On Lemmy when we view someone's profile we have a "Send Message" option. We are warned the message is not truly private. We may see a recommendation to "create an account on Element.io for secure messaging" or we might see a "Send Secure Message" button to send a message to a user through matrix.to for users who have configured this feature.
Looking closely, we might notice element.io and matrix.to connections are going through Cloudflare. For anyone expecting to have a private conversation, this link may explain why there could be cause for concern (search for "TLS flows" at that link). https://lemmy.world/post/26919564
Is https://tuta.com/ a perfect email service? No, it's not. Tuta employees do not have access to your messages on the server at rest, which is a very strong feature. Since the service is hosted in Germany, with sufficient legal justification, the German government could request an encrypted version of your mailbox and Tuta would have to comply. With enough time and resources, any encryption can be compromised. For most people for most use cases, such a situation is already sufficient.
I do not want to encourage people to use the service for illegal activites and so I will suggest if you want to do something illegal, do it elsewhere.
For the rest of us, I think Tuta has a lot to offer. Tuta trades in money, not data. You pay for a service with a generous amount of storage (20 GB), several email address aliases (which could be used for points cards or other data collection services), encrypted searching of your full mailbox, unlimited calendars, the ability to use your own domain name for email accounts, and more. Paying by Monero, Bitcoin, or cash are also privacy focused options through their partner, Proxystore.
Tuta also understands there are people who can accept a basic plan for private communication, and offers a fairly generous free tier, providing 1 GB of storage while still offering the same encryption benefits for stored messages and messages sent between Tuta users. Encrypted search may be limited to more recent messages with the free tier, and only 1 calendar is available. The free tier is generous enough for everyone to use Tuta for relatively private communication.
You could start with a free account and optionally switch to a paid account later, when needed.
First, visit the Download Tuta section. https://tuta.com/#download
Downloads exist for Android (strikingly it can be downloaded from F-Droid), iOS, Windows, Linux, and macOS.
To use an Android APK file downloaded from F-Droid, you may need to change your phone's settings to enable the "Install unknown apps" option.
Different models of Andoid phones have different paths to this option. 1 Open the Settings app on your phone. 2 Go to Apps or Apps & notifications or Security & fingerprint or Security. 3 Go to 3 periods at the top right and choose Special access or Special app access or Advanced and then Special app access or for older phones you might already be in the right place and can scroll down. 4 Select Install unknown apps and enable a file manager app (My Files) or Unknown sources and enable it or Install from Unknown Sources and enable it. 5 Confirm your choice to allow apps to be installed from unknown sources.
Once you install the app, you can sign up for an account.
It is possible to sign up using a web browser, but your email address and password are likely to be synchronized by your web browser, and the confidentiality aspect may disappear. Don't let your web browser save your email and password if you choose to sign up using your web browser.
A lazy person can rely on the downloaded mobile app or desktop application to save the password, provided you normally take good steps to protect your device from physical access.
After you create your account, you will be given 64 character recovery code to write on paper. It is highly recommended you record these 64 characters on paper and store the paper in a safe place. Maybe the same place where you would put a cryptocurrency passphrase or a secret map to pirate treasure. It would also be nice to write the password on paper and safely store it there.
It is not recommended to use a "notes app" or any other electronic method of storing your 64 character recovery code. The convenience of cloud sync means you may lose the confidentiality of your communication. For a similar reason, it is not recommended to print your 64 character recovery code. You may instead choose not to store a copy of the 64 character recovery code anywhere since you can look it up later within your account as long as you do not forget your password.
If you usually enjoy using the convenience of synchronizing passwords from one device to another, a different approach is offered for Tuta. Install a mobile app or desktop application on each device and save your password within the Tuta mobile app or Tuta desktop application. If you protect physical access to your device, you can enjoy this convenience without your password being synchronized through another cloud service.
If you are willing not to be lazy, choose a password you can remember and do not mind typing each time.
After you create your account and log in, useful icons will appear on the left side of the screen. On mobile devices, you may need to open a menu of 3 horizontal bars to access the icons. Select the lightbulb icon (News) and choose to deactivate (or activate) usage data. Close the popup.
In that same section of icons, choose the gear icon (Settings). On mobile devices, you may need to open a menu of 3 horizontal bars menu to switch between Settings subpages. Switch to the Email subpage.
On the Settings Email subpage, there are useful settings. You can change how emails are displayed. You can change the email signature to a custom one. You can set a default delivery value for emails to non-Tuta users (confidential means sharing a password with them, not confidential means unencrypted email, and your choice can be changed when writing an email). Under the Email addresses heading you can expand the list and press the 3 horizontal dots to set your name.
If you ever plan to email someone outside of Tuta, you'll want to set your name so your email isn't marked as spam. If you only want to use Tuta privately with friends and family, you do not need to set your name and emails will still be delivered safely to other Tuta users.
Most other Settings have reasonable defaults and can be viewed later.
To return to your inbox on a mobile device, press the Emails icon in the lower left. On desktop, click the Emails button in the upper right.
On your mobile device, you can create a New email by pressing the piece of paper and pencil icon in the upper right. On desktop, click the New email button at the upper left.
Tuta protects your IP address and does not send it in the email header of your email messages.
Tuta emails you, including tips, news, self-promotion of their paid plans, and partner ads offering a discount. Other than targeting free users with self-promotion of their paid plans, there are no targeted advertisements. Your mailbox is not used to profile you and your mailbox is not given to AI.
If you previously created a Tuta account and saved your password in your web browser, I suggest changing your password and do not save the updated password in your web browser. To change your password, choose the gear icon (Settings) on the left side of the screen. On mobile devices, you may need to open a menu of 3 horizontal bars to access the icons. The Login subpage is already selected and you can change your password. You can also choose to update your recovery code if you feel it may have been leaked.
I suggest using Lemmy's "Send Message" feature to share your Tuta account with other Lemmy users and then continue your private discussions more privately with Tuta.