The Privacy Community is MAD...here's why (+ my recommendations)
Ғылым және технология
Skiff was a once-promising encrypted email provider that was recently purchased by Notion. Unfortunately, all the Skiff services are being shut down, leaving users scrambling to migrate their secure email. Here's why this matters and what we can learn from it.
▶ Migrate to Proton Mail: www.allthingssecured.com/yt/p...
*affiliate link
If you care about your personal security and privacy online, download my free security checklist here:
✅ Security Checklist: www.allthingssecured.com/secu...
🔹🔹🔹What You Should Watch Next🔹🔹🔹
I've got a lot of great privacy- and security-related content here on the All Things Secured KZread channel (although I admit I'm a bit biased). If you're wanting to increase your online cybersecurity, here's what's next:
✅ Watch the full Andy Yen (Proton CEO) interview: • FULL Interview with Pr...
✅ How to build privacy with internet pseudonyms: • How to Build Internet ...
✅ How to use email aliases: • STOP Giving Your Real ...
🔹🔹 Support All Things Secured (Recommendations) 🔹🔹
If you enjoy this kind of practical security and privacy content, one of the best ways you can help support this channel is by using these affiliate links to our favorite products and services. When purchasing through these links, you not only get the best available deal, the companies will also pay us a small commission. Thank you for your support!
✅ Recommended Password Manager: www.allthingssecured.com/yt/1...
✅ Recommended Identity Monitoring: www.allthingssecured.com/try/...
✅ Recommended 2FA Security Key: www.allthingssecured.com/yt/y...
✅ Recommended Secure Email: www.allthingssecured.com/try/...
✅ Recommended VPN: www.allthingssecured.com/try/...
In February 2024, Skiff announced that they had been acquired by Notion, a productivity app. It caused quite a stir, particularly among those in the privacy community, because all of the encrypted mail, calendar and drive apps were going to be shut down 6 months after the announcement. It's unfortunate, although not unexpected. Here's what we can learn from this whole ordeal.
@ProtonPrivacy #emailsecurity #skiff #cybersecuritytools
Пікірлер: 185
UPDATE: Skiff has decided to extend the grace period from "6 months" to "2025", giving you more time to migrate. Regardless, if you haven't decided on a good alternative, I recommend Proton Mail: www.allthingssecured.com/yt/protonmail
@dadexdadex9088
3 ай бұрын
Hi Josh, would you do a tutorial explaining(from timestamp 4:23)? Thank you
@AllThingsSecured
3 ай бұрын
@@dadexdadex9088 That's not a bad idea. I might try that later.
@dadexdadex9088
3 ай бұрын
@@AllThingsSecured Hi Josh, thank you for taking your time answering our questions
@ShadowMan717
3 ай бұрын
I would recommend codamail. Solid private mail since 1997
@dav1dw
3 ай бұрын
I did not get anything from Skiff saying the grace period is extended. I also couldn't find anything in a web search. Can you reference a source? Thanks.
Love your site. Straight forward down too earth level. Great job!
@AllThingsSecured
3 ай бұрын
Thanks, Ashley!
Thanks ! Your points were very clear !!
Renting your own domain makes switching services so easy!
@AllThingsSecured
3 ай бұрын
I wouldn’t call it “renting” per se. you own the domain, you’re renting the email inbox.
@mrcvry
3 ай бұрын
@@AllThingsSecured But you don't buy a domain, you have to pay an annual fee for it, otherwise someone else can take it. I see it as a kind of rent. Beside the term - just get one for your email. 😁
@kcarmical
3 ай бұрын
@@AllThingsSecured got a suggestion for who to get the redirect from? I own a domain but have never done any email-fu with it
@michael49789
3 ай бұрын
@@AllThingsSecured Yes, we say “I buy a domain.” But you know: you must pay every year again to keep the domain. It's more like a subscription as a purchase, right?
@valley5882
3 ай бұрын
@@kcarmical Haven't tried it yet but cloudlfare as a "cloudflare email routing" service and its free, in my experience all of their services are pretty good, the company itself is great, though I don't know their privacy practices to be honest
I am running my own postfix mail server and I implemented all security measures that I could find out about. There are SOOOOO many companies that try to mail me, but my server just refuses them. Some as simple as no SPF records for that server. It's amazing. I always try to notify them, usually no reaction of course. If a company really needs to contact you, they'll find another way.
