>I referred to this in my comment. It's proprietary, communicates with ProtonMail over their proprietary API, and is only supported for paid users. These are fundamental features of an MTA, not a paid addon, this is absolutely disgusting.
This goes back to the my original point that protonmail is pgp for most people. You sound like the sort of person who'd use a self hosted email server + some IMAP/POP3 client + some PGP client with self managed keys. Maybe having an open stack is important to you, but people like you are definitely in the minority. Most people don't know and/or care what PGP, IMAP, or MTA is, but they want something more secure than gmail/outlook.
> Protonmail chose to be incompatible with this established standard.
They've supported receiving PGP-encrypted emails[1] and are working on IMAP support currently[2]. Would be nice for you to cite sources before making strong claims like "chose to be incompatible". Everything is a feature and needs time to implement.
I spoke on Mastodon recently about Protonmail - it's a scam and I cannot recommend it to anyone. They own your email, they don't support open protocols including SMTP and IMAP and the only way to export your emails is through a proprietary end-user application. They excuse this nonsense by saying that it's necessary for encryption, which is blatantly false. Their security is also based on trusting ProtonMail, since they could easily siphon off plaintext at the SMTP level or secretly modify their JavaScript to exfiltrate your private keys from the web browser. Genuinely secure systems do not require you to trust their operators.
>PGP, because it is built on top of email, is therefore also a federated encryption system. Unlike other encrypted communications systems, such as Signal or Telegram, PGP doesn’t belong to anybody, there is no single central server, and you aren’t forced to use one service over another. We believe encrypted communications should be open and not a walled garden. ProtonMail is now interoperable with practically ANY other past, present, or future email system that supports the OpenPGP standard, and our implementation of this standard is also itself open source.
This is rich. Why don't you start with the far more fundamental and important standards of SMTP and IMAP, Protonmail? Why don't you open source your desktop & mobile applications or your bridge? What a joke.
> what does Protonmail offer in terms of privacy that is better than GMail or Outlook, given that USA and Swiss are both adhere to democratic standards.
Well for a start the privacy policy of Gmail allows them to use your data for advertising purposes.
Secondly, emails encrypted at rest, are still encrypted, so at least the body is protected.
Unless you were receiving emails that were encrypted prior to being sent that wouldn't be the case with Gmail.
> what does Protonmail offer in terms of privacy that is better than GMail or Outlook
Encryption. That was always the point. Your emails are stored encrypted, and nobody can read their content except you.
Not sure why some people expected ProtonMail to act as a magical VPN, both truly anonymous and not obeying to any court order, to an unencrypted email account like Gmail.
> As I understand it, ProtonMail basically uses PGP. It just does it in Javascript or whatever.
This means that maybe now the private keys are on your device, at any point in time they can update their frontend javascript code to get your private key and read all your emails.
> The ability to use GnuPG serves as a filter ;)
Yes definitely, I wouldn't get any emails at all anymore. Works great for Inbox Zero I guess.
> I assume the point of Proton Mail using OpenPGP is so that mail sent by Proton Mail can actually be verified/decrypted by other systems that aren't Proton Mail?
My experience with Proton is that they really don't care anything about encryption or signatures except as they apply to emails between Proton users: http://jfloren.net/b/2023/7/7/0
> When you’re communicating with email addresses outside of ProtonMail, their servers will see your emails. Your emails might then be encrypted “at rest”, but they’ve passed through their servers unencrypted anyway.
Decryption is done in the browsers so it's not passing through the servers unencrypted. (ProtonMail is one of the biggest contributors to Openpgpjs).
> To workaround it, for sending to email addresses without a ProtonMail account, AFAIK they also give the possibility to send a link to a ProtonMail interface for decryption.
And you can add the recipient PGP key in ProtonMail settings so it's pure PGP. (I've heard that they're working on Web Key Directory support for automatic contact key retrieval)
> And also web interfaces are inherently insecure for E2E encryption, which ProtonMail encourages.
Not strictly true. The problem is web interface hosted on a foreign host. For a secure web interface see e.g. Mailpile.
There are also other ways of minimizing risk like using Mailvelope that communicates with GnuPG through Native Messaging.
> In other words ProtonMail is anti-standards.
Not for all standards for example ProtonMail is very active in OpenPGP mailing list.
For the record I'm not using ProtonMail but I like that they're promoting PGP by showing that it can be made relatively easy. Too much people think that the UI complexity in PGP is intrinsic.
> There are people who think that Protonmail is a government front. I don't think so, but who am I?
It seems that many people have a wrong (read: unrealistically high) expectation of security on Protonmail to begin with. If you are just using Protonmail as a plain mail service, it's nearly as vulnerable as any other emails providers: all incoming mails can be monitored at the originator's mail provider, or at Protonmail, all outgoing mails can be monitored at Protonmail or at the receiver's mail provider. These security properties are natural conclusions from the architecture of SMTP. No backdoor is needed. If the government wants to subpoena your mail, they can simply require Protonmail to intercept all incoming traffic at the SMTP server before it's encrypted locally. Also, the fact that Protonmail is subjected to subpoenas is publicly announced on their website, and they state that they'll cooperate as far as the degree allowed by cryptography.
