliases also. But in the end I use two main and one for signups just use variation for every new site so if you start getting unwanted emails just block that email address.
Rather look for this: https://thatoneprivacysite.net/email-comparison-chart/
The best one in the comparison chart is Posteo. Check also this review by hacker10 on Posteo.
Ich bin vor kurzem zu Posteo gewechselt. Die...
- betreiben ihre nur in Deutschland befindlichen Server mit Ökostrom
- schalten keine Werbung
- basieren auf Open Source-Software
- nutzen nur Ethik-Banken für ihre Finanzen
- legen Wert auf Datenschutz
- bringen jährlich einen Transparenzbericht über behördliche Anfragen heraus
- folgem deutschem Recht
- haben beim Vergleich der Stiftung Warentest zusammen mit mailbox.org als Testsieger abgeschlossen
Da ist es mir auch den 1€ Gebühr pro Monat wert (Den man übrigens auch anonym mit der Post zu den Betreibern ins Büro schicken kann).
I have a while ago moved to a paid, ad-free, no-bullshit email provider that is very pro data-protection. I'm in the process of migrating all my email there. In the meantime I'm still using gmail for some stuff. Can really recommend it:
1€/month for email where you are the customer, not the product.
I'd say Posteo. They have many years of experience delivering secure e-mail service, and they have a good business model, so I'm not afraid they will fold. They focus not only on encryption, but also on good work conditions and wages for their employees, Free and open source software, green energy, etc.
And: you can use it with any email client you like! On Android/Lineage try K-9 Mail
Posteo offers a paid (11 euro's yearly) email and calendar solution with an emphasis on privacy.
edit: I should add that while its not difficult to have their web/calendar service on your mobile, it does require the installation of a few separate applications.
Posteo have blocked the mailbox used to receive payment information (blog post is in German) - https://posteo.de/blog/info-zur-ransomware-petrwrappetya-betroffenes-postfach-bereits-seit-mittag-gesperrt
>Das Gericht hat geurteilt dass Diensteanbieter IP-Adressen protokollieren und rausgeben müssen
Aber eben nicht die aller Benutzer, sondern nur diejenigen die von einer Maßnahme betroffen sind und erst ab Mitteilung der Strafverfolgungsbehörden.
Siehe Posteo-Mitteilung:
>Und, um es ganz klar zu sagen: Wir werden nicht damit beginnen, die IP-Adressen unserer unbescholtenen Kundinnen und Kunden zu loggen.
Ein konservativer System-Umbau ist für uns keine Option.
Es geht darum, bei richterlich angeordneten Telekommunikations-Überwachungen eine IP-Adresse zu einem betroffenen Postfach erheben zu können.
https://posteo.de/blog/erster-kommentar-zur-entscheidung-des-bundesverfassungsgerichts
Nice. However, as I subscribed to Posteo last month, I'd love to set straight a few facts:
- payment: you can pay for it anonymously (cash by mail)
- they also give back to privacy causes as well
- encryption (at rest): you can optionally encrypt your whole mailbox, calendars and contacts; even PGP-encrypt all inbound emails using your public key
- number of addresses: actually 3 total (1 main and 2 aliases) for free, more aliases paid (I think 0.1 EUR/month)
- refunds: you can terminate your account after 14 days and the price will be refunded (or donated, as you wish)
Also, just out of curiosity. What makes Lavabit "enemy of the internet"?
Very nice comparison though. Would love to see that before. Not that I'm not satisfied with my choice.
ui, toll, einer der größten deutschen Mailanbieter springt 5 Jahre später auf einen Zug auf.
Möchten Sie zu Ihrem zweiten Faktor noch einen kostenpflichtigen Premiumaccount?
Ohne Werbung machen zu wollen, aber die Konkurrenz hat das schon lange. Und wenn man selbst hostet, gibt es mittlerweile mehr als genug Anleitungen dazu.
2FA bei einer Firma mit so vielen Ressourcen als Neuigkeit zu beziffern ist schon bezeichnend für das IT-Sommerloch…
Nothing keeps you from encrypting your mails, Posteo even offers many cool things (they'll host your public GPG key for example).
>And if I'm using PGP (for sensitive emails), then it doesn't really matter what provider I use.
In regards to the content of your mails it doesn't matter, yes.
But a privacy aware host is still the better choice because it won't track your browsing behaviour and share it with third parties for example.
And good providers will offer much more security features than regular ones.
In Posteo's example it's this: https://posteo.de/en/site/privacy
Also: I doubt that all your E-Mails in your in- and outbox are GPG encrypted, so that leaves your provider with content data to analyse.
You can take a look into privacy conscious Email providers (the layout is off but the official site misses all the data so here's the cached version). I'm with Posteo and I really like it, they collect as little data as possible and use pretty much every possibility to improve your privacy and security. They also stay in touch with their users (I messaged them twice and got very thorough, non-bullshit replies) which I imagine is similar to how Lavabit was.
