It’s hard to find un-enshitified services, even just email. I managed to find a dozen or so ½ decent email providers. But they are only ½ decent. Many are shit in terms of reliability, probably as a side-effect of not being well funded. But then where are the discussions? I Lemmy-search for “onionmail” and only find a dozen hits.
Why is this? IMO it’s because there are just so many shitty options that they drown out the better options. Protonmail is the mainstream alternative to the notorious corporate garbage, but PM is a shit-show in its own right … CAPTCHAs and other anti-human obsticals.
We need decentralization, but the nasty side-effect is that it spreads an already small crowd so thin we can’t find each other in the universe.
Protonmail wants you using their GUI so you can see ads, IIRC. The biggest problem with that is they ship dynamic js to you on-the-fly which could harvest your key after seeing your IP. There are a few ways to avoid that:
If you overcome those factors (which I can’t because the CAPTCHA problem is chronic in my case, even via the onion), then there is still the problem that you must login periodically on the gratis account, or lose it. Notifications combined with Hydroxide made PM usable for a while but when a show-stopper bug sat idle for like a year or something I gave up waiting for progress, which was unlikely to get around the CAPTCHA problem anyway.
For me Google reCAPTCHA is a show-stopper by itself. I will not solve those, even if it’s to reach a gratis service.
Hushmail 15 years ago was much better than Protonmail is today, largely because expert users could do all the key management so their tech illiterate correspondants didn’t even have to know that keys are in play. Protonmail requires even the low tech users to know how to put a public key of someone into their addressbook. It takes a lot of arm-twisting just get security apathetic users into a new account. As soon as they have to take key management steps, it’s blown. Hushmail gave me a way to securely talk to accountants and lawyers.
Perhaps its the ad-catchers I use but i don’t see any when I’m using proton webmail. I also don’t see any CAPTCHA usually but I don’t log in and out that much. I realise i’m trading security for convenience there.
The security aspects you bring up are real - key management is more than I would ask normal people to do. You can use crypto to pay for the service, if you can aquire some without going through ridiculous KYC that might be a more acceptable level of anonymity.
You seem much more opsec intelligent than me, thanks for the informative reply! Really enjoying the community around here.
It’s an interesting point about staying logged in. In principle, hydroxide could be coded to login once and retain the cookie and reuse the same session cookie to check for new mail every 30 min to keep the cookie alive. And it could run on an always-on PC. That would probably cut back on the CAPTCHAs. That would be a good suggestion to the Hydroxide project because the CAPTCHAs make hydroxide a pain in the ass. People have to use a gui to login if a CAPTCHA hits, then pass the cookie back to hydroxide IIRC.