Email is intently insecure and not private. If you need private and secure communication use a different protocol.
If you just don’t want Google or Microsoft to read through your emails ( completely reasonable) then that’s where the “private” and “encrypted” providers come in, imo.
No matter what, your email provider can read all of your emails if they want unless you encrypt the actual content before sending. But even then the meta data is all available. So you have to trust your email provider.
But also it’s not a secure protocol. Pick something better if you need security and privacy.
An email provider can encrypt your data so they can’t read it.
But they can’t prove that they did that.
So just like any other online service you have to trust them or not rely on their encryption.
Proton is just your PGP email client + cloud sync (kind of like a password manager).
It generates a PGP key when you create an account. Then they encrypt incoming email with that key. You can replace this key if you want.
You can add PGP keys for contacts that aren’t in the Proton ecosystem and they’ll use those keys to encrypt out going mail and provide the information to reply using your Proton PGP key.
If your contract is another proton mail user, they set all this up automatically (they can figure that out via MX records). They’ve also pushed for an open standard for doing this automatically for all PGP capable MX servers (i.e. allowing the automatic key exchange to happen when emailing someone out of their ecosystem).
So what you get with Proton is a fancy PGP web client, encryption at rest server side, some niceties with automatic key exchange, and an IMAP bridge that handles all the key management outside of your mail client (which makes sure it’s done right and everything is in sync across all your devices).
All the encryption and the initial key generation happens client side just like with Bitwarden.
They’re all trying to reinvent email by bolting something else on top likely an in-house implementation of whatever’s hot at the moment. However, the supposed benefits are completely gone once you’re exchanging mails with any other email host.
But what you are suggesting only works if you only communicate with people who use gpg-aware clients, right? I’ve done that for years but I was mostly only able to sign my emails because nobody cares.
But of course when using a provider like Proton you can only trust them to keep just encrypted data.
I dont get any of those “encrypted mail” services.
You need an app with good PGP support.
I have no idea what an “encrypted mail” provider is supposed to do differently. Either you use E2EE or you have to trust some random people.
Email is intently insecure and not private. If you need private and secure communication use a different protocol.
If you just don’t want Google or Microsoft to read through your emails ( completely reasonable) then that’s where the “private” and “encrypted” providers come in, imo.
No matter what, your email provider can read all of your emails if they want unless you encrypt the actual content before sending. But even then the meta data is all available. So you have to trust your email provider.
But also it’s not a secure protocol. Pick something better if you need security and privacy.
An email provider can encrypt your data so they can’t read it. But they can’t prove that they did that. So just like any other online service you have to trust them or not rely on their encryption.
Proton is just your PGP email client + cloud sync (kind of like a password manager).
It generates a PGP key when you create an account. Then they encrypt incoming email with that key. You can replace this key if you want.
You can add PGP keys for contacts that aren’t in the Proton ecosystem and they’ll use those keys to encrypt out going mail and provide the information to reply using your Proton PGP key.
If your contract is another proton mail user, they set all this up automatically (they can figure that out via MX records). They’ve also pushed for an open standard for doing this automatically for all PGP capable MX servers (i.e. allowing the automatic key exchange to happen when emailing someone out of their ecosystem).
So what you get with Proton is a fancy PGP web client, encryption at rest server side, some niceties with automatic key exchange, and an IMAP bridge that handles all the key management outside of your mail client (which makes sure it’s done right and everything is in sync across all your devices).
All the encryption and the initial key generation happens client side just like with Bitwarden.
Thanks for the clarification!
They’re all trying to reinvent email by bolting something else on top likely an in-house implementation of whatever’s hot at the moment. However, the supposed benefits are completely gone once you’re exchanging mails with any other email host.
Vendor lockin basically. Protonmail is doing something really bad in my eyes, in that they force you to use their app. That bridge works too, okay
But what you are suggesting only works if you only communicate with people who use gpg-aware clients, right? I’ve done that for years but I was mostly only able to sign my emails because nobody cares.
But of course when using a provider like Proton you can only trust them to keep just encrypted data.
Yes nobody cares and that is bad. But I have no idea how “encrypted providers” want to change that.
Well everyone on proton uses it by default. And if more adopt that strategy then maybe
I was just there for the calendar tbh. I find it stupid how it’s always tied to email
This! Encrypt at rest with the key handed off to the provider every single time you login is just a PR stunt