Just as a general fyi from a privacy conscious/interested person for you and everyone who's interested, I could go on about this stuff, haha :)
I use posteo.de for my calendar (and mail). You can easily encrypt the entire calendar if you want. Highly recommended. https://posteo.de/en/site/features#featurescalendar
Yes when you enable full encryption (email, contacts, calendar) everyting works as usual viaIMAP, carddav caldav. They have developed encrypted system and audited it and opensourced it. Read more here https://posteo.de/en/site/encryption#cryptomailstorage i trust them as a company and they help develop privacy extensions for Thunderbird.
Hi, so, Posteo has anonymous untraceable payments, IP stripping, paying via bank deposit or even CASH (send it to their office). So they don't know WHO you are and they don't have any data on you so turn to goverment: >Sign up without entering personal details With Posteo, you sign up without having to enter any personal information. We abstain in general from saving personal information. This prevents the pile-up of data and constitutes acting in line with the principles of data economy. We give you back sovereignty over your personal information and increase your right to informational self-determination. Under German law (TKG §111) email service providers do not have to collect user information if it is not necessary (e.g. for billing purposes). Posteo makes use of this regulation.*
https://posteo.de/en/site/privacy
>With Posteo, you pay anonymously, regardless of whether this is by bank deposit, PayPal or in cash. We do not connect the information that we receive with payments to the email accounts and have anonymised all payment processes. With bank deposit, users enter a payment code in the reference field. At the moment of the deposit, the code allows the money to be automatically allocated, and is then deleted completely, so that there is no clue as to which account a payment was intended for. With cash payment we proceed in the same fashion. For PayPal payments we add credit at the moment of payment, but again do not connect the data with the email account.
Hoffentlich beeilen die sich. Posteo hat ein Sicherheitsaudit mitfinanziert, dass der Add-on-Architektur gravierende Sicherheitsmängel nachweist.
>Fortan sollten sich alle Nutzer bewusst sein, dass Thunderbird-Extensions so mächtig sind wie ausführbare Dateien, was bedeutet, dass sie mit angemessener Vorsicht und Sorgsamkeit zu behandeln sind.
>Updaten Sie Thunderbird auf die neuesten Versionen, sobald diese zur Verfügung stehen.
>Nutzen Sie Thunderbird möglichst ohne oder nur mit aktuell geprüften Add-ons/Plugins, bis die Add-on-Architektur von Thunderbird verbessert wurde.
>Nutzen Sie bis auf Weiteres keine RSS-Feeds in Thunderbird.
>Achten Sie darauf, nicht versehentlich Add-ons durch Phishing zu installieren, über die Sie angegriffen werden könnten.
Better question for /r/privacy in my opinion.
I have been using Posteo for a few days. I like the website and interface, it's clean. TLS-sending guarantee is pretty nice. They also have mail storage, address book, and calendar encryption. Though if you forget your password with that encryption on, you'll lose all that information, as Posteo does not have your encryption password. They'll be able to reset your password, but you lose all the other data. Also: For security reasons, crypto mail storage can not be deactivated by Posteo. They also support OpenPGP.
Downside: I found out that 2FA is useless for them... I turned on 2FA, it works when logging on to the website. But when using CalDAV, CardDAV, IMAP/SMTP, you only need to use your password and you'll be able to pull all of your data. I sent them an e-mail asking about this on Friday, still waiting for a response.
Hijacking your comment to elaborate this. I also use Posteo and am really happy with it. It is 1 Eur per month is a reasonable price. If you like to know more about them you can check their website, but what is really nice about it, is the fact that they are open about everything. They publish a yearly transparency report where they publish everything they are allowed to publish. Furthermore, their support is really good. Wright a signed mail with a pgp key attached or a published key to their support and they send you an encrypted mail back. I never had to wait more than one workday for their reply.
Yeh.. Also english version https://posteo.de/en/blog/info-on-the-petrwrappetya-ransomware-email-account-in-question-already-blocked-since-midday
Think this should be put in the OP so people are aware before maybe paying the ransom.
Since it seems the email address has been terminated by the provider https://posteo.de/blog/info-zur-ransomware-petrwrappetya-betroffenes-postfach-bereits-seit-mittag-gesperrt not sure paying up is even worth it now?
Posteo. Email provider with focus on privacy. They don't collect any data, so they can't give any personal data to authorities.
They also have a feature that lets you send them a public key, with which they encrypt every message as soon as it arrives. Pretty neat.
