I’m currently migrating to Proton mail. It’s comlicated because I have nearly 25 years of gmail use, using it for everything requiring an email address.
As someone who has gone to proton and back. I do not recommend it. The service is mostly OK, their android apo never delivers notifications probably because of the lack of play services, and while every client is open source and is guaranteed to be e2ee to other proton accounts, there are two huge issues with this:
In my case, the people I email are all on google and Microsoft, so they will be reading my emails anyway
When you communicate with non proton users the emails exchange HAVE to be plain text. So the only thing keeping proton from seeing you emails is a huge “trust me bro” that you can’t verify. There are no code or cryptographic guarantees.
None. The problem is not the provider, it’s the protocol. Proton has the problems listed before, but it is impossible for ANY provider not to have those. I’d keep using whatever you are using
Yes. That is correct. I’ve sent pgp emails from my gmail to protonmail. But nobody uses pgp. So in practice you are spending all of that time and effort for basically 0 gain.
I never had any problems with their Android apps. The notifications have always worked for me.
And of course email is plain text and is stored on other servers when you send it. It’s always been that way. Whatever service you use it’s going to be the same problem. This isn’t Proton specific. So I don’t get your point here.
However, whatever you receive and keep, that’s encrypted and no one can read it. And that’s the whole point of having a secure encrypted email service like Proton.
Of course you are right. Those problems apply to Evey provider. My point is not that proton sucks. My point is that the protocol sucks and it’s not worth the hassle of switching providers. The “whatever you receive and keep is encrypted and no one can read it” is another one of those false of security kind of thing that make you relax and think you are safe, when in reality they could EASILY be copying your email somewhere else unencrypted when you send and receive. That means that you spent your time switching provider just for a “trust me bro”
I highly recommend shelling out the $12 a year for a domain to tie to your email through Proton, that way, if Proton starts to enshitify, you can change email providers without having to migrate all your accounts to a new email. I am actually going through the exact same process, and I never want to have to do it again lol.
I migrated off of Proton Mail, they have no way to access your calendar from outside Proton’s apps and web services, you can’t access Proton Drive on Linux (and the workarounds never worked for me), and you need to keep running their decryptor tool if you want to use an email client other than their mail client.
Email is inherently insecure, zero knowledge encryption is worth nothing when 99% of your emails are being sent and received in plaintext. I’m on Fastmail now.
Please explain to me how Fastmail is more secure if you can easily set up any client without encryption? Or am I missing something? And when Fastmail sends or receives email, isn’t it also sent in plain text because of the SMTP protocol anyway?
IMAP and SMTP, the protocols mainly used for emails besides whatever weird shit Microsoft is doing, nowadays all have variants going through a TLS encrypted session like HTTPS.
That doesn’t change the fact that email is not up to the task of modern secure communication (TLS is not end to end encryption for example, and smime and pgp are super user unfriendly and have their own weirdnesses), but makes it better at least.
It’s not. Proton’s “security” is basically pointless and induces a huge hassle if you’d like to use anything else than the web client.
As you said, both Proton and any other mail client send mail in plain text over SMTP unless encrypted using PGP/GPG (or conversing with another Proton user in the case of Proton Mail).
Fastmail is just a much nicer email provider IMO, and I can consume emails / calendar / files using third party clients. There’s also Tuta and other mail providers, I’m just warning you to maybe steer clear of Proton unless you intend to use Proton-specific features, as usability greatly suffers.
Ideally, I’d pick an email provider with data sovereignty in Canada, but short of self-hosting (which isn’t a great idea with email), there are basically no decent options.
I often find the need for Proton’s encrypted email to be sonewhat dubious when Proton can’t (or won’t) fight secret court orders to collect logs on users. At the very least it means I typically don’t use a protonmail account more than once before signing up for a new one.
Agreed, and these rarely come anyway because most of the time, the US courts can simply subpoena Google or Microsoft for access to the interlocutor’s sent and received emails, this only really occurs with Proton to Proton communication, which I have personally never done as no one I know uses Protonmail.
Bref, better off just GPG signing and encrypting your emails and using a different provider. US courts can’t decrypt your mail more just because they subpoena’d it
Before going all in on Proton, just make sure you’re okay with the ceo’s statements on politics. To some people its enough to not switch over, to others its unfortunate but the product is too good not to switch, to others that encourages them to switch so… 🤷
Just wanted to make sure you were at least aware of his political stance before fully migrating.
Yes the CEO is an idiot for having said that one statement once about supporting a Trump appointed candidate and doubling down on what he said. But he didn’t donate to anyone’s campaign, he didn’t donate to any PACs or any other political organization. He doesn’t actively support Trump other than that one time. And he’s committed to protecting my privacy at all costs. On top of that, their line or services is one of the most complete next to Google.
Honestly it’s not that big a deal compared to Google that financed Trump’s campaign and it’s CEO actually being present at his inauguration, executing his every order, and being zionist enablers and pro-genocide, doing deals with Isreal to provide all kinds of services and spreading their propaganda on their platform and erasing all evidence of said genocide.
I’m currently migrating to Proton mail. It’s comlicated because I have nearly 25 years of gmail use, using it for everything requiring an email address.
As someone who has gone to proton and back. I do not recommend it. The service is mostly OK, their android apo never delivers notifications probably because of the lack of play services, and while every client is open source and is guaranteed to be e2ee to other proton accounts, there are two huge issues with this:
Which enail provider do you recommend?
