this post was submitted on 07 Jun 2026

75 points (96.3% liked)

Privacy

48961 readers

367 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

[Discussion] Which privacy apps / services do you think are most likely US government honeypots? (lemmy.ml)

submitted 1 day ago by dessalines@lemmy.ml to c/privacy@lemmy.ml

87 comments fedilink hide all child comments

IE like Crypto AG:

In 2020, it was revealed that the Swiss company, Crypto AG, which provided secure communications services to ~120 governments throughout the 20th century, was secretly ran by the CIA and West German Intelligence. The CIA and later NSA were able to read encrypted communications for many countries such as Saudi Arabia, Iran, Italy, Indonesia, Iraq, Libya, Jordan and South Korea.

you are viewing a single comment's thread
view the rest of the comments

[–] 45o3b@lemmy.ml 8 points 16 hours ago (5 children)

This thread basically illustrates the challenges for a beginner, such as myself.

I've been locked into the Google ecosystem for nearly two decades and am now trying to free myself.

I'd like to migrate to a hybrid solution that involves self-hosted NextCloud synchronized with a cloud provider that I can trust more than Google.

However:

Proton apparently makes false, or at least misleading, marketing claims and doesn't fight a vast majority of its inbound government requests.

Tuta has been publicly accused by a member of the intelligence community of being a honeypot.

The rest of the email providers seem to implement even fewer protections, relative to these two.

So, what's a guy to do?

Now, to be clear, I'm not saying that either of these companies are bad or that I believe that they're actually honeypots. I'm just trying to illustrate the challenges faced by newcomers (and probably all of us).

While I'd prefer to absolutely maximize privacy and security on all fronts, given that my first goal is de-googling, I will probably start with Proton and NextCloud and re-evaluate from there, but I'm open to suggestions.

Thank you all -- I really appreciate this community.

[–] vapor_body@lemmy.ml 1 points 29 minutes ago

Tuta would make sense to me as a honeypot. Who called them out? Add it to the list of free providers I use that are just the CIA... In order to "anonymize" my social media profiles on their other sites lol

[–] dessalines@lemmy.ml 8 points 14 hours ago

Email is a really tough one especially, because it wasn't designed with security in mind, and of course even if you're on a secure email service, 99% of the emails you send and receive are going to be with non-secure services hoovered up by google or AWS.

Anything is better than google at least.

[–] communism@lemmy.ml 4 points 12 hours ago (2 children)

Tbh for email I'd say don't bother with privacy as it wasn't meant to be private, as Dessalines said. If you care about data sovereignty (which is different to privacy, though often hand-in-hand), you can self-host email—it's not as hard as it's reputed to be. I've self-hosted my main email address for a couple years now and not had major hiccups. For the most part, after initial setup, it just runs. And if you're daunted by configuring it, there are out-of-the-box solutions like Mailcow you can use. I'd only really recommend it if you already have a VPS/home lab/etc where you already self-host things.

[–] 45o3b@lemmy.ml 2 points 11 hours ago (1 children)

I intend to do that but basically wanted to have an off site copy, for both backup and deliverability purposes.

I don't have much in the way of privacy expectations for email, but I figure that Proton or Tuta are probably still safer than Google.

[–] communism@lemmy.ml 0 points 10 hours ago (1 children)

I self-host on a VPS, so my off-site copy is the VPS, and my on-site copy is the emails downloaded to my email clients.

I figure that Proton or Tuta are probably still safer than Google.

Define "safer". If you are receiving unencrypted emails (which is the case in the vast majority of cases), there is nothing stopping Proton or Tuta from reading them. Fundamentally, if something arrives at a server unencrypted, the server can read it—nothing can be done about that.

If you're exchanging e2ee emails, then it doesn't matter if you use Google, because the body of the email can't be read by Google. A lot of metadata is required to be unencrypted though (this is the case for Proton and Tuta too).

I don't really see the benefit to using an email service like Proton or Tuta from a perspective of meaningful data privacy. If it were between e.g. Proton and Google I'd probably pick Proton to avoid my emails being used to serve me ads from Google, but I wouldn't have any illusions about Proton being able to read unencrypted incoming mail.

[–] 45o3b@lemmy.ml 2 points 9 hours ago

Yes, I know and agree that the mail providers can read unencrypted email. I'd just rather use a provider that probably isn't intentionally using it to build profiles about myself and others.

[–] sudoer777@lemmy.ml 2 points 11 hours ago

VPS/home lab

VPS is probably fine, hosting something this important on your own hardware sounds like a recipe for disaster though

[–] whatiswrongwithyou@lemmy.ml 3 points 12 hours ago (1 children)

No company is in a position to resist lawful orders from government (not good orders, lawful).

It’s why every company that sells security makes a big show about planning to leave some western country when they say they’re gonna do mass surveillance. It’s all they can do.

Email is not secure and cannot be made secure.

Do not ever send anything through email that you rely on being private.

[–] 45o3b@lemmy.ml 3 points 11 hours ago (1 children)

I'm certainly not suggesting that email providers should resist lawful orders, but if Proton complies with 89% of requests while Tuta complies with 25%, it suggests a difference in methodology, no?

It could, of course, be the case that the Swiss are just much more skilled at sending lawful requests relative to the Germans, but that seems unlikely.

[–] whatiswrongwithyou@lemmy.ml 1 points 9 hours ago

So you have two different countries, two different sets of laws, and two different services with wildly different offerings.

You can’t really compare a drilled down percentage of compliance and reach the conclusion that there’s a difference in methodology under those conditions.

Just the much broader spectrum of services that proton offers makes it more likely that they will be in a position where they are required to comply with a larger portion of requests than tuta.

This is not intended to be a defense of proton, just a recognition that metrics are hard to take seriously in a comparison.

[–] eldavi@lemmy.ml 5 points 14 hours ago

the worse part is that; by the time security professionals' tribal knowledge is known to the general public; it's already outdated enough to keep you ensnared.

they say that you have to become your own lawyer to protect yourself and you have to become your own dentist/doctor to heal yourself; now you have to be your own secops to guard your information.