Enabling 2FA only matters for web-login. Everything else uses IMAP so you can use android and ios regularly. I would wish Posteo had app specific passwords after enabling 2FA and maybe they dont because they don’t actually have your password or genereting app passwords would be security risk. If you need extreme security you can disable all devices and only use web-login with 2FA.
https://posteo.de/en/help/what-is-two-factor-authentication-and-how-do-i-set-it-up
I have searched for this. So: yes you are correct that it uses only your password for IMAP/caldav/cardav. This is probably made for ease of use. If you are not comfortable with this you can enable “additional email protection” (https://posteo.de/en/help/activating-additional-email-account-protection) this will unfortunately disable IMAP and cardav access and you could only login via website and 2FA. Email protection in elusive beast. Due to protocols there are always thins that dont suit you. I have chosen to use ad-free company with email encryption that uses encryption in transit and at rest that doesn’t scan emails and with optional end-to-end encryption. Posteo is a great company with users in mind. You can always go with the options you think are suitable to your needs.
> Würde die trotzdem nicht nutzen
Ich nehme an der Hacker hat sehr bewusst Posteo gewählt - selbst die Zahlungen scheinen anonym zu sein (sogar bei Überweisung und co.). Nur mit einer Sperrung scheint er nicht gerechnet zu haben.
>>>Solche Dienste kann man generell nie in dem Land benutzen, in dem sie sich befinden.
Würde ich auch widersprechen. Datenschutz ist im Ausland meist deutlich schlechter und Behörden wie Geheimdienste arbeiten international eng zusammen.
If you're willing to pay a euro a month, posteo.net has very good service that is "sustainable, secure and ad-fre". It supports all the same features gmail does and is not US based. It also includes inbound, mail storage, and account (calendar, contacts, etc) encryption. I've been with them for 18mos now, and I've been very happy.
https://posteo.de/en/site/features Again, not totally free, but close enough it's negligible.
Ich nutz zusammen mit meiner Familie schon seit Jahren https://www.strato.de/mail/ und bin recht zufrieden. Für ein einzelnes Postfach gibt es vielleicht günstigere Angebote, aber selbst in dem Fall wäre mir die eigene Domain den Aufpreis wert.
https://posteo.de/ sieht aber auch fair und vertrauenswürdig aus.
They state in their FAQ that they don't offer support for custom domains beyond generally what's available here. But explain their reasoning for not providing this option is done in order to preserve user privacy. They highlight this specific portion of their answer:
> Even if only the MX record pointed to us, we would still need to store the assignment of the domain in your Posteo account as user information. Thus we would possess your user information and be required to give it out.
Another good email service is posteo. It's a german company, you can encrypt your emails and use two-factor authentication if you want, they are always up-to date and they use green electricity. I would definitely put them on the list.
If you're serious, I'd recommend https://posteo.de/en
They're huge on transparency, don't store any connection between payment data and user mailbox and encrypt user mailboxes. Also they publish a transparency report every year.
Aus meiner Sicht ist das einzige erfolgreiche deutsche Startup Posteo. Ein Email Anbieter. Unter https://posteo.de/de erreichbar. Ich sehe hier auch keine große Zukunft da die meisten schon Facebooksüchtig sind.
Posteo should be mentioned. Their the most ethical email provider ive encountered, and their working to adopt the FSF standard of licensing their javascript on their webmail interface as GPL. https://posteo.de/en
>Should I care only about software that I install locally on my computers?
The FSF doesn't believes so. Read the Javascript Trap and decide for yourself.
Ich sehe, wir sind uns eigentlich einig :)
Im Zweifelsfall kann man ja den Spaß mit der Ende-zu-Ende-Verschlüsselung auch über Posteo machen: https://posteo.de/hilfe/wie-richte-ich-posteo-in-einem-mailprogramm-ein-pop3-imap-und-smtp Doppelt hält besser und so...
Na dann weg von Web.de und ab zu was besserem.
Ich bin seit ca. einer Woche bei Posteo und auch wenn es 1€ pro Monat kostet lohnt sich das für mich.
keine Werbung oder generve
HTTPS (eigentlich sogar HTST), Verschlüsselung der Festplatten
Datensparsamkeit inklusive Möglichkeit das alles anonym zu nutzen
2 Aliasadressen benutzbar als Spammail etc.
Vorallem witzig, weil DE-Mail nicht sicher ist. Die einzige Sicherheit bietet wirkliche Verschlüsslung (PGP oder MIME).
>Your Posteo account credit is always added anonymously – regardless of whether you pay by bank transfer, PayPal, credit card or in cash. The data that we receive with payments is not connected to the email accounts.
So the only traceable thing is that you paid for an account at some point. Not for which one in particular. If your threat model allows this minor info then you can choose any payment method you want.
It's nice. But I still want to see an Attachments Overview. Posteo is now offering it. https://posteo.de/en/blog/new-at-posteo-attachment-browser-with-photo-stream It would be nice to have a stream of all your files or images in one place. With this sidebar now, you can only view files in the current conversation.
