this post was submitted on 15 Dec 2023
827 points (98.8% liked)
Technology
59569 readers
3665 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Protonmail isn't great, their deliberately misleading about the encryption. Many consider protonmail to be a honeypot.
Do you have anymore background on that?
https://www.wired.com/story/protonmail-amends-policy-after-giving-up-activists-data/
https://cldc.org/does-protonmail-snitch/
In addition protonmail do not protect your metadata (from memory), it's not encrypted in transit.
Protonmail also keep your public and private keys on their servers, it's PGP however they don't want the end users to have to manage their own keys. That to me isn't ideal.
Receiving from another provider you'll get TLS encryption until it hits protonmail servers but protonmail will then decrypt your email and again encrypt your email using your PGP stored on their servers.
Sending an email from proton to another provider will be encrypted on protonmail servers but that's where it ends. TLS will take care of the in-transit and again may not be stored securely on the receiving end.
Well god damn it! Did you have any links to articles about it? Also what would you view to be better then proton.me?
Tuta (in my eyes) is a step in the right direction, using a client like thunderbird or enigmail and managing PGP yourself would be more secure as the message is decrypted by the recipient and not a company owned server.
Yeah except I forgot how to login and now I’m burned