• branch@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    9 months ago

    Any generic IMAP/SMPT provider + Thunderbird + PGP will provide the same level of security that Proton does - that is assuming they didn’t mess their client-side encryption/decryption or key storage in some way.

    And isn’t that the point? I don’t have time nor do I want to learn about PGP and how to encrypt email. Someone sells that service, great. And it is not like I cannot send normal emails to anyone else. They are using the same standard, not some made up version of SMTP (when sending to other servers, I assume any email from client A to client B both being Proton customer never leave their server, so no need for a new protocol).

    Proton is doing to e-mail about the same that WhatsApp and Messenger did to messaging - instead of just using an open protocol like XMPP they opted for their closed thing in order to lock people into their apps

    Proton themself provides a way to export emails in a decrypted format. It is even cross platform. https://proton.me/support/proton-mail-export-tool And all they do is open source, here is the code for their mail server: https://proton.me/support/proton-mail-export-tool. They seem to be using ordinary standards, but what do I know?

    I cannot agree with you and I do not think your arguments holds, I would even go as far as to say that they are flawed (example being claiming “closed thing” while being fully open source using open standards). It seems to me that they have something that people are willing to pay money for. You are not one of them (nor am I).

    I don’t personally use them as an email provider because of the limit on how many domains they allow as a standard.

    • TCB13@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      9 months ago

      I want to learn about PGP and how to encrypt email. Someone sells that service, great. And it is not like I cannot send normal emails to anyone else.

      I don’t disagree with you, I believe it as well. PGP is it stands is cumbersome.

      The thing is that could’ve still implemented a easy-to-use, “just login and send email” type of web client and abstracted the user from the PGP complexities while still delivering everything over IMAP/SMTP.

      They are using the same standard, not some made up version of SMTP (when sending to other servers, I assume any email from client A to client B both being Proton customer never leave their server, so no need for a new protocol).

      You assume correctly, but when your mail client is trying to send an email instead of using SMTP to submit to their server, you’re using a proprietary API in a proprietary format and the same goes for receiving email.

      This is well documented and to prove it further if you want to configure Proton in a generic mail client like Thunderbird then you’re required to install a “birdge”, a piece of software that essentially simulates a local IMAP and SMPT server (that Thunderbird communicates with) and then will convert those requests into requests their proprietary API understands. There are various issues with this approach the most obvious one is that it is an extra step, there’s also the issue that in iOS for eg. you’re forced to use their mail app because you can’t run the bridge there.

      The bridge is an afterthought to support generic email clients and generic protocols, only works how and where they say it should work and may be taken away at any point.

      while being fully open source using open standards

      Delivering your data over proprietary APIs doesn’t count as “open standards” - sorry.

      • branch@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        9 months ago

        https://proton.me/support/android

        We don’t currently integrate Proton Mail with third-party email clients on Android. Third-party email clients for Android are not capable of the encryption and decryption processes Proton Mail performs.

        https://proton.me/support/ios-iphone

        Third-party email clients for iOS are not capable of the encryption and decryption processes Proton Mail performs to keep your data safe

        They do lock you in on handheld devices but that seems to be a consequence of the fact that they are storing all emails encrypted on the server. After reading this link (“[…]Since IMAP can’t decrypt your emails[…]”), I agree that they are just implementing PGP with an extra steps and creating an unneeded layer (the bridge).

        The reason I would not compare it to XMPP is because they are still using SMTP. It is when they stop using SMTP or force others to use something else that I would be very worried.

        • TCB13@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          9 months ago

          They do lock you in on handheld devices but that seems to be a consequence of the fact that they are storing all emails encrypted on the server. After reading this link (“[…]Since IMAP can’t decrypt your emails[…]”), I agree that they are just implementing PGP with an extra steps and creating an unneeded layer (the bridge).

          Yes, that’s precisely the problem there. You can use PGP with any generic IMAP provider and that will work just fine with handheld devices. There are multiple mail clientes capable of doing and all your mail is still encrypted on the server. Proton just made an alternative implementation that forces you into proprietary systems because it’s more convenient for them.

          Those kinds of setups with servers encrypting your mail and still delivering over IMAP are fairly easy to implement, here’s an example. They simply decided to go all proprietary.

          The reason I would not compare it to XMPP is because they are still using SMTP. It is when they stop using SMTP or force others to use something e

          On a generic mail system SMTP is used in two places: 1) from your mail client to your provider and 2) between your provider and other providers. Proton is NOT using SMPT for the first step, making it non-standard and much more closed.