Security

A Test of The HorcruxNet

by

When explaining my Resilio personal cloud setup to someone at work they replied that i have my own personal Horcrux minus the killing.  I liked the idea so I think i am naming my Resilio backup setup HorcruxNet.

The network is having its biggest test this week in its 3 or so years of existance.  I am moving.  Movers are packing up our stuff tomorrow.  That means i am putting my electronics into “Cleaning Lady Safe Mode”.  it is what i used to have to do when our cleaning lady showed up.  I would unplug everything so she didn’t mess stuff up.  She did a few times.

I have expanded my network to have replica or partial replica copies on my laptop.  I also have 3 working remote sites thanks to friends and family hosting some nodes.  While we move and my two primary full nodes (my Synology) and mac mini) will be offline for about 4-5 weeks.  During that time my remote hosts will hopefully keep humming along.  With my home network offline i doubt there will be much changes however since my laptop has a partial replica if i do make changes it will propagate out.

I love a nice well configured computer system if I do say so myself.

Update on Encrypting Email, It’s Not Just For Criminals

by

In late April I wrote about my secure email plans as well as my waffling in a final decision for how I want to set up my system. Since then I’ve been lucky enough to be invited into the beta for ProtonMail‘s IMAP Bridge. One of the challenges I had in April was neither secured provider ProtonMail or Tutanota had a way for me to export mail once it was in their system. That was a huge drawback for me. I knew about the protonmail beta however at the time of writing that post I was not invited into it.

I’ve since started taking part in the beta and I’m very pleased with the outcome so far. I’m able to use the Apple mail app on my MacBook to connect to the service. Since the bridge can ask via standard IMAP I’m then able to use Devonthink to import my mail into a database for archiving. I was able to do that with my regular accounts before however this is new for protonmail since in the past I was only able to access it via the web.

The beta changes my opinion of the service now that my mail is not locked into it. I had high hopes for the beta when I heard about it and my experience to date confirmed my expectations.

The next big challenge I had was what email address to use. With the male archiving problem solve force myself to make a decision. I’ve opted to go with a new domain name. I will route my personal address from the old domain name to the new one. In my signature I will offer both addresses as reply to options. That is because the from address can only be new mail domain that I’ve set up. Proton mail does not allow me to create a fake alias phone address not hosted on their system. Perspective restriction however it was a minor inconvenience for me.

With all these changes set up I have been using proton mail for a few weeks now. I’m still sending a copy of my personal mail to my old mail server. In about a month if everything goes according to plan I will remove the redirect back to my hosting service provider’s email system and solely use proton mail for my personal email.

After that my next decision is do I move my nonpersonal email to proton mail as well. Not having the alias option is more of a challenge with that type of mail. That is because I have unique email dresses for many sites I use. If I need to email someone many times has to originate from the address where the account is registered to. For now I will stick to personal mail only and assess the situation in the future.

Overall very pleased my new set up. It’s not perfect however nothing usually is. It turned out to be very functional and the trade-offs are now well worth it.

Encrypting Email, It’s Not Just For Criminals

by

In March I blogged about my “almost disposable email“. I still have improvements to make  when dealing with external sites and services.  Overall that model works pretty well.

When thinking about my personal email, my dilemma changes a bit. Unlike most people who use the Internet send and receive email for personal use I have changed my address multiple times over the years. Friends and family of mine have commented about the fact that I change probably too often. In reality it’s only once every 3 or 4  years. That apparently is to much for most people. Of course some the people commenting may still be using AOL addresses from the 90s.

In 2014 I blogged about My sudden allergic reaction to all things Google.  In that post I wrote about migrating from Google hosted mail to a hosting provider in Switzerland. The Swiss-based provider I selected offers much greater privacy protection vs a US-based company. For what I was looking for the price difference was nominal. By moving to a Swiss-based provider wasn’t a magic bullet. All my data on my website and email stored on their servers is still not encrypted at rest.  In other words I am still exposed just less likely to get snooped on by a government.  Even that statement has caveat. Let’s say I am better off than before.  I still have much to do.

With my mail being hosted in Switzerland I have relatively good level of privacy protection. That means if someone wants to get a hold of my mail they would need some sort of court order.  The fact that there is a request should be disclosed to me. That is unlike US hosting providers that would not need to inform me if they were asked to spy on me. To go a step further and make it impossible for anyone to get my email on the mail server I would need to   encrypted my email at rest with the hosting provider having no knowledge of the encryption keys. The reality is this is important however not my threat model. I’m more concerned about personal details being intercepted via an unsecured network.

