I’ve been using Proton Mail and VPN for a while now, and I’m just wondering how everyone else feels about them. I have this kind of inherent alight distrust of them just because they seem like they offer a lot for free and kind of have a Big Tech vibe about them, but there’s nothing for me to really substantiate that distrust with, its mostly just a feeling. That being said, I do use their services as mentioned and they work pretty well, even on the free teir. So aside from that one instance where they gave that guy’s info to the feds, is there any reason not to trust them with my data?
For my threat model and use case, I trust them.
more than google at least
Yeah i trust them more than the alternatives.
Based on my own privacy/security criteria, I chose and payed for protonmail when that was the only thing Proton had. I’ve been very happy with them and it’s nice to see how much they’ve since popped off.
For that one instance, not doing so would have been illegal and probably gotten them hit with a major penalty.
Any email sent to Proton in clear text is 100% accessible to them at the point of entry. They basically promise you that they won’t look at it before encrypting it for storage. So if you trust their promise, it’s all good.
Any email that comes in already end to end encrypted with OpenPGP is not accessible to them ever, kind of. If their client gets hacked and starts sending unencrypted messages to them or someone else, then they have access.
The only way to have a zero trust environment is always having people (or businesses) send you messages encrypted with OpenPGP, and never using Proton’s clients (webmail, mobile app, and desktop bridge). That’s fairly unreasonable, and you might as well use any other email service at that point.
So, you can trust them as much as any other company, because unless you write and run your own email server (which, trust me, is a huge pain in the ass*), that’s your only option.
* I wrote and run an email service called Port87, which launched recently, and there are so many obstacles to doing this, even if you’re only running one user on one domain on one server.
No, and I never will
Proton Mail + Tor Browser + diligent OPSEC
Bingo bango, you don’t even have to trust them.
You very much do have to trust them. They make the client you’re using.
If someone injects malicious code into their client, it can transmit your mail unencrypted, or even just transmit your private key. Will they inject malicious code into their own client? Almost definitely not. The chances are basically zero. But if they get hacked and someone else does, then it’s the same result.
Also, unless all email you receive is encrypted with OpenPGP, you’re still trusting ProtonMail to encrypt it for you before they put it in their database.
So yes, you still have to trust them.
…Tor Browser?
Also by “injecting malicious code” do you mean XSS? Yeah, that can happen, and it’s usually not Protons fault. The emails are end-to-end encrypted and encrypted while in your inbox with public and private keys.
Tor Browser only protects your IP address.
Emails received from outside senders are only end to end encrypted if the sender is using OpenPGP or S/MIME. Otherwise, Proton receives them in plain text (the TLS encryption is terminated at their SMTP server). They promise that they don’t look at them before encrypting them for storage, but you have to trust that promise.
Injecting malicious code means either XSS or if their build pipeline gets hacked. These companies release builds through a pipeline (usually download source -> download dependencies -> build from source -> package -> sign -> notarize (for Apple) -> release), and anywhere along that pipeline can be vulnerable. They might update a dependency that got hacked and now they’re hacked too. One of their build servers might get hacked and now they’ve released a malicious build. You’re trusting them to verify not only their code and their build servers, but also every dependency update. That’s potentially millions of lines of code per year to vet. It’s probably fine, but you’re still trusting them.
As for whether an attack is their fault, it really doesn’t matter. The end result is your leaked data. They could do everything they possibly can to protect you, but they could still get hacked. You are trusting them when you use their service. I believe they’re trustworthy, which is why I’ve been using their service for years.
A note about me: I know all of this because I have worked in big tech for ~11 years (Facebook, Google, then LinkedIn), I wrote an end to end encrypted messenger (called Tunnelgram, now discontinued), and I wrote my own email service over the past two years (called Port87).
Wait… okay, I think we’re talking about two different things.
Emails you send or receive are not private. End of story. That’s nothing to do with the provider; they’re just not. SMTP is from the stone age of internet when nothing was private, and the attempts to graft a layer of encryption on top of it are from the bronze age, when encryption wasn’t very standardized or well-tested against real threats, and all of that shows. Even if you put a significant amount of work into grafting full end-to-end PGP encryption on top of the best your provider can do to keep your emails private, it doesn’t work. Emails are not private.
