The Privacy Community is MAD...here's why (+ my recommendations)
Вставка
- Опубліковано 9 чер 2024
- Skiff was a once-promising encrypted email provider that was recently purchased by Notion. Unfortunately, all the Skiff services are being shut down, leaving users scrambling to migrate their secure email. Here's why this matters and what we can learn from it.
▶ Migrate to Proton Mail: www.allthingssecured.com/yt/p...
*affiliate link
If you care about your personal security and privacy online, download my free security checklist here:
✅ Security Checklist: www.allthingssecured.com/secu...
🔹🔹🔹What You Should Watch Next🔹🔹🔹
I've got a lot of great privacy- and security-related content here on the All Things Secured UA-cam channel (although I admit I'm a bit biased). If you're wanting to increase your online cybersecurity, here's what's next:
✅ Watch the full Andy Yen (Proton CEO) interview: • FULL Interview with Pr...
✅ How to build privacy with internet pseudonyms: • How to Build Internet ...
✅ How to use email aliases: • STOP Giving Your Real ...
🔹🔹 Support All Things Secured (Recommendations) 🔹🔹
If you enjoy this kind of practical security and privacy content, one of the best ways you can help support this channel is by using these affiliate links to our favorite products and services. When purchasing through these links, you not only get the best available deal, the companies will also pay us a small commission. Thank you for your support!
✅ Recommended Password Manager: www.allthingssecured.com/yt/1...
✅ Recommended Identity Monitoring: www.allthingssecured.com/try/...
✅ Recommended 2FA Security Key: www.allthingssecured.com/yt/y...
✅ Recommended Secure Email: www.allthingssecured.com/try/...
✅ Recommended VPN: www.allthingssecured.com/try/...
In February 2024, Skiff announced that they had been acquired by Notion, a productivity app. It caused quite a stir, particularly among those in the privacy community, because all of the encrypted mail, calendar and drive apps were going to be shut down 6 months after the announcement. It's unfortunate, although not unexpected. Here's what we can learn from this whole ordeal.
@ProtonPrivacy #emailsecurity #skiff #cybersecuritytools - Наука та технологія
UPDATE: Skiff has decided to extend the grace period from "6 months" to "2025", giving you more time to migrate. Regardless, if you haven't decided on a good alternative, I recommend Proton Mail: www.allthingssecured.com/yt/protonmail
Hi Josh, would you do a tutorial explaining(from timestamp 4:23)? Thank you
@@dadexdadex9088 That's not a bad idea. I might try that later.
@@AllThingsSecured Hi Josh, thank you for taking your time answering our questions
I would recommend codamail. Solid private mail since 1997
I did not get anything from Skiff saying the grace period is extended. I also couldn't find anything in a web search. Can you reference a source? Thanks.
Renting your own domain makes switching services so easy!
I wouldn’t call it “renting” per se. you own the domain, you’re renting the email inbox.
@@AllThingsSecured
But you don't buy a domain, you have to pay an annual fee for it, otherwise someone else can take it. I see it as a kind of rent.
Beside the term - just get one for your email. 😁
@@AllThingsSecured got a suggestion for who to get the redirect from? I own a domain but have never done any email-fu with it
@@AllThingsSecured Yes, we say “I buy a domain.” But you know: you must pay every year again to keep the domain. It's more like a subscription as a purchase, right?
@@kcarmical Haven't tried it yet but cloudlfare as a "cloudflare email routing" service and its free, in my experience all of their services are pretty good, the company itself is great, though I don't know their privacy practices to be honest
Love your site. Straight forward down too earth level. Great job!
Thanks, Ashley!
Thanks ! Your points were very clear !!
All the advice you give on buying your own domain and making sure that a service has been time tested before deciding to trust is 100% correct, but Skiff made some mistakes too. The fact that they have been called out by other app developers in the privacy community, including people who don't compete with them, is telling. They could have handled this better.
100% agree. There are always ways to do things better and I’m not trying to let Skiff off the hook, I’m just pointing out that we don’t know the whole story.
@@AllThingsSecured Fair enough. Keep up the good work!
