It’s funny how people completely lost their minds when they could see a potential connection between what he said and some political side while those same people are perfectly fine with ignoring what’s really wrong with Proton and its marketing - even though it all goes against their core beliefs of “privacy” “security” “open-source” etc.
Any e-mail service that doesn’t provide standard IMAP/SMTP directly to their servers and uses custom protocols is yet another attempt at vendor lock-in and nobody should use it.
What Proton is doing is pushing for vendor lock-in at any possible point so you’re stuck with what they deem acceptable because it’s easier for them to build a service this way and makes more sense from a business / customer retention perspective. Proton is doing to e-mail about the same that WhatsApp and Messenger did to messaging - instead of just using an open protocol like XMPP they opted for their closed thing in order to lock people into their apps. People in this community seem to be okay with this just because they sell the “privacy” cool-aid.
People complain when others use Google or Microsoft for e-mail around here, but at least in those providers you can access your e-mail through standard protocols. How ironic it is to see privacy / freedom die hard fans suddenly going for a company that is far less open than the big providers… just because of marketing. :)
Proton is just a company that wants profits and found out there was a niche of people who would buy into everything that they label as “encryption” and “privacy” no matter what the cost. They’ve learnt how to weaponize “privacy” to push more and more vendor lock-in. Not even Apple does this bullshit.
Now, I can see anyone commenting “oh but they have to it because of security” - no they don’t. That’s bullshit.
Any generic IMAP/SMPT provider + Thunderbird + PGP will provide the same level of security that Proton does - that is assuming they didn’t mess their client-side encryption/decryption or key storage in some way. PGP makes sure all your e-mail content is encrypted and that’s it, doesn’t matter if it’s done by Thunderbird and the e-mails are stored in Gmail OR if it’s done by the Proton bridge and the e-mails are on their servers, the same PGP tech the only difference is the client. So, no, there isn’t the reason to do it the way they do it besides vendor lock-in.
Any generic IMAP/SMPT provider + Thunderbird + PGP will provide the same level of security that Proton does - that is assuming they didn’t mess their client-side encryption/decryption or key storage in some way.
And isn’t that the point? I don’t have time nor do I want to learn about PGP and how to encrypt email. Someone sells that service, great. And it is not like I cannot send normal emails to anyone else. They are using the same standard, not some made up version of SMTP (when sending to other servers, I assume any email from client A to client B both being Proton customer never leave their server, so no need for a new protocol).
Proton is doing to e-mail about the same that WhatsApp and Messenger did to messaging - instead of just using an open protocol like XMPP they opted for their closed thing in order to lock people into their apps
I cannot agree with you and I do not think your arguments holds, I would even go as far as to say that they are flawed (example being claiming “closed thing” while being fully open source using open standards). It seems to me that they have something that people are willing to pay money for. You are not one of them (nor am I).
I don’t personally use them as an email provider because of the limit on how many domains they allow as a standard.
I want to learn about PGP and how to encrypt email. Someone sells that service, great. And it is not like I cannot send normal emails to anyone else.
I don’t disagree with you, I believe it as well. PGP is it stands is cumbersome.
The thing is that could’ve still implemented a easy-to-use, “just login and send email” type of web client and abstracted the user from the PGP complexities while still delivering everything over IMAP/SMTP.
They are using the same standard, not some made up version of SMTP (when sending to other servers, I assume any email from client A to client B both being Proton customer never leave their server, so no need for a new protocol).
You assume correctly, but when your mail client is trying to send an email instead of using SMTP to submit to their server, you’re using a proprietary API in a proprietary format and the same goes for receiving email.
This is well documented and to prove it further if you want to configure Proton in a generic mail client like Thunderbird then you’re required to install a “birdge”, a piece of software that essentially simulates a local IMAP and SMPT server (that Thunderbird communicates with) and then will convert those requests into requests their proprietary API understands. There are various issues with this approach the most obvious one is that it is an extra step, there’s also the issue that in iOS for eg. you’re forced to use their mail app because you can’t run the bridge there.
