[brongondwana]

Thanks - that's pretty much exactly it. If someone needs end-to-end encryption, it's only safe from intermediate third parties if they aren't trusting software which is updated by those third parties.

So we use effective methods to protect the privacy of our users while performing our civic duty of assisting law enforcement when bad actors use or abuse our platform, and we never pretend to use the bulk of our customers as human shields to protect bad actors trying to hide among them.

[dannyw]

It's weird that you take this stance. It almost feels like you're implying that ProtonMail is a bad actor, and end to end encryption is bad because 'civic duty'. That's like "but terrorism".

I understand that you're not a privacy-first company, but still, your communications haven't been reassuring me. There is extensive documentation (e.g. Yahoo FISA) that ALL content not end-to-end-encrypted is ingested for bulk surveillance and decades-long (if not infinite) retention.

The only solution is 100% end to end encryption, with NO mechanism for unauthorised access (including law enforcement). Like iMessage and Signal. Anything partial of that, while saying you are pro-privacy, is IMHO harmful to privacy.

[grincho]

iMessages are encrypted, but it's Apple who hands the client one or more public keys with which to encrypt them—and that's each time; there is no key pinning. They could easily hand you a public key whose private key they or another malicious party knows. See https://support.apple.com/en-us/HT202303 and especially page 58 of the linked https://www.apple.com/business/docs/iOS_Security_Guide.pdf.

[bad_user]

Most email being transmitted on the Internet is in unencrypted form.

Most people are not on ProtonMail and do not have a PGP key published.

If I were to guess, I’d say that 99%+ emails sent or received by ProtonMail customers are seen by ProtonMail’s servers in unencrypted form.

[kwhitefoot]

> Most email being transmitted on the Internet is in unencrypted form.

Really? I use Hotmail, GMail, and Yahoo, and all of these use TLS so it is encrypted in transit.

[bscphil]

Would Fastmail ever consider verifying signed messages? Authenticity is one of many things gained through using PGP, and implementing it in the Fastmail interface wouldn't lead to the false sense of security that "encrypted" email in the browser supposedly gives.

[brongondwana]

Perhaps - though it leads to either offering a way for users to manage their keychain, or managing those trust relationships ourselves - and of course adds a channel where we could be compelled to lie to users about authentication on the message.

Right now the only authentication signal we display on the website is a green tick if the message came from one of our staff or one of our trusted systems.