this post was submitted on 24 Mar 2024
74 points (100.0% liked)

Free and Open Source Software

17768 readers
44 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
[email protected]
[email protected]
74
Is there anything unsavory about ProtonMail? (beehaw.org)
submitted 5 months ago by [email protected] to c/[email protected]
73 comments fedilink hide all child comments
 

For some reason I have it in the back of my mind that they were at one point accused of being a honeypot for US intelligence because of their association with MIT. Probably complete BS, but maybe not. Are they as open source as they claim to be? Looks like they're on github. F-Droid seems to think they have some Google libraries or whatever that they use.

ProtonMail users, how do you like/dislike it?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 5 months ago (1 children)

At that point, might as well send E2E encrypted mail via GMail.

From a security stand-point: Yes. From a privacy standpoint: Absolutely not.

[–] [email protected] 2 points 5 months ago* (last edited 5 months ago) (1 children)

Both privacy and security are the same in either case:

  • Both servers know who's connecting
  • Both servers see the connecting IP
  • Both servers know the source and target mail addresses
  • Neither server knows the message's content
  • Neither server controls the client's app

The moment you go off-VPN, or use a webapp, security goes out the window.

Privacy, as in social network/contacts, goes out the window the moment you use a fixed email address; more so if it's associated to your IRL identity.

[–] [email protected] 3 points 5 months ago (1 children)

There's a large difference between surrendering massive amounts of highly critical metadata aswell as some data* to a known abuser vs. an entity that prides itself in not abusing your data and which even takes specific technological measures to make it as hard for them as possible (zero access encryption at rest, automatic key discovery).

(* Partial social graph, interaction timestamps, political interests, health, hobby interests and much of that usually even in plain text data form when receiving email; stored in in plain text forever.)

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago) (1 children)

known abuser vs. an entity that prides itself in not abusing your data

Right, "don't be evil" 🙄. Corporations are corporations.

zero access encryption at rest, automatic key discovery

Also called "encryption". Just so we're on the same page:

  • 1991: initial release of PGP
  • 2016: initial proposal and implementation of WKD

Enigmail for Thunderbird supports both since 2018. The mail service, be it ProtonMail, GMail, Outlook, etc., is irrelevant regarding security or privacy.

[–] [email protected] 2 points 5 months ago (1 children)

FYI Thunderbird now natively supports PGP (and possibly WKD?) without the need for Enigmail.