Well, that in my eyes is a very solid advertising in favour of ProtonMail.
And it's not like Russians, Chinese and generally people in countries whose governments are in the habit of censoring the internet aren't used to using Tor and/or VPNs to dodge censorship.
>Well, that in my eyes is a very solid advertising in favour of ProtonMail.
In context of 5/9/14+ eyes, the nomenclature of solid advertising might differ from your interpretation, where perceptions matter ─ ranging from honeypots, compromised Tor exit nodes to dubious VPN providers, absence of warrant canaries to flawed encryption products etc. It is probably best to exercise caution and remain sceptical, rather than start endorsing products, based solely on a single random event.
We all work with incomplete information and we have to deal with that every day. Your comment to me reads like "you can be killed by a micro-meteorite if you go out so stay in an underground bunker".
Of course there are flawed VPNs and honeypot Tor nodes out there. The fight to track people and censor information is ongoing 24/7 around the globe.
Random event or not, if a government feels that it has to plug a leak as opposed to pwning/backdooring it then to me this means they chose the lesser evil and they really cannot crack ProtonMail. If that's indeed the case then this sends the message to me that I'd like my email to be better protected and I might switch away from GMail.
Whether there is a bigger game involved though, I can't know. Can you?
>if a government feels that it has to plug a leak instead of pwn it then to me this means they chose the lesser evil and they really cannot crack ProtonMail.
The government does not need to tell you anything and when it says it can't 'break' something, try and remember ─ you can dance like nobody is watching, but make sure you encrypt like everybody is watching.
Not sure why you're getting downvoted: just because ProtonMail allegedly refused to cooperate with Russia, it doesn't mean they must act similarly when the request comes from a nation that can leverege more diplomatic pressure.
Yes, but if Russia can't crack it, and needs to go the diplomatic route, that's a good attribute for your privacy software to have regardless of where you live.
I would be very surprised if certain agencies wouldn't have a nice search box for any content on ProtonMail (as it is for Gmail, etc if we believe Snowden).
Google engineers have admitted in print that their inter-DC links were not encrypted.
Marissa Mayer admitted in print that she allowed the government to install a linux kernel module to sniff email traffic for keywords, among other things.
> Google engineers have admitted in print that their inter-DC links were not encrypted.
Didn't Google qua Google, not mere engineers, do that by publicly announcing that they were upgrading security by encrypting them in the wake of the Snowden leaks?
The difference was that number one Lavabit was made by a US citizen, and its servers were in the USA. Number two, Lavabit kept all keys to your email at their own premises and could de-crypt your email on their side. Protonmail cannot do so, because your password is a part of they key to decrypt email, and they do not know it, nor they can crack it in a reasonable amount of time, so AFAIK there is nothing they can provide LE with to decrypt your email on the go.
If you access ProtonMail via their web app, all that's needed to steal your password and decrypt email at will is a few quick changes to the index.html they serve you. This could be targeted to specific users, and once the password is exfiltrated, the page can be reloaded, leaving no trace of the attack. Anyone with access to ProtonMail's back end code or infrastructure could do this. So at least in the case of their web app, they could absolutely provide LE with whatever they wanted in a way that would be quite difficult for the average user to detect.
I don't know whether their mobile apps also trust the server in the same way--by loading content or js from the server. If not, then those could potentially offer a more secure alternative since the same attack would now require an update for all users, which would leave evidence behind. Of course, you still have to trust that any users you're sending email to also never submit their passwords to the web app.
> If you access ProtonMail via their web app, all that's needed to steal your password and decrypt email at will is a few quick changes to the index.html they serve you. This could be targeted to specific users, and once the password is exfiltrated, the page can be reloaded, leaving no trace of the attack. Anyone with access to ProtonMail's back end code or infrastructure could do this. So at least in the case of their web app, they could absolutely provide LE with whatever they wanted in a way that would be quite difficult for the average user to detect.
Have you considered how proton mail filters spam? It has to be stored in memory for this to happen before it's encrypted and flushed to the disk.
Unless your emails are encrypted for you on someone else's client before they're sent to your protonmail, in which case protonmail still has all of the metadata (time sent, where it was sent from, length of the message, etc.)
Do you believe proton mail can keep state level actors like Russia, China, and the United States out of their prod infra?
They may be "mostly" subpoena proof as in they can't disclose old emails, but do you trust them to not hand over your data before it's encrypted?
Do you use protonmail? I do, and I'm finding it actually refreshing to see spam and phishing emails in my inbox. At first I thought, why aren't they blocking this? Then I realized, "oh right, that's because they aren't reading it".