To address both of these problems I have been investigating two different secure email providers. Protonmail & Tutanota. Both in theory provide the same service. They allow you to encrypt email and send it. They also encrypt email at rest on their systems and have no knowledge of how to decrypt. Email sent between two people on let’s say proton mail has the email encrypted completely. If however I am on protonmail and I send an email to someone not using that system messages secure however there is a caveat. What really happens is an email is sent to the recipient telling them that there is a secured message waiting for them and it provides a link to that message. I can send along a password hint if I want as well. The recipient can then click on the link and read and respond to the email. It secure however not super user-friendly to what most people are use to. I experienced similar systems when I briefly worked at a health benefits organization that had to comply with HIPPA rules in the US.

My threat model concerns sending and receiving of secured information via email.  I do realize that the use case is not required for most emails i send. In most cases what I’m sending can go “in the clear”. Having the ability to encrypt as needed is the big value to me.

Having stored mail encrypted at rest with the provider having no knowledge of the decrypt keys also makes me feel more comfortable when I am not hosting the data. ProtonMail & Tutanota both offer this fundamental security feature.  The challenge with both providers that neither currently have a way to import or export email. I am a person who has most if not all of my mail going back to 1996. For years I was proud to have that stash of mail.  I also have gone back to really old messages for information.  In today’s world however having that much personal data sitting on a typical mail server is too big of a potential risk and a major liability.  

I no longer keep that archive of mail on a live mail server.  Instead it is encrypted on a personal computer in a database.  At least I still have it. To use ProtonMail or Tutanota would mean I would no longer have correspondence that goes into the system. That limitation is given me a little bit of pause. Since I started playing around with the system late last year proton mail has announced they will be launching a secured IMAP option. I am assuming that will enable me to offload mail from their system. That would make their solution much more viable for me.

As I continue to play around with both systems I have been favoring ProtonMail over Tutanota. I’ve not yet jumped into using one for my personal mail however I am leaning towards protonmail. One of the hesitations I have is that protonmail is not cheap.  It costs about half of a full hosting package I have per year. Tutanota is as cheap as one dollar a month per user. Protonmail is around five dollars per month for what I initially need it for. Protonmail also does not allow me to move my entire family using a specific email domain onto an account unless I use a much more expensive account than the five dollars per month plan. Tutanota will let me set up multiple family mailboxes for one dollar per mailbox per month. That makes Tutanota an option if I wanted to continue using the same email domain I currently use for my personal email.

The solution to this issue is for me to switch domain names i use.  I have a few other ones I own i can start to use however that brings me back to how I started off this post.  I don’t want to change my address, however it is a price i am willing to pay if other factors are positive.

I could make my life easy and just use Tutanota and move my family over to it also. The challenge is I like protonmail much better. The UI is nicer on both the web and iOS app. The iOS app loads faster. It has a few more nifty features versus Tutanota such as tagging. Overall I just get a better feeling about it.

Knowing myself what I likely will end up doing is change my personal email so I can use a different domain name that I have that isn’t being used for anything else and point that the proton mail. I would then leave my existing mail domain where it is and allow my other family members to continue using it.

For now I’m still waffling a bit on what to do. If your friend or family member of mine and you are reading this, you know why in a few months you might get a notice that I changed my mail address yet again.  Of course if you read this far kudos to you.

Yes Your Internet Provider Can and Might Be Spying on You

by

In late March Congress repealed regulation that the FCC set up that prevented Internet service providers from collecting and selling information about their customers without their consent. Rightfully many people are pretty upset over this. Security blogger Brian Krebs points out that this repeal changes nothing day today. That is because as of right now the rules that were repealed never actually took effect yet. I would go a step further and say if someone is only now concerned about this issue they likely won’t take the right steps to protect themselves anyway. 

I applaud people’s concerns. They should be concerned. That being said several people have recently asked me questions about VPN setups. That might solve issues regarding your ISP collecting data about you however it does not prevent all the other companies that are collecting data about you.

When I talk about this topic with anyone I always recommend that they watch the documentary Terms and Conditions May Apply. I’m not sure how many of my friends had actually seen the documentary. It’s a disturbingly fascinating view of how your information is being collected. Thanks to my friend Andrew who pointed his documentary out to me last year.