No backdoor conspiracy is even needed to begin with. End-of-end encryption is only used in-browser when you're sending mails to another Protonmail user.
Don't get me wrong. I use Protonmail and I'm a paying user. The only major advantage of Protonmail is data-at-rest encryption, once the plainmail arrives to your inbox, it's not possible to be leaked retroactively without your passphrase. And this advantage alone is enough for me to use it, since it's as insecure as any other mails at worst, and a bit more secure at best, I have nothing to lose. If a higher degree of security is desirable, it's still your own responsibility to use end-to-end encryption, preferable, one should also use Protonmail's official client (with source code) to access Protonmail locally, which ensures that malicious JavaScript can't be injected from the server side to reveal the passphrase to your inbox.
Finally, if you must find a credible conspiracy from it (I'm not a fan of doing it, 90% of the time the arguments are all vague "backdoor" or geopolitics rather than a technical security analysis), Protonmail can be considered a PR hack supported by the NSA that misleads non-technical users to think it as a silver bullet, thus actually impeding the progress of developing better end-to-end encryption for email communication.
> You're saying that Swiss-based Protonmail is worse for privacy than Australian-based fastmail?
I'm claiming that neither of them are good for privacy. As a sibling wrote so well: "encrypted email just isn’t a thing. The minute you send a message to someone else it’s out in the wild."
I have zero interest in my email being encrypted or protected or anonymous. So ProtonMail's value proposition is meaningless to me. But the fact that ProtonMail masquerades and markets their email as private and encrypted is the problem. They're subject to subpoenas, just like everyone else, and if they are going to market their service as private, encrypted, or anonymous, then they are misleading at best and lying at worst:
Lots of other interesting dirt if you do some basic google searches.
So I chose Fastmail because of their honesty. I know what I'm getting. Their prices are great, apps are great, web interface is great. They've been around since 1999 -- longer than Gmail. I used their free tier first then moved to paid with a custom name some time ago. Clearly they're not going anywhere. I'm not sure what else you can ask for in an email provider?
> > your IMAP and SMTP username and password are transmitted to Microsoft in plain text.
I think that is not true. I think that is a lie on Proton's behalf.
When I set up the email client, it connects via OAUTH2 to the other services. It's connected as an app and not via credentials. If it connected via bare credentials, then it'd be a "legacy app" and you'd need to generate an "app password" for it, but you don't.
>Protonmail's method of encryption allows them to encrypt the entire message, including headers/metadata
I would prefer to see them promote standards to extend PGP rather than invest that time in a new, proprietary system with no buy-in from the email-related-software development community. I can follow the logic but I can also see their eyes lighting up when they realize this is a great excuse for having a proprietary, locked-in platform.
>It also encrypts the messages received that weren't encrypted when they weren't first sent
> How do you like it? How does it compare to Protonmail?
For a start you can't use PGP, which means external people cannot send you encrypted email unless they use a "temporary inbox" feature. Often they won't do that so the email you receive will be unencrypted at the point Tutanota's servers receive it.
Also Tutanota does not allow you to use email clients. You also can't import your email, and can only export per-folder.
It's also worth noting Tutanota, and Posteo (mentions TKU), and Mailbox and all the other providers will comply with lawful interception requests. Tutanota in the past has handed over email before it was encrypted.
The article that justifies this claim is absurdly unreasonable in its approach, and its titular claim easily demonstrably false. Most of its method, such as it is, hinges on complaining that people haven’t chosen to make their email address public on their GitHub profile (which is something you have to opt into), and trivially falls apart; most of the rest comes of ignoring a separation of personal and work identities and is also nonsense; and the remainder is at least mildly dubious too.
Point six is also utterly clueless, as observed by others here already, and one or two of the other points where I do know a little have claims that are misleading or speculative at best.
Doesn’t incline me to trust this article on the parts that I don’t know about, even though I agree with some of its points (most significantly that first-party encryption is largely a crock—see Fastmail’s reasoning about that in parts of https://fastmail.blog/advanced/why-we-dont-offer-pgp/).
> In addition to this, ProtonMail has no password requirements, and the Professor has tested it with passwords like ‘1’, ‘iloveyou’, and ‘password’, which are all trivial to crack in dictionary attacks. Once these can be confirmed, an attacker has your entire email history.
Surely, they could enforce password requirements, but for me every user is responsible of having a secure password. If your account gets compromised despite the service hashing password correctly and having brute-force prevention mechanisms in place, it's on you for not having a strong enough password (or reusing it).
> And the flaw is that it is relatively simple for ProtonMail to serve you a modified version of their web application or the underlying PGP implementation. There is no way to cryptographically verify that you are getting the official version of the web client as stored in their repository.