The bridge is an afterthought to support generic email clients and generic protocols, only works how and where they say it should work and may be taken away at any point.
while being fully open source using open standards
Delivering your data over proprietary APIs doesn’t count as “open standards” - sorry.
We don’t currently integrate Proton Mail with third-party email clients on Android. Third-party email clients for Android are not capable of the encryption and decryption processes Proton Mail performs.
Third-party email clients for iOS are not capable of the encryption and decryption processes Proton Mail performs to keep your data safe
They do lock you in on handheld devices but that seems to be a consequence of the fact that they are storing all emails encrypted on the server. After reading this link (“[…]Since IMAP can’t decrypt your emails[…]”), I agree that they are just implementing PGP with an extra steps and creating an unneeded layer (the bridge).
The reason I would not compare it to XMPP is because they are still using SMTP. It is when they stop using SMTP or force others to use something else that I would be very worried.
They do lock you in on handheld devices but that seems to be a consequence of the fact that they are storing all emails encrypted on the server. After reading this link (“[…]Since IMAP can’t decrypt your emails[…]”), I agree that they are just implementing PGP with an extra steps and creating an unneeded layer (the bridge).
Yes, that’s precisely the problem there. You can use PGP with any generic IMAP provider and that will work just fine with handheld devices. There are multiple mail clientes capable of doing and all your mail is still encrypted on the server. Proton just made an alternative implementation that forces you into proprietary systems because it’s more convenient for them.
Those kinds of setups with servers encrypting your mail and still delivering over IMAP are fairly easy to implement, here’s an example. They simply decided to go all proprietary.
The reason I would not compare it to XMPP is because they are still using SMTP. It is when they stop using SMTP or force others to use something e
On a generic mail system SMTP is used in two places: 1) from your mail client to your provider and 2) between your provider and other providers. Proton is NOT using SMPT for the first step, making it non-standard and much more closed.
It’s always interesting when someone claims something that goes against the norm on the internet, they might know something that I do not. That was not the case today, unfortunately.
I understand your concerns of vendor lock-in. The fear is that it could avoid people leaving the service in the future. However, do you know that I use a generic email client that, through IMAP, contains a Proton account?
Sure, you’re using a bridge they develop and they can away or break at any point. It’s not the best ideal. Why support a company that is actively trying to turn open protocols into more closed stuff? Makes no sense. That type of non-sense is what got us into the situation we’ve now with WhatsApp and other messengers.
I understand the fear of the bridge being burned down. I also see how that would make Proton like WhatsApp, which has its own protocol and locks its users in. Would it be inaccurate to say that your fear is that Proton pulls an “Embrace, Extend, Extinguish” move?
In any case, it’s worthwhile looking at your claims. You mention that Proton is “actively trying to turn open protocols into more closed stuff”.
Why can I use PGP as the encryption protocol in Proton Mail? Is that a closed protocol?
Why could I download an archive of all of my emails last December both through IMAP and through MBOX? Are those two “closed stuff”? In fact, I could’ve downloaded my archive as EML; is that a closed protocol?
Why could I download a copy of my contacts as VCF? Is that a closed protocol?
Why can I export my Proton Pass passwords as JSON or CSV? Are those closed protocols?
Is it really tenable to argue that Proton is pulling an “Embrace, Extend, Extinguish” move when they support PGP, IMAP, SMTP, MBOX, EML, VCF, JSON, and CSV?
You could argue that it’s simply a matter of time until they pull the rug and close their protocols. Let’s elide the whole discussion regarding the probability of the rug pull happening and instead focus on the present reality: as of December 2024, I could download an archive of everything I have on Proton without a hitch. They do not have the whole Meta thing of “Please give us four working days for us to create an archive of your data”. At least that wasn’t my experience. I could download an archive quickly.
If users have the capability of downloading open protocol archives of everything they have on Proton, are they really stopping them from going elsewhere?
Would it be inaccurate to say that your fear is that Proton pulls an “Embrace, Extend, Extinguish” move?
No, it isn’t. But they never “embraced” as there was never direct IMAP to their servers, instead it’s a proprietary API serving data in a proprietary format.
