Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.

Administered by:

Server stats:

9.4K
active users

hachyderm.io: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Public
Paul Cantrell

Given Proton Mail’s fashiness coming out of the woodwork, lots of folks are looking at switching away — but they have a reasonable concern: Aren’t Proton Mail’s privacy features special, different from a normal mail provider?

AFAICT, the answer is yes in •theory•, but you aren’t giving up that much in •practice•.

Short 🧵 surfacing notes I put in a reply — and likely containing inaccurations about Proton Mail, so please correct me if you have better info!

1/

Public
Paul Cantrell

In practice, email is pretty much all encrypted in transit these days (almost all SMTP and IMAP happen over SSL/TLS). You don’t need to worry about random third parties on the internet scanning your emails in transit.

Email, however, is not end-to-end encrypted: your own email provider (Gmail, your ISP, whatever) can see all your messages. Many actively scan your email to profile you. (This also applies to the email providers of the •recipients• of your emails.)

This is the problem Proton Mail claims to fix.

2/

Public *
Paul Cantrell

The problem is that Proton Mail can’t fully fix it. IIUC, their E2E encryption requires active participation of both the sender and the receiver: proton.me/support/password-pro

That means:

- No communication initiated by the other party is going to use it. Your bank account password recovery link isn’t E2E encrypted.

- If you want to keep a conversation you started with a human encrypted, the recipient has to use a clunky web portal to read & reply.

3/

ProtonHow to send Password-protected Emails in Proton Mail | ProtonProton Mail lets you easily send secure, end-to-end encrypted emails to non-Proton Mail email addresses using a password.
Public *
Paul Cantrell

- If the recipient of your communication quotes what you said in a normal email without using the Proton Mail web portal, oops! no longer encrypted.

- They say Proton-to-Proton emails are E2E encrypted, but there has to be an asterisk next to that: their SMTP server •must• get plaintext from my mail client, however briefly. [CORRECTION: They do not support SMTP except via local bridging; scratch this one]

- And the whole time, you just have to trust that this apparently fash-friendly company’s opaque software is doing what they say it’s doing.

4/

Public
Paul Cantrell

I honestly see no advantage of Proton Mail over just saying “let’s take this conversation to a secure platform (e.g. Signal).” And if you do that, you’re using a protocol that was actually •designed• for E2E encryption instead of trying to bolt it on the side.

I am not a Proton customer, so I may be missing something here. Am I?

If I do understand correctly, it seems like the security benefit of Proton Mail is mostly theoretical, weak sauce in practice.

5/

Public
ROMMIX

@inthehands kinda hard to have a valid opinion about something if you don't use it.

ExploreLive feeds
About