StartMail: Add a warning explaining drawbacks of the User Vault

[TrashPandaCodingGarbage]

trafficstars

Hello there,

I am a happy StartMail user - however, their "user vault" has some drawbacks, which should be mentioned on PG with a warning, to make users more conscious about the product.

Link affected: https://www.privacyguides.org/email/#startmail

The issue: Privacyguides decription of StartMail does not mention the fact that if you are logged in, LUKS container with your data is mounted and readable by StartMail.

In short, when you are logged-out, your data is encrypted and not cannot be accessed. This changes with the moment you log into StartMail - LUKS container is decrypted - which store user emails, PGP keys (including private key, which is NOT additionally password-protected, like in Protonmail), recovery codes etc., which can be accessed by StartMail employee, or an unsolicited person if the StartMail servers have been compromised.

Outcome of the issue: False expectations.

Solution: Describe User Vault somewhere in the StartMail section.

[TrashPandaCodingGarbage]

More info: https://www.reddit.com/r/PrivacyGuides/comments/r9vqtp/startmail_user_vault_how_much_security_does_it_buy/

[privacyguides-bot]

This issue has been mentioned on Privacy Guides. There might be relevant details there:

https://discuss.privacyguides.net/t/minimum-tls-requirements-for-email-providers/11830/18

[privacyguides-bot]

This issue has been mentioned on Privacy Guides. There might be relevant details there:

https://discuss.privacyguides.net/t/thoughts-on-startmail-as-a-email-service/16940/2