100% agree Proton Mail. 100% agree on custom domain. 100% agree never use your email providers email address. 100% agree on email aliasing. Having gone through the process, 100% agree that changing your email across all of your online accounts is a PITA! However, it's a worthwhile endeavor. Use an email aliasing solution so that every account has a unique email or username and a strong, unique password!
@AllThingsSecured
3 ай бұрын
Great thoughts, Robert 👍🏻
@pantarei.
25 күн бұрын
If you want to use your custom domain for everything - mailing, aliases, etc., mind that your identity can be easily revealed... it is just enough to check who is the owner of your domain. I would still reccomend to use more anonymous aliases or email accounts.
@RobertBrinson
25 күн бұрын
@@pantarei. If you purchase a custom domain, be sure to use whois guard. It's a free add-on with NameCheap.
All the advice you give on buying your own domain and making sure that a service has been time tested before deciding to trust is 100% correct, but Skiff made some mistakes too. The fact that they have been called out by other app developers in the privacy community, including people who don't compete with them, is telling. They could have handled this better.
@AllThingsSecured
3 ай бұрын
100% agree. There are always ways to do things better and I’m not trying to let Skiff off the hook, I’m just pointing out that we don’t know the whole story.
@Mic-Mak
3 ай бұрын
@@AllThingsSecured Fair enough. Keep up the good work!
was about to move from iCloud a few weeks back, but enable to export email without a mac. And it saved me from banging my head against the wall.
@AllThingsSecured
3 ай бұрын
Very lucky.
@IdkG7
3 ай бұрын
Try Proton instead ;)
This is what Posteo has to say about privacy and using your own domain name. And I agree. "We are an email provider with a particular, privacy-oriented model - and this is not compatible with incorporating own domains. One of our emphases is data economy: we do not collect any user information (names, addresses, etc) of our customers. We always answer requests from authorities for user information in the negative. On the other hand, own domains need to be registered to the name and address of a person. If you were able to use own domains with us, this would affect the entire concept of Posteo: we would need to start saving user information for all customers who use their own domains with us - and to provide these to the Federal Network Agency to be provided on request to the authorities. Even if only the MX record pointed to us, we would still need to store the assignment of the domain in your Posteo account as user information. Thus we would possess your user information and be required to give it out. For this reason, we have decided not to offer this possibility and instead to use data economy. "
@pantarei.
25 күн бұрын
posteo is not very reliable. Some mails dissapear on their way to the mailbox.
Thank you Josh for this important wakeup and your informative channel. I have been concerned about this email as account ID problem for some time but didn't know how to deal with it. This video tells us what we need to do. Thank you.
@AllThingsSecured
3 ай бұрын
My pleasure, Tony.
Custom domain sounds good but I couldn't figure out the right scope of it. Should it be personal (e.g. first and last name related) ? Or only family related with last name (thus how to handle email address when kids grown up) ? Or something else ? I'll be interested to have your points of view on this
@AllThingsSecured
3 ай бұрын
Custom domains can be anything you want that’s actually available. Go onto Namecheap or GoDaddy and just do some random searches. It doesn’t even need to be related to your name if you don’t want it to.
So I actually began migrating certain accounts to Skiff and then got busy with other things, so never finished, lucky me. I've taken the approach of email compartmentalisation, utilising different providers for different groups of my online accounts whilst it's a bit of a chore to implement, I think once it's done, it's worth it. Unless one of those providers does a Skiff lol. I'm never reliant on a single provider and certain accounts are protected from exposure. Definitely would like to learn more about self hosting a domain email, it would be great to hear more.
@AllThingsSecured
3 ай бұрын
Glad to hear you weren’t too affected.
@k.hussain360
3 ай бұрын
@@AllThingsSecuredIt's thanks in part to your videos actually, that I was able to implement some sort of system at all. For a person who is tech literate, I was way too complacent and it was only after getting fed up with spam call, that I finally got myself in gear. Your content as well as others made it way less daunting a task.