I am running my own postfix mail server and I implemented all security measures that I could find out about. There are SOOOOO many companies that try to mail me, but my server just refuses them. Some as simple as no SPF records for that server. It's amazing. I always try to notify them, usually no reaction of course. If a company really needs to contact you, they'll find another way.
Custom domain sounds good but I couldn't figure out the right scope of it. Should it be personal (e.g. first and last name related) ? Or only family related with last name (thus how to handle email address when kids grown up) ? Or something else ? I'll be interested to have your points of view on this
Custom domains can be anything you want that’s actually available. Go onto Namecheap or GoDaddy and just do some random searches. It doesn’t even need to be related to your name if you don’t want it to.
There is a lose on privacy by using a custom domain? will be nice to see a video about the pros and cons of it
Hmm, interesting. I don’t think of it much as a privacy issue because you can still use various aliases. It’s simply a matter of owning your email address so you can bring it wherever you want.
@@AllThingsSecured Domains require that _someone_ is able to reach you. You can mask your address from the general public, but you still have to be contactable. So without extra steps to proxy the contact info you hand your registrar, there is a certain amount of minimum risk, even if your registrar offers a privacy-protecting mode of some kind. Whether that's an issue depends on whether your threat model includes a Named Social Engineer (not rare).
I've moved email providers a couple of times, but had the same foresight of using my own domain. So changing providers was actually not that hard.
100% agree Proton Mail. 100% agree on custom domain. 100% agree never use your email providers email address. 100% agree on email aliasing. Having gone through the process, 100% agree that changing your email across all of your online accounts is a PITA! However, it's a worthwhile endeavor. Use an email aliasing solution so that every account has a unique email or username and a strong, unique password!
Great thoughts, Robert 👍🏻
If you want to use your custom domain for everything - mailing, aliases, etc., mind that your identity can be easily revealed... it is just enough to check who is the owner of your domain. I would still reccomend to use more anonymous aliases or email accounts.
@@pantarei. If you purchase a custom domain, be sure to use whois guard. It's a free add-on with NameCheap.
I loved skiff, I did move from gmail to skiff, now this. It's really disappointing
So sorry about that. I know that sucks.
I use a custom domain for my email, but I've observed that my emails intended for business communications often end up in the junk folder or, worse, are flagged as security risks. Because of this issue, I rarely receive replies to my emails. How do I fix this?
Thank you for making this :)
My pleasure. Thanks for the email (although I had already planned to do this when I received it 😉).
Good video. Thanks for bringing this to our attention.
My pleasure, Jim!
I liked the video. Much easier to bring this out when the news is hot vs 2 weeks from now
True.
Thank you Josh for this important wakeup and your informative channel. I have been concerned about this email as account ID problem for some time but didn't know how to deal with it. This video tells us what we need to do. Thank you.
My pleasure, Tony.
Another important tip would be using a password manager, because you will have an overview over the services and which email address you used to sign up.
That’s a good point. A password manager will save the hassle 👍
yes, and please dont use something like lastpass or nordpass. use keepassxc
@@demarcusds95 any password manager company can also quit. At the end you have to trust someone anyway... or use a piece of paper ;-)
Hey man, where do you suggest people to get their domain from? Thanks a lot
Namecheap, GoDaddy…any domain registrar will work.
Changing email is brutal.
No doubt. It can be a nightmare.
Having a Password-Manager helps. Just look where you have used the old one and change a few every day. Switched to Proton recently and Skiff was on the list of canditates for a new mail (away from Yahoo). Dodged that one.
Only in the US & Canada.
@@adam.maqavoy oh please stop it. It's brutal for anyone that has them on say a business card. Do the US and Canada do business only?
@@NeptuneSega
Not everyone is well versed in tech. Especially on emails and that happens to be a False Dilemma.
The problem with using your own email is that it costs a lot of money and it's not a one-time payment.
Many people rely on and use certain products because they're free. Yes, I know the issues with that, but it's a reality. Another reality is that many people simply can't afford to pay the amount required to do their own.
$15/year is a lot of money?
@@AllThingsSecured that's only for the domain.
it's minimum $5-$15/month usually for the pro email connection. CAD at least.
but fine, maybe "a lot" is wrong (generally) but for some people, yes, it would be a lot.
used to be for me.
@@DragoNate yep, he should've mentioned that in the video. There are some ways of doing it for free using cloudfare but that has its own set of problems.
@@acastezavala I didn't even know you could with cloudflare
@@acastezavala i didn't even know you could do that with cf
was about to move from iCloud a few weeks back, but enable to export email without a mac. And it saved me from banging my head against the wall.
Very lucky.
Try Proton instead ;)
Great vid Josh...I did not realize that having your own domain name was so affordable
👍🏻👍🏻
So I actually began migrating certain accounts to Skiff and then got busy with other things, so never finished, lucky me. I've taken the approach of email compartmentalisation, utilising different providers for different groups of my online accounts whilst it's a bit of a chore to implement, I think once it's done, it's worth it. Unless one of those providers does a Skiff lol. I'm never reliant on a single provider and certain accounts are protected from exposure.
Definitely would like to learn more about self hosting a domain email, it would be great to hear more.
Glad to hear you weren’t too affected.
@@AllThingsSecuredIt's thanks in part to your videos actually, that I was able to implement some sort of system at all. For a person who is tech literate, I was way too complacent and it was only after getting fed up with spam call, that I finally got myself in gear. Your content as well as others made it way less daunting a task.
So encouraging to hear. Thanks!
Could you please suggest.
Which is more privacy focused proton or tutanota.
It should be best in encryption,ip, loging,sharing with government etc.
Either is good. Seriously. I prefer Proton, but that’s merely preference.
i recommend tutanota because their support service is well trained and very difficult to engineer
Proton is more reliable, but Tuta is more private, cheaper and offers more in the same price tier.
Good idea on having your own @address -as soon as I'm employed again I'll make that a priority. Thanks for the vid!
I am more security than privacy concerned (there is probably some distinction between the two in this matter), and never heard about these two companies, to be honest.
That's fine. Skiff was attractive to more of the privacy crowd and Notion is more of a productivity app - nothing to do with security or privacy really.
HI, can you make a video showing how to use simple login? Thanks.
Dude, where were you earlier? Dangit, I could've used your advice a month ago with proton mail
Which e-mail/domain provider do you recommend, if I plan to own my own e-mail address?
If you're looking to only buy a domain and not use other provided services, then either Namecheap or Porkbun will do. This is not something that everyone cares about (I do), but if you go with Namecheap you can pay with BTC without ID confirmation and you'll never get asked to provide such information without something triggering a red flag.
Yea, there are plenty of domain registrars. Find a reputable one in your country.
Thank you. Should we also consider the possibility of that registrar also closing down?
@@DNOD1983 I like Porkbun for US registration. If they close down, you can just transfer your domain to someone else.
the worst is that was the few with custom FREE domians
all other are paid, so doesnt matter having a domain if need to pay monthly to use :/
AWS SES is one of few very cheap to use, but will need to build a client
Oracle doesnt even work well enough to accept card and start trial (free tier would be fine)
is there any alternative with Free custom domains and skiff like UI?
I think VC funding is a valid red flag to look out for in the privacy community. And this is from someone who never considered it as a red flag. But in light of Skiff's controversy, but also Patreon's troubles, I'm now more alert. Patreon is not a privacy service, but as far as I could tell, people have been more or less happy with it until recently. Patreon has been valued at billions of dollars, and financially, has been doing well for a while, but because they are VC funded in the hundreds of millions of dollars, they've had pressure to be more profitable than they already are. Hence, they changed some things for their users and they are not happy. If VC Funding can do that for a successful company that's not a privacy service, it shouldn't be surprising that they can cause more damage for a new privacy start-up like Skiff
That's unfortunate, but I get why you would say that.
noted it.❤
Notion's lack of proper encryption of people's notes should've been a warning sign. RUN!
You pay $10 a year for your own domain, but you also need to pay for provider like Proton or other to use it. So it is finally minimum $52-$70 a year.
Heyy I just pushed the likes to 1k! 🤭
Well I'm just moving my domain out of Skiff to Migadu, but still, many things have to be taken care of, like aliases and Documents. It really is an unexpected event, and a sad one at that
Agreed. Even with a custom domain, that doesn’t make the migration a fun event. So sorry.
