smb

i'ld like this summary the most:

Musk now says it's 'pointless' to build a Tesla

😁

Your experiences are anecdotal.

by pulishing them they become measurable, which also removes the "anecdotal" flag with numbers, also maybe ask archaeologists how much of an evidence a complain written in papyrus actually is a "while" after it was written.

also the studies that found out "why" public services don't serve in the first place have become quite old* meanwhile, which is the very opposite of anecdotal, but nothing was done so far to change the known state of not serving services for decades, so why should they have changed without changing actions affecting them?

*) i read parts of them >20 years ago and the studies observations and conclusions i read fitted 100% of what i personally experienced/witnessed from within a family "working" in such services.

but maybe only for emails from outside, not for emails from within protonmail? haven't read any specs of protonmail yet...

well for e2ee you obviously have to let one e encrypt the data for the other e. (good luck with newsletters then) for usual services kindly asking them to support either s/mime or gpg for outgoing emails, that would at least make them know the wish, but good luck there too.

i think the already mentioned solution with encrypting incoming messages on your side just before mda to your inbox should be the closest possible to what op wants. one would need to check if the message is already encrypted and skip encryption for those.

if you only want the admin of that email (imap) server to not be able to read all emails, maybe placing a separate encrypting server (smtp+encrypt+forward) inbetween outside world and your email imap server could be a solution.

one should have a look into the logfiles too as some mailers might log message subjects and of course sender/recipients along with ip adresses of incoming/outgoing servers which the op might not want to be readable as well (i dont know protonmail that much)

also gpg IMHO allows for sign-then-encrypt hiding the signature within the encrypted data which could be wanted. also one might want to look exactly what parts of the messages contents and its headers are encrypted or plaintext on the server before feeling safe from the threat one wants to be protected from.

but then the admin can still read the mail while it arrives ;-)

you're welcome.

what i'ld suggest... a general rule that i like to always follow is to use a test system for everything new. but that does not need to be a full separate system every time.

lets say you have your mailbox and want to try getting new mails from it using fetchmail. first you can use uidl mechanisms to only fefch every mail once and besides that leave them all on the server, but i like it a bit more secure: create a second email adress/account at your mail providers service only for testing. thus you can do whatever you like to to test the mechanisms only without even touching your real inbox (maybe even fill it up with large emails and look how the system reacts, i once had an email account with a cheap provider that deadlocked the inboxes when full..). then when everything is as you want it, switch the account and password (or create another config file for fetchmail) and your're done. every change (not only fetchmail things) could go tested this way before going live with the changes. filtering could be done with procmail for example, but when the mda that is called by procmail somehow exits with success when the email really isn't delivered, then the email might get lost forever depending on the settings of course. so fiddling with new stuff always carries the risk of not fiddling correctly ;-)

have fun !

Its possible to tell your mta (like postfix) to use another mta for all mails, or only some domains etc, so using a third party to play the internet facing service then getting the mails by fetchmail, storing them in a dovecot server is easy. on the sending part you could use your standard email client (i.e. thunderbird on pc or k9-mail on smartphone) to send it to your postfix instance that also sits on the server hosting your dovecot service. the mta there takes the mail and delivers it by rules which could just be using the mta of your freemailer using username/password of your account for all outgoing emails. i am doing this but the "external" mail system are my servers as well, i just don't want emails to stay too long on VMs in the datacenter where i have no access to the physical disks in case something goes wrong.

a raspberry pi is sufficient for such a aetup (i am using a pi4 currently but for emails only i'ld say a 3 or older would do too), adding a disk via usb makes storage huge and cheap then, i use two usb ssd's in a raid1 for storage.. that server could be only accessible through vpn if you whish, depending on your skills and needs (i mainly use ssl client certificates that are supported by k9mail and thunderbird so it fits seamless to be connected through a haproxy that authenticates these before proxying the plain connection to the pi) clients like thunderbird can offline-store all emails (configure download-or-not per imap folder) making searches easy and quick while my k9 client can search locally or on the server if needed.

maybe adjust maximum mail size of your own mta to exactly match (or slightly less) that of the freemailer you use to prevent surprises of big but later then unsent emails.

its possible to have a nextcloud instance on that same pi that acts as an email web mailer just in case of (i really dont need it, but i've set this up anyway). nextcloud is also great for syncing/backup files pictures, contacts notes todo lists and calendar of your phone (where i use davx5 opentasks and foldersync for). there are other webmailers available but installing /using nextcloud is not a too bad idea either ;-)

i suggest also setting up some automatic offsite backup with snapshots of that pi then to cover emails and the setup and its configs ;-)

last christmas 😁

the OS was not the comparison, but the hardware it runs on (just as @Freefall said) but also you seem to be wrong with your other assumption:

And both those devices are tied to a specific OS.

Which seems not to be the case as install instructions for another OS can be found here (i didn't try it though) for the mentioned device:

https://wiki.lineageos.org/devices/pdx215/

lineage os still is an "android", but another vendor with clearly different approach than the original firmware and what hinders you from writing bsd drivers and compiling a bsd kernel for it instead? So i count the Xperia 1 III as NOT bound to any OS or OS vendor.

But despite the way longer possible support/security, freedom of choice and endless other possibilities that often come along with free OS choice, this pure and great advantages weren't even mentioned there, thus it wasnt an OS comparison as it also wasn't a bound-to-an-OS vs. absentness of vendor-lock-in-limitation-jungle comparison.

sound of silence 🤪 my music player does not pop up, i have popups disabled 😁

maybe there was a mixup of individual datapoints and individual persons.

lets see if that could fit.

as far as i read things in this thread, the whole security is based on exactly these datapoints: Full Name, Date of Birth and SSN (three datapoints) plus username and password for 3 sites (six datapoints) makes 3+6= 9 datapoints per person.

2.9 billion (us) should be 2.900.000.000 (correct me if i'm wrong, but where i live one "billion" is actually "1.000.000.000.000" thus a "bit" more)

divided by 9 those 2.9billion would be ~ 320 million.

on wikipedia they say the us had 331 million people in 2020...

that would fit like an ass on a bucket! lol just to mention that.

have a nice day!