I just finished reading The Art of Invisibility by Kevin Mitnick. I previously wrote his book the art of deception and liked it a lot. In the art of invisibility Kevin goes over the details of what you would need to do to become invisible online. In the end there’s no way I’m going to take all the steps necessary to do that. It was disturbing just to read the extent of what you would have to do in order to become truly invisible. For me I outlined in a previous post some of the steps I do to minimize my exposure.

When people ask me about what VPN provider to get or some other way to secure themselves online the question I usually ask is what is their threat model? What’s the problem they’re trying to solve specifically? I have  a few threat models depending on the situation for my online behaviors. I know that I am light years ahead of what most people do however I’m also aware there are several key improvements I need to make in how I use the Internet.

I use a VPN however I don’t use it as often as I would like to. When out of my apartment I try to use it all the time unless I’m at work on my work equipment. At home I have set up my router to tunnel everything through the VPN. The challenge is I don’t use it. I have a consumer router running an open source firmware. It suffers from the same problem all other consumer routers do, it has a relatively lightweight CPU. When I run a VPN client from a computer of mine I may get near line speed of what I would get without the VPN. When I run the VPN the my router I was getting 4-8 times slower connection. This is all due to CPU constraints on the router. 

To solve this problem I need to either by a commercial grade router or build my own using a computer. I’m going opt to use a low-end Zotak fanless  computer and build my own router. One of the guys at work pfsense. It looks pretty good and I’m going to give it a try. Now I need to just find the time to work on it.

My recommendation to my friends is yes get a VPN. Preferably one incorporated outside of the US.  I personally have been using NordVPN for over a year and have been pretty happy with it. I have recently been trying out AirVPN.. They have less options for entry points in the US however they offer some unique features with their VPN client. I also like  the history of the organization and why they became a VPN provider.

I also recommend if you’re serious about your privacy to read one of the books I suggested or just watch the movie. Most people understand that stuff they’re doing online is being tracked however I don’t feel like most of my friends or the general public truly understands the extent at which you are being tracked.

Almost Disposable Email

by

In a previous post I discussed my overall approach to personal information stored on websites. That post spent a lot of time discussing personal details such as my name address and credit card information. First and foremost any website you deal with nowadays requires an email address.

In the past I had generic email addresses for specific topics. I had traveling at, shopping at, web services at, etc. I have been doing that for almost 18 years now. The value that gave me was if I received a message from for example my domain registrar to an email address I use for traveling I would know it’s a fake address. You’d be surprised how often that would happen.

For two or three years I have been creating disposable email addresses that I rotate every quarter. Those were for websites that required an email address but I never really plan on using it again. The challenge there was if I used one of these disposable addresses and then change my mind and wanted to keep using the site I would have to go and make a change to my settings update the address on file. This method worked most of the time.

For years I had the challenge where one website would sell my details and then I would get spanned so my entire shopping email address would be tainted by one vendor. That scenario was a nuisance however I never really addressed it. Recently when I started doing a threat model regarding my entire online presence I decided that I needed to change my approach in regards to email addresses. Instead of having generic grouped addresses and some disposable group that addresses I needed to have more unique dresses per site. That meant new websites needed a unique address that I continue to use or delete as needed. Sites that I already had I needed to go back and create dedicated email addresses for.

With the mail system I’m using the process was very manual. I did go into the admin tool and create each alias I wanted. Then I had to go to each website and update the address on file and document the change in my password management application. The solution is pretty comprehensive for my needs however going back and applying it to all of the sites I currently use is taking time. It is not something I’m doing in mass. Anytime I go to a site and it’s using an old address I’m making the change. This approach is slow however I don’t want to  block off large amounts of time to complete this all at once.

The Ever Increasing Complexity of Securing My Personal Information Online

by

Do you know how many online accounts you’ve created? How many of those have personal information that could be exploited or sold? According to lastpass I have approximately 350 Online account profiles created. The exact number of those that have personal identifying information such as my name, address, email, or even credit card I’m not sure. I am guessing out of all those maybe 1/3 to 1/2 of those sites require a physical address and maybe a credit card or some sort of payment information. In this day and age when Yahoo has at least two or more compromises to their security I personally cannot trust random institutions on the Internet to keep my information safe.

I’ve had this conversation with many people and depending on the audience i am considered a tinfoil hat crazy or just a determined realist. Either way the state of the Internet today where many sites require registration is such that I am concerned about the level of personal information I’m trusting with people that frankly don’t deserve or have not earned that trust.

There is no one simple fix to this challenge. I have taken a multileveled approach to addressing the situation depending on my use of a particular website.