Currently I’m using Posteo. There you can encrypt your complete mailbox , calendar and contacts: https://posteo.de/en/help/how-do-i-activate-posteo-crypto-mail-storage 2FA is also possible. Problem is only, when you want to use clients like thunderbird, then the 2FA is only for their website and in the clients username and password are enough. So I’m using a login name, which I don’t use somewhere else and a very long password. You can also force 2FA always, but then you can access only over their website.
Tutanota.de would be also an option, but still they don’t offer an import of your old Mails. The feature was requested several years ago, but still not realized. And that’s the reason, why I don’t use them. When that is not a problem, tutanota is a good suggestion. There everything is encrypted and you have clients for the most systems.
But Posteo has a significant advantage to mailbox: encryption of the mailbox, calendar and contacts, so that also Posteo cannot read your stuff. Details u can find here: https://posteo.de/en/help/how-do-i-activate-posteo-crypto-mail-storage
I use Posteo already for almost 10 years and I got never disappointed. You can add and remove aliases, storage, etc. I personally trust Posteo more than mailbox, especially because of the possible encryption. But mailbox has also advantages, so you must decide ;-)
I found links in your comment that were not hyperlinked:
I did the honors for you.
^delete ^| ^information ^| ^<3
LOL
Protonmail is currently still pretty much a blackbox including all of their apps.
I will trust Tuta with their opensource philosophy much more and german privacy laws are already much better than in most other countries. Switzerland might be good or MAYBE better.
Guys like posteo fought against state surveillance/cooperation: https://posteo.de/Pressemitteilung_Transparenzbericht.pdf
Do you have a fixed IP-Adress and can Edit your DNS-TXT-Records? If yes you could set up the DKIM/DMARC-Records. Then your Server should be trusted.
If not you could try posteo.de. 1€ per Month.
E-mail provider + custom domain: No privacy. Why? I like how Posteo answered this question:
>No. We are an email provider with a particular, privacy-oriented model – and this is not compatible with incorporating own domains. One of our emphases is data economy: we do not collect any user information (names, addresses, etc) of our customers. We always answer requests from authorities for user information in the negative. On the other hand, own domains need to be registered to the name and address of a person. If you were able to use own domains with us, this would affect the entire concept of Posteo: we would need to start saving user information for all customers who use their own domains with us – and to provide these to the Federal Network Agency to be provided on request to the authorities.
>Even if only the MX record pointed to us, we would still need to store the assignment of the domain in your Posteo account as user information. Thus we would possess your user information and be required to give it out. For this reason, we have decided not to offer this possibility and instead to use data economy. We certainly understand that having your own domain is very important in the commercial industries, but from our privacy-oriented perspective, the disadvantages prevail. [...]
Not only that, more data will only point to you as you have registered your own domain from another provider.
I am an happy customer of Posteo, which is a German email provider. Today I run into this other German provider that seems to offer very very interesting privacy features at a reasonable price: mailbox.org . The feature-set is pretty similar to Posteo.de.
I just wanted to post this link so that more people can get to know that such email providers exist, as I almost never see recommendations for posteo or mailbox, while I see lots of recommendations for the likes of ProtonMail, which is more expensive, or Fast Mail, which is less secure.
Feel free to post additional recommendations!
Stay private.
Hey I just wanted to tell y'all about the Germany based "posteo" it costs 1€ per month and seems like a good provider to me. But I'm not that well educated about all this...
Also startpage has a mail-service but since nobody ever mentions startpage as far as searchengines go I think there's something not good about it that I don't know of...
I’m a bit late to the thread, but for anyone still in search of a provider I’d like to make a case for Posteo.
Posteo has a business model I can fully understand, Gmail in direct comparison cannot be described other than shady. When you’re not paying, you’re the product. Period.
One of the core selling point is this. They issue it every year. Posteo documents every single information request by law enforcement agencies – and most of the time how they reject it with details on the jurisdiction. Which is always on their side, because German legislation is pretty restrictive in that area and luckily (still) built around a concept of civil rights which isn’t totally perforated by "national security". I’d like to see the full disclosure of Google-FBI correspondence (well, actually I don’t).
They explain elaborately why they can’t support own domains, main point is: Because you have to register one with your personal details and a simple whois reveals – ew! – your physical address, which they neither want for third parties to be possible nor for themselves (which inevitably would happen since you’ve got to redirect the A-record), because they wouldn’t be able to plausibly deny knowledge of personal data facing officials. Apparently whoever supports such a feature cannot claim to be a "privacy" mail provider.
[edit: wording]
Good tutorial how to use mailvelope, read How do I install end-to-end encryption for the Posteo webmail interface with Mailvelope (PGP)
Lifehacker has a good video explanation How to Encrypt Gmail, Outlook, or Yahoo Webmail Using PGP
Tasks:
- [X] Exercise with my stationary bike
- [X] Watch The Unbelievers documentary
- [X] Start reading the book Radical Abundance by K. Eric Drexler
- Organize web bookmarks
- [X] Read this tutorial for Emacs
- Try Posteo (an e-mail provider)
Habits:
- [X] Eat no more than ~~1,000 kcal~~ 1,500 kcal of food (for weight loss)
- [X] Wake up no later than 8:00
Speaking of good email companies in Germany, there's also posteo.
In the end, though, for actual privacy you've got to drop email as the protocol can't be fixed to not leak metadata. It's just ancient, and was never designed with that in mind.
I quote from the IP Stripping paragraph:
>In the source text of an email, the sender's IP addresses are sometimes listed in the so-called email header. We do not collect your IP address. Emails sent using Posteo therefore do not contain our customers' IP addresses. To protect your privacy and for security reasons, we also delete any potential IP address entries made by local email programs from the email headers. Emails sent using our webmail interface or using email programs therefore contain neither your local nor your public IP address.
There are some news on a court order. The court said posteo does have IPs and if posteo says otherwise they just hide them from their internal application for privacy marketing. However, the court says the must provide IP to law enforcement. In response posteo wrote a longer statement. Here, and I quote,
>Das BVerfG hat angenommen, dass IP Adressen ausgeleitet werden müssten, wenn diese Daten in den Posteo-Systemen tatsächlich vorhanden seien – das ist aber nicht der Fall.
Here they say, the court's premise is they do have IPs, but the don't. In their blog post the make clear multiple times, that the do not have IPs since they aren't not necessary for a proper maintenance of their systems. So they do not log them in the first place. And although often said otherwise, the court doesn't rule they have to log them but to to hand them over if they log them. And they do not log them, etc pp.
Auf jeden Fall (auch für den besseren Schlaf) die zwei-Faktor-Authentifizierungzwei-Faktor-Authentifizierung aktivieren!
Das löst ja das Problem nicht. Dann deckt den Mißbrauchenden statt einem Polizisten eben der andere Behördler. Die eine Krähe hackt der anderen kein Auge aus. Sieht man auch sehr schön an der Berliner Quote von beantragten und tatsächlich ausgestellten TKÜs. Money Quote: "In total, between 2008 and 2014 in Berlin, 14,621 applications for surveillance were made – and approved." (https://posteo.de/en/site/transparency_report) Und die Polizei genehmigt sich die nicht selbst, wissenschon. Kann natürlich sein, dass die immer formfehlerfrei, angemessen und erforderlich waren, diese Sorgfalt kann man ja guten Gewissens annehmen, nicht wahr? Kurz: mit mehr Behörden auf staatlicher Stelle kriegt man das nicht gelöst. Nur durch Aufbrechen des Gewaltmonopols kann man das Machtgefälle angreifen. Aber gerade Sozialisten haben damit sehr große Probleme ;) Tatsächlich sehe ich das Problem der Machtasymmetrie als gering an. Ein Nebenprodukt wenn man Kompetenzen an Andere abgibt eben. Aber gut, mein Bekanntenkreis und ich hatten eben auch ausschließlich "nicht-negative" Erfahrungen mit der Polizei.
I am not an admin, and I don't use Reddit much, yeah...
That said, I will try to make this as easy for you to understand as possible. Emails typically use 3 records - SPF, DKIM, and DMARC to verify the authenticity of the email. SPF specifies which servers are allowed to send the emails, and DKIM specify the signature that those emails should have. DMARC specifies what a receiving server should do should both of the SPF and DKIM check fails (none = do nothing, treat it as a legit email, quarantine = flag it as spam, reject = drop the email and don't even bother putting it in the inbox).
Most email providers have the DMARC policy set to quarantine or reject. Some other providers don't use DMARC, but use ARC to verify the authenticity of the emails.
Posteo basically has no policy for DMARC and doesn't use ARC either. As a result, anyone can send an email as a posteo.de user and it will be treated as legitimate. I can email someone else pretending to be you, and the receiving mail server will more often than not deliver it straight into the recipient's inbox.
Stimmt, man könnte es missverstehen. Ursprünglich stand in der Linkbeschreibung gar nichts von der UN drin, sondern: "E-Mail grün, sicher, einfach und werbefrei - posteo.de"
Ich habs also bereits angepasst, wollte aber den Hinweis, dass es von Posteo stammt, drin lassen.
There's instructions for all payment methods (including cash) here: https://posteo.de/en/help/how-do-i-add-credit-to-my-account. It also says that they accept all valid currencies, so sending money from the UK shouldn't be an issue.
No. IMAP/POP support isn't currently possible nor planned. As I understand it, this on account of how encryption is implemented.
See also Let PGP die.
Email import however is on the roadmap.
I'd recommend Posteo if you want to use Thunderbird.
> With Posteo, you have the possibility to encrypt all the email data in your account at the click of a button. The encryption encompasses not only the content and attachments for all emails, but also the corresponding metadata (email header, sender, recipient, time, subject, etc.). > > The encryption is comprehensive: it encompasses your email archive saved with Posteo as well as all newly-arriving emails. The data encrypted within crypto mail storage is also no longer readable by us as the provider. The encryption works without you needing to do anything special. Whenever you access an email, it is made readable (only for you) in the background using your password at the moment of access.
and
>On this page we have presented numerous encryption measures, which we as provider use to protect your data as best as possible. In addition to our measures, you can also become active yourself – securing your emails' content using personal end-to-end encryption. Previously, a local email program such as Thunderbird or Outlook was required for this. With Posteo, meanwhile, you can conveniently use end-to-end encryption (with OpenPGP) in the browser.
Although it is still based in the US (which is not good for privacy), it's likely to be much better than something like GMail. I use it myself for a few of my e-mail addresses and I haven't had any issues with it.
I know you said you don't need much privacy with it, but it's worth keeping in mind anyway that e-mail (even with encryption) isn't considered to be a particularly secure form of communication.
EDIT: Another provider you could have a look at is Posteo which has IMAP support.
Simple Login lets you create and use different email addresses (known as aliases) for each site you use, and forward the emails sent to them to another email of your choice. You might want to do this because: * It's better for privacy. Websites don't get your real email. * If a site gets compromised you know exactly whose fault it is, and you can turn the alias off to stop the spam emails coming through * If you want to switch your main email account you only need to change it in SimpleLogin, not on every single website you use, because the aliases don't change
You can of course pair it with any email provider of your choice, and there is a lot of choice! The big names like Proton can be more expensive. There are cheaper options like https://posteo.de/en but I cannot speak for its privacy or security personally as I don't use it
One thing I don't like about Posteo is they claim to have some super duper spam filter, so there's no spam folder. Anything they consider spam simply won't reach your mailbox.
I don't really want them making that decision for me, so I have no idea why they wouldn't let us be able to turn it off.
On the other hand, on their FAQ page, they claim there's no need to worry about them not existing in 10 years, which is reassuring
https://posteo.de/en/site/features:
<cite>Unlimited filter addresses
Use as many filter addresses as desired for your Posteo
addresses (e.g. , )
to sort emails and keep your inbox tidy.</cite>
Glad I could help! You're not alone - I've seen lots of people with the same misconceptions. Email really is the last thing you want to try - it's a huge rabbit hole and requires a number of advanced skills you'll want to develop through doing other things first - also best to host it on a cheap VPS. An attainable goal, but a long road to get there :-)
If you'd like to switch email providers today, I've heard good things about Protonmail. Personally although I have my own email server, I also have a backup account with Posteo.
Pihole and a media server sound good! Personally I use Jellyfin, which might be worth a look.
Don't forget a case for your pi to keep the dust out - many cases also come with built-in heatsinks too for passive cooling.
Posteo is an email provider that offers paid email accounts (1 EUR/month) but it's totally worth it. They offer a service that uses green energy, no ads, anonymous signup and payment process, etc. You should check them out.
Posteo is amazing with different .ch .is and etc. It has tls only for email so if email server where you are sending your email does not have tls then ur email will get bounced back and it never leaks any metadata or data about email
https://posteo.de/en/help/which-domains-are-available-to-use-as-a-posteo-alias-address
Fot me its Posteo, it encrypt all my incoming emails with my pgp key, the key is needed to read my emails on thunderbird, k9 and web interface.
And this is on top of the already encrypted at rest option.
https://posteo.de/en/help/how-do-i-activate-inbound-encryption-with-my-public-pgp-key
I trust an email provider just to store emails. Although I never use Posteo, but I would choose to pay for their services rather than other email providers. Crypto Mail Storage feature is one of the reasons.
Can anyone recommend a good alternative to Outlook when it comes to appointment invitations (Zoom/Teams calls etc.) and calendar synchronization?
In Thunderbird the synchronization with my posteo.de calendar via CalDAV does not really work.
Did u try to set alias as default first? Like here Help - How do I add a sender identity for an email alias in the webmail interface? - posteo.de
You can read about it here & click on the boxes for more details https://posteo.de/en/site/encryption But like I said, I'm not up on the lingo so you'd prob make more sense of it than I could. :)
One thing I did notice is that their two factor authentication is only for the webmail, not mobile or IMAP integration.
from https://posteo.de/en/help/what-is-two-factor-authentication-and-how-do-i-set-it-up
>If your regular password is somehow obtained by criminals or intelligence agencies, they will have no possibility to access your account via webmail and, for example, to manipulate your account and security settings.
Two-factor authentication prevents account theft: Without the second factor, unauthorised parties cannot access your account settings, change your password and lock you out of your account. For login, not only your password will be required, but also the current one-time password shown on your device. This changes every 30 seconds.