I also see how that would make Proton like WhatsApp, which has its own protocol and locks its users in.
The problem isn’t that taking down the bridge would make Proton like WhatsApp. It’s the other way around, when they decided to build their internals with proprietary protocols and solutions instead eg. IMAP+SMTP they became the WhatsApp. Those things shouldn’t be addons or an afterthought, they should be bult into the core.
This clearly shows that making open solutions ranks very low their company and engineering priority list. If it was at the top they would’ve built it around IMAP instead.
I could download an archive of everything I have on Proton without a hitch.
Yes you can, but the data will come in more property formats hard to upload to anywhere else - at least for some of the data. They’ve improved this situation but it’s still less than ideal. In the beginning they would export contacts and calendars in some JSON format, I see they moved to vCard and iCal now.
It’s funny how people completely lost their minds when they could see a potential connection between what he said and some political side while those same people are perfectly fine with ignoring what’s really wrong with Proton and its marketing - even though it all goes against their core beliefs of “privacy” “security” “open-source” etc.
What is wrong Proton and their marketing?
Any e-mail service that doesn’t provide standard IMAP/SMTP directly to their servers and uses custom protocols is yet another attempt at vendor lock-in and nobody should use it.
What Proton is doing is pushing for vendor lock-in at any possible point so you’re stuck with what they deem acceptable because it’s easier for them to build a service this way and makes more sense from a business / customer retention perspective. Proton is doing to e-mail about the same that WhatsApp and Messenger did to messaging - instead of just using an open protocol like XMPP they opted for their closed thing in order to lock people into their apps. People in this community seem to be okay with this just because they sell the “privacy” cool-aid.
People complain when others use Google or Microsoft for e-mail around here, but at least in those providers you can access your e-mail through standard protocols. How ironic it is to see privacy / freedom die hard fans suddenly going for a company that is far less open than the big providers… just because of marketing. :)
Proton is just a company that wants profits and found out there was a niche of people who would buy into everything that they label as “encryption” and “privacy” no matter what the cost. They’ve learnt how to weaponize “privacy” to push more and more vendor lock-in. Not even Apple does this bullshit.
Now, I can see anyone commenting “oh but they have to it because of security” - no they don’t. That’s bullshit.
Any generic IMAP/SMPT provider + Thunderbird + PGP will provide the same level of security that Proton does - that is assuming they didn’t mess their client-side encryption/decryption or key storage in some way. PGP makes sure all your e-mail content is encrypted and that’s it, doesn’t matter if it’s done by Thunderbird and the e-mails are stored in Gmail OR if it’s done by the Proton bridge and the e-mails are on their servers, the same PGP tech the only difference is the client. So, no, there isn’t the reason to do it the way they do it besides vendor lock-in.
And isn’t that the point? I don’t have time nor do I want to learn about PGP and how to encrypt email. Someone sells that service, great. And it is not like I cannot send normal emails to anyone else. They are using the same standard, not some made up version of SMTP (when sending to other servers, I assume any email from client A to client B both being Proton customer never leave their server, so no need for a new protocol).
Proton themself provides a way to export emails in a decrypted format. It is even cross platform. https://proton.me/support/proton-mail-export-tool And all they do is open source, here is the code for their mail server: https://proton.me/support/proton-mail-export-tool. They seem to be using ordinary standards, but what do I know?
I cannot agree with you and I do not think your arguments holds, I would even go as far as to say that they are flawed (example being claiming “closed thing” while being fully open source using open standards). It seems to me that they have something that people are willing to pay money for. You are not one of them (nor am I).
I don’t personally use them as an email provider because of the limit on how many domains they allow as a standard.
I don’t disagree with you, I believe it as well. PGP is it stands is cumbersome.
The thing is that could’ve still implemented a easy-to-use, “just login and send email” type of web client and abstracted the user from the PGP complexities while still delivering everything over IMAP/SMTP.
You assume correctly, but when your mail client is trying to send an email instead of using SMTP to submit to their server, you’re using a proprietary API in a proprietary format and the same goes for receiving email.