Sally, host your own lol. I know it’s not the answer most are looking for but it’s the only viable option I see at this point.
None. The problem is not the provider, it’s the protocol. Proton has the problems listed before, but it is impossible for ANY provider not to have those. I’d keep using whatever you are using
If I understand their documentation correctly, you can set up PGP for communicating with non-Proton e-mail recipients.
Yes. That is correct. I’ve sent pgp emails from my gmail to protonmail. But nobody uses pgp. So in practice you are spending all of that time and effort for basically 0 gain.
I feel you. The recipients must be willing to use encrypted communication either.
I never had any problems with their Android apps. The notifications have always worked for me.
And of course email is plain text and is stored on other servers when you send it. It’s always been that way. Whatever service you use it’s going to be the same problem. This isn’t Proton specific. So I don’t get your point here.
However, whatever you receive and keep, that’s encrypted and no one can read it. And that’s the whole point of having a secure encrypted email service like Proton.
Of course you are right. Those problems apply to Evey provider. My point is not that proton sucks. My point is that the protocol sucks and it’s not worth the hassle of switching providers. The “whatever you receive and keep is encrypted and no one can read it” is another one of those false of security kind of thing that make you relax and think you are safe, when in reality they could EASILY be copying your email somewhere else unencrypted when you send and receive. That means that you spent your time switching provider just for a “trust me bro”
Their drive service is worth it though
I highly recommend shelling out the $12 a year for a domain to tie to your email through Proton, that way, if Proton starts to enshitify, you can change email providers without having to migrate all your accounts to a new email. I am actually going through the exact same process, and I never want to have to do it again lol.
Oh that’s clever!
Domains are just useful to have anyway
I migrated off of Proton Mail, they have no way to access your calendar from outside Proton’s apps and web services, you can’t access Proton Drive on Linux (and the workarounds never worked for me), and you need to keep running their decryptor tool if you want to use an email client other than their mail client.
Email is inherently insecure, zero knowledge encryption is worth nothing when 99% of your emails are being sent and received in plaintext. I’m on Fastmail now.
Please explain to me how Fastmail is more secure if you can easily set up any client without encryption? Or am I missing something? And when Fastmail sends or receives email, isn’t it also sent in plain text because of the SMTP protocol anyway?
IMAP and SMTP, the protocols mainly used for emails besides whatever weird shit Microsoft is doing, nowadays all have variants going through a TLS encrypted session like HTTPS.
That doesn’t change the fact that email is not up to the task of modern secure communication (TLS is not end to end encryption for example, and smime and pgp are super user unfriendly and have their own weirdnesses), but makes it better at least.
It’s not. Proton’s “security” is basically pointless and induces a huge hassle if you’d like to use anything else than the web client.
As you said, both Proton and any other mail client send mail in plain text over SMTP unless encrypted using PGP/GPG (or conversing with another Proton user in the case of Proton Mail).
Fastmail is just a much nicer email provider IMO, and I can consume emails / calendar / files using third party clients. There’s also Tuta and other mail providers, I’m just warning you to maybe steer clear of Proton unless you intend to use Proton-specific features, as usability greatly suffers.
Ideally, I’d pick an email provider with data sovereignty in Canada, but short of self-hosting (which isn’t a great idea with email), there are basically no decent options.
I’m already migrating all my shit to Proton and it’s fine for me, so I won’t change providers again unless something really bad happens.
Also, data sovereignty in Canada isn’t much better than in the U.S. I’d rather have my stuff stored in a place with better privacy rights than Canada.
Fair enough, YMMV, and yeah I would probably prefer my data in Europe rather than Canada, but Canada is a good start.
I often find the need for Proton’s encrypted email to be sonewhat dubious when Proton can’t (or won’t) fight secret court orders to collect logs on users. At the very least it means I typically don’t use a protonmail account more than once before signing up for a new one.
Agreed, and these rarely come anyway because most of the time, the US courts can simply subpoena Google or Microsoft for access to the interlocutor’s sent and received emails, this only really occurs with Proton to Proton communication, which I have personally never done as no one I know uses Protonmail.
Bref, better off just GPG signing and encrypting your emails and using a different provider. US courts can’t decrypt your mail more just because they subpoena’d it
Before going all in on Proton, just make sure you’re okay with the ceo’s statements on politics. To some people its enough to not switch over, to others its unfortunate but the product is too good not to switch, to others that encourages them to switch so… 🤷
Just wanted to make sure you were at least aware of his political stance before fully migrating.
Yes the CEO is an idiot for having said that one statement once about supporting a Trump appointed candidate and doubling down on what he said. But he didn’t donate to anyone’s campaign, he didn’t donate to any PACs or any other political organization. He doesn’t actively support Trump other than that one time. And he’s committed to protecting my privacy at all costs. On top of that, their line or services is one of the most complete next to Google.
Honestly it’s not that big a deal compared to Google that financed Trump’s campaign and it’s CEO actually being present at his inauguration, executing his every order, and being zionist enablers and pro-genocide, doing deals with Isreal to provide all kinds of services and spreading their propaganda on their platform and erasing all evidence of said genocide.
I mean… I’m not defending google here, just making sure you were aware of the situation. And you are.