Seasons greetings to all!

I am on a mission to withdraw from my remaining Google addictions and one of the options is this one: https://disroot.org

Does anyone have any experience with them? Their site and public presentation are rather, well, shall we say, bohemian :-s but that doesn't really bother me. I'm more interested in their resiliency, uptime/downtime, track record and any experiences, both good and bad, that forum members may have with them.

My account application is pending approval. I will report back with my own experiences once/if approved.

Don't know if you have seen this yet DH : https://privacy-watchdog.io/the-truth-about-disroot-org/

Don't know if you have seen this yet DH : https://privacy-watchdog.io/the-truth-about-disroot-org/
Thanks for the link, 1fallen. Interesting. I will continue to accumulate data.

I will continue to accumulate data.

I wouldn't expect any different DH...:D
Also as a side note, As some of you might have noticed, Microsoft (owner of Hotmail, Outlook, Live, Office360, etc.) is rejecting all emails originating from Disroot.org servers.
I can't speak personally on this, I Don't use MS either....

…Microsoft (owner of Hotmail, Outlook, Live, Office360, etc.) is rejecting all emails originating from Disroot.org servers…
"Curiouser and curiouser." That in itself could be a deal‑breaker for purely practical reasons. However, I am given to suspecting MS's motives too. They may not be above practising a bit of bullying and corporate gamesmanship if they believe that a platform like Disroot threatens their business model.

My research continues apace.

"Curiouser and curiouser." That in itself could be a deal‑breaker for purely practical reasons. However, I am given to suspecting MS's motives too. They may not be above practising a bit of bullying and corporate gamesmanship if they believe that a platform like Disroot threatens their business model.

My research continues apace.

he he he, Read on my friend: https://disroot.org/en/blog/microsoft_hostility
PS: I thought you and i, learned to live within this "World Wide of Webbing " :)

A different perspective: https://digdeeper.neocities.org/ghost/email.html#Disroot

I should make it clear that I expect no perfect solutions because there are none. Every solution has different drawbacks. The old adage is perfectly valid: e-mail is a public medium and is not private. But there are nuances and then there are nuances.

Re: the first link from 1fallen

I am inclined to take this link with a heavy dose of salt. The blogger is riding a major rant and appears to be of the axe‑grinding sort. The "where there's smoke there's fire" mindset is also suspect. Complete, impartial data and calm, objective analysis are welcome; area 51 type conspiracy theories are not and only cast the objectivity of the author into question.

My objective is not to make my e-mails impenetrable. They never have been and never will be. Example: I sent my business associates some confidential docs through encrypted link. They massaged the document and then sent the attachment back in the clear. :rolleyes: It didn't matter what measures I took; my carefulness was entirely neutralized and subverted by the carelessness of the other party.

One of my concerns is simply reliability. The other is that no data skimming or profiling be done. A third would be that servers are sufficiently well hardened to defeat malicious actors. I do have additional concerns, but they tend to fall off after these three.

One other suggestion only: https://protonmail.com/
Reviews are Good, and i personally use it.

One other suggestion only: https://protonmail.com/
Reviews are Good, and i personally use it.
I already use it too. But in my case, I restrict its use to sensitive docs. This was the very platform that starred in my previous story of the carefully encrypted upload that was returned to me as an unencrypted attachment.

The problem with Protonmail is that it does not play at all with email clients. Since I have a number of e-mail accounts, it's important that they can all be managed under one e-mail client. And anyways, as per that previous story, the problem with e-mail is that it is only as strong as its weakest link. If its security provisions are too hard for wide adoption, it just won't get used. Someone will send something in the clear which will negate all the effort that is put in to securing a chain of communiqués.

I'm resigned to sending and receiving unencrypted e-mails. It's just the nature of the beast. If I've got sensitive stuff, it won't be sent as e-mail.

So the focus is not on secure e-mail transmission, but on secure storage and, most of all, a commitment to no harvesting of my data for profiling.

I will report back with my own experiences once/if approved.
Please do!

