Self hosting is best if you have the knowhow, inclination and time to maintain it, but there are alias services that will encrypt any mail they forward using a key you provided so this would eliminate the ability of your chosen non-self-hosted email provider/server to easily read your received mail limiting their ability to profile or target to any metadata and header info that is passed along unencrypted.

Of course, then you are placing trust in the alias service’s privacy and logging policies. But some are open source and you could host an alias forwarding service yourself if you wished as well.

eatthecake, they clearly need you on the marketing team, stat.

I’d like to see some evidence that F-Droid is less secure (or privacy respecting) than using the big Gs playstore or services, which many, if not most, playstore apps depend on to function.

I mean this sincerely and respectfully. I’d love to look onto it.

Because in my current opinion and approach, if you vet your apps and practice good digital hygiene, then FOSS>GOOGL/Alphabet for nearly everything from a privacy and security perspective.

Edit: if I misunderstood and you were saying don’t use G playstore or Aurora AND don’t use F-Droid, then may I ask where are you getting your apps, other than directly from the devs page or github and so on?

I’d personally prefer they didn’t implement any KYC-style identity verification at all in the first place, but it’s not my service or project and I’m not a paying customer, so my preference is largely irrelevant to them. But that said, I didn’t intend the comment to be damning, or even a particularly harsh criticism, just thought it wad an odd choice.

If what you are saying is accurate, and there aren’t better options, I at least understand that choice a bit more. If they feel they need an identity provider for whatever reason, they should obviously choose the one they feel best fits that need. And as others have noted, different servers and instances can be spun up or utilized. Users can choose to utlize whichever fits their needs best, or none if none of them fit.

Your other point is well taken though that it may be a gap in the marketplace. Sounds to me like a need waiting to be filled. I recall reading about some decentralized blockchain solutions for this sometime back, but do not recall the specifics. I haven’t followed along because it didn’t seem relevant to my personal or business needs at the time.

If anyone else knows of alternative options that may be better or more privacy friendly, I’d certainly be interested to hear about them. And would chip in funding for any good FOSS projects that might seek to solve this problem.

I agree with you and it’s an important distinction. But for me it’s also about the ethos of the developers or company. Promoting free and open source tools is great, but requiring the opposite as a prerequisite to use the largest publicly facing implementation of that is a very odd decision.