Given Proton Mail’s fashiness coming out of the woodwork, lots of folks are looking at switching away — but they have a reasonable concern: Aren’t Proton Mail’s privacy features special, different from a normal mail provider?
-
@inthehands the basic problem with that kind of “encrypted” “email” is that it’s only one of those at a time; it’s either encrypted end-to-end and delivered some other way, or it’s encrypted per-hop and delivered as email. None of those services do both at once. It should be possible to do both at once using GPG or S/MIME, but for that to actually work every provider would have to handle it well, and AKAIK none do.
It still baffles me that banks haven’t been pushing this
-
@inthehands I just wish they could put E2E textareas in the browser. It would be hard to do right and even harder to clearly present UI for, but it could fundamentally Work js crypto can't
-
@mcc @inthehands the issue here is that if the provider can push new javascript code then they can be compelled to push javascript code that leaks secrets (that's what happened to hushmail). you'd need some way to pin the html and javascript code and not allow it to update without user consent
-
@inthehands Email has e2ee since essentially forever. The claim it not being designed for this is a little misleading.
Is it supported well? No! Why? Because the vendors either want your data or promote a different platform for secure communication. -
@bob @inthehands The proposal in the previous post is that browsers allow for textarea elements whose contents are managed by the browser and inaccessible to JavaScript except to extract an encrypted version on teardown.
-
@helge
Agreeing in general spirit, is there an e2ee layer for email that’s part of the protocols, and not a bolt-on like GPG? -
-
@inthehands That made me ask myself: If some smart people were to design a secure, E2E supporting, distributed mail system, how would that look? Maybe some people already have and nobody noticed?
-
Paul Cantrellreplied to Fluchtkapsel last edited by [email protected]
@fluchtkapsel As other replies point out, there’s already S/MIME and GPG.
The thing is:
- Any E2EE is a pain, wrecks UX, and most people don’t care enough to put up with it
- Overcoming the UX challenges is a massive tech + design + org lift
- Large players have little incentive to work on this, and strong incentives againstSo, as usual, it’s not just smart people and the right tech; it’s social systems too.
-
@nazokiyoubinbou @heymarkreeves @inthehands Tuta is not part of the 5 Eyes; we only hand out data if we receive a warrant from a German judge. Plus, all data is end-to-end encrypted and we can't decrypt it. This might also be of interest to you: https://tuta.com/blog/fourteen-eyes-countries
-
@inthehands I know of those, and the security provided by them is only bolted on a system never meant to be secure. There are so many issues: conflating encryption with authentication, insecure by default, key management, no group recipient encryption support with changing members (e.g. mailing lists), additional devices are hard to authorize.
Looking at instant messengers, modern messengers like Signal or WhatsApp solved a lot of the issues of their predecessors. I'd like to know how mail would look if it were to be designed today with all we know.
-
@fluchtkapsel @inthehands This is like saying Signal is bolted on IPv4 which was never meant to be secure. Sorry, but this is non-sense. Both PGP and S/MIME are perfectly viable and proven standards to provide proper E2EE.
But as usual standards have to be *implemented* and made usable. E.g. Apple has done the former, but didn't invest in the latter.
It works for Signal and WhatsApp because they are silos. That's not necessary w/ email. -
@helge @fluchtkapsel
Larger point stands, but:> This is like saying Signal is bolted on IPv4
That’s a bit of a strawman. IPv4 isn’t a text messaging protocol. There’s not a default version of Signal-like functionality on IPv4.
The problem with email is that there •is• a de facto default, and it’s insecure. Thus the change friction.
I mean, this was the case with https, and it took how long for https to become the new de facto default?? And that was (I think) an easier problem.
-
@inthehands Sorry, I don't know the subtext and can't find any recent controversies on google?
-
@tobinbaker
The Proton CEO made posts about how Dems were too corporate, praised JD Vance and said Republicans are the best hope to rein in big tech or some crap along those lines. Deleted posts but not before torches and pitchforks were out. -
Paul Cantrellreplied to Paul Cantrell last edited by [email protected]
Since this thread gained a little traction, I should clarify:
Proton Mail has done some good technical work AFAICT. I appreciate the effort to make E2EE more usable and more broadly accessible. I’m not so sure it’s a good idea to blur the boundary between “E2EE” and “not E2EE” as their product does, but respect for the heavy lifting they’ve done.
I’m not saying their product is a total hoax or anything! I’m just saying that •in practice•, the actual benefits aren’t as large as you might assume.
-
@inthehands The thing is, I'm not sure I can even think of another "credible email provider". I created a payed account with proton for the simple reason that they were the first provider I came across that didn't have a business model based on profiling me to sell ads.
-
@jpkolsen
I use Fastmail; it's great. A few replies have mentioned Posteo with appreciation. There are others, I'm sure!