This is well documented and to prove it further if you want to configure Proton in a generic mail client like Thunderbird then you’re required to install a “birdge”, a piece of software that essentially simulates a local IMAP and SMPT server (that Thunderbird communicates with) and then will convert those requests into requests their proprietary API understands. There are various issues with this approach the most obvious one is that it is an extra step, there’s also the issue that in iOS for eg. you’re forced to use their mail app because you can’t run the bridge there.
The bridge is an afterthought to support generic email clients and generic protocols, only works how and where they say it should work and may be taken away at any point.
Delivering your data over proprietary APIs doesn’t count as “open standards” - sorry.
https://proton.me/support/android
https://proton.me/support/ios-iphone
They do lock you in on handheld devices but that seems to be a consequence of the fact that they are storing all emails encrypted on the server. After reading this link (“[…]Since IMAP can’t decrypt your emails[…]”), I agree that they are just implementing PGP with an extra steps and creating an unneeded layer (the bridge).
The reason I would not compare it to XMPP is because they are still using SMTP. It is when they stop using SMTP or force others to use something else that I would be very worried.
Yes, that’s precisely the problem there. You can use PGP with any generic IMAP provider and that will work just fine with handheld devices. There are multiple mail clientes capable of doing and all your mail is still encrypted on the server. Proton just made an alternative implementation that forces you into proprietary systems because it’s more convenient for them.
Those kinds of setups with servers encrypting your mail and still delivering over IMAP are fairly easy to implement, here’s an example. They simply decided to go all proprietary.
On a generic mail system SMTP is used in two places: 1) from your mail client to your provider and 2) between your provider and other providers. Proton is NOT using SMPT for the first step, making it non-standard and much more closed.
Don’t feed the trolls. This is an obvious attempt to divert the conversation.
It’s always interesting when someone claims something that goes against the norm on the internet, they might know something that I do not. That was not the case today, unfortunately.
It’s a tricky to maintain balance between openness to opposing views while avoiding susceptibility to disingenuous “just asking questions” diversion.
Folks, don’t take this obvious bait.
a hobbyist after mine own heart
I understand your concerns of vendor lock-in. The fear is that it could avoid people leaving the service in the future. However, do you know that I use a generic email client that, through IMAP, contains a Proton account?
Sure, you’re using a bridge they develop and they can away or break at any point. It’s not the best ideal. Why support a company that is actively trying to turn open protocols into more closed stuff? Makes no sense. That type of non-sense is what got us into the situation we’ve now with WhatsApp and other messengers.
I understand the fear of the bridge being burned down. I also see how that would make Proton like WhatsApp, which has its own protocol and locks its users in. Would it be inaccurate to say that your fear is that Proton pulls an “Embrace, Extend, Extinguish” move?
In any case, it’s worthwhile looking at your claims. You mention that Proton is “actively trying to turn open protocols into more closed stuff”.
You could argue that it’s simply a matter of time until they pull the rug and close their protocols. Let’s elide the whole discussion regarding the probability of the rug pull happening and instead focus on the present reality: as of December 2024, I could download an archive of everything I have on Proton without a hitch. They do not have the whole Meta thing of “Please give us four working days for us to create an archive of your data”. At least that wasn’t my experience. I could download an archive quickly.
No, it isn’t. But they never “embraced” as there was never direct IMAP to their servers, instead it’s a proprietary API serving data in a proprietary format.
The problem isn’t that taking down the bridge would make Proton like WhatsApp. It’s the other way around, when they decided to build their internals with proprietary protocols and solutions instead eg. IMAP+SMTP they became the WhatsApp. Those things shouldn’t be addons or an afterthought, they should be bult into the core.
This clearly shows that making open solutions ranks very low their company and engineering priority list. If it was at the top they would’ve built it around IMAP instead.
Yes you can, but the data will come in more property formats hard to upload to anywhere else - at least for some of the data. They’ve improved this situation but it’s still less than ideal. In the beginning they would export contacts and calendars in some JSON format, I see they moved to vCard and iCal now.