I suggest getting RSS feeds from your subscriptions from Invidious. This way you won’t directly connect to Google’s servers.

Why is it useless for YouTube?

Use their SOCKS5 proxy. Haven,'t encountered any issues on Freetube since then.

There’s also Migadu which I currently use. It doesn’t have all the bells and whistles that providers like Proton and Tuta have with their E2EE but they don’t use any shady marketing or track you. Requires a custom domain though.

I recommend switching to a custom domain in the future so you can avoid situations like this from happening again, this way you won’t be locked down onto a single provider.

They have a large following on Mastodon so this doesn’t really make much sense. I’m inclined to believe that they left due to the hate they were getting because of the recent controversy.

Migadu

+1 for Migadu. Their basic plan (more than enough for most people) is extremely cheap. No vendor lock in. And their support team is by far, the best I’ve encountered.

If you’re using a custom domain, don’t use Mailbox.org, see below:

https://userforum-en.mailbox.org/topic/anti-spoofing-for-custom-domains-spf-dkim-dmarc#comment-1524

Codeberg for public repositories, cgit (if that even counts) on my own server for private ones

I personally use Claws Mail.

Absolutely essential is using a firewall and set it as strict as possible. Use MAC like SELinux or Apparmor. This is extremely overkill for a personal server, but you may also compile everything yourself and enable as many hardening flags as possible and compile your own kernel with as many mitigations and hardening flags enabled (also stripped out of features you don’t need)

I’ve never heard of nsjail, so I wouldn’t know. But there’s also bubblewrap which is used by Flatpak for sandboxing. It’s very small, although a bit annoying to use.

This.

That’s very wholesome to hear! :) Thank you for sharing. I’m glad it’s not the case.

You can’t teach old dogs new tricks.

I never said anything about E2EE. Please re-read what I wrote carefully.

No support for Monero despite it being requested on uservoice 6 years ago. A Bitcoin wallet (seriously?) which is easily traceable. Important email metadata is also not zero access encrypted (i.e., subject headers, from/to headers) which leaks a substantial amount of information even if the body is encrypted. Not to mention they had clearnet redirects from their onion service a while back, something a lot of honeypots usually do.

Even if it’s not a honeypot, you’re sure as hell not getting any privacy with Proton. That’s for sure.

Well, I disagree about Signal. Proton however, I agree is extremely shady and should be avoided at all costs.

Something at which even the original Signal fails. It has received criticism multiple times (1, 2) for not being verifiable whether it’s been tampered with by the app’s distributor, and also for having included properietary google services dependencies which dynamically load further code from the phone which is also a security issue. Worthy forks solve both of these.

That’s unfortunate. I do hope that these forks don’t go and start making extensive changes though, because that’s where it becomes a problem.

Again, having third party clients would not definitively mean the client is bad. Obviously, if it’s a simple fork with hopefully small patches that are just UI changes, it’s probably not going to harm the security model.

I should have phrased this better in my original post. When I was thinking about third party clients, Matrix and XMPP immediately came to my mind. Not very simple forks. So I’ll phrase this better: “Having non-trivial third party clients is not good for security.” What non-trivial means is left to interpretation though, I suppose.