[bad_user]

Imo ProtoMail is snake oil:

When you’re communicating with email addresses outside of ProtonMail, their servers will see your emails. Your emails might then be encrypted “at rest”, but they’ve passed through their servers unencrypted anyway.

To workaround it, for sending to email addresses without a ProtonMail account, AFAIK they also give the possibility to send a link to a ProtonMail interface for decryption.

And also web interfaces are inherently insecure for E2E encryption, which ProtonMail encourages.

This is not how email is supposed to work.

Speaking of email ProtonMail also doesn’t work via standard IMAP and SMTP. You need an adapter to use classic mail clients and that only works on the desktop.

In other words ProtonMail is anti-standards.

And for me standards are more important than promises of privacy that an email service can’t really meet.

Unless you’re doing PGP or similar, independent of the email service being used, then email is incompatible with encryption.

[Boulth]

> When you’re communicating with email addresses outside of ProtonMail, their servers will see your emails. Your emails might then be encrypted “at rest”, but they’ve passed through their servers unencrypted anyway.

Decryption is done in the browsers so it's not passing through the servers unencrypted. (ProtonMail is one of the biggest contributors to Openpgpjs).

> To workaround it, for sending to email addresses without a ProtonMail account, AFAIK they also give the possibility to send a link to a ProtonMail interface for decryption.

And you can add the recipient PGP key in ProtonMail settings so it's pure PGP. (I've heard that they're working on Web Key Directory support for automatic contact key retrieval)

> And also web interfaces are inherently insecure for E2E encryption, which ProtonMail encourages.

Not strictly true. The problem is web interface hosted on a foreign host. For a secure web interface see e.g. Mailpile.

There are also other ways of minimizing risk like using Mailvelope that communicates with GnuPG through Native Messaging.

> In other words ProtonMail is anti-standards.

Not for all standards for example ProtonMail is very active in OpenPGP mailing list.

For the record I'm not using ProtonMail but I like that they're promoting PGP by showing that it can be made relatively easy. Too much people think that the UI complexity in PGP is intrinsic.

[bad_user]

>> Decryption is done in the browsers so it's not passing through the servers unencrypted.

That cannot be for unencrypted emails, which is how most communications over email are going to be, because:

1. Most people or businesses are not on ProtonMail

2. Usage of PGP is nice, but very few people have published PGP keys

3. Opening a link to view a message is a big problem; personally I ignore such emails, can’t remember the last time that happened

It also doesn’t work for unencrypted emails being sent to you, which are a majority.

If I were to guess 99%+ of emails sent or received by ProtonMail customers are seen by ProtonMail’s servers in unencrypted form.

And this is why ProtonMail is snake oil.

[dane-pgp]

You're accusing ProtonMail of being snake oil because people can send unencrypted emails to ProtonMail users? If it didn't allow receiving such emails, it wouldn't be an email service, so it sounds like "encrypted email service" is something that you have made impossible by definition.

Perhaps, rather than focusing on "most communications over email" (which don't involve ProtonMail's users whatsoever), it's more fair to ask whether ProtonMail enables encrypted communications with non-ProtonMail email users, and what threat models it is reasonably secure against.

You're right, though, that there are trade-offs to be made when it comes to using web-delivered JavaScript (although these problems need to be solved at the web platform layer [0], not unilaterally by a single service provider), and ProtonMail do not exactly advertise their security limitations (and nor do any other webmail providers).

[0] https://tools.ietf.org/html/draft-yasskin-http-origin-signed...

[bad_user]

>> You're accusing ProtonMail of being snake oil because people can send unencrypted emails to ProtonMail users?

Don't downplay the problem. An overwhelming majority of email that ProtonMail users get is in fact unencrypted. Not only that, but an overwhelming majority of email that ProtonMail users send is unencrypted as well.

It might get encrypted after the fact, but that email passes through their servers, which means ProtonMail can be coerced into doing blanket surveillance if the law allows it and any claims that ProtonMail protects you from that are bullshit.

>> "encrypted email service" is something that you have made impossible by definition.

It's not my definition, that's just what you get with email.

E2E encrypted email can only work if it's optional (e.g. PGP, when both parties agree on the keys), which is for secrecy, not privacy, because a majority of email sent or received will be unencrypted, because that's just how email was designed, that's how it works.

I don't have a problem btw with ProtonMail's implementation per se. Certainly it has value in certain contexts ... like if all of your work colleagues or all of your family is on ProtonMail, then you can have some peace of mind, but then again for a controlled, small group you can just go with PGP directly, which would be more trustworthy actually.

The problem is that many of the claims being made are bullshit. No, ProtonMail is not 100% e2e encrypted, in common use their servers will see most of your emails sent and received unencrypted and it will not protect your privacy.

So that's why it is snake oil.

[Leace]

> An overwhelming majority of email that ProtonMail users get is in fact unencrypted. Not only that, but an overwhelming majority of email that ProtonMail users send is unencrypted as well.

Could you cite your sources? I'm wondering what are the exact percentages.

[zaarn]

That's no longer the case, you can set PM to send PGP encrypted mail directly, in which case the mail won't be in cleartext on their servers.

Sending a link with a symmetrically encrypted mail is still possible for users without PGP but those aren't in cleartext on the server either (they are encryped and decrypted) in the client.

(in theory, PM could swap code in the webclients but you can use the Bridge or Android/iOS app to circumvent that hole easily)