Any e-mail service that doesn’t provide standard IMAP/SMTP directly to their servers and uses custom protocols is yet another attempt at vendor lock-in and nobody should use it.
What Proton is doing is pushing for vendor lock-in at any possible point so you’re stuck with what they deem acceptable because it’s easier for them to build a service this way and makes more sense from a business / customer retention perspective. Proton is doing to e-mail about the same that WhatsApp and Messenger did to messaging - instead of just using an open protocol like XMPP they opted for their closed thing in order to lock people into their apps. People in this community seem to be okay with this just because they sell the “privacy” cool-aid.
People complain when others use Google or Microsoft for e-mail around here, but at least in those providers you can access your e-mail through standard protocols. How ironic it is to see privacy / freedom die hard fans suddenly going for a company that is far less open than the big providers… just because of marketing. :)
Proton is just a company that wants profits and found out there was a niche of people who would buy into everything that they label as “encryption” and “privacy” no matter what the cost. They’ve learnt how to weaponize “privacy” to push more and more vendor lock-in. Not even Apple does this bullshit.
Now, I can see anyone commenting “oh but they have to it because of security” - no they don’t. That’s bullshit.
Any generic IMAP/SMPT provider + Thunderbird + PGP will provide the same level of security that Proton does - that is assuming they didn’t mess their client-side encryption/decryption or key storage in some way. PGP makes sure all your e-mail content is encrypted and that’s it, doesn’t matter if it’s done by Thunderbird and the e-mails are stored in Gmail OR if it’s done by the Proton bridge and the e-mails are on their servers, the same PGP tech the only difference is the client. So, no, there isn’t the reason to do it the way they do it besides vendor lock-in.
Any generic IMAP/SMPT provider + Thunderbird + PGP will provide the same level of security that Proton does - that is assuming they didn’t mess their client-side encryption/decryption or key storage in some way.
And isn’t that the point? I don’t have time nor do I want to learn about PGP and how to encrypt email. Someone sells that service, great. And it is not like I cannot send normal emails to anyone else. They are using the same standard, not some made up version of SMTP (when sending to other servers, I assume any email from client A to client B both being Proton customer never leave their server, so no need for a new protocol).
Proton is doing to e-mail about the same that WhatsApp and Messenger did to messaging - instead of just using an open protocol like XMPP they opted for their closed thing in order to lock people into their apps
I cannot agree with you and I do not think your arguments holds, I would even go as far as to say that they are flawed (example being claiming “closed thing” while being fully open source using open standards). It seems to me that they have something that people are willing to pay money for. You are not one of them (nor am I).
I don’t personally use them as an email provider because of the limit on how many domains they allow as a standard.
I want to learn about PGP and how to encrypt email. Someone sells that service, great. And it is not like I cannot send normal emails to anyone else.
I don’t disagree with you, I believe it as well. PGP is it stands is cumbersome.
The thing is that could’ve still implemented a easy-to-use, “just login and send email” type of web client and abstracted the user from the PGP complexities while still delivering everything over IMAP/SMTP.
They are using the same standard, not some made up version of SMTP (when sending to other servers, I assume any email from client A to client B both being Proton customer never leave their server, so no need for a new protocol).
You assume correctly, but when your mail client is trying to send an email instead of using SMTP to submit to their server, you’re using a proprietary API in a proprietary format and the same goes for receiving email.
This is well documented and to prove it further if you want to configure Proton in a generic mail client like Thunderbird then you’re required to install a “birdge”, a piece of software that essentially simulates a local IMAP and SMPT server (that Thunderbird communicates with) and then will convert those requests into requests their proprietary API understands. There are various issues with this approach the most obvious one is that it is an extra step, there’s also the issue that in iOS for eg. you’re forced to use their mail app because you can’t run the bridge there.
The bridge is an afterthought to support generic email clients and generic protocols, only works how and where they say it should work and may be taken away at any point.
while being fully open source using open standards
Delivering your data over proprietary APIs doesn’t count as “open standards” - sorry.
We don’t currently integrate Proton Mail with third-party email clients on Android. Third-party email clients for Android are not capable of the encryption and decryption processes Proton Mail performs.
Third-party email clients for iOS are not capable of the encryption and decryption processes Proton Mail performs to keep your data safe
They do lock you in on handheld devices but that seems to be a consequence of the fact that they are storing all emails encrypted on the server. After reading this link (“[…]Since IMAP can’t decrypt your emails[…]”), I agree that they are just implementing PGP with an extra steps and creating an unneeded layer (the bridge).
The reason I would not compare it to XMPP is because they are still using SMTP. It is when they stop using SMTP or force others to use something else that I would be very worried.
They do lock you in on handheld devices but that seems to be a consequence of the fact that they are storing all emails encrypted on the server. After reading this link (“[…]Since IMAP can’t decrypt your emails[…]”), I agree that they are just implementing PGP with an extra steps and creating an unneeded layer (the bridge).
Yes, that’s precisely the problem there. You can use PGP with any generic IMAP provider and that will work just fine with handheld devices. There are multiple mail clientes capable of doing and all your mail is still encrypted on the server. Proton just made an alternative implementation that forces you into proprietary systems because it’s more convenient for them.