>
>Tip: By activating additional email account protection, two-factor authentication also protects your emails against unauthorised access. Additional email account protection is suitable only exclusive for webmail users as it blocks access for email programs. You can find out how this works in How do I activate additional email account protection?
You have to disable IMAP access and solely use the webmail if you want it to work properly.
I'm using AnonAddy in conjunction with Posteo it works like a charm and costs me 2€ per month with is acceptable for unlimited private email. Posteo's nice filtering possibilites allow to automatically sort incomming mails into subfolders according to their AnonAddy alias.
I found links in your comment that were not hyperlinked:
I did the honors for you.
^delete ^| ^information ^| ^<3
I've been using posteo.de for two years now. Very happy with it. Costs me 1 euro per month, but I find that very, very reasonable. They also have yearly transparency reports.
One thing that irks me is that 90% of these threads are people just recommending Proton alone, instead of giving multiple options. A good starting point is a list like this.
Mailbox.org and Posteo can encrypt incoming email using your PGP key and forward via filter to your Gmail. Mailbox.org help page, Posteo help page. Both are €12/year without any bandwidth and amount of message limit, furthermore Mailbox.org make you use your own domain and both support aliases.
I have no doubt that in your case is a far more solid, reliable and cheap method than Anonaddy/Simplelogin.
Oder man nimmt einfach gleich alternativen wie Tutanota, Protonmail oder Posteo. Ein email wechsel ist einfacher als man denkt und ich finde es lohnt sich umzusteigen.
I found links in your comment that were not hyperlinked:
I did the honors for you.
^delete ^| ^information ^| ^<3
It's pretty close to Proton Mail and vice versa as far as features go.
You pay at least 12€ per year and you get an IMAP mail account with a very intuitive and simple user interface (imagine a more feature rich Lavabit web interface), complete encryption and 2FA at your wish, an address book and webcal calender which itself too is encrypted, 2GB storage, 3 alias mail addresses by default, a neat and also encrypted notebook page which is nice to use on your phone's web browser due to adaptive webdesign and payment is anonymously according to their website which too is available in English for the international audience: https://posteo.de/en
Storage, the amount of calenders and aliases can be increased if you desire, you'll just have to pay a bit more.
Oh also they have support websites for setting up various mail clients as well as encryption in clients such as Thunderbird that also lets you upload your public GPG portion to their servers.
It's all located in Berlin, they have a good service, are very transparent about what police and other authorizes want from them and all their electricity is coming from Greenpeace Energy.
Oh and in case I didn't mention it, they don't force you to tell them your real name and location.
I love posteo (though a bit biased as a German). Have been using it for many years now. Posteo also always fought as hard as possible against any law enforcement demands, unlike other providers in Germany.
Posteo also publishes a yearly transparency report on their interactions with authorities:
https://posteo.de/en/site/transparency_report
Here is a list for their features:
Please reade the "update" part at the bottom of the article, it links to a counter statement from posteo which shows that email providers like Tutanova or Posteo do not fall under this law anymore.
Der Vollständigkeit halber einmal zum Thema Posteo, die erfüllen soweit ich das erkennen kann alle deine aufgezählten Punkte, ausserdem gibt es jährlich einen Transparenzbericht zu Behördenanfragen. Hier kannst du dir eigentlich alles anschauen, einfach nach links/rechts durchklicken. Ich bin jedenfalls seit 2 Jahren bei denen und kann nichts negatives berichten.
Der Punkt den ich nicht verstehe ist "evtl sicherer? Also besser gegen Passwortlisten Angriffe gesichert" . Dagegen kannst du dich doch durch Verwendung eines einzigartigen, sicheren Passworts doch selbst absichern? Oder verstehe ich dich falsch.
>Yes, they could store less, but I guess that would make their job harder
Perhaps but that doesn't change anything
>How do you fight a DOS attack if you don't know where it's coming from?
I'm not a network engineer, so I have no idea but Posteo and other services seem to be able not collect IP addresses and manage just fine
>It's not very likely an attacker walks into the data center and steals the physical storage media
It's also not very likely that I'll die on the way to work in a car accident tomorrow but it happens to others all the time. Also, I feel ProtonMail, for example, has substantially better physical security practices than Disroot simply based on funding and man power.
>It's much more likely they get hacked or a state actor forces them to circumvent their own encryption.
Still doesn't mean they can't encrypt at rest, as a minimum
>Besides, encryption at rest adds complexity, which means higher cost and more bugs.
Perhaps but, again, this doesn't change anything
This is a privacy subreddit where people come to understand how to enhance their privacy and understand what makes a service private or not. Disroot email is not a private email service. Full stop. Claiming "encryption is difficult and burdensome on the devs" is, if I'm being honest, a laughable attempt at a justification and misleads newcomers into believing Disroot is something it isn't.