Yes, this is true. But for anyone requiring absolute state-of-the-art privacy, you could simply use your own pair of keys without ever sending it to ProtonMail (i.e. you would use ProtonMail to send and not to encrypt, even though you would still benefit from their encryption as an additional layer). All open-source web-based services have this kind of flaw.
> PM can once again replace the web application or PGP software to recover the original message and passcode.
(This is in reference to the "Encrypt-To-Outside feature".) Yes, this is true as well, but look at the alternative: I send an email to your Gmail account. Google can read it. Then, you reply to my email, and ProtonMail could catch it in transit while it's not encrypted. I mean, they don't need you to use that feature to be able to catch your communications. So, we're back to the fact that they could serve a different version of the source code than they advertise.
I really fail to see the point of this article. I'm sure most of the users use it to stay away from Google tracking, and even the author agrees that if you need total privacy you should use your own keys.
Protonmail is not email, and should stop misrepresenting itself as email.
My favorite 'feature' of protonmail is that you can't access your messages via imap or pop, and their suggestion regarding exporting messages is: "At this time, you are able to save individual emails by using the "Print" function found inside each email in your account."
Protonmail had a very weird role in campaigning against the new sigint-law in switzerland, they used it for marketing for their service... now they say it's not that bad because protonmail advises the government on it.
I am very dubious of protonmail's claims. They don't release their server-side code, so nobody can audit it. There is no way to make sure a PGP encrypted message sent to a friend is actually encrypted with their public key only, you have to trust them.
You are also just one XSS away from losing your private key...
What about the other things that are important, like does protonmail do full disk encryption? do they log ip addresses? They require you to sign up with a phone number if you use tor, but "promise" not store that. How can we trust them?
Their ToS states: "you agree to not use this Service for any unlawful or
prohibited activities". But hey, if Mr. Robot uses it, it must be good!
They also have a very shifty claim of e2e encryption and a weird de-facto disabling the use of pgp. They do use openpgp.js, but for encrypting your mailbox, not for actually using pgp to mail other people.
They do actually support incoming pgp just fine, but I like to think of e-mail is bidirectional. To be fair, that is something they've had on their roadmap, but for almost three years now. Giving up the ability to send pgp-encrypted e-email is not a great trade-off (and let's not even get started on their notion that you're somehow better off with gmail as long as you use pgp).
So, trust the server, trust the HTTPS connection, trust the browser to not have any backdoors or security flaws in all extensions, and trust other apps that can access the browser's files and syscalls. Trust us, we are in switzerland. Why do people think that switzerland makes them somehow better position to deal with legal issues? Anyone from switzerland will tell you that they are not immune from evil laws and different parts of switzerland are significantly more draconian than others. Tell me how switzerland is some safe-haven that you should use as a criteria to determine your opsec. This selling point is pure snake-oil.
> But as soon as you keep reading it clears that right up
C'mon man, even you should know how much BS that is. They are misleading people and they know it, just hoping nobody reads the fine print. I have 0 trust in Proton because of this shit.
It doesn't matter what they say in the fine print, telling people there's strong encryption at all times right next to "end-to-end encryption" would fool anyone into thinking Proton can't read email in transit to non-Proton emails (in fact they even claim this, and it's false). They wouldn't be able to gain any users if they told the truth that they are the same as any other email provider except when they email their own users.
They even have the gall to say they offer a more secure business email but don't offer SAML or log integration, very basic things any actual business is required to have if they want to even meet baseline security measures.
> If both sides use ProtonMail, communication is end to end secure.
If both sides use [the same provider], it's not mail anymore, it's something internal. That is the fundamental issue of ProtonMail/Tutanota/any service provider that pretends to solve end-to-end encryption in email: without standards, it's a proprietary system. Today the only viable path towards easy E2E encryption in email is Autocrypt. AFAIK only Posteo is working towards including it.
I don't think you appreciate just how insecure email is.
How can you trust imap and smtp but distrust pgp? Protonmail emails are encrypted only when you send them to other protonmail users.
I am really flabbergasted with your thought process. Gmail isn't a scam but protonmail is? PKI is trustworthy but pgp (wot) isn't?
If you're afraid they'll modify their javascript,use their app!! Please tell me what webmail service you use,do they not use javascript?
Scam implies intentional deception,you failes to prove that. Moreover you sir are slandering them.
Let me say this - I don't care if they literally cloned yahoo's codebase, they are in switzerland and I pay them for their service, that alone makes them worth paying every cent!
This goes back to the my original point that protonmail is pgp for most people. You sound like the sort of person who'd use a self hosted email server + some IMAP/POP3 client + some PGP client with self managed keys. Maybe having an open stack is important to you, but people like you are definitely in the minority. Most people don't know and/or care what PGP, IMAP, or MTA is, but they want something more secure than gmail/outlook.
reply