Hacker News new | comments | ask | show | jobs | submit login

I understand why Posteo doesn‘t allow you to use your own domain (customer lock-in), but I don‘t find it particularly ethical how they lie about it („technically impossible“).

OTOH, I like that Posteo is not a corporation, but actually run by a natural person with full personal liability.




I don't know where you got that "lie" from. Posteo doesn't allow custom domains in order to have as less information about the customer as possible (what it calls "data economy", meaning it doesn't want to store data wherever it can be avoided). I have seen the FAQ multiple times, where Posteo has had this answer for not allowing the use of one's own domain. [1] I don't like that Posteo doesn't offer custom domains, even if someone is willing to make the tradeoff that Posteo believes it to be. But I don't see anything wrong in its ideological position.

_____

> Can I use Posteo with my own domains?

> No. We are an email provider with a particular, privacy-oriented model – and this is not compatible with incorporating own domains. One of our emphases is data economy: we do not collect any user information (names, addresses, etc) of our customers. We always answer requests from authorities for user information in the negative. On the other hand, own domains need to be registered to the name and address of a person. If you were able to use own domains with us, this would affect the entire concept of Posteo: we would need to start saving user information for all customers who use their own domains with us – and to provide these to the Federal Network Agency to be provided on request to the authorities.

> Even if only the MX record pointed to us, we would still need to store the assignment of the domain in your Posteo account as user information. Thus we would possess your user information and be required to give it out. For this reason, we have decided not to offer this possibility and instead to use data economy. We certainly understand that having your own domain is very important in the commercial industries, but from our privacy-oriented perspective, the disadvantages prevail. It is, however, possible to add various other email addresses with external domains as senders in the webmail interface and thereby to send emails with Posteo using external domains. In order to be able to read replies to these messages, you need to set up forwarding to Posteo for the external address.

_____

Also please see its stance on privacy [2], where it emphasizes minimizing the data collected from the customer.

[1]: https://posteo.de/en/site/faq

[2]: https://posteo.de/en/site/privacy


> We always answer requests from authorities for user information in the negative.

This has got to be bollocks, right? Always?

If they're served a warrant or subpoenaed or whatever the correct legal procedure is called, they're going to have to comply, right? And all they need is an IP address and you're hosed... unless you're taking multiple other steps to hide.

If I put my TFH (Tin Foil Hat) on, anyone who uses language that strongly is probably a CIA front.


WITPOUAAOSATSWISFWYAOGTUIO? (What is the point of using an acronym of something and then saying what is stands for when you are only going to use it once?)


Typically, acronyms wouldn't contain the initial letters of words such as is, of, an, and, for etc.

WPUASTSWSWYOGTUO

But to you point, my primary motivation in this instance was dramatic effect. Additionally, I'm hoping it will catch on.


Storing IP addresses of users in logs can be considered PII under German law already, so it’s likely Posteo isn’t even storing those.


Interesting, thanks you adding this.


My mind is telling me no. But my body, my body's telling me yes.

The lock-in provided by not using a custom domain is very convenient.


They told me by mail. This FAQ entry came later and is obviously a rather misleading answer.

How is storing the domain part of the mail address so very different from storing the local part?


Please read the cited FAQ entry again:

> On the other hand, own domains need to be registered to the name and address of a person. If you were able to use own domains with us, this would affect the entire concept of Posteo: we would need to start saving user information for all customers who use their own domains with us – and to provide these to the Federal Network Agency to be provided on request to the authorities.


That sort-of makes sense for why they do not offer you domains, but not why they do not have a "bring your own domain" plan (like e.g. mailbox does). There somewhere being a registrar knowing who I am doesn't change what they have to do, they do not need to have or look at that data in any way.


I think they're arguing that, if you bring your own domain, they still know what domain they're storing email for (by checking the reverse lookup) and they could look up the name behind it in the registry.

They don't want to be put in the position where they know what natural person a certain email belongs to.


They could also put the e-mail address in Google and find out who I am...

I get and respect that they want to provide a way to use their service without identifying yourself, but stopping a customer from voluntarily identifying themselves is fairly futile, and counter to how many people intend to use e-mail. (Indeed, they offer payment by bank transfer or paypal, so clearly they do not insist on full privacy)

Well, luckily they have direct competitors that offer the full range, so while I'd love more players in this segment I'm not directly affected by them not wanting such customers (and I find the argument questionable enough to reconsider recommending them in the future)


Even the payments part is addressed in the FAQ link I shared previously [1] and in a separate page about payments. [2]

While I'm sure that we would have to take certain things with a pinch of salt, since Germany is a Fourteen Eyes country, for me this amount of attention is something I haven't seen elsewhere (and not at this price). As I mentioned above, the social responsibility and other factors also heavily influenced me when I did the switch to Posteo.

From the FAQ: [1]

> "How can Posteo be anonymous, when I’m paying by bank transfer or PayPal?

> Credit is always added to your Posteo account anonymously – regardless of whether you pay by bank transfer, PayPal, credit card or in cash. We do not attach the data we receive with payments to the email accounts. We developed our own system for this in 2009, with which all payment processes are anonymised.

> The payment system is the core of our concept of data reduction, above all, because we keep payment information strictly separate from our customers' email accounts, we do not attach any user information to the accounts – and can thereby ensure the fundamentally anonymous use of our email service. You can find out in detail how the anonymisation of payment processes occurs at Posteo on our payment info page."

[1]: https://posteo.de/en/site/faq

[2]: https://posteo.de/en/site/payment


The point is, it's their company and they get to decide their features, not you. They don't owe you any kind of explanation.


Of course it's their right to decide the features. Just as it is my right to talk about how their given reasons for their decisions don't seem to make sense and let that influence my view of the company. Which is all we're doing here: talking about the companies to inform each other.


What on earth gives you the impression it's appropriate for you to prevent other users from wanting a company to have/build certain features?

It's neither the user's wish, nor the company as the company most certainly wants user feedback. Your post quite literally is only there to satisfy yourself.


Touched a nerve did I? Sorry to puncture your sense of entitlement.


No, they can't. If I wanted to protect my privacy I'd use a service like RespectMyPrivacy that hides my name.

Just as a rhetorical question: do they decline local parts in the form of firstname.lastname? Thought so.


Not sure I got what your rhetorical question is about. You don't have to provide any first name or last name or a real name. I've also linked to the FAQ and the payments explanation in another comment above, which go into more detail about what information they avoid collecting, storing and processing.


>I don't know where you got that "lie" from. Posteo doesn't allow custom domains in order to have as less information about the customer as possible (what it calls "data economy", meaning it doesn't want to store data wherever it can be avoided).

Sounds like a BS marketing answer.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: