[luxpir]

The security details page[1] makes for interesting reading. Hopefully the new norm is 'E2E' encryption. It's actually starting to feel inevitable, and the hopelessness that followed in the wake of the 'Summer of Security' is perhaps evaporating bit by bit, through universal encryption, bit by bit.

-

[1] https://protonmail.ch/pages/security_details.php

[higherpurpose]

> Messages are stored on ProtonMail servers in encrypted format. They are also transmitted in encrypted format between our server and users’ browsers. Messages between ProtonMail users are transmitted in encrypted form completely within our secured server network. Because they never leave our secured environment, there is no possibility to intercept the encrypted messages enroute.

Emphasis mine. That doesn't sound like E2E encryption to me. End to end means it's encrypted user-to-user, not server to user, or user to server to user. It sounds more like they have something slightly more secure than an e-mail service like Gmail, but still very vulnerable to subpoenas, backdoors and so on.

[luxpir]

Read on. It goes on to advise how they allow encrypted mail being sent to external providers, as well as self-destructing messages. The blurb also discusses the limitations of the system quite openly.

This part is only noting that inter-user messages never even leave their 'secured environment'. By all accounts it does seem as well secured as any other provider I've looked into.

[higherpurpose]

My point is that it's not end to end encryption. Everyone keeps promoting it like that when it's not, and like they finally solved the compromise between E2E and user convenience, when in fact they didn't.

Basically, it's Lavabit, but perhaps a little more secure than that in terms of regular threats. But an order like the one Lavabit obtained would force them to shut down, too (unless they agree to provide the backdoor), because it;s not E2E. If it was, such an order wouldn't have any power over them.

tl;dr ProtonMail is a competitor to Lavabit and Hushmail, not PGP.

[e12e]

It's nice, but suffer from similar problems as all web apps: They have your encrypted keys, all they have to do is send you a different "client" (change the js/ui) the next time you log in, and they can snoop your encryption password. They can of course be forced to do this.

I also wonder about their claim to "expire" mails -- I assume they mean only for mails internal to protonmail -- as any other expiry would have to rely on the recipient using a cooperating pgp/gpg and/or cooperating pop/imap client.

[luxpir]

Yes, plenty of trust issues. I presume/would hope that they would leave a prominent warrant canary if compelled by Swiss agencies to make any amendments.

I understood 'expiring' mails to mean those accessed directly on their servers, following notification by email, subsequently deleted at the pre-agreed time. I could just have an active imagination.

Don't get me wrong, I'm not fully sold on the outfit, particularly for practical reasons, but am intrigued.