What I assumed you were interested in was in separating your non-private collection of emails from your real world identity. Proton + Tor will do that, bang on. If you’re trying to send and receive messages which are genuinely private, use one of the fairly good options which can do that (Signal or Matrix maybe). If you’re trying to send and receive your non-private emails without it being linked to your real world identity, use Proton + Tor. If you’re trying to send and receive SMTP emails without people being able to read them, you need to rethink what you want, because you’re not going to be able to get that.
Proton can be anonymous, yes, just like every other email service. I think OP was wondering more about how they protect your privacy when you’re using them non-anonymously. I could be wrong though.
But yeah, don’t use email if you don’t trust your email provider. Setting up your own email server for receiving mail isn’t too hard. Most ISPs don’t block incoming traffic on port 25, only outgoing traffic. It’s the sending part that sucks when you run your own server. Even if your ISP doesn’t block outbound port 25, your IP is probably already on several spam blacklists. :(
But yeah, don’t use email if you don’t trust your email provider.
Not sure how much more I can simplify this: The “if you don’t trust your email provider” has no place in this sentence. Don’t use email if you need the content of your messages to be private. If someone’s looking at Proton because they think it’ll keep their emails private, then yes, that’s a bad idea. But that’s not because of the “Proton” part of that sentence; it’s because of the “emails” part, and setting up your own SMTP service will do nothing to remedy that (in fact it’ll make things worse because it’ll put your own IP address into the “Received-By” headers of every email you send out).
If you’re communicating with someone you know who’s also running their own email server, there is no problem with using email. Email is a good protocol, and it runs over TLS.
I’m not trying to argue or anything, but I think you should read this for a quite good overview of the issues involved with trying to secure SMTP email. You can also read any number of expert opinions saying the same thing, if you don’t believe me or that article.
If you’re communicating with someone you know who’s also running their own email server, there is no problem with using email.
So, basically, never. I’ve run several SMTP servers in my time. I’m having trouble thinking of an example of when I might have been communicating from one of them to someone else who also ran their own secure SMTP server. If you’re trying to set up a secure end-to-end communication channel with one specific person which involves work on both your ends, it’d be way easier and more secure to use some other transport protocol at that point.
Email is a good protocol
It is. 100%. Sorry if I gave the impression I didn’t think it was. For all its age and some amount of minor stone-age baggage it brought with it, SMTP is genuinely quite well-designed and still serves its purpose 43+ years later, which is incredibly impressive. That purpose is, insecure but reliable and interoperable communication.
it runs over TLS.
Yeah, so does your HTTP connection with Proton. That doesn’t mean the end-result system keeps your messages secure, any more than using HTTPS means Proton is secure.
You can read the article I linked to above, but basically the short version is that email is by the design of the protocol subject to being stored or transmitted unencrypted at various intermediate places as it’s being sent around, in ways that are by the design of the protocol impossible to prevent.
You’re not required to agree with me; you can think what you want, but that’s how I see it.
I mean, pretty much everything in that article applies to HTTP too. SMTP basically always runs through TLS now. If you ever get anything over an unencrypted connection, it’s almost 100% likely to just be spam. So mostly that article is complaining about your email being unencrypted on your provider’s server. Well, your Facebook messages are stored unencrypted too. So are your Slack messages. And Discord. And Twitter DMs.
I wrote and run the email service Port87, so I’m pretty familiar with how this all works. Email through a third party is about as secure as any other messenger. It’s not like Outlook.com is any less trustworthy than Discord.
I don’t need to trust anyone to use Port87, because I wrote it, but my users have to trust me, just like Google’s users had to trust me when I worked there, and Facebook’s users had to trust me when I worked there. You trust thousands of people when you use these companies’ products.
If someone is looking for end to end encrypted communication, I agree, they are probably better suited by another protocol. SMTP is really good at what it’s designed to do.
When I tried to register with a tor ip they asked for my phone number.