Those kinds of setups with servers encrypting your mail and still delivering over IMAP are fairly easy to implement, here’s an example. They simply decided to go all proprietary.
The reason I would not compare it to XMPP is because they are still using SMTP. It is when they stop using SMTP or force others to use something e
On a generic mail system SMTP is used in two places: 1) from your mail client to your provider and 2) between your provider and other providers. Proton is NOT using SMPT for the first step, making it non-standard and much more closed.
Any e-mail service that doesn’t provide standard IMAP/SMTP directly to their servers and uses custom protocols is yet another attempt at vendor lock-in and nobody should use it.
What Proton is doing is pushing for vendor lock-in at any possible point so you’re stuck with what they deem acceptable because it’s easier for them to build a service this way and makes more sense from a business / customer retention perspective. Proton is doing to e-mail about the same that WhatsApp and Messenger did to messaging - instead of just using an open protocol like XMPP they opted for their closed thing in order to lock people into their apps. People in this community seem to be okay with this just because they sell the “privacy” cool-aid.
People complain when others use Google or Microsoft for e-mail around here, but at least in those providers you can access your e-mail through standard protocols. How ironic it is to see privacy / freedom die hard fans suddenly going for a company that is far less open than the big providers… just because of marketing. :)
Proton is just a company that wants profits and found out there was a niche of people who would buy into everything that they label as “encryption” and “privacy” no matter what the cost. They’ve learnt how to weaponize “privacy” to push more and more vendor lock-in. Not even Apple does this bullshit.
Now, I can see anyone commenting “oh but they have to it because of security” - no they don’t. That’s bullshit.
Any generic IMAP/SMPT provider + Thunderbird + PGP will provide the same level of security that Proton does - that is assuming they didn’t mess their client-side encryption/decryption or key storage in some way. PGP makes sure all your e-mail content is encrypted and that’s it, doesn’t matter if it’s done by Thunderbird and the e-mails are stored in Gmail OR if it’s done by the Proton bridge and the e-mails are on their servers, the same PGP tech the only difference is the client. So, no, there isn’t the reason to do it the way they do it besides vendor lock-in.
And isn’t that the point? I don’t have time nor do I want to learn about PGP and how to encrypt email. Someone sells that service, great. And it is not like I cannot send normal emails to anyone else. They are using the same standard, not some made up version of SMTP (when sending to other servers, I assume any email from client A to client B both being Proton customer never leave their server, so no need for a new protocol).
Proton themself provides a way to export emails in a decrypted format. It is even cross platform. https://proton.me/support/proton-mail-export-tool And all they do is open source, here is the code for their mail server: https://proton.me/support/proton-mail-export-tool. They seem to be using ordinary standards, but what do I know?
I cannot agree with you and I do not think your arguments holds, I would even go as far as to say that they are flawed (example being claiming “closed thing” while being fully open source using open standards). It seems to me that they have something that people are willing to pay money for. You are not one of them (nor am I).
I don’t personally use them as an email provider because of the limit on how many domains they allow as a standard.
I don’t disagree with you, I believe it as well. PGP is it stands is cumbersome.
The thing is that could’ve still implemented a easy-to-use, “just login and send email” type of web client and abstracted the user from the PGP complexities while still delivering everything over IMAP/SMTP.
You assume correctly, but when your mail client is trying to send an email instead of using SMTP to submit to their server, you’re using a proprietary API in a proprietary format and the same goes for receiving email.
This is well documented and to prove it further if you want to configure Proton in a generic mail client like Thunderbird then you’re required to install a “birdge”, a piece of software that essentially simulates a local IMAP and SMPT server (that Thunderbird communicates with) and then will convert those requests into requests their proprietary API understands. There are various issues with this approach the most obvious one is that it is an extra step, there’s also the issue that in iOS for eg. you’re forced to use their mail app because you can’t run the bridge there.
The bridge is an afterthought to support generic email clients and generic protocols, only works how and where they say it should work and may be taken away at any point.
Delivering your data over proprietary APIs doesn’t count as “open standards” - sorry.
https://proton.me/support/android
https://proton.me/support/ios-iphone
They do lock you in on handheld devices but that seems to be a consequence of the fact that they are storing all emails encrypted on the server. After reading this link (“[…]Since IMAP can’t decrypt your emails[…]”), I agree that they are just implementing PGP with an extra steps and creating an unneeded layer (the bridge).
The reason I would not compare it to XMPP is because they are still using SMTP. It is when they stop using SMTP or force others to use something else that I would be very worried.
Yes, that’s precisely the problem there. You can use PGP with any generic IMAP provider and that will work just fine with handheld devices. There are multiple mail clientes capable of doing and all your mail is still encrypted on the server. Proton just made an alternative implementation that forces you into proprietary systems because it’s more convenient for them.
Those kinds of setups with servers encrypting your mail and still delivering over IMAP are fairly easy to implement, here’s an example. They simply decided to go all proprietary.
On a generic mail system SMTP is used in two places: 1) from your mail client to your provider and 2) between your provider and other providers. Proton is NOT using SMPT for the first step, making it non-standard and much more closed.