> Do you believe proton mail can keep state level actors like Russia, China, and the United States out of their prod infra?
No, I don't believe they'll be able to keep state actors out of their servers indefinitely. But it's more a matter of what the state actors find once they've gained access. As I understand it, the architecture of the service is what prevents protonmail themselves, as well as any intruder, from reading the encrypted mail files[0].
I actually do. I don't use their app, only the website. Their JS files are served from my own webserver so I do know their content. Besides, nothing stops someone super-paranoid to check the JS code upon login before they put their password in.
> Protonmail cannot do so, because your password is a part of they key to decrypt email, and they do not know it, nor they can crack it in a reasonable amount of time, so AFAIK there is nothing they can provide LE with to decrypt your email on the go.
I don't think this is true. A hash of the password could be part of the key, but Protonmail already has that hash stored on its server (otherwise they would not be able to log you in when you send the password hash). If Protonmail would like to access your emails (or be asked to do so), I'm confident that they technically can. The only benefit is when a hacker get access to the email database, but not the password hash database, then in this case the hacker cannot read the emails.
You have to use vpn to access the website which contains the web version but only desktop installer. The app itself works just fine. Futhermore it can be downloaded from W10 or OSX app store with the only limitation being lack of autostart.
It's way too popular, too many people would get angry.
Telegram was just the right size — not so tiny that only a few nerds use it, but not so big that the majority of normies have adopted it. And there was sort of a personal conflict, government people don't like Pavel Durov..
"Roskomnadzor said that ProtonMail had refused to provide Russian authorities with information on the owners of email accounts allegedly associated with fake bomb threats."
I know ProtonMail is denying they got requests but hopefully this is a good advertisement for their willingness to protect individuals.
It's not Protonmail who's to be blamed for the potential attack and deaths. There are series of events that lead to people deciding to be terrorists. I'd focus on those reasons rather than hotfixing stuff by exposing 99.9% of other Protonmail users.
I would never opt in to affect 99.9% of users because of 0.01% of users. We are all educated enough through events in recent history that clearly tell us how similar use cases lead to abuse, every single time without exception.
Given these constraints, Russia's decision to block Protonmail is perfectly fine and the only logical outcome.
Yeah, why aren't breathalyzers mandated in every vehicle? Even though we as a society pretty uniformly agree (from the people I've spoken with) that drunk driving is bad in every case, why don't we resort to such extreme measures?
Why don't we just strip prisoners naked and keep them in glass cages? We would certainly need fewer armed guards if that were the case.
Following up on the "bombs and guns and explosives" comment:
1) protonmail should not be guilty in the same sense the bus drivers that drove the two buses where two terrorists rode, should also not be guilty
2) to orchestrate an attack it takes "a long time", you need plenty of money, guns/ explosives, you need the training, you need the storage, you need the know-how..
there are so many steps in that process where someone can be busted.. also keep in mind that most terrorist organisation are already infiltrated, and the "agents" are just waiting for the right time to bust them (not too early so they have enough evidence/they learn more about the connections/ resources) and not so late that there is a chance for the attack to go through.
This is why London attacks wete effective, it was lone wolves.
Every time I see in the news that "a bomb failed to go off and X arrests were made" I feel that the 3-letter-agencies gave "them" playdoh instead of <insert explosive>.
I agree with your reasoning, and I hear this reasoning a lot in the technical community. I wonder if you evenly apply this to other political issues? There's an incongruity in how people think about privacy rights in the Western world and how they think about property rights, especially in relation to self-defense.
It may be painting with a broad brush to assume the inconsistency in views is among a group of people vs a single individual.
Most individuals who hold a view based on logical principles tend to be consistent on that application while people who react more emotionally will tend to flutter in the wind more.
I can understand this in the specific context of Russia, but I honestly don't understand this as a general principle. Allowing the police to convince a judge to issue a warrant for information on a few ProtonMail users doesn't expose 99.9% of other ProtonMail users to anything. Why would a warrant to kick somebody's door down be okay while a warrant for this is not? Are you opposed to all types of police warrants?
There is a balance between privacy and catching bad guys, but I often get the sense that much of this community believes the police should never be able to invade somebody's privacy even if they have evidence that person committed a crime. That doesn't seem like a sensible balance to me, and it's an extreme position to take. Am I misunderstanding?
The most important point - The owners of ProtonMail cannot decrypt the email of their customers.
Second, a warrant for breaking into physical property in their jurisdiction is very different than digital property on servers in a different country. For one, Russia's judges have no authority there.
It seems you are writing two contradictory arguments. On the one hand you say hotfixing is no solution for terrorism. On the other hand you say blocking Protonmail is fine. Is there some irony that I missed here?