Die meinst die Fälle in denen die Besitzer der Accounts, die die Drohbriefdatenabfragen gemacht haben, nur als Zeugen vernommen wurden, weil allgemein bekannt ist, daß sich niemand ausloggt und jeder den Account nimmt, der grade noch eingeloggt ist? Die Fälle, in denen Polizisten Jahre lang illegal Datenabfragen für terroristische Zwecke gemacht haben, ohne daß das irgendjemandem aufgefallen ist?
Interessant sind auch die Transparenzberichte von Posteo. Ich finde grade den Link nicht, aber irgendwo hab ich gelesen, daß sie Anfragen von irgendwelchen GMX-Konten bekommen haben. Nach Rücksprache hat sich rausgestellt, daß das wirklich Polizisten waren. Es ist unter E-Mail-Anbietern offenbar nichts dagegen einzuwenden, polizeiliche Auskunftsersuchen über abzuwickeln. Total reglementiert.
> As for SimpleLogin and AnonAddy, do you know of alternatives?
If you mean by e-mail forwarding type of services then no. It doesn't really make sense as you leave more metadata and papertrail. I think it would suffice only using privacy oriented e-mail provider with aliases. No need to do hassle.
>Are they wrong to suggest those services?
Not necessarily, it's just lacks information or rather description of pros and cons on those two. Though, it may already have sufficed with their criteria then it's up to the potential user to make an informed decision.
>which services would you suggest?
I've my own threat model and use cases, so, it may not be the same as what you do. I compartmentalize my e-mail use and I use couple of privacy oriented providers. Some with and without aliases. The best one to date, I think it's Posteo. Though, it costs 1 euro a month. If you read their documentation, everything is FOSS, they adopt strong encryption schemes quickly than others and you can even pay with cash via postcard with no return address.
I'm sorry but I'm not even going to bother addressing that.
He's lambasting Mailbox for using in browser javascript for encryption and decryption which is exactly what Posteo, (and all other mail providers offering encryption in the browser of any kind), who he praises and clearly "trusts", does.
https://posteo.de/en/site/features#leistungendatenschutz
He's entitled to his opinions as much as everyone else, but his arguement(s) make(s) no sense from a logical perspective.
I have a posteo.de mail adress. I can name aliases however I want.
e.g. Mail adress is [email protected], alias is [email protected]. mails go to the same inbox. I can also send mails from my aliases.
Ah.. easy. Smaller market, lesser revenue.
There are some counter examples of companies, that actually make a business-model of providing services "made in Germany", because some customers trust German companies more than f.e the data privacy regulations in the US. But those a niches. The bigger part of the population, doesn't think about online privacy or data protection.
Examples of this would be Posteo.de, Manitu.de, sloppy.io and maybe uberspace.de
I've used it and thought it was good. At the time (may be different now) you couldn't use IMAP for a mail client unless you had a paid account.
Going paid, I looked around and if you're willing to pay a little bit monthly I've been very happy with Posteo and Runbox as Google alternatives. They've been fast and reliable and also quickly responsive the few times I had questions.
I also have a free Proton account and I like it, but I've had only so-so results with the bridge to use IMAP on Mac. Posteo has been outstanding with IMAP; Runbox is good too but has an occasional quirk.
(Eta: Posteo and Runbox both have good alias options, which was a feature I was looking for. At my level Posteo offers 2 aliases with the account, and Runbox gives you 100. I think Gmail's alias system is poorly set up.)
(Eta 2: Just had another IMAP issue with Runbox tonight - happening a lot lately. Posteo is working great. I may move over to them...)
>Alles aus der Schweiz
Warum sollte die Herkunft eines Anbieters etwas über dessen Seriösität aussagen?
Falls das so ist, würde ich doch lieber auf posteo.de setzen, die sitzen in Deutschland und sind somit an die DSGVO und das BDSG gebunden.
They are extremely vague on the privacy policy change section.
"It may become necessary to change this privacy policy as Posteo develops or based on changes in legal or official guidelines. The respectively current privacy policy can be accessed and printed at any time on our website: https://posteo.de/en/site/privacy_policy"
I couldn't find a CEO or any employee lists, but I didn't try that hard...
I dunno they seem like a good service otherwise though. The paid only concept is interesting.
> Does the Posteo encryption work with third-party clients?
It seems to!
On Posteo under Settings -> Encryption, I have both crypto mail storage and Address book and calendar encryption enabled; Evolution and iOS (along with some DAV cient on Android) work fine with it.
I also have Trasport encryption enabled as well. According to this page, apparently you'd get an email back if wasn't able to be sent encrypted, but I've never seen such an email on any client I used, and assume it also works fine.
I don't have PGP/S/MIME inbound encryption enabled though. I have to re-figure out my private key and stuff, but according to Posteo, as long as the email client supports E2E (Thunderbird, Apple Mail, etc), it too should be fine.