this post was submitted on 25 Apr 2024
287 points (95.3% liked)
Technology
59168 readers
2113 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yes, agreeing in general, just with some clarifications. I think clarifications are important when talking about a product focused on privacy and security.
I was responding to this part:
Proton uses standard PGP AFAIK (and yes, PGP vs GPG is irrelevant), so your subject line and attachment names are not end-to-end encrypted:
Depending on your threat model, this may or may not be an issue.
At least one other provider (Tuta in my example) doesn't use PGP internally because using SMTP internally w/ PGP for the body leaks the subject line and other metadata. Neither have released the source to their backend, and I haven't read the client code, so I don't know if there are any other concerns.
That I think Proton is absolutely fantastic, and I used it for a few years with absolutely no issue. I do think it's important to be accurate, though, since others may not like the tradeoffs. Proton has a bunch of other benefits as well over alternatives, such as:
Yeah, any email provider will use standard SMTP, otherwise it's not email. The differences are whatever happens after it reaches Proton's servers.