The issue with email, unless you are comumnicating between two Proton Mail accounts, is that your message will likely be stored on another server which is extremely likely to be unencrypted. The bottom line is that you can never trust the rest of the infrastructure, and you have no control over it. You can end-to-end encrypt using PGP, but this is extremely impractical.
Yeah, email is unsafe, agreed. I addressed that below, saying I thought they just wanted to separate their real-world identity from their un-private emails. If you’re trying to use Proton to keep your un-private emails private, you’re gonna have a bad time and you should use some good end-to-end solution that isn’t email instead.
Why is anyone using email anymore? (He said with a straight face)
Personally, email exists solely for merchant receipts, and IRS collection notices. I don’t use email with any family or friends. Matrix, signal, session, most any messenger but I prefer e2e.
Maybe I’m internetting wrong.
My friend doesnt have a smartphone, so we comnunicate via email ^^
Just because you don’t? I use e-mail as my main way of messaging people I know and like.
You must not have a white collar job. The corporate world lives for email.
I agree with you. Email is flawed and not appropriate for modern communication.
If you want the messages to be written in letter-like format, then you can write them that way. No need to make it chatty if you don’t want to communicate that way.
Email shares far too much metadata and should be used just for account-updates, account-control (password reset, MFA, and so on), etc.
Otherwise I just push everyone to Signal, since it’s normie-friendly and already using quantum-safe encryption.
–
To the OP’s question: yes, I trust Proton. They can’t access my data if they wanted to. They’re a lot better than competing companies.
Check out some of the steps they’ve been taking to improve OpenPGP and go down to “Upcoming improvements” to see their future plans: https://proton.me/blog/openpgp-crypto-refresh
And, remember, they are more than just an email company: https://proton.me/blog
https://piped.video/watch?v=iH626CXyNtE
- Dont use webmail, the purpose of a browser is to execute foreign code of unnown sources -> they can serve you any website they would like
- dont use Email, it’s all plain text on the servers (unless you insist on using pgp, yet still a lot of metadata is plain text)
- dont use centralised communication ie. Signal. You’re creating societal habits that wont be easily changeable if you start to distrust them. Matrix and IRC etc. dont need a phone either
Numbers 2 and 3 act like these are things that you can easily just stop
I don’t completely trust any “privacy-focused” company, but I trust proton a lot more than most others.
I stopped using them because their Android app is absolute dog shit. But I would trust them more than Google.
Ill get straight to the question: what should i use? I use proton currently but they are pretty sus.
Fastmail looks nice in terms of features/cost - it is also owned by the people who run it, which is a big green flag.
But I am in the same boat, looking for a new service, haven’t made a switch yet
it is also owned by the people who run it
The ownership of a service, ideally, should make no difference to that service’s trustworthiness.
That makes absolutely no sense - at the very least, this is unimplementable for an email provider.
I am trusting someone for my data. Ownership belonging to the people running it, who just want to make a living, has the meaning that our interests are better aligned than a multinational ad agency or a nation state whose subject I not even am. That relationship is more healthy, the contract is clearer and more balanced.
at the very least, this is unimplementable for an email provider.
If one ignores the collection of metadata, then this is the very purpose of PGP.
I am trusting someone for my data
The point that I am trying to make is that one should never have to trust someone with their data – if all data is encrypted, for example, from a privacy perspective, it really doesn’t matter where it is stored. Of course, metadata can still be gathered, but that is, in my opinion, a lesser issue, and the user has some, if not complete control over it.
I should also say that it depends on what you mean by “trust”. My response, and original comment are under the assumption that “trust” is referring only to privacy.
After the WhatsApp scandals, my trust in encryption is limited. I’m not a mathematician (which is a goddamn shame), and if there is a backdoor in the mathematics themselves, I wouldn’t be able to catch it even if I read the source code. And there is always the possibility of decryption by quantum computers…
So where we store our data is very important, even if it is decrypted. Encryption is just a secondary defense, the primary is limiting the accessibility to the data itself. And where you store the data, and to whom you allow access, determines the accessibility
Skiff looks cool
Ill get straight to the question: what should i use?