I don't see contradiction there. He is against proton mail disclosing information of its users, and if Russia decides to block access to their service in revenge, so be it.
Any tool/service private and strong enough to protect political dissidents, opposition journalists and all the 'right kind of people' will inevitably be used by criminals as well. If they can choose to reveal information about one group they can be forced to reveal information about anyone.
The only real way around that is to make it private, invite only, and vetted and only invite people with a large enough public presence to be able to have a chance at figuring out if they're the 'right kind of person' which means it can't be open to the average person.
If Russia had a functioning democracy, with rule of law and an independent judiciary, if Russia's legal system resisted abuses of power, if law enforcement protected the people's interest against the interests of oligarchs and the politically connected instead of vice versa, I might have a different view.
But I have little confidence that surveillance requires warrants, or that warrants are only issued with valid probable cause of real crimes, and not against dissidents, journalists, political adversaries and business competitors.
Therefore, ProtonMail's only moral and ethical response is to refuse to cooperate with Russia's law enforcement.
The same would be true in China if ProtonMail was available there.
And given what we now know about the US, UK, Canada, Australia and New Zealand, I'd have to say they've become more like Russia than most care to contemplate.
> And if those bomb threats proved right and people get killed?
Do you think Proton are the only people who don't trust the Russian police, and provide them with less information as a result, reducing their ability to solve real crimes?
One of the predictable side effects of having a police force / legal system that is used by the powerful to crush dissent that people don't trust you, even when there really are real threats.
See also the HK protests regarding the extradition bill, which was prompted by a guy who genuinely did murder his girlfriend in Taiwan.
This way of thinking will only ever displace the problem and not solve it. What mean is used to send these bomb threats matters little as the perpetrators can always shift to something else.
I mean they could literally just use a physical mailbox, a burner phone, etc., and you'd have absolutely no idea who sent it either and the problem would be the same.
Let's not even start with the implications of governments being able to access communications such as journalists and their sources.
I hope so. When the phone system was manually-operated switch boards, should the phone companies have been responsible for listening to every call and reporting suspicious activity to the police?
That's not the same scenario. Your scenario involves listening to everyone. The GP's scenario involves listening to a specific person with probable cause.
Given that the police wanted information after having already received the threats, they had to have requested some combination of historical and future data. They almost certainly wanted historical data primarily so that they could find the person who sent the threats.
There's no way to satisfy requests for historical data without capturing data from everyone.
They don't need to. They only need to turn over data they already have for that user and potentially any future data that is generated for that user. Wiretaps work the same way.
I hate this argument. So there was no crime before email? If you have pc, go get a wire tap or install microphones in their house or get an informant to infiltrate. Police work is hard and requires work but it is also what grants us presumption of innocence.
You aren't going to do well here with this argument.
There exist principles, which are action guiding rules. We use principles to keep ourselves from being swayed away from certain behaviors which we believe hold value. For example, many martial institutions hold some variant of the "death before dishonor" principle; this rule basically implies that you will choose to die before fleeing battle. Even though there are many pressures to change behavior, which may be VERY great in the moment, holding to your principles will allow you to lead a structured life guided by rules that you care about.
Corporations and business entities can also implement principles (to greater or lesser effect); ProtonMail enacts a principle of not sharing customer data. Thousands of companies hold to this same principle, which keeps honest business able to occur. Imagine if every company on Earth decided that they could sell any and all customer data. Banks selling stats on your income to car salesmen, Walgreens selling embarrassing photos of you too the press, etc. The world would be a fucking madhouse, commerce would break down, and millions would die as societies collapsed. A few lives that may or may not expire due to ProtonMail holding to their principles is nothing, comparatively. It would happen one way or another, just with a different email service.
You got downvoted but I can't completely disagree with what your saying. I wish there was something in between where you could expose bombers and pedophiles without exposing normal people even with extreme views.
As I recall, there was at least sometimes a system of passwords so the police could verify the caller was who they said they were, and they'd take the threat seriously.
Because if the tip is non-anonymous, the person making it is automatically the only known suspect.
It's not the difference between anonymous tip and non-anonymous tip, but between anonymous tip and no tip at all, because no one wants to be punished for doing the right thing.
Remember Richard Jewell from the Atlanta Olympics?
It's so sad, but that's why I wrote that protection of the person who called in is crucial. But with cases like this I understand why people don't trust the police with reporting bombs.
Some people don't trust the police with anything at all.
They aren't wrong. Federal circuit judges and the Supreme Court have ruled that police have no duty to protect anyone in particular. They routinely suffer no meaningful negative consequences for serious failures in their work, including killing people who are unarmed, not resisting, and not suspected of committing any crime.
