this post was submitted on 24 Aug 2024
45 points (95.9% liked)
Technology
59080 readers
4689 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
At the end you ask people to email you, but after just talking about PGP, you don't provide a PGP key for people to use when they email you.
Yep, I am aware of the contradiction. I used to, but since then I moved to an alias as it was not worth wasting a domain for a single address. I may spend eventually the time to setup PGP for the alias itself, but I just didn't. It's a Proton alias, so I get anyway PGP encryption, though (obviously without all the features, but good enough for the near-zero volume I currently have).
That's only true if you're talking to other Proton users. Proton does encrypt emails at rest, but that's basically the same as TLS + trusted server. Whether they use PGP on the BE or not is irrelevant.
Publishing your PGP public key next to your email doesn't require "wasting a domain" or anything like that, it merely gives others an option to contact you w/ PGP encryption. Since you already get near-zero volume, you probably would get even nearer-zero PGP volume (the few that would email you probably won't bother using your PGP key), but it would at least show that you're open to E2EE. You can even generate a special key that's only used publicly, and Proton should handle decryption automatically for you.
Anyway, I'm part of that group that probably wouldn't bother using your PGP key anyway, I just thought it was amusing that you didn't seem to actually follow your own advice. Perhaps that's just more evidence that email should simply be avoided.
With Simplelogin integration Proton does PGP encryption because effectively all emails are forwarded by a simplelogin address. I have just tested to be sure, and I can confirm it is the case. I agree though that this only protects "my side", which is why I said that it doesn't provide all the PGP features.
It does if I don't have any key that I use for emails. My key(s) is bound to the Proton account with the other domains I use, so for this domain I would need to either add it (back) to Proton (easier option, but "wastes" a domain) or just generate and manage a key myself, that I can then even add manually to Proton, but I didn't bother doing this just yet. I am not going to use any other public key I have because I wanted specifically to keep this domain separated from my identity.
FWIW, I do follow the described setup for everything personal, which is what matters to me. As I said, ~1/2 months ago I did have my PGP key because I enrolled the domain into Proton, which if anything is a testament to how annoying it is having to manage keys myself (which I already do for signing commits etc.). Maybe I will spend some time to polish the setup, eventually.
Ah, I thought this redirected to your Proton account.
No worries, PGP is hardly necessary for random emails from random people. If they really want to start an E2EE conversation w/ you, they can always just ping you asking for it before getting into specifics.