Interestingly, as a self-hoster your email is much more prone to metadata analysis than anybody who is hosted at one of the big providers and has most of their email transferred to other big providers down TLS-protected port 25 streams.
Absolutely! Everyone has their own usage case, and one has to adapt accordingly -- even me! :)
My point was that simply selecting an email provider outside the US does not make email safe in any way and that end-to-end encryption is the only way to prevent providers from accessing the content.
Absolutely. Our argument (and to be fair, we are a provider) is that if you don't trust your provider then they're basically just a dumb blob transit pipeline. There's not much value add you can do there.
So we have focused on building the best thing we can for people who _do_ trust their provider, and also on having a business model which means that we can be a trustworthy provider because we have no secondary "customer" who is actually paying the bills. We don't have split loyalties.
They're not cleanly separable. You can tell a lot about a person by simply looking at what's written on the outsides of the envelopes in their mail. No need to actually open them up and read the insides.
Quite simple:
If someone were to sniff the encrypted traffic between Hotmail and Gmail then they wouldn't have any idea who was talking to whom.
If someone sniffs the traffic between Hotmail and my server, it's trivial to see that a Hotmail user talked to me or one of the few others using my email server.
