Technology Tales

Adventures in consumer and enterprise technology

TOPIC: SECURE COMMUNICATION

Secure email services: Protecting your digital communications

21st August 2025

In an era where digital privacy faces increasing threats from corporate surveillance, government oversight and cyberattacks, traditional email services often fall short of protecting sensitive communications. Major providers frequently scan messages for advertising purposes and store data in ways that leave users vulnerable to breaches and unauthorised access.

The following three email services represent a different approach—one that prioritizes user privacy through robust encryption, transparent practices and a genuine commitment to data protection. Each offers end-to-end encryption that ensures only intended recipients can read messages, while employing various technical and legal safeguards to keep user data secure from third-party access.

From Belgium's court-order requirements to Switzerland's strong privacy laws and Germany's open-source transparency, these services demonstrate how geography, technology and philosophy combine to create truly private communication platforms that put users back in control of their digital correspondence.

Mailfence

This encrypted email service launched in 2013 by ContactOffice Group operates from Brussels, Belgium, providing users with OpenPGP-based end-to-end encryption and digital signature capabilities whilst maintaining servers under Belgian privacy protection laws that require court approval for any access requests. The platform generates private keys within the browser and encrypts them using AES-256 with user passphrases, ensuring the service provider cannot access user encryption keys and supports standard security protocols including SPF, DKIM, DMARC, TLS and two-factor authentication alongside anti-spam filtering. Beyond secure email functionality that works with POP, IMAP, SMTP and Exchange ActiveSync protocols, the service integrates calendar management with CalDAV support, contact organisation with various import and export formats, document storage with online editing through WebDAV access and group collaboration tools for sharing files and calendars.

Proton

Founded in 2014 by CERN scientists and now majority-owned by the non-profit Proton Foundation, this Swiss technology company has built a comprehensive suite of privacy-focused services that serve over 100 million users worldwide. The company's flagship service, Proton Mail, offers end-to-end encryption for secure email communication, ensuring that only senders and recipients can read messages whilst the company itself cannot access the content.

The ecosystem has expanded to include Proton VPN for secure internet browsing, Proton Drive for encrypted cloud storage, Proton Calendar for scheduling, Proton Pass as an open-source password manager and recently Lumo, a privacy-centred AI chatbot. All services operate under Swiss privacy laws and employ zero-access encryption technology. The company's mission centres on protecting user privacy against both authoritarian surveillance and big technology companies' data collection practices, offering an alternative to advertisement-supported services that typically monetise user information.

Tuta

Formerly known as Tutanota, this German-developed encrypted email service operates under a freemium model and was founded by Tutao GmbH in 2011, officially rebranding to Tuta in November 2023. The platform provides automatic end-to-end encryption for emails, subject lines, attachments and calendars using hybrid encryption including AES-256 and RSA-2048, whilst newer accounts benefit from post-quantum cryptography through the TutaCrypt protocol featuring algorithms like X25519 and Kyber-1024.

Registration requires no phone number and the service claims no IP logging, with private and public keys generated locally, and private keys encrypted by user passwords before storage. The open-source platform is accessible via webmail with applications for Android, iOS, Windows, macOS and Linux, and includes an encrypted calendar, contact storage, search functionality and two-factor authentication support. The service has received recognition for its strong encryption and privacy focus but has faced challenges including a significant drop in Google search visibility following Digital Markets Act implementation.

Adding a new domain or subdomain to an SSL certificate using Certbot

11th June 2025

On checking the Site Health page of a WordPress blog, I saw errors that pointed to a problem with its SSL set up. The www subdomain was not included in the site's certificate and was causing PHP errors as a result, though they had no major effect on what visitors saw. Still, it was best to get rid of them, so I needed to update the certificate as needed. Execution of a command like the following did the job:

sudo certbot --expand -d existing.com -d www.example.com

Using a Let's Encrypt certificate meant that I could use the certbot command, since that already was installed on the server. The --expand and -d switches ensured that the listed domains were added to the certificate to sort out the observed problem. In the above, a dummy domain name is used, but this was replaced by the real one to produce the desired effect and make things as they should have been.

Manually updating Let's Encrypt certificates

8th November 2024

Normally, Let's Encrypt certificates get renewed automatically. Thus, it came as a surprise to me to receive an email telling me that one of my websites had a certificate that was about to expire. The next step was to renew the certificate manually.

That sent me onto the command line in an SSH session to the Ubuntu server in question. Once there, I used the following command to check on my certificates to confirm that the email alert was correct:

sudo certbot certificates

Then, I issued this command to do a test run of the update:

sudo certbot renew --dry-run

In the knowledge that nothing of concern came up in the dry run, then it was time to do the update for real using this command:

sudo certbot renew

Rerunning sudo certbot certificates checked that all was in order. All that did what should have happened automatically; adding a cron job should address that, though, and adding the --quiet switch should cut down on any system emails too.

Dealing with the following message issued when using Certbot on Apache: "Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection"

12th April 2024

When doing something with Certbot on another website not so long ago, I encountered the above message when executing the following command (semicolons have been added to separate the lines):

sudo certbot --apache

The solution was to open /etc/apache2/sites-available/000-default.conf using nano and update the ServerName field (or the line containing this keyword) so it matched the address used for setting up Let's Encrypt SSL certificates. The mention of Apache in the above does make the solution specific to this web server software, so you will need another solution if you meet this kind of problem when using Nginx or another web server.

  • The content, images, and materials on this website are protected by copyright law and may not be reproduced, distributed, transmitted, displayed, or published in any form without the prior written permission of the copyright holder. All trademarks, logos, and brand names mentioned on this website are the property of their respective owners. Unauthorised use or duplication of these materials may violate copyright, trademark and other applicable laws, and could result in criminal or civil penalties.

  • All comments on this website are moderated and should contribute meaningfully to the discussion. We welcome diverse viewpoints expressed respectfully, but reserve the right to remove any comments containing hate speech, profanity, personal attacks, spam, promotional content or other inappropriate material without notice. Please note that comment moderation may take up to 24 hours, and that repeatedly violating these guidelines may result in being banned from future participation.

  • By submitting a comment, you grant us the right to publish and edit it as needed, whilst retaining your ownership of the content. Your email address will never be published or shared, though it is required for moderation purposes.

Copyright © 2007-2025, TechnologyTales.com