Thundermail, Tuta, and remembering Lavabit

How much does your choice of email provider matter? In some sense as an individual not much. However, together our choices do matter. So I reminisce about using Lavabit and the options today like Tuta and Thundermail.
Thundermail, Tuta, and remembering Lavabit
The Thundermail web client

Let's do a thought experiment: do you care if a state actor tries to access your mail provider? I think most people would respond "when would that happen?" Well, as the EFF reports the DHS has issued unlawful subpoenas to Google for emails of people engaged in First Amendment activity.

Similarly, Proton Mail's transparency report details all the court orders they followed. Proton thankfully encrypts all their emails and can't share them, but they do have to share metadata. Plus, after a case in 2021 they clarified that the Swiss court can force them to collect information on specific accounts.

On a more personal front, I posted this final message on my Facebook before I dumped my data and deleted my account:

Friday, August 9, 2013 at 10:06am EDT
Matthew Brunelle updated his status.
I'm reactivating my Facebook temporarily to say this: to all the people that believe the recent discussion of surveillance and privacy in the US isn't relevant to them or that they have nothing to hide, it does have a lasting impact on our freedom. My email provider Lavabit.com shutdown yesterday after it was rumored last week that it was the email provider Snowden was using. The owner Ladar Levison never stated the shutdown was due to Snowden, but he is in fact unable to talk about anything that happened as he has implied he is under an NSL (a court order preventing him from discussing the investigation). Recently the owner announced that after a decade of work he is shutting down the service rather than becoming "complicit in crimes against the American people". Levison warned "this experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States." After I grab all my photo from my facebook account I am deleting it permanently. If you're tagged in any of my photos and you wish to keep them, please download them now.

[1]

Lavabit was a small operation, but a darling of the privacy community. I remember emailing with Pete, the one other employee aside from Ladar, for support issues. When the FBI requested they turn over their SSL private keys Ladar decided to shut the service down and protect the users instead of comply. The closure of Lavabit disheartened me and I went back to gmail.

Then last year I decided to finally move off gmail around the time when Mozilla announced Thunderbird Pro. It wouldn't release for a year, so I signed up for Tuta as a stopgap. I now run both Tuta and Thunderbird on GrapheneOS as I port over my accounts to new catch-all emails. The process of moving accounts is long and slow. Thus, the gmail account remains active in Thunderbird.

After much waiting for my Thundermail invite it arrived last week. Just in time to try out the new FOSS web mail they launched, stormbox. So far, I've enjoyed the experience, but something feels missing.

Using Tuta for a year made me realize I miss Lavabit. If I want one email provider, I need to choose between staying on Tuta, which has strong end-to-end encryption, or switching to Thundermail, which has better ergonomics. For a decision like this take an honest at your threat model: who do you want protection from, and how much friction will you accept to get it?

So then, how do Tuta and Thundermail compare? You should think about them as two totally different offerings. Tuta has full end-to-end encryption including metadata and a convenience trade-off that comes with this. [2] You can only access the mail through their web mail, or their official clients. Contacts can sync with your phone, but not your calendar. They also have a transparency report and like Proton they can't hand over old encrypted messages, but a court real-time monitoring order can compel them to collect plaintext emails going forwards. [3]

In comparison, Thundermail builds on the awesome Stalwart project. However, it does not offer not zero-knowledge, nor end-to-end encryption. You should think of it as gmail that doesn't mine your personal information. Since Thundermail took the opposite side of the trade-off, it can build on open standards that bolster integration. [4]

Now, do I need protection from state actors? No, not at all. However, I would like my email to reside with a company whose philosophy doesn't allow that.

Certainly it's easier to not worry about privacy at all. People say "I have nothing to hide". My friend feels like they have lost all sense of privacy given the powerful tooling that exists. So why try with that asymmetry?

However, as they say:

Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say. A free press benefits more than just those who read the paper.

If you'd like to help others better understand problems with the nothing to hide argument, share the digestible piece The Eternal Value of Privacy. Additionally, Daniel J. Solove has written much about the topic, and this piece condenses his counterargument.

One final thought, when you send an email it goes to the recipient's provider. They probably do not use a private option which exposes your emails. Related, some people view using privacy-focused tools as an admission of guilt. See Catalan police assuming all Pixels are owned by drug dealers. These are both network effect problems, which means we can resolve them the same way: The more people that switch to privacy-focused options, the better privacy gets for everyone.

So where does this leave us? My advice: if you want to degoogle and need an alternative to gmail, Thundermail will be a great option when released. Just getting off a service like gmail is a huge step. Plus, if you set up a catch-all domain moving between email providers becomes much easier. Then, if you can accept more friction in order to have full E2E encryption, try out Tuta. You don't have to be perfect, just strive for incremental improvements. Doing nothing is the worst option for yourself and others.

For now I'm not really ready to give up the privacy of Tuta, nor do I want to lose the convenience of Thundermail. So for a bit I'm going to use both side by side since I actually have multiple custom domains. Even if that means short term pain juggling multiple accounts and email clients. Then I will reevaluate after another year.

Oh, and now that I'm finally in on Thundermail, I guess it's time to start waiting for a Thunderbolt invite


  1. Yes, back then I wrote single giant blobs of text. ↩︎

  2. Reminiscent of the things you lose when switching to GrapheneOS ↩︎

  3. They also have a strong stance on chat control. ↩︎

  4. Including the latest email protocol JMAP. ↩︎

Member discussion