Please do!
Okay, an ultra‑preliminary report:

I've done nothing more than the very glimmerings of the beginnings of poking around, but things look good so far. In fact, they look very promising:


The offerings are rich and diverse. The core items are e-mail and cloud storage of course, but this is augmented with a basketful of community goods like a minimal encrypted pastebin, an encrypted collaborative office suite, a metasearch agglomerator, an e-mail file upload service, a collaborative project management board, a Jitsi server, a community driven alternate to Git, the VoIP platform Mumble, XMPP chat, community whiteboarding including an editor and a spreadsheet, and not least a forum, though this last does not appear to be too active. If this sounds like an embarrassment of riches, well, it is.
They have a slick Android app on F-Droid that interfaces with all of the above. It's just a front end so you do need to set up further apps (like Nextcloud, Mumble, Jitsi, etc) but this is only to be expected.
System is reasonably responsive, although I had a bit of a wait logging into the cloud storage the first time. Subsequent login was fine. I'm new to Nextcloud, so will need to spend some time getting familiar with the apps, options and settings. Apparently, Nextcloud allows one to chain with other cloud instances, which is both amazingly powerful and very scary. I would not do that without a far better understanding of the security risks.
Free account includes 1GB of e-mail and 2GB of cloud which is tight, but you can buy more at very reasonable rates. However, there are caps and they are quite low. It's a community run initiative, so their limited resources are directed at broadness of reach rather than massive capacity.
E-mail offers encrypted IMAP and SMTP along with CardDAV and CalDAV hooks for your preferred email/calendar client. I tested both sending and receiving from all four of my other e-mail providers and succeeded, though with some delay in one of them. None are Microsoft, so I can't speak to the issue raised by 1fallen.
Documentation is reasonable but not extensive. So far, I've run into nothing that can't be solved with a modicum of search-Fu. They are inviting volunteers in the documentation department, especially those with multi‑language skills.

Altogether, I must admit to being seriously impressed—at least on initial walk‑through. Only time will tell as to reliability and security. I don't intend on relying on this for critical use—at least not yet—and data sanctity/privacy remains a big unknown. More research is still needed.

But for a "free" offering, this basket of goods seems almost too good to be true. Is that in itself suspicious? Or have I become needlessly paranoid in my old age?

Okay, an ultra‑preliminary report:
But for a "free" offering, this basket of goods seems almost too good to be true. Is that in itself suspicious? Or have I become needlessly paranoid in my old age?

I'm going to wait for your final review (after time) as I trust and value your views.
Thanks DH, wait, is that a big dragon behind you, I'm always mildly paranoid in my "Golden" years. ;) Peace.

The last couple of days for me has been like a kid lost in a candy store.

Seasoned users of Nextcloud will be familiar with what follows, but a newbie to the platform (like me) will find the wealth of offerings and the smooth functionality just mind‑blowing:

Pros:


I can again have synchronized RSS/Atom feeds across all devices without surrendering personal credentials to Feedly.
Talk replaces Hangouts, Meet, etc.
If using vanilla Ubuntu, the Gnome integration of four critical components is a breeze. Add the Nextcloud credentials to Gnome accounts and files are automagically integrated into Nautilus to appear as another network drive. Gnome Calendar maps the calendar. Gnome Todo shows all tasks. Gnome Contacts maps all contacts. Just awesome. Deck is an odd but powerful collaborative replacement for Tasks. It shows up in Gnome Todo as well, though in read only mode (so far).
Notes is primitive compared to Evernotes or even Keep. It uses Markdown natively, so those so inclined can dress up their docs with links, images, etc. So far, I'm not a fan. When making notes, I want something fast, simple, flexible and powerful. This one is too much pain for too little gain.
Sharing bookmarks across different browsers and even remote devices is now a piece of cake, though this raises big security concerns. Extensions can be added to both FF and Chrome-based browsers to make these bookmarks truly universal by reaching into your Nextcloud instance to retrieve the bookmark. This is massively useful and just as massive an attack surface. More care and research definitely needed.
There are even more apps in the Nextcloud repo that Disroot have chosen to forego for now. If these get added in the future, this cloud platform could become an 800 pound gorilla.


