Email is kind of funny. sure sending a protonmail to another protonmail is end-to-end encrypted. However, sending email, even encrypted, to any other address will leak who the email is from and being set to, and possibly with the subject line still being visible. Even protonmail can see who the messages are from and going to. Just something to keep in mind when using the service.
Google actually treats you nicely if you pay for their business suite licenses. I make a living setting up Google Workspaces and other cloud based SaaS tools for businesses in regulated industries and I’m honestly I’m not really sure what Google could get away with that any other MSP can’t.
As has always been the case... anyone can host their own email and domain so unless the ISP is physically blocking the routes then there’s really no argument. Free email isn’t a right.
People have been encrypting email for a long time. Protonmail just makes it easy for normal people to do it, as setting it up for other mail clients can be fairly technical. I would also recommend that people change their protonmail keys from RSA2048 to RSA4096. In reality it only adds a bit of extra security, not double. I still don't trust ECC yet due to the other criticisms that can be found online
No it is not. You need to click the little encrypt for outside email button, that will send them a link that they can use a password to read the email. However, as I said, 'to' and 'from' addresses are sent in the clear when sending that link. You can also just send a plain text email as well. I have my own encryption keys on my private email [not proton]. it is the nature of email that the 'to' and 'from' fields will be visible along with other meta data.
Ya, I don't want to send a key with my email attached to it to a public key exchange. I think that is one of the major pitfalls of email, that, and being hard to setup.
If you are not aware of the meta data leakage of email or don't have the technical knowledge to setup and build your own keys, I would still recommend using the protonmail service. It is also good to do some research and learn more about things.
Signal suffers from many of the same problems, including that they know who the information is coming from and going to, same with whatsapp. If you look down this post, I recommend Session due to the decentralized nature it does not suffer from many of the problems.
Email is kind of funny. sure sending a protonmail to another protonmail is end-to-end encrypted. However, sending email, even encrypted, to any other address will leak who the email is from and being set to, and possibly with the subject line still being visible. Even protonmail can see who the messages are from and going to. Just something to keep in mind when using the service.
Still beats the shit out of using google's service.
Yup, I don’t pay because I believe my email is more secure, I pay so I’m not being datamined.
it's scary to think some government agencies use GMail
That's a feature.
They like being able to communicate using email drafts.
Or so I heard.
Besides, Google is Deep State pretending to be a private company.
Google actually treats you nicely if you pay for their business suite licenses. I make a living setting up Google Workspaces and other cloud based SaaS tools for businesses in regulated industries and I’m honestly I’m not really sure what Google could get away with that any other MSP can’t.
As has always been the case... anyone can host their own email and domain so unless the ISP is physically blocking the routes then there’s really no argument. Free email isn’t a right.
Free anything just means you or your data are the product.
it's not what they could get away with it's that they are Google
they could do the same thing AWS did at the very least- just cut someone off because they have a Trump sticker in their window
or some bad actor could
Tldr: without proton mail, your email is definitely exposed.
People have been encrypting email for a long time. Protonmail just makes it easy for normal people to do it, as setting it up for other mail clients can be fairly technical. I would also recommend that people change their protonmail keys from RSA2048 to RSA4096. In reality it only adds a bit of extra security, not double. I still don't trust ECC yet due to the other criticisms that can be found online
People have. Normies haven't. They couldn't figure it out, enter Protonmail.
That is why I would send people there.
Settings -> Security & keys -> External PGP settingsSet up your PGP stuff, then you can send fuly encrypted email.
You must have the paid version of proton mail.
Yes. Didn't know its just in the paid version.
I didn't see it in my free version.
No it is not. You need to click the little encrypt for outside email button, that will send them a link that they can use a password to read the email. However, as I said, 'to' and 'from' addresses are sent in the clear when sending that link. You can also just send a plain text email as well. I have my own encryption keys on my private email [not proton]. it is the nature of email that the 'to' and 'from' fields will be visible along with other meta data.
Ya, I don't want to send a key with my email attached to it to a public key exchange. I think that is one of the major pitfalls of email, that, and being hard to setup.
Thanks for providing this situational awareness. Had no clue. Going to try and host my own email server for a $5 reoccurring fee.
If you are not aware of the meta data leakage of email or don't have the technical knowledge to setup and build your own keys, I would still recommend using the protonmail service. It is also good to do some research and learn more about things.
https://eprint.iacr.org/2018/1121.pdf
Nope. It isn't.
I don't think you read that right. The document implies that you have a fundamental under standing about email and encryption.
I was replying to the other comment, since it was deleted I have zero clue what I was replying to.
Would signal also have these problems?
Signal suffers from many of the same problems, including that they know who the information is coming from and going to, same with whatsapp. If you look down this post, I recommend Session due to the decentralized nature it does not suffer from many of the problems.
https://getsession.org/