A bit confused about Librem Mail


#1

Hello,

I am currently checking out the Librem.one services waiting for my Librem 5, but I am a little confused about Librem Mail.

It is advertised as an “end-to-end encrypted e-mail account”, so I would expect it to work somewhat like Protonmail, however some comments like here suggest you have to configure PGP manually if you want to encrypt your mails. So what does Librem Mail actually offer that my ISPs standard unencrypted mail account doesn’t?

Also, what’s up with the “We delete unencrypted mail after 30 days”? They’re not going to clean out my mailbox if I’m not quick enough in transferring my mails elsewhere, are they?

Thanks.


#2

Well, that’s why I bought into it. It provides the “right to be forgotten” that is in the news elsewhere. (Unlike services like linkedin, which has recommended to me to connect to people I know are dead.)

For someone that downloads their email almost every day, it should not be a problem.

If, on the other hand I croak (which implies I won’t pay my bill), poof, my email will eventually be gone. And being a senior citizen, I have seen my co-workers and friends drop off one by one.

The duration of which is if I pay may bill yearly or monthly, currently it is monthly. When my Librem phone arrives I may opt to go yearly.


#3

Deleting my personal e-mails is not how I understand “right to be forgotten”. That applies to data you normally don’t have control over, like search engine results or social network servers. And even for those I wouldn’t want them to delete all my data just because I forgot to hit the dead man’s switch every month.

Giving limited server space to store your mails is fine, but preemptively deleting them makes no sense to me.


#4

There is a whole community out there opposed to the permanent storage of personal emails at the host level which have been copied, and sold to the highest bidder (or just given away).

The 30 day window minimizes the exposure at least.

Going on a 90 day Amazon expedition? A 6 month deployment with an EMCON? Yes a Librem one account may not be for you.


#5

if it does not suit you fully then you could use it patially only for very sensitive material that you WANT gone after 30 days … you are not locked here - besides you can choose other non-encripted e-mail providers, or host your own and setup scripts to auto-do-it-for-you at your specified time intervals or let it sit there “forever” … it’s your choice


#6

You are fully right. However I would just like to know what product I am actually paying for, and I feel the page where they describe it doesn’t tell me that. Maybe I’m wrong and the encryption works great actually, but nobody seems to bother clearing that up.

Anyway, if that delete-your-mail-after-30-days thing is true, it seems it is only useful as a throwaway account than an actual functional e-mail account.


#7

I think you forget about using an email client. Once you have downloaded to your PC, move messages to a “local” folder. (Off an IMAP folder, I just learned about those.) Once you have it on your PC, you have it for years. Who cares what the provider does with it then?


#8

it is a concern if there is sensitive information in there but the right people take their precautions before they type …


#9

You could automate the dead man’s switch while you are in the Amazon.

As noted by @reC we most definitely do care. That is a major issue with service providers.

I care. What I would want is that all copies of the email and all associated logged information are gone in as timely a fashion as possible.


#10

Oh, and once I’m dead and haven’t paid my bill, the email will go away the spammers will get a bounce. (I won’t get spam after I’m dead woo hoo!) A gmail account on the other hand will get spam forever…


#11

That was a reverse analogy. I’m saying once I have downloaded it, I’m not worried about the 30 day window if I really want to keep it.


#12

I’ve been using Tuta Nota for awhile now after switching from Proton Mail after learning of some security and privacy concerns regarding where they are hosted and who actually owns them.

TutaNota deletes the emails after a set amount of time unless you archive them, which is what I do if the email is important. TutaNota lets you choose to encrypt an email when you send it and the person on the receiving end has to retrieve the email before they can read it using some kind of security key that gets sent to them when you send the email.


#13

I’m curious, what are those concerns exactly?

So they send the key along with the encrypted mail? That sounds really secure… :face_with_raised_eyebrow:

No seriously, have you looked up how PGP works? That’s probably what you’re talking of.


#14

https://vpnscam.com/heres-why-you-cant-trust-nordvpn-and-protonvpn-protonmail/

This link talks about some of it. I searched around but can no longer find the full write up on who owns ProtonMail and NordVPN. When I read about it. it was being discussed heavily in a tech board I was on. Long story short, they are based in a country which does not respect your data nor privacy and the CEO and company share a location with a data collection agency.

As for TutaNota, I haven’t used the feature myself. It’s a button/option you select when sending an email and it says that the receiver needs to follow a link to retrieve the email from encryption.


#15

Yea, well, ok…I don’t know how much I would trust a site like that. Certainly not enough to make a decision about my e-mail provider.

Well, for that feature you need to transmit the password to decrypt the mail to the receiver in another way however. May be useful to send a one-off message to someone, but not very useful for day-to-day or two-way exchange in fact. Protonmail has the same feature as well by the way.


#16

As I said, it was the only link I could find. However the information in it, while incomplete, is accurate and was discussed at length where I was last year, enough so that I stopped using ProtonMail and switched to Tutanota. Soon I’ll probably be using solely Librem Mail personally.


#17

Or going to one way traffic may be another method, like listening to numbers stations?


#18

do you know on what type of bare-metal-host-infrastructure-hardware the Librem-Mail servers sit on ? AWS or AZURE anyone ?