I am interested in Disroot email service and my priority is the privacy on the server storage.
all emails, unless encrypted (with gpg for example) are stored on our servers in plain-text.
This mean that admins or other people with access to the database can read my unencrypted emails?
In short, yes.
In fact 99.99% email providers out there have access to emails of their users. Except for protonmail, tutanota and few others, but those offer access to the email accounts only via their webmail or mobile app.
We are exploring possibility to encrypt mail boxes while still providing access to email via IMAP and POP3 so that you can keep on using your native email clients, but that’s in the pipeline for next year. Until then, just like with any other service provider it’s a matter of trust.
Thank you for your response.
For me, the advantage of Disroot in relation to Protonmail and Tutanota is POP3 and when Disroot have the encrypted storage will be the perfect email provider.
Until then, I’ll follow your progress.
If you use POP3 emails do not stay in your mailbox on our server, but get saved directly on your device btw.
Technically all the E-Mail providers can read your E-Mails! (Including ProtonMail and Tutanota) - If they want to.
Mails move over plain text, so if they want to read your mails then they can simply keep a plain copy for themselves (bad idea) and send other copy to your inbox. So if you don’t want that to happen then host it yourself.
Otherwise you have to trust someone, although Disroot’s inbox is not encrypted, you can use POP to receive mails, once they reach your device it will be purged from the server.
It is all about trust, technically any (I mean any) mail provider can read your mails because you don’t know what’s running behind the scenes.
If data is written to storage, then it can be copied. POP/IMAP, there is no way to verify what the server admin is doing. All a matter of trust. Even hosting your own email on a VPS means you need to trust the service provider.
Email isn’t secure and never will be IMO.
If you use PGP, then only the intended recipient will be able to decrypt your message.
It’s a clunky solution, but you can send your message over any medium and still prevent anyone else from reading it.