Outside of the cloud offering, the additional Pros are:


There appears to be a genuine commitment to privacy and anonymity. Aside from the glaring exception of e-mail (see Cons below), after signing up, users are basically anonymous. The admins make a point of not knowing who their users are and go to considerable lengths to preserve that Chinese wall.
There is a genuine commitment to FOSS. All of their offerings are first and foremost directed at using FOSS apps and services. This is part of their more general campaign to encourage "freedom, privacy, federation, and decentralization." Or, more concretely, "No tracking, no ads, no profiling, no data mining!" I suspect that this goes over very well with the sort of users who would freely choose to participate in a community called "Ubuntu Forums".
The other services mentioned in my prior post, like Mumble, Jitsi, collaborative office suites, etc. make an already strong cloud offering even more compelling.
I really like cheering for little guys. These four blokes are the quintessential little guys.


Cons:


Email, calendars, contacts, etc. are stored in the clear. (https://disroot.org/en/privacy_policy) This means that nothing is private and sysadmins can read them (though they promise that they won't). The server is hardened (to deny bad actors entry) but once penetrated, the whole game is up. In my opinion, this makes their e-mail unsuitable for serious use. At least they are honest about this—contrast them to Google who encrypt your e-mail contents but consider the metadata to be fair game—but I will be looking for my e-mail provider elsewhere. By way of contrast, these are the claimed practices (https://www.zoho.com/mail/security/email-encryption.html) of one of my paid providers.
It's questionable for me at this point how robust they are. Their whole team consists of four individuals. We don't know if they are part time or what their capacity is.
Their website conveys the impression of dealing with a clique of subversives. I have no problem with this in principle, but be aware that it attracts the wrong sort of attention from the wrong sort of spooky powers.
This sort of free and easy anonymity inevitably attracts scumbags. Disroot.org is often abused by spammers and even less savoury types. The resulting blacklisting of their servers makes their e-mail offering even less attractive. Even with no malicious intent on their part, this is a tough nut for the admins to crack.


Conclusions:

This appears to be a generous offering from a few idealists. They are dedicating their time and resources to creating and maintaining an ecosystem that lines up with FOSS principles of transparency, openness and community. However, this has the perverse effect of beguiling the careless (or uninformed) into thinking that kindredness of spirit is equivalent to competence and trustworthiness. Neither is true and it would be a potentially disastrous mistake to assume this.

I am intrigued by this offering and will keep my account open to experiment and to tinker. But I would not put anything important or personally identifiable on their servers. Until they can figure out how to effectively police this lawless little enclave that they've carved out, it isn't ready for serious business.

I do thank them for introducing me to the wonders of Nextcloud. I have resolved to host my own cloud in short order because the benefits are so huge. I will have to consider the tradeoffs between going the VPS route or running my own HW, but that's a separate matter. What I've gained clarity on is that Google can be extricated from one's life with alternatives that are as or almost as good and, in matters of privacy and ownership of our on‑line identity, far better.

The last couple of days for me has been like a kid lost in a candy store.

However, this has the perverse effect of beguiling the careless (or uninformed) into thinking that kindredness of spirit is equivalent to competence and trustworthiness. Neither is true and it would be a potentially disastrous mistake to assume this.



On the fence are we? (Jokenly said)
I think it very wise to trust only by timed experience. While remaining open minded.
DH Thank You for very concise review. :D
I also now will tinker a bit. ;)

FWIW, this whole line of inquiry has motivated me to reposition an old micro-server for use as a Nextcloud server. I am now self-hosting my own cloud, which, combined with the aforesaid limitations of Disroot e-mail, basically take away any further incentive to use them.

The unknown at this point is the reliability of self-hosting. But that would put my own thread off topic, so I will either discuss it in a new thread or even write up a tutorial once I've worked out the bugs.

In any case, it is looking more and more like I will at some point be deleting my Disroot account. They have been made redundant by my homegrown solutions. I do feel a debt of gratitude to them for goading me into expanding my horizons though.