For websites requiring a name and email address I simply provide an alternative name as well as either a unique email address I can destroy as needed for generic email address that I periodically destroy. If I create a unique address I can simply destroy the address when I no longer need that website. The process of creating an address does take a few minutes however so for one off sites that I need to register with and don’t intend to use again addresses that I delete every few months. That helps me reduce any spam.

The above solution only works for websites that do not require payments of any kind. Things get complicated when you start dealing with websites requiring some sort of payment method. To limit exposure I’ve used a few different options depending on the situation.

The simplest solution is when I have a service provider for a website that provides digital goods and they accept Bitcoin. In this scenario I would need to provide any personal information or any reasonable payment information. The challenge here is the number of websites that offer Bitcoin payment options are limited. One example of this use case would be my VPN provider.

The next area would be a website that does not offer bitcoin however I still need to pay for services that do not require shipping anything to me. In this case I would look to use PayPal when possible since none of my personal information are stored with the website only on PayPal systems. If that’s not possible I will use a real credit card. For recurrent purchases as of now I’m currently stuck and need to continue to provide my real information and a credit card. For nonrecurring services I will use blur. Blur is a service that allows me to buy prepaid credit card. What is unique about this service is that it allows me to use their address and any name you want on the virtual card. It’s also completely virtual so you can use it as a one-off disposable credit card number. I’m trying to go back to websites where they require credit for details however I don’t shop with them at all anymore or often. I replace any valid credit cards with one of the disposable ones from Blur. It requires a lot of effort however update the site or two here and there when I think I have a few minutes to spare.

One of the challenges with blur is that in some cases I have had issues validating the credit card. It’s hit or miss so I’d like it to be more reliable however it’s still a good choice to use I no longer want my personal detail shared however the account on the site cannot be canceled. At that point filling in details not specific to my personal information is useful.

The most complicated scenario is when I need a real physical address to have something shipped to me. In those scenarios Apple pay, or PayPal is preferred. That way my details are not stored on a any websites systems. In recent months I’ve been surprised how many services do you offer PayPal however the majority of times it feels like I do need to provide my credit card information. In cases where I do have to give my real credit card details I will try to not create an account on the site. Many websites force you to do that however. In those cases I try to remember afterwards to go back and provide non-identifiable information in my profile. That way if the site is hacked all the have is my purchasing history and identifiable information that cannot be tied to me. I’m not as consistent in doing that as I would like to be however the past year and more diligent about cleaning who has personal identifiable information.

Within that last group of sites there are some that I frequently reuse. Under those circumstances I don’t have a choice at this time other than to maintain my personal information including credit card details with that website. In the case of someone like an Amazon I use two factor authentication however does not prevent them from being hacked in their database stolen. At present maintaining information on these sites is a risk I have to take if I want to use the Internet. All of what I described previously enables me to minimize the number of sites I have to trust with this information.

Even with all of these actions I’m not where I want to be with regards to personal information exposure online. I’m probably better off than 99% of the population however I know what specific actions I need to do to secure myself further. Now it’s just a matter of finding the time to go through the list of sites I’ve recorded that I’m registered with and make necessary updates. At the time of writing this I’m about 60 to 70% done. The challenges it only takes one site like the Yahoo breach to have bad things happen.

The Story of Why I Make Short Blog Posts and Link Them to My Social Media Accounts

by

In the summer of 2013 I made the decision to delete my Facebook profile. I wrote about it at the time here: I wanted to delete a large amount of content I had created and there was no way to do it without individually deleting things. I did not want to take the time or effort to do that so the only alternative I had was the so-called nuclear option of completely deleting my account. At the time I even thought I might not come back. I still think about getting rid of my account again however it is a good place to share photos and what’s going on with friends and family I don’t get to normally see. Communicating in other ways might be problematic so for now I keep my Facebook account.

The reason I wanted to delete all the content from the account in the first place was because when I initially signed up for my account somewhere in 2007 or 2008 my expectations of privacy were vastly different than what you are today. There wasn’t anything incriminating, illegal, or anything like that posted however with Facebook continuing to inch people to share more I was uneasy with a large amount of information that I hadn’t vetted since I published it was solely in their system. I didn’t like that so I removed it all. In the fall of 2014 I did the same thing with Google.

Those actions do not mean that I don’t publish personal things on the Internet. On the contrary anything I post nowadays I do so knowing full well that is public on the Internet. The only exception would be photos on Facebook that I post however I do it in such a way that I delete them after three months.