@AllThingsSecured
2 ай бұрын
So encouraging to hear. Thanks!
Good idea on having your own @address -as soon as I'm employed again I'll make that a priority. Thanks for the vid!
The problem with using your own email is that it costs a lot of money and it's not a one-time payment. Many people rely on and use certain products because they're free. Yes, I know the issues with that, but it's a reality. Another reality is that many people simply can't afford to pay the amount required to do their own.
@AllThingsSecured
3 ай бұрын
$15/year is a lot of money?
@DragoNate
3 ай бұрын
@@AllThingsSecured that's only for the domain. it's minimum $5-$15/month usually for the pro email connection. CAD at least. but fine, maybe "a lot" is wrong (generally) but for some people, yes, it would be a lot. used to be for me.
@acastezavala
2 ай бұрын
@@DragoNate yep, he should've mentioned that in the video. There are some ways of doing it for free using cloudfare but that has its own set of problems.
@DragoNate
2 ай бұрын
@@acastezavala I didn't even know you could with cloudflare
@DragoNate
2 ай бұрын
@@acastezavala i didn't even know you could do that with cf
I've moved email providers a couple of times, but had the same foresight of using my own domain. So changing providers was actually not that hard.
There is a lose on privacy by using a custom domain? will be nice to see a video about the pros and cons of it
@AllThingsSecured
3 ай бұрын
Hmm, interesting. I don’t think of it much as a privacy issue because you can still use various aliases. It’s simply a matter of owning your email address so you can bring it wherever you want.
@minifig404
3 ай бұрын
@@AllThingsSecured Domains require that _someone_ is able to reach you. You can mask your address from the general public, but you still have to be contactable. So without extra steps to proxy the contact info you hand your registrar, there is a certain amount of minimum risk, even if your registrar offers a privacy-protecting mode of some kind. Whether that's an issue depends on whether your threat model includes a Named Social Engineer (not rare).
Great vid Josh...I did not realize that having your own domain name was so affordable
@AllThingsSecured
2 ай бұрын
👍🏻👍🏻
I liked the video. Much easier to bring this out when the news is hot vs 2 weeks from now
@AllThingsSecured
3 ай бұрын
True.
Another important tip would be using a password manager, because you will have an overview over the services and which email address you used to sign up.
@demarcusds95
2 ай бұрын
That’s a good point. A password manager will save the hassle 👍
@Visquint
2 ай бұрын
yes, and please dont use something like lastpass or nordpass. use keepassxc
@pantarei.
25 күн бұрын
@@demarcusds95 any password manager company can also quit. At the end you have to trust someone anyway... or use a piece of paper ;-)
Thank you for making this :)
@AllThingsSecured
3 ай бұрын
My pleasure. Thanks for the email (although I had already planned to do this when I received it 😉).
Hey man, where do you suggest people to get their domain from? Thanks a lot
@AllThingsSecured
3 ай бұрын
Namecheap, GoDaddy…any domain registrar will work.
I think VC funding is a valid red flag to look out for in the privacy community. And this is from someone who never considered it as a red flag. But in light of Skiff's controversy, but also Patreon's troubles, I'm now more alert. Patreon is not a privacy service, but as far as I could tell, people have been more or less happy with it until recently. Patreon has been valued at billions of dollars, and financially, has been doing well for a while, but because they are VC funded in the hundreds of millions of dollars, they've had pressure to be more profitable than they already are. Hence, they changed some things for their users and they are not happy. If VC Funding can do that for a successful company that's not a privacy service, it shouldn't be surprising that they can cause more damage for a new privacy start-up like Skiff
@AllThingsSecured
3 ай бұрын
That's unfortunate, but I get why you would say that.
@ashishpj
Ай бұрын
noted it.❤
I am more security than privacy concerned (there is probably some distinction between the two in this matter), and never heard about these two companies, to be honest.
@AllThingsSecured
3 ай бұрын
That's fine. Skiff was attractive to more of the privacy crowd and Notion is more of a productivity app - nothing to do with security or privacy really.
You pay $10 a year for your own domain, but you also need to pay for provider like Proton or other to use it. So it is finally minimum $52-$70 a year.