Are you referring to email?
I thought it was obvious from the context but ues
In that case, the email provider that you use makes little difference at all. Because of the way that email works, it will always be visible in plain text (unless manually encrypted through PGP) by a third party other than the recipient at some point. There is of course the exception of, for example, direct communication happening between two Proton Mail accounts, but this is really hardly worth mentioning in any practical sense.
The long and short of it is that email should never be used for secure communications.
Tutanota is nice and a bit cheaper too. A bit limited in features compared to proton but I still like it.
No. I don’t trust the Swiss. They’re tied up with US intelligence and they’ll do anything for money (that’s why they’re always neutral). I’ve gotten shit on here before for saying Protonmail might be a honeypot but I’m sticking by it.
Such a point is rather moot – one should not be using email for any form of secure communications, as it is inherently insecure.
For some use cases, perhaps. I do trust them to keel over as soon as anything looking like an authority sends a request. I don’t trust them to be as good as their marketing.
No news about scams or particularly evil policies yet, which is far better than many providers.
Not at all, mental outlaw has a video why proton is a honeypot
And yeah, you can’t really trust anything not self hosted by you
One of the biggest tinfoil hat youtubers out there, heh. I think he has some good stuff though, other stuff is just plain speculation and paranoia. Email in general is not secure, not everyone can self host or wants to self host. Proton does it’s job for anyone that needs an alternative to Google and also wants to maintain a set of features like calendar, tasks and so on.
Link please.
Very sorry, I’m not sure which videos it is
Try to watch mental outlaw’s and the hated one’s videos about proton
Or wait, maybe it’s not mental outlaw
Maybe this one https://www.youtube.com/watch?v=AhdJzjC7Leo
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=AhdJzjC7Leo
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Sorry for YouTube link, i’m using newpipe
https://www.youtube.com/watch?v=IeXaYR4ed9c
Edit: and also this https://www.youtube.com/watch?v=QCx_G_R0UmQ
This, this, this
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=IeXaYR4ed9c
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
And you can’t even trust that - good luck finding hardware with open source schematic that is not ancient.
All processors have built-in spyware (Management Engine etc.), and that’s not going to change, since there are only a few highly sophisticated factories in the world that can make them, and the factions controlling those have no interest in producing consumer grade spyware free hardware. Modern processors have become essential for weaponry and warfare, so this is not going to change, only get worse.
No.
I trust no single hosted service, but you can use them with caution.
When Proton has a single app available on native F-Droid wirh zero anti-features, not from a different repository,conly then will I use their services. I don’t use anything from them now. No Protonmail, no VPN, I don’t use them.
https://www.f-droid.org/en/packages/ch.protonvpn.android/
Mail’s on Izzy, tho: https://apt.izzysoft.de/fdroid/index/apk/ch.protonmail.android On the other hand, I don’t exactly see a reason to have a mail client on the phone at all. I mean web browsers do exist, and the app doesn’t seem to provide any additional benefits.
Also, wdym by “single app”? If as in “at least one”, then VPN counts, and if as in “one app that incorporates mall + VPN + whatever else they come up with”… Why?
P.S. I’m not agitating for or against using proton, just curious.
I said native F-Droid repsitory. I also said with zero anti-features.
In F-Droid settings, under Include anti-feature apps, unselect all or turn off all options, turn off other repositories like Izzy, then do a regular app search for Proton, there is nothing available in F-Droid
The link I’ve added (VPN) is for native f-droid repo. As for anti-features,
So that’s more about server side being proprietary than the app itself (also, mullvad’s app has the same anti-feature)
Wether it’s due to server or client, Proton is not option.
There are free Telegram clients, there is no way I will ever register with Telegram service.
I am extra harsh of Proton because I reject the concept of proprietary security. They trumpet privacy and security but tell people to trust them for secuity, they can’t release server code, but they want everybody to trust that their servers don’t have a back up of account info like keys or backup access to account.
I don’t use Signal for the same reason, only Molly, and I refuse to install Signal on computer.
There are reasons why email clients are more secure
Genuine question: which ones?