Unfortunately, this situation is very likely with any centralized email service. A change in ownership may change the entire philosophy of the product or lead to the liquidation of the product. I am sure that mailboxes and their contents must be owned by users. This is only possible in truly decentralized services like Eppie.
That may be true in theory, but other than Skiff, how many other services can you point to in the last decade that have done this?
Proton is my go to and I love it!
👍🏻👍🏻
This is what Posteo has to say about privacy and using your own domain name. And I agree.
"We are an email provider with a particular, privacy-oriented model - and this is not compatible with incorporating own domains. One of our emphases is data economy: we do not collect any user information (names, addresses, etc) of our customers. We always answer requests from authorities for user information in the negative. On the other hand, own domains need to be registered to the name and address of a person. If you were able to use own domains with us, this would affect the entire concept of Posteo: we would need to start saving user information for all customers who use their own domains with us - and to provide these to the Federal Network Agency to be provided on request to the authorities.
Even if only the MX record pointed to us, we would still need to store the assignment of the domain in your Posteo account as user information. Thus we would possess your user information and be required to give it out. For this reason, we have decided not to offer this possibility and instead to use data economy. "
posteo is not very reliable. Some mails dissapear on their way to the mailbox.
People should have multiple emails one for logging into accounts, another one for regular emails, and 3. rd for courses
I was undecided between them and another company. I didn’t choose Skiff just because it was set in America and I really don’t like how privacy is handled there. Even if the company is privacy focused. Still, it’s a sad day.
Agreed
My email is based on my own domain. No company can take it away from me. If my web host goes bust, I can keep my email and website, just have to transfer it to a different host, or learn self-hosting. I refuse to have any part of my identity or business be owned by others, particularely other corporations
keep up ✅👍
Thanks!
Remember when you could send and receive email without going through a corporation?
When was that?
@@AllThingsSecured 😭
Fun fact: They aren't open source. Only the few libraries are open source and the backend is completely proprietary. Mail client is source-available, not open source due to restricting commercial use.
They not “completely” open source. Very few services are (even Proton isn’t).
@@AllThingsSecured That is true, but they have advertised that Skiff Mail is completely open source. Even though even the client isn't open source, but source-available.
Gotcha.
really helpful thoughts, thank you! The issue of email = identity has been troubling me for some time.
This is my first time hearing about this email service Skiff and Notion
Yea, Skiff was somewhat niche. Notion is a pretty big productivity app, though.
Solid strategy
👍🏻👍🏻
I like the idea of having my own email by renting a URL. Do you have any example of how to go about doing this?
It all starts with purchasing a domain through a domain registrar like Namecheap, GoDaddy or others. Then you just find “custom domain” in your email provider.
@@AllThingsSecureddo you have to also find a provider to host your custom url and also purchase the email provider?
@@elizabeth4053 1. buy a domain through a registrar
2. buy an email service that allows for custom domains like tutanota etc.
3. in the domain panel redirect your domain to the email service provider's address (read the faq or help section of the email provider site to find out to which address to redirect)
4. in the email provider's panel create your own email addresses for the domain
I almost switched to skiff. So glad i didn't because I would've been pissed to had to switch everytthing.
Also I just set my custom domain cuz it was cool I had domains and privacy but damn i made a really smart choice and never even noticed.
i moved everything to my own domains about 3 years ago and it was the best decision ive made
👍🏻👍🏻👏
As far as I know in Germany using your own domain means you have to register it with name and address. Is that different in the US?
Furthermore you have to know what you do about safety technologies like DNSSEC, DANE and SPF. That's all just too much isn't it...
In many countries you will need to register with your real name, but you should also be able to hide that from the public databases. And as far as DKIM, DMARC, SPF and other DNS settings, it’s worth doing but not absolutely necessary unless you send a ton of emails.
The only way to reliable privacy is moving away from online services as much as possible. Imho the only way privacy can reach the masses, at least the masses who care about it, is a company or companies that build open hardware and software combos, with UX similar to the average cloud service (convenience built-in) but that rely solely on hardware sales for funding.
Thanks for sharing your thoughts 👍🏻
What it feels like is NOTHING is secure. As an older American I’m frustrated because you are saying that even my own URL would be with Google or Proton servers. How safe is that??? I sooooo try to keep up with safety and it feels like an endless journey and there’s no going back to pencil, paper and the post office. Ugh. Thanks for what you do , just frustrating
Your URL will not be with proton, it will remain with the registrar. The registrar will only redirect queries to Proton as long as you want but anytime you want you can switch that off and Proton has no control over the URL.
I get that. As I said in the video, security and privacy is a process, not a setting. It can be frustrating but the thing you need to understand is that we all have to compromise in some areas and having Google host your email isn’t the worst thing in the world.
Skiff should commit to relaying their users e-mail to an address of their choosing for at least 5 years.
I think that the majority of people believe that owning your own domain is a super complicated thing that only tech people do.
Yea, I know. Part of what I’m trying to do is let people know that it’s not as hard or complicated as it seems.
Maybe domain is cheap but to host your own email costs much much more
That’s true, which is why I didn’t say you need to host your own email. You can use ProtonMail or many others.
@@AllThingsSecured exactly, you have to pay not only for domain but for any service of your choice where you want to host your email and that is not cheap. you mentioned only the cost of domain, which is cheap but not the email hosting, which will cost much more
I’m assuming somebody who was willing to pay for Skiff is also willing and able to pay for another email service.
@@AllThingsSecured don't assume :D
also, what about people were not previously using skiff? because I don't imagine your advice or push for this kind of thing is ONLY for skiff users but general advice brought about due to the situation with skiff.
All thiings 😃
👍🏻
idk why yt translates channel names, worst thing they can do.. yet again lol
was a paid skiff user, now I'm at proton again, I'm saving up for a plan there or elswhere and a domain.. but I need to figure out how I call my domain :) etc.
You shouldn't be using email as a credential anyway, you should be using a different alias for every service that you log into. Having a public email address in 2024 is an equivalent of writing your phone number in a public toilet.
You can keep track of your logins and passwords with locally-hosted password manager too.
I just switched to skiff wtf
That sucks. Sorry 😣
The attack today at 4am all cell phone providers down what u think ??
Smells like a hidden AD
Btw email you have till 2025.
What?
You are correct. After this video was published, they changed from a 6-month grade period to a 1-year grace period. It's better, but still sucks.
I made skiff mail my primary email.
Ouch. Sorry.
Unscripted videos are the best because it's organic
Thanks...they're also the hardest to record because I finish and kick myself for not saying something that in hindsight was pretty important. I appreciate the feedback!
The CEO of Skiff is a great guy? C'mon now. The mistake I see All Things Secured make is thinking that meeting people at a company means their service is trustworthy. I don't understand why you even have "Secured" in the channel name if that's part of your thought process.
Absolutely, I’m not ashamed to say that I trust more those whom I’ve met personally. If you cared to actually think critically about what I said in the video, though, you would know that I never used my meeting with him to imply anything having to do with security. I’m simply reserving judgement about WHY he sold the company. In any case, thanks for helping with the UA-cam algorithm by watching and commenting!
@@AllThingsSecured What? You absolutely mentioned meeting these people multiple times to imply that they can be trusted with security. It's not even subtle.
"In any case, thanks for helping with the UA-cam algorithm by watching and commenting!"
Passive aggressive response from someone who has no business talking about security.
👍🏻👍🏻😎
Because talking behind a camera is easy but face to face they are all “afraid” , you can see it with the “drama” with spencer cornelia😂
Who the F is Skiff? Never heard of them. I have been using Proton Mail for YEARS. So this little hiccup has zero impact on me. Nice to know that my decision to use Proton Mail has been reaffirmed.
Yup, good choice.
Skiff team made huge mistake.
Money won FOSS world lost :(
It’s a bummer this happened.
"Promo sm"
Not a word on Apple. Obviously, I'm not your target audience. Bye-bye.
Can you explain what you’re talking about? What does Apple have to do with this?
@@AllThingsSecuredit's a troll or a bot, best to just ignore