Some people including my wife have pointed out in may have made fun of the fact that I link very short status posts from my blog to Facebook. I do that for a specific reason. Normally I do not make status posts at all however there are times when the situation warrants it. My opinion might not have any bearing on anything however I would rather have something posted on my blog and crossposted to Facebook and/or Twitter then have it exclusively within the control of Facebook and their systems.

Now that I’ve started blogging more I post my writings to twitter and Facebook because that’s where the people I know go to browse. By sending the link instead of writing directly within Facebook their system only has the URL and may be a snippet from my blog. They don’t have all of the content. Like I said I don’t know if doing this has any bearing on anything however it’s my little way of controlling information I generate. I can control who spiders my blog and I can get analytics on who’s going to my blog whereas I have no idea what Facebook is doing with my data. Worse yet I have a bad idea about what they’re doing with it and it doesn’t have my best interests at heart. They’re not evil however there trying to make money for my information or information about me. That compels me to limit what information I provide to them. If you’ve actually read this far into the post and you feel that I might be getting my tinfoil hat out again I recommend you watch the 2013 documentary terms and conditions may apply. If you do you understand how disturbing and prevalent mining data about you really is.

So there you have it. You might think it’s silly however I feel I have very good reasons why most comments, status, updates I make on Twitter and Facebook are generated from my blog no matter how short it may be.

Inbound Network Lockdown With an SSH Proxy

by

Ever since I started working on building my backup network using raspberry pi’s and BitTorrent Sync I’ve started a list of other home projects I want to do with technology. One of the things that’s been in my head however not high on the list actually do was create a VPN endpoint with my home router so I could VPN in while remote. I tried to play around with open VPN and ran into some pickups. Didn’t have all the time I really needed to sit down and figure it out so I gave up on the project. Even while I was trying to set up an inbound VPN friends of mine at work were saying it was probably overkill anyway.

At least one if not more people recommended that I set up a SSH proxy on one machine and use that to connect to all the other resources. I like the idea but never gave it much focus until recently. I have a Zotac ZBox C Series Mini Computer that I have been running Ubuntu Linux on for a while. I’ve been baking it in as a next-generation BitTorrent Sync machine for my network. I hadn’t deployed it yet and figured I would try using that as my SSH proxy.

The proxy itself was trivial to initiate to the box. Deciding how I would configure my computer was not difficult however it took some thought so I could be connected to the proxy in one web browser and not affect all other Internet traffic. I opted to try FoxyProxy in Firefox. I do not normally use Firefox on a day-to-day basis so being able to dedicate that browser for direct proxy connections to my home network seemed reasonable.

The setup worked with less than 30 minutes of configuration. Once I was able to prove to myself that I can do this and maintain I needed to figure out what my permanent solution would look like. The Zotac likely won’t stay at my house and I’m using it for other things. If ongoing have a proxy I use often I want isolated and basically have it do one thing only. I opted to set up one raspberry pi as a dedicated SSH box. At the moment I have enough spare pi’s to dedicate one. I initially had concerns about the 100 Mb limit on the network card however I doubt I’ll be doing anything of high traffic that I should worry.

My set up for now is simple enough. I have a plain-vanilla Rasbian install on a Raspberry Pi 2 with a 16 gig SD card. I have the pi plugged into an ethernet jack on my router. Besides SSH I installed Fail2ban to protect myself from potential attacks on the Internet. I also used a password of significant complexity for the login details. I have a dynamic DNS entry set up so it’s easy to connect from anywhere.

This setup works well on my laptop however I am not sure if I could get it working using my iPad. That’s one trade-off with this configuration however most if not all of the services that I previously exposed to the Internet should be fine with this limitation. If anything I can use remote desktop software from an iPad to connect to a local machine and then bring up those services.

The next thing I want to do involve making it easier to access my home network while on my laptop remotely. That mainly involves configuring Royal TSX sessions to use my proxy details. I also would need to set up the proxy connection within royalty TSX. I also need to finish creating localhost entries for my home network services as well as bookmarks within Firefox to make accessing everything easier. As much as I want to do that all up front it’s a little bit of effort that I will probably just take care of as I need it.

An additional enhancement I would like to make is to go beyond having Fail2ban and a strong password to enabling to factor authentication. That will require A bit more skill for me to learn and at least one hardware USP token. For now I consider that a reach goal.

