I need an email provider that 1) Not only promises not to read my emails, but literally CANNOT read my messages due to underlying encryption, 2) Allows for searching of emails (some services cannot allow search when mail is encrypted) 3) Encrypted (at rest) calendar, and sync via calDAV, 4) Open source.
I have also used this handy tool, and when filtering on https://thatoneprivacysite.net/email-comparison/#detailed-email-comparison
When filtering on whether the platform is open source, calDAV support, and encryption at rest, I get only the following options: Posteo KolabNow Disroot Tutanota
I have researched historical HN discussions on a variety of email providers (runbox, fastmail, posteo, mailbox.org, tutanota, etc), and there have been some very scathing reviews of the encryption algorithms, methodologies, implementation, platform security, etc.
For someone that doesn't want to send encrypted mail, but wants a basic service where I can be confident the data stored is mostly safe* from surveillance and arbitrary access by anyone other than myself, what would be your suggestions?
But if they can’t read the e-mail, then they can’t process it for you and act as your service provider. Otherwise, how would they know what to do with the black box you have given to them?
If you’re going to use an external service provider, then at some point you have to trust them, at least to a degree.