this post was submitted on 10 Apr 2024
70 points (93.8% liked)
Privacy
32465 readers
551 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's just not true, you're severely misinformed on this.
Proton took the established practice of PGP encrypted email and put it in a nice package. That's why you can add public keys and just message somebody that's using Thunderbird.
There is no "open protocol for end to end encrypted email", XMPP is not applicable here. There's no "IMAP for PGP" there's just IMAP, so they made a bridge so you can use IMAP even if your mail client doesn't support PGP.
Could they have made an IMAP server that returns the PGP emails and requires your mail client to handle the decryption? Yes. However, that goes against a major selling point of the product which is that it manages all that encryption for you (like a password manager). Nobody in their right mind would use that.
This isn't some matter of privacy coolaid and fanboyism; they did the open interoperable thing. You can even (as an example use case) if you're a new customer that was doing PGP email on your own, upload your own existing PGP key, and use that with Proton if you don't want to change the PGP public key people use to send you email.
Edit: Perhaps you've been confused by some falsehoods coming from Tutanota or confused the two https://proton.me/blog/proton-vs-tuta-encryption
I wasn't even aware of those alleged falsehoods coming from Tutanota...
Essentially my point.
Why not, if they actually do everything with open standards and by the book, why can't they provide IMAP/SMTP access to everyone who wants BUT add the disclaimer that you've to use a PGP compatible e-mail client and configure it to deal with the encryption... but they don't and that is a red flag. Most of their users are tech savvy people wouldn't oppose setting that up.
Because you're paying them so you don't have to do that. Why would you pay them a premium if you're just going to do it yourself anyways?
Also that costs money to develop, maintain, and run. Which takes money/resources away from things most customers care about.
There aren't red flags here, everything is open source, this is all verifiable information. You're just refusing to accept that.
Because they can provide other assurances with their service even if I've to setup the PGP in my e-mail client. Like knowing the entre thing is actually managed with privacy in mind, like not logging more than they should etc.