I'm sure this has been said before, but: "easy" = "i don't have to manage my key" = "insecure because then the existing telecoms act covers this". That's likely the crux of it
When you’re communicating with email addresses outside of ProtonMail, their servers will see your emails. Your emails might then be encrypted “at rest”, but they’ve passed through their servers unencrypted anyway.
To workaround it, for sending to email addresses without a ProtonMail account, AFAIK they also give the possibility to send a link to a ProtonMail interface for decryption.
And also web interfaces are inherently insecure for E2E encryption, which ProtonMail encourages.
This is not how email is supposed to work.
Speaking of email ProtonMail also doesn’t work via standard IMAP and SMTP. You need an adapter to use classic mail clients and that only works on the desktop.
In other words ProtonMail is anti-standards.
And for me standards are more important than promises of privacy that an email service can’t really meet.
Unless you’re doing PGP or similar, independent of the email service being used, then email is incompatible with encryption.
> When you’re communicating with email addresses outside of ProtonMail, their servers will see your emails. Your emails might then be encrypted “at rest”, but they’ve passed through their servers unencrypted anyway.
Decryption is done in the browsers so it's not passing through the servers unencrypted. (ProtonMail is one of the biggest contributors to Openpgpjs).
> To workaround it, for sending to email addresses without a ProtonMail account, AFAIK they also give the possibility to send a link to a ProtonMail interface for decryption.
And you can add the recipient PGP key in ProtonMail settings so it's pure PGP. (I've heard that they're working on Web Key Directory support for automatic contact key retrieval)
> And also web interfaces are inherently insecure for E2E encryption, which ProtonMail encourages.
Not strictly true. The problem is web interface hosted on a foreign host. For a secure web interface see e.g. Mailpile.
There are also other ways of minimizing risk like using Mailvelope that communicates with GnuPG through Native Messaging.
> In other words ProtonMail is anti-standards.
Not for all standards for example ProtonMail is very active in OpenPGP mailing list.
For the record I'm not using ProtonMail but I like that they're promoting PGP by showing that it can be made relatively easy. Too much people think that the UI complexity in PGP is intrinsic.
You're accusing ProtonMail of being snake oil because people can send unencrypted emails to ProtonMail users? If it didn't allow receiving such emails, it wouldn't be an email service, so it sounds like "encrypted email service" is something that you have made impossible by definition.
Perhaps, rather than focusing on "most communications over email" (which don't involve ProtonMail's users whatsoever), it's more fair to ask whether ProtonMail enables encrypted communications with non-ProtonMail email users, and what threat models it is reasonably secure against.
You're right, though, that there are trade-offs to be made when it comes to using web-delivered JavaScript (although these problems need to be solved at the web platform layer [0], not unilaterally by a single service provider), and ProtonMail do not exactly advertise their security limitations (and nor do any other webmail providers).
>> You're accusing ProtonMail of being snake oil because people can send unencrypted emails to ProtonMail users?
Don't downplay the problem. An overwhelming majority of email that ProtonMail users get is in fact unencrypted. Not only that, but an overwhelming majority of email that ProtonMail users send is unencrypted as well.
It might get encrypted after the fact, but that email passes through their servers, which means ProtonMail can be coerced into doing blanket surveillance if the law allows it and any claims that ProtonMail protects you from that are bullshit.
>> "encrypted email service" is something that you have made impossible by definition.
It's not my definition, that's just what you get with email.
E2E encrypted email can only work if it's optional (e.g. PGP, when both parties agree on the keys), which is for secrecy, not privacy, because a majority of email sent or received will be unencrypted, because that's just how email was designed, that's how it works.
I don't have a problem btw with ProtonMail's implementation per se. Certainly it has value in certain contexts ... like if all of your work colleagues or all of your family is on ProtonMail, then you can have some peace of mind, but then again for a controlled, small group you can just go with PGP directly, which would be more trustworthy actually.
The problem is that many of the claims being made are bullshit. No, ProtonMail is not 100% e2e encrypted, in common use their servers will see most of your emails sent and received unencrypted and it will not protect your privacy.
That's no longer the case, you can set PM to send PGP encrypted mail directly, in which case the mail won't be in cleartext on their servers.
Sending a link with a symmetrically encrypted mail is still possible for users without PGP but those aren't in cleartext on the server either (they are encryped and decrypted) in the client.
(in theory, PM could swap code in the webclients but you can use the Bridge or Android/iOS app to circumvent that hole easily)
> Some might argue whatsapp or signal or Telegram E2E is exactly that. I talk about the email.
These three are not equivalent.
Signal is the gold standard for secure, end-to-end encrypted messaging. The client is open-source, and (at least on Android) builds are reproducible. It's possible to audit the code and confirm that Signal isn't intercepting the messages via side-channel and sending them to Signal's servers, encrypted with a different key. It also notifies you whenever a users's public key has changed (ie, when they switch to a different phone), which protects against someone hijacking your phone number using the telecom system.
WhatsApp does encrypt messages with per-user keys, but it's not end-to-end in the sense that Facebook still manages the keys and could provide you with a compromised key. Facebook also produces the only client, which means that it could easily eavesdrop messages and send them to Facebook's servers via a side-channel. Until recently, WhatsApp also didn't notify you when a user's key had changed. This wasn't a "backdoor" as the Guardian sensationally reported it, but it is a security liability for users looking for secure end-to-end encryption.
Telegram is completely insecure. For starters, group messages on Telegram are sent... in plain text. No encryption whatsoever.