[jacooper]

However I would remind you that since Fastmail is based in Australia, its privacy is pretty limited.

> The new law also allows officials to approach specific individuals—such as key employees within a company—with these demands, rather than the institution itself. In practice, they can force the engineer or IT administrator in charge of vetting and pushing out a product's updates to undermine its security. In some situations, the government could even compel the individual or a small group of people to carry this out in secret. Under the Australian law, companies that fail or refuse to comply with these orders will face fines up to about $7.3 million. Individuals who resist could face prison time.

https://www.reuters.com/article/us-australia-security-data/a...

[selykg]

Email isn't really secure or private anyway. And Proton's email is only making email between Proton accounts private, so unless a large number of my email recipients are also on Proton it's a moot point.

I don't get the draw of Proton. If I send email to someone else outside of Proton I should assume that email is now in an insecure state.

Fastmail may not advertise privacy, but honestly, I don't think much email in general should ever be considered private, including much of what is sent from Proton.

[cge]

Proton's major draw, in my view, is the storage being encrypted and not accessible unencrypted to the server, not the transmission and emails to others. While it does do relatively convenient PGP encryption to other ProtonMail users (and annoyingly inconvenient PGP encryption to others, when I've tried), these are rather limited in scope, because of the limitations on recipients.

If your concern is a major state-level actor, able to spy on every recipient/sender you're communicating with and generally tap emails being transmitted, yes, Proton offers little protection, and email is insecure. If you're worried about a data breach or targeted attack compromising your stored email in its entirety, however, it does. These are more feasible for smaller-scale attackers, and in getting an entire, potentially complete history of your emails, potentially offer something more than just spying on one email.

I'd speculate that targeted attacks are more often client-side, usually trying to steal credentials from the user, but at least the user can be careful about these. Having all your correspondence stored and readable on a server that isn't under your control means you have to trust the security of the server much more than you would with this type of encryption.

[Reitet00]

> annoyingly inconvenient PGP encryption to others, when I've tried

If the recipient has set up Web Key Directory for their key the encryption looks just like for a Proton recipient (transparent key fetch in the background). And WKD is quite common and easy to setup (eg all major Linux distros have it).

[jacooper]

Proton's feature is its privacy adovacay and now its ecosystem.

Its a compelete ecosystem designed with privacy in mind, and encrypting emails is not the only benefit, another ProtonMail benefit is that no one can read the stored emails, only you can do that.

[selykg]

Maybe so, but if the recipient of the email, or sender of the email is not using an email service that provides the same then those emails should not be considered private. They might not be accessible on my email service, but they are on someone else's.

[stjohnswarts]

Yeah, anything in the US, New Zealand, Australia, Canada, and the UK should be considered accessible by the government and shared between the 5 upon request.