I’ve been using skiff. com for sometime, as they claim to be a fully privacy preserving app suite like GApps or proton. One thing I like is they provide 10GB storage even for free accounts, where proton eventhough much bigger provides only 500MB.
But that got me wondering… Are they trustworthy as proton? Is there a chanve they end up being a honeypot? Does data actually gets encrypted before sending to the servers in a trustworthy way?
I don't like that you have to use play store to install their apps. 'Oh, but I use Aurora store' you say. Doesn't matter, the email app (the only one I checked) uses the play billing api and firebase installations so on first run it phones home to the mothership.
Someone pointed that out on the other site, and the owner jumped in and said 'those are disabled'. Then someone else posted firewall logs.
Edit: I realized that what I wrote in now way answers you question, mea culpa. Tutanota wrote a comparison Here that does though. It seems relatively unbiased, judge for yourself.
Fwiw I use both Tutanota and Proton. They also have the advantage of being outside of Five Eyes countries.
Edit: word
I’ve never heard of Skiff. Beyond studying the protocols and system design, here’s a couple of things off the top of my head to help:
- Follow the money. Are they charging enough to not be tempted to sell data about their users?
- Who is in charge? Have leadership demonstrated respect towards their user’s privacy in the past? See their About Us page
- Read their privacy policy
- Keep up-to-date. Lots of services start out with good intentions, but over time they get acquired, acqui-hired, big investments… and policies change.