> I second Proton Mail
Yep, Proton is good.
Vendors are learning that the best way to not only protect their customers' data, but also their company from liability, is to employ "Zero-Trust" architecture. In the case of a cloud application, it means to do all encryption/decryption locally on the customer's computer, using AES-256. Nothing leaves the customer's computer that isn't encrypted. The vendor doesn't have to worry about breaches causing anybody to sue them, and the customers' data is secure.
In fact, "Zero-Trust" ASSUMES that sooner or later there will be a breach and the bad guys will get the data stored in the cloud. Since it's encrypted with a key that lives only on the customer's computer, the bad guys are out of luck.
Keeper Security Password Manager does that. Highly recommended, but it's not free.
BTW, end-to-end (E2E) encryption does not in itself guarantee that your data is encrypted at the vendor's facility (data at rest). E2E is about the transmission, with a sender and a recipient who can both read the data, and thus allows the vendor to store plaintext after decryption at their facility.
“BTW, end-to-end (E2E) encryption does not in itself guarantee that your data is encrypted at the vendor’s facility (data at rest). E2E is about the transmission, with a sender and a recipient who can both read the data, and thus allows the vendor to store plaintext after decryption at their facility.”
The want for convenient “storage” is the whole big deal... Laziness.
All this is why I am getting off the WWW/HTTP protocols altogether. True encrypted TLS end to end P2P with no intermediate peer network node hops. Basically phone number directly to phone number with no “message service” in between. No storage at all except your local client tunneled to the end receiver’s local client. And which is fine, like a FAX machine it will just have to redial occasionally until the machine on the other end is online and available then it will send and they will get it.
This want for “convenient second party storage” is what has created all these email problems. Want to be secure? Get “FAX mind” and just keep dialing until their FAX machine (local Client inbox) picks up the phone on the other end. Then it is tunneled directly from machine to machine. But this is too much “Work” so now we have what we have now... A mess of third party intervention, control, and stewardship. There are local email clients that will automatically check for a connection every so often until the direct line becomes available to receive like a FAX machine does.
This is true end to end encryption.
Your efforts are commendable—but paranoid me is convinced that NSA (and perhaps other governments) have hardware spying at the factories where the computer components are built.
That was the claim that Snowden made (long ago at this point) and I have no reason to doubt it.