I use a custom domain for my email, but I've observed that my emails intended for business communications often end up in the junk folder or, worse, are flagged as security risks. Because of this issue, I rarely receive replies to my emails. How do I fix this?
I loved skiff, I did move from gmail to skiff, now this. It's really disappointing
@AllThingsSecured
3 ай бұрын
So sorry about that. I know that sucks.
Could you please suggest. Which is more privacy focused proton or tutanota. It should be best in encryption,ip, loging,sharing with government etc.
@AllThingsSecured
2 ай бұрын
Either is good. Seriously. I prefer Proton, but that’s merely preference.
@Visquint
2 ай бұрын
i recommend tutanota because their support service is well trained and very difficult to engineer
@pantarei.
25 күн бұрын
Proton is more reliable, but Tuta is more private, cheaper and offers more in the same price tier.
Good video. Thanks for bringing this to our attention.
@AllThingsSecured
2 ай бұрын
My pleasure, Jim!
Changing email is brutal.
@AllThingsSecured
3 ай бұрын
No doubt. It can be a nightmare.
@NoReTr3aT
3 ай бұрын
Having a Password-Manager helps. Just look where you have used the old one and change a few every day. Switched to Proton recently and Skiff was on the list of canditates for a new mail (away from Yahoo). Dodged that one.
@adam.maqavoy
3 ай бұрын
Only in the US & Canada.
@billy5688
2 ай бұрын
@@adam.maqavoy oh please stop it. It's brutal for anyone that has them on say a business card. Do the US and Canada do business only?
@adam.maqavoy
2 ай бұрын
@@billy5688 Not everyone is well versed in tech. Especially on emails and that happens to be a False Dilemma.
Dude, where were you earlier? Dangit, I could've used your advice a month ago with proton mail
Proton is my go to and I love it!
@AllThingsSecured
3 ай бұрын
👍🏻👍🏻
Notion's lack of proper encryption of people's notes should've been a warning sign. RUN!
HI, can you make a video showing how to use simple login? Thanks.
Unfortunately, this situation is very likely with any centralized email service. A change in ownership may change the entire philosophy of the product or lead to the liquidation of the product. I am sure that mailboxes and their contents must be owned by users. This is only possible in truly decentralized services like Eppie.
@AllThingsSecured
3 ай бұрын
That may be true in theory, but other than Skiff, how many other services can you point to in the last decade that have done this?
Which e-mail/domain provider do you recommend, if I plan to own my own e-mail address?
@T4505.
3 ай бұрын
If you're looking to only buy a domain and not use other provided services, then either Namecheap or Porkbun will do. This is not something that everyone cares about (I do), but if you go with Namecheap you can pay with BTC without ID confirmation and you'll never get asked to provide such information without something triggering a red flag.
@AllThingsSecured
3 ай бұрын
Yea, there are plenty of domain registrars. Find a reputable one in your country.
@DNOD1983
3 ай бұрын
Thank you. Should we also consider the possibility of that registrar also closing down?
@pepperpepperpepper
3 ай бұрын
@@DNOD1983 I like Porkbun for US registration. If they close down, you can just transfer your domain to someone else.
the worst is that was the few with custom FREE domians all other are paid, so doesnt matter having a domain if need to pay monthly to use :/ AWS SES is one of few very cheap to use, but will need to build a client Oracle doesnt even work well enough to accept card and start trial (free tier would be fine) is there any alternative with Free custom domains and skiff like UI?
Well I'm just moving my domain out of Skiff to Migadu, but still, many things have to be taken care of, like aliases and Documents. It really is an unexpected event, and a sad one at that
@AllThingsSecured
3 ай бұрын
Agreed. Even with a custom domain, that doesn’t make the migration a fun event. So sorry.
I was undecided between them and another company. I didn’t choose Skiff just because it was set in America and I really don’t like how privacy is handled there. Even if the company is privacy focused. Still, it’s a sad day.
@AllThingsSecured
Күн бұрын
Agreed
I almost switched to skiff. So glad i didn't because I would've been pissed to had to switch everytthing. Also I just set my custom domain cuz it was cool I had domains and privacy but damn i made a really smart choice and never even noticed.
People should have multiple emails one for logging into accounts, another one for regular emails, and 3. rd for courses
keep up ✅👍
@AllThingsSecured
2 ай бұрын
Thanks!
really helpful thoughts, thank you! The issue of email = identity has been troubling me for some time.
This is my first time hearing about this email service Skiff and Notion
@AllThingsSecured
3 ай бұрын
Yea, Skiff was somewhat niche. Notion is a pretty big productivity app, though.
i moved everything to my own domains about 3 years ago and it was the best decision ive made
@AllThingsSecured
3 ай бұрын
👍🏻👍🏻👏
My email is based on my own domain. No company can take it away from me. If my web host goes bust, I can keep my email and website, just have to transfer it to a different host, or learn self-hosting. I refuse to have any part of my identity or business be owned by others, particularely other corporations
Solid strategy
@AllThingsSecured
3 ай бұрын
👍🏻👍🏻
Fun fact: They aren't open source. Only the few libraries are open source and the backend is completely proprietary. Mail client is source-available, not open source due to restricting commercial use.
@AllThingsSecured
3 ай бұрын
They not “completely” open source. Very few services are (even Proton isn’t).
@Raikasta
3 ай бұрын
@@AllThingsSecured That is true, but they have advertised that Skiff Mail is completely open source. Even though even the client isn't open source, but source-available.
@AllThingsSecured
2 ай бұрын
Gotcha.
Simplelogin with a custom domain solves this problem, you can create as many addresses as you need and if your email provider dies, you just change the address everything is forwarded to. Granted, if Simplelogin dies, it would be a pain, but they are owned by Proton now so I think it's unlikely.
@AllThingsSecured
3 ай бұрын
👍🏻
Heyy I just pushed the likes to 1k! 🤭
The only way to reliable privacy is moving away from online services as much as possible. Imho the only way privacy can reach the masses, at least the masses who care about it, is a company or companies that build open hardware and software combos, with UX similar to the average cloud service (convenience built-in) but that rely solely on hardware sales for funding.
@AllThingsSecured
3 ай бұрын
Thanks for sharing your thoughts 👍🏻
As far as I know in Germany using your own domain means you have to register it with name and address. Is that different in the US? Furthermore you have to know what you do about safety technologies like DNSSEC, DANE and SPF. That's all just too much isn't it...
@AllThingsSecured
3 ай бұрын
In many countries you will need to register with your real name, but you should also be able to hide that from the public databases. And as far as DKIM, DMARC, SPF and other DNS settings, it’s worth doing but not absolutely necessary unless you send a ton of emails.
Remember when you could send and receive email without going through a corporation?
@AllThingsSecured
3 ай бұрын
When was that?
@khatharrmalkavian3306
3 ай бұрын
@@AllThingsSecured 😭
You shouldn't be using email as a credential anyway, you should be using a different alias for every service that you log into. Having a public email address in 2024 is an equivalent of writing your phone number in a public toilet. You can keep track of your logins and passwords with locally-hosted password manager too.
I like the idea of having my own email by renting a URL. Do you have any example of how to go about doing this?
@AllThingsSecured
3 ай бұрын
It all starts with purchasing a domain through a domain registrar like Namecheap, GoDaddy or others. Then you just find “custom domain” in your email provider.
@elizabeth4053
3 ай бұрын
@@AllThingsSecureddo you have to also find a provider to host your custom url and also purchase the email provider?
@Michal_Sobczyk
3 ай бұрын
@@elizabeth4053 1. buy a domain through a registrar 2. buy an email service that allows for custom domains like tutanota etc. 3. in the domain panel redirect your domain to the email service provider's address (read the faq or help section of the email provider site to find out to which address to redirect) 4. in the email provider's panel create your own email addresses for the domain
What it feels like is NOTHING is secure. As an older American I’m frustrated because you are saying that even my own URL would be with Google or Proton servers. How safe is that??? I sooooo try to keep up with safety and it feels like an endless journey and there’s no going back to pencil, paper and the post office. Ugh. Thanks for what you do , just frustrating
@Michal_Sobczyk
3 ай бұрын
Your URL will not be with proton, it will remain with the registrar. The registrar will only redirect queries to Proton as long as you want but anytime you want you can switch that off and Proton has no control over the URL.
@AllThingsSecured
3 ай бұрын
I get that. As I said in the video, security and privacy is a process, not a setting. It can be frustrating but the thing you need to understand is that we all have to compromise in some areas and having Google host your email isn’t the worst thing in the world.
I think that the majority of people believe that owning your own domain is a super complicated thing that only tech people do.
@AllThingsSecured
3 ай бұрын
Yea, I know. Part of what I’m trying to do is let people know that it’s not as hard or complicated as it seems.
Skiff should commit to relaying their users e-mail to an address of their choosing for at least 5 years.
Maybe domain is cheap but to host your own email costs much much more
@AllThingsSecured
3 ай бұрын
That’s true, which is why I didn’t say you need to host your own email. You can use ProtonMail or many others.
@aijokker
3 ай бұрын
@@AllThingsSecured exactly, you have to pay not only for domain but for any service of your choice where you want to host your email and that is not cheap. you mentioned only the cost of domain, which is cheap but not the email hosting, which will cost much more
@AllThingsSecured
2 ай бұрын
I’m assuming somebody who was willing to pay for Skiff is also willing and able to pay for another email service.
@DragoNate
2 ай бұрын
@@AllThingsSecured don't assume :D also, what about people were not previously using skiff? because I don't imagine your advice or push for this kind of thing is ONLY for skiff users but general advice brought about due to the situation with skiff.
idk why yt translates channel names, worst thing they can do.. yet again lol was a paid skiff user, now I'm at proton again, I'm saving up for a plan there or elswhere and a domain.. but I need to figure out how I call my domain :) etc.
All thiings 😃
@AllThingsSecured
3 ай бұрын
👍🏻
Smells like a hidden AD
I just switched to skiff wtf
@AllThingsSecured
3 ай бұрын
That sucks. Sorry 😣
The attack today at 4am all cell phone providers down what u think ??
Btw email you have till 2025.
@IdkG7
3 ай бұрын
What?
@AllThingsSecured
3 ай бұрын
You are correct. After this video was published, they changed from a 6-month grade period to a 1-year grace period. It's better, but still sucks.
Unscripted videos are the best because it's organic
@AllThingsSecured
3 ай бұрын
Thanks...they're also the hardest to record because I finish and kick myself for not saying something that in hindsight was pretty important. I appreciate the feedback!
The CEO of Skiff is a great guy? C'mon now. The mistake I see All Things Secured make is thinking that meeting people at a company means their service is trustworthy. I don't understand why you even have "Secured" in the channel name if that's part of your thought process.
@AllThingsSecured
3 ай бұрын
Absolutely, I’m not ashamed to say that I trust more those whom I’ve met personally. If you cared to actually think critically about what I said in the video, though, you would know that I never used my meeting with him to imply anything having to do with security. I’m simply reserving judgement about WHY he sold the company. In any case, thanks for helping with the KZread algorithm by watching and commenting!
@frankboyer1490
3 ай бұрын
@@AllThingsSecured What? You absolutely mentioned meeting these people multiple times to imply that they can be trusted with security. It's not even subtle. "In any case, thanks for helping with the KZread algorithm by watching and commenting!" Passive aggressive response from someone who has no business talking about security.
@AllThingsSecured
2 ай бұрын
👍🏻👍🏻😎
@weird-guy
2 ай бұрын
Because talking behind a camera is easy but face to face they are all “afraid” , you can see it with the “drama” with spencer cornelia😂
I made skiff mail my primary email.
@AllThingsSecured
3 ай бұрын
Ouch. Sorry.
Who the F is Skiff? Never heard of them. I have been using Proton Mail for YEARS. So this little hiccup has zero impact on me. Nice to know that my decision to use Proton Mail has been reaffirmed.
@AllThingsSecured
3 ай бұрын
Yup, good choice.
Skiff team made huge mistake. Money won FOSS world lost :(
"Promo sm"
Not a word on Apple. Obviously, I'm not your target audience. Bye-bye.
@AllThingsSecured
3 ай бұрын
Can you explain what you’re talking about? What does Apple have to do with this?
@Jeal0usJelly
3 ай бұрын
@@AllThingsSecuredit's a troll or a bot, best to just ignore