All this new excitement with Lemmy and federation has got me thinking that maybe I should learn to run my own instance. What always comes up though is how email is the orginal federated technology.

I am looking at proxmox and see that is has a built in email server, so now I am wondering if it is time to role my own.

I stopped using gmail a long time ago, and right now I use ProtonMail, but I am super frustrated with the dumb limitation of only having a single account for the app. I get why they do it, and I am willing to pay, but it is pricey and I don’t know if that is my best option. I guess it is worth it since ProtonVPN is included. It looks like they are expanding their suite.

Is it worth it? Can I make it secure? Is it stupid to run it off a local computer on my home network?

  • linearchaos@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    2 years ago

    Tbh, that document reads like a discovery channel 2am aliens documentary, but it’s not completely without merit.

    There are a couple line items about software services they’re using that are shitty that sound pretty legit. The fact that they’re operating in locations where they might have to hand over data sounds pretty legit. Their warrant compliance and logging/handing over a person’s IP address is legit.

    The CIA honeypot stuff is all really circumstantial. If the CIA was in as deep as is claimed, a lot of the real evidence people are turning up that they’re not a secure as they could be would be unnecessary.

    My best guess is they decided to make an email company based in Switzerland with the schtick that they’re secure (banks amirite?) They’re doing what they can to appear secure without spending too much money. They’re not going to have legal battles to keep your data private, and they are going to comply with agencies request for data. Even if they support end-to-end encryption if they are required by an agency to turn that encryption off for you, they’re going to do it.

    They’re probably less likely than Google or Microsoft to sell all of your data to the highest bidder, but realistically there’s no such thing as secure email.

    • Sploosh the Water@vlemmy.net
      link
      fedilink
      English
      arrow-up
      6
      ·
      2 years ago

      The basic assumption every privacy-concerned person should have about email is that it’s never secure. Unless you use an offline cryptography program to encrypt your email text and then paste it into the email body before you send it, your emails are insecure.

      Email was never designed with that in mind. If you want to communicate securely with somebody, use a medium/method that has been designed from the start for that purpose.

      I use ProtonMail because it’s not a massive corpo and it’s open source, but I don’t believe that my emails are significantly more secure than on a service like Exchange or Gmail.

      • DidacticDumbass@lemmy.oneOP
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        2 years ago

        This has been my thinking about ProtonMail, even after reading the article on here, and even after reading https://digdeeper.club/articles/email.xhtml (which I have to reread because it keeps getting bigger).

        There is no perfect solution, just different levels of trust. That is right, if I want to be “secure” I got to act like a journalist and use a temporary solution or something that has end-to-end encryption.

        Besides, email is meant for public communication. No reason to elevate it into some something it will never be.

        • Sploosh the Water@vlemmy.net
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 years ago

          Yeah. In my experience, you have to be careful in the world of tech privacy/FOSS to not fall off a cliff to the extremes.

          You can always find reasons to not trust some piece of tech hardware or software. It’s all too complex and multifaceted to fully vett, and even when you can do that, there isn’t anything that isn’t touched in some way by mega-corps or glowie agencies.

          Tor was developed by the US gov, same with the ancestor of the internet. Your network traffic runs on mega-corp wires, through mega-corp servers. Your hardware is developed, built, and distributed by mega-corps, as is most the firmware and microcode in them.

          Even Richard Stallman, one of the most hardcore Free Software advocates has concessions he makes for firmware, microcode, and so forth.

          The only way to be truly and completely secure tech-wise is to pull a Ted K. And go run into the woods and live in a little cabin, disown any tech built after the turn of the century lol.

          It’s “all or something” not, “all or nothing.” Determine your threat model, your ethical bounds, and let those principles guide you. I think fundamentally what all FOSS folks have in common is the idea that the tech you use should serve your needs and desires, not the needs/desires of billion dollar mega-corps farming you as a product.

          • DidacticDumbass@lemmy.oneOP
            link
            fedilink
            English
            arrow-up
            2
            ·
            2 years ago

            This is the most sane perspective I have read. For sure it is important to have solid principles and do the right things whenever possible, but no one gets to demand changes for something they never contributed to, especially not those things that took a massive amount of money and human power to build. We are all standing on the soldiers of giants, and it is insane to think we can be Ratatouille, controlling them for out benefit.

            The only way to change governments and mega-corps is to make it unprofitable when they do the things we don’t like, or make it so doing the right thing makes them lots of money.

            Thanks for this, it is the reality check I need to make good decisions. Even if I do become the Unidumbass, the people I love who would never follow me into that lifestyle.

            • Sploosh the Water@vlemmy.net
              link
              fedilink
              English
              arrow-up
              3
              ·
              edit-2
              2 years ago

              I actually have a formal methodology for how I engage with software/hardware from a FOSS perspective:

              Embrace, Subvert, Accept.

              For any task I do currently or want to do, I apply this process:

              I first try to find and use any FOSS software/hardware that does that thing well enough to use entirely. (Embrace)

              If there isn’t a FOSS solution that exists or does essential things I need, then I use a proprietary technology in a subversive way to do it. So cracked copies, jail broken or otherwise hacked hardware, or using the proprietary service through an unofficial/unapproved 3rd party app. (Subvert)

              If I can’t do that either, but the task/need is absolutely critical, only then do I accept using proprietary and unmodified software/hardware. (Accept)

              This method has worked pretty great for me. Now about 3 years after starting my FOSS journey, I have almost no software/hardware I use that is in that third category. Basically everything I use is FOSS, hacked, cracked, modded, or runs on platforms that are, and I enjoy tech and computing more than I ever have :)

              • DidacticDumbass@lemmy.oneOP
                link
                fedilink
                English
                arrow-up
                3
                ·
                2 years ago

                This is a good method. It is our duty to do everything we can to live by our principles, and be careful about the compromises we make. The more I go deep into FOSS, the more I discover. So much exists, it just takes some work on our part to fit it to our needs. Programming competency does not have to be high, just enough to fix any compile errors.