Given Proton Mail’s fashiness coming out of the woodwork, lots of folks are looking at switching away — but they have a reasonable concern: Aren’t Proton Mail’s privacy features special, different from a normal mail provider?
-
Paul Cantrellreplied to Paul Cantrell last edited by [email protected]
In particular, if you use Proton Mail, a hostile government wants to surveil your email, and Proton Mail (with its quisling CEO) decides to oblige:
- They can still surveil everything sent to you by other parties.
- They can still surveil anything you compose in your preferred non-Proton email client (e.g. Mail app on your phone). [CORRECTION: They lock out such clients altogether on mobile, provide fiddly local relay for desktop]
- They can still backdoor their own product offerings (which is likely to go undetected without an open protocol with multiple clients).
- I suspect (but don't know) that their architecture that supports webmail also makes blanket surveillance possible.6/
-
Paul Cantrellreplied to Paul Cantrell last edited by [email protected]
Here’s an in-depth analysis of Proton Mail’s security architecture as of 2021:
https://eprint.iacr.org/2018/1121.pdf
It’s highly technical, but here’s the headline: “As it stands, ProtonMail does not meet its self-professed security goals when these are subjected to analysis.”
Maybe they’ve improved things since 2021. [Update: They don't think the paper makes a good case: https://proton.me/blog/cryptographic-architecture-response ]
Still, fundamentally, Proton Mail is trying to make a pig fly here; email protocol just weren’t designed for E2E encryption. There will always be leaks, slips, gaps.
7/
-
You might like Proton Mail because of quality of service, or privacy policy, or not hosted in the US, or other reasons like that. Fine.
But AFAICT, there is not a compelling technical argument for their service •in realistic practice• being significantly more secure or resilient to server-side surveillance than any other credible email provider.
Again, if somebody with deeper knowledge of Proton Mail’s technical guts has better info, please let me know.
/end
-
@inthehands Thank you for that well-composed thread.
May I ask what you use for email?
-
John Mark Ockerbloomreplied to Paul Cantrell last edited by
@inthehands Not only is email not technically designed for E2E, it's not really socially designed for it. Given that email addresses get shared with various people and organizations, and they're common vectors for spam, phishing, and the like, I'd assume most email users *want* their ISP to be able to scan and filter that stuff out, rather than try to do it themselves. But that means it can't be E2E, and the users have to have a certain level of trust in their ISP.
-
@inthehands I wasn't sure where in this thread to reply, but I was told yesterday that the "secret sauce" bit to Proton (and Tuta) is that only you have the decryption key to read the contents of your email. For example, I read Tuta's security page yesterday and their email search index is on your machine, because they can't do it.
So, it's slightly better than what is obviously a protocol never intended for private communication. Having said that, I did prefer that my email was sat outside of US jurisdiction (Cloud Act) vs having to go through an international warrant.
Good thread, thanks for putting it together. Email is definitely one of those things that are old enough that people won't know this stuff. That everything is encrypted in transit is something I learned, actually.
-
@greycat
Sure. You probably know more than I do on the topic, so please correct anything I posted that looks sus. -
@_dmh @jhlibby
I don’t have an article; it’s posts on here about the CEO’s remarks — and deleted posts from the company’s official account — that I’m referring to.In my view, it’s a “where there’s smoke there’s fire” situation: if they’re doing something fashy behind closed doors, you’re not going to hear about it until it’s way, way too late.
-
@PublicWolf
Pobox, since the late 90s (!), which was bought by Fastmail in 2015 and has remained excellent since then. -
@tehstu
AIUI, Proton still kind of sort of hangs on to the secret key to provide services like webmail. Check that security paper. They may have improved things since 2021, but as you say, it’s a rickety proposition. -
I [email protected] shared this topic
-
@[email protected] I think you're almost completely correct on everything. My only nit is this point:
" They can still surveil anything you compose in your email client (e.g. Mail app on your phone)."
Proton does not work with the standard mail app in ios. You can only use their app because that's the only way to (de|en)crypt your emails. On desktop, there's a "bridge" that does that job before your client sees the email. It's like a local IMAP/SMTP server that your client talks to, and sends encrypted email up to their servers. -
@inthehands Thank you! Very kind of you to reply.
I'd been trying to choose between Tuta and Proton, but just yesterday was told of Fastmail.
Thank you again!
-
L [email protected] shared this topic
-
@Willow
Ah, I didn't know about the local IMAP/SMTP on desktop. So •some• non-Proton clients can still preserve encryption. -
H [email protected] shared this topic
-
@PublicWolf
To be clear: using Fastmail is basically just saying, “feh, email isn’t designed for E2E encryption, I just have to trust my provider.” Which I think is the correct answer, but…just to be clear.Tuta attempts to solve the same problem as Proton Mail, but is much much more explicit about where the E2E encryption boundary lives. That makes it more annoying, but probably also more secure in practice (because you’re very clear about what is and isn’t encrypted).
-
@inthehands You’re correct that mail ingress / egress is exposed to the email provider, but with E2EE the provider must be intentionally and covertly wiretapping you the whole time. Most companies who receive court subpeonas are able to hand over your entire archive of data at any time, but the scope of what’s available to E2EE providers may be significantly less since your archive is stored with keys they don’t have.
-
@august
Per the security paper above, it’s not clear to me that the secret key really •is• secret from the provider at all times.Regardless, I would expect that the ingress problem means that a very large portion of traffic is available for subpoena in practice.
-
Arp Laszlo • Comics • AuDHDreplied to Paul Cantrell last edited by [email protected]
@inthehands I switched to Proton because I didn’t want Google knowing everything about me, and because DIY mail servers are a pita wrt email delivery. But I’d consider an alternative if a good one existed. I’ve heard of Tuta but I dunno much about them.
-
@inthehands Oh that’s a good point, I misunderstood that you were looking at this specific feature, rather than the overall benefit of using an E2EE provider when 99.9% of emails one sends / receives is not E2EE.
idk how their passphrase-locked mail is technically different than something like https://wormhole.app
-
@inthehands kinda hard to have a valid opinion about something if you don't use it.