And after the Boston police screwed up the Mooninite promotion for Cartoon Network in 2007... well, it's enough to say that Turner had to pay for and publicly apologize for the police response to their fancy LED-illuminated handbills--absolutely Kafkaesque.
If I ever find a suspicious package, I'll certainly alert bystanders to retreat. I'll pull the firm alarm on my way out. I'll call the firefighters. I'll call the local newspaper and television station newsrooms. I might even call the triage nurse at the nearest ER. But someone else can be the one to call the cops.
A chance that an anonymous bomb tip will turn out to be true is very small. But it's not zero.
Now, for a second, imagine that it really happened. And you're the official who decided "no, we will not act on this". And this decision is in the records. Does this situation look good to you?
It's not the official who decides, it should be a general policy.
If you look at a similar case, in US. SWAT-ting can be anonymous and can destroy lives, the assymetry of the tips and the resources destroyed by a false tip is unacceptable.
The same way for a bomb threat, the officer should act by requiring identification and guaranteeing that it stays private as long as the bomb is real.
In the IRA's campaign in the mainland UK in the 1970s, they would provide a codeword along with the tip, after the first bomb the receivers would know that subsequent calls with the same codeword were legitimate.
IDIOT ANCHORPERSON COVERED IN MAKEUP: Breaking News: We've just learned that the bombing that killed 152 people in the Podunk Shopping Mall today was known in advance to the police, but they did nothing to inform the public! Now to our reporter on the scene.
LOSER IN A SUIT: Hi, this is Rob Harasser, coming to you live from the Podunk Police Headquarters. This is Detective A. Buser Skeptic. Detective Skeptic, I understand you got a call this morning before the bombing?
WIFE-BEATER IN A MUSTACHE: Yeah, someone called me this morning. It was hard to hear them, but they said a lot of people would die in the mall today. I asked who was calling and they hung up.
LOSER: Did they say they were going to bomb it?
WIFE-BEATER: Yeah, they did say something about "a bomb", but I couldn't hear them clearly.
LOSER: Did you trace the line?
WIFE-BEATER: I did. You know, people think that if they hang up fast enough, we can't trace calls, but that's not true anymore. Even though they called the non-emergency number, I knew where they were calling from in ten minutes. It was a payphone outside the mall. Did you know there are still payphones outside the mall?
LOSER: Why didn't you warn people?
WIFE-BEATER (looking sad): I thought it was some kid playing a joke.
PANCAKE-THICK MAKEUP FACE: Well, there you have it, folks. The police knew, and they didn't tell us.
Do you agree with me about what would happen in a case like this, and just think I've explained it badly? Or do you disagree with my actual reasoning, and if so, what do you think would happen instead?
That reply really falls short of engaging in any actual reasoning, to say nothing of civility — can't you do any better than that? I explained in some detail why police don't ignore anonymous bomb threats, and your only response is to try to insult me. This is disappointing and does not rise to the level of conversation I expect to see on this site.
Oh, you're right. It was a personal attack based on just how weird your fictional dialogue was, but personal attacks are anathema on HN. I apologise for mixing up platform social norms.
Please atone by responding to it with a thoughtful critique of my outline of the incentive structures of the different actors in the situation, or of my presentation thereof, even if you don't normally do such things. I know that's hard work, and you may doubt you can do it, but I have faith in you.
Read the names of the actors in your dialog. I'm less concerned with the incentive structure that you outline, and more concerned with the implicit negative bias you assign to them all and how that changes the narrative. Let's have a look:
IDIOT ANCHORPERSON COVERED IN MAKEUP
LOSER IN A SUIT
WIFE-BEATER IN A MUSTACHE
PANCAKE-THICK MAKEUP FACE
How is it that you planned to construct a useful dialogical analogy with such disparaging character names. It seems you are less interested in illustrating incentive structures than you are in shaming fictional characters. This is why I recommended therapy.
Many commenters seem to miss the most important point here.
If users from Russia can't access ProtonMail - that's not that much of a deal. But if mail from ProtonMail stops reaching Russian email addresses - @mail.ru, @yandex.ru are as common in Russia as @gmail.com - that's a big problem for ProtonMail and its users.
The only reason ProtonMail is blocked is desire of Russian authorities to access contents of ProtonMail user's emails, which ProtonMail didn't consent to.
Since the authorities have access to mail.ru emails, their wishes can be partially fulfilled only if mail.ru continues to receive mail from ProtonMail. So I'd bet it'll still work.
That is probably more concerning, although ProtonMail is not something I typically see outside of the HN crowd and similar. I met only one total stranger who gave me