I still want to find some time to play with inbound VPN configuration. Even if it’s just to show myself I can do it. For now however the SSH proxy more than meets my needs and is working today. There are other projects on my “Technical Maker Board” that I set up that I’d like to get to next.

Securing Email Isn’t Only For Spies, Dissidents, & Journalists, Right?

by

Over the past year and a half I have been taking lots of steps to secure my digital life. I’ve written a lot about the different aspects of that. My migration from Google mail and other services to more secured options.

One thing I’ve known has been a concern that I’ve not yet addressed the quantity of data online. For example even though I moved my mail to a Swiss based provider I still had my entire email archive available. I have mail going back as far as 1997 I believe. I have been wanting to take that archive off-line and out my email provider’s servers. Over the years I’ve had the packrat mentality where I want to keep all of my messages. Recently I’ve grown to not want many of the messages I received. I’ve been deleting stuff that are unnecessary however there are still things that I get a do want to keep. In general I would like to keep the archive, especially my personal correspondence.

The challenge that I have is that I’m growing less trustworthy of any service provider. Even though my email hosting company is in Switzerland they take no extraordinary security precaution so the system is just as susceptible to hacking as most. That means my mail at rest is in the clear, unencrypted. But I want to do is take my mail and store it off-line so I have more control over it. I currently plan on keeping it in a local archive on my Mac at home. I will also have it backed up on my bit torrent sync network.

The first step in this process was for me to copy all of my mail to a local application. For my purposes I found the built-in Mac mail application to work the best. Once I had a downloaded copy of all the mail I was able to export it to an mBox formatted archive. At the same time I took the opportunity to recategorized how I organized my mail. In the past when I was using Google I had been using tags extensively. When I exported out of Google I went back to a folder structure where each high-level tag was its own folder where I put received mail. When I exported the mail to a local folder I put all sent mail in one folder and all received mail and another. Using mail tags I was able to continue to tag and make smart queries of the male if I ever needed to get a hold of the categories that I used in the past.

Once I had the off-line mBox files I put them in an archive on my BitTorrent Sync network. I kept the live copy in my Mac mail on my computer in case I need to search for and email in the archive. Over the past few weeks after I’ve done this I’m surprised how often I do go back and reference old emails for things like key codes or when did I buy something. After I was satisfied that the mail was backed up I deleted it from my hosting provider.I did leave this calendar year’s mail on my hosting provider. I figured that was a good round number to keep online. I can annually do an archive. Having to be at home or to remote into my home computer to perform mail queries has become a slight inconvenience however it hasn’t been the end of the world.

In addition to moving my entire mail archive off-line I want go further and start using a secured email provider like proton mail that takes extraordinary steps to encrypt the data at rest.I do not need that level of security for all my mail however does come in handy for some of it. There’s been several messages I’ve been hesitant to send or had no choice but to send that contain sensitive information such as bank information or Social Security numbers in the past that I would prefer not to use via email. And of course that’s not my paranoia security experts say never do that. Having a secured provider that encrypts the mail at rest and also has mechanism for sending secured mail to others could be useful. Really what he secure mail is doing is it sending email to the recipient with a link back to the website that secured that contains the actual message. I need to provide a password hint in the body of the mail I send. It’s not perfect however in most cases it will solve the problem of sending outbound secured man.

One of the challenges in a system such as proton mail is that at present there is no mechanism to import or export mail. That means anything I receive is locked into that system. On day one that’s not a problem however I like to have data portability. Protonmail says they are working on that function however who knows when or if it will ever come to pass. I may still use them for some correspondence only and in essence had two private email addresses one for security and one for unsecured messages. That way I can route one I want secured to the encrypted system.

I’ve also been looking at Tutanota as an alternative to proton mail. It appears to have the same import and export limitations however otherwise seems like a very similar and comparable option. Both systems offer a free tier.I signed up for both services to play around with them. I’ve since signed up for a month-to-month service with both of them and them in the process of pointing in unused email domain to Mutant, while I’ve already completed setting up proton mail. Protonmail so far seems like a slightly better option in terms of usability however it is significantly more money per month than Tutanota. The only reason I signed up for the paid version of Tutanota after I signed up for Protonmail was because it was less than two dollars a month.I hope to give both services try for a month or two before settling on one or the other.

For now the combination of moving my mail off-line and having a encrypted provider as needed suits my needs. These changes are all still pretty new so I will see how things pan out over the next month or two before I decide to make any tweaks or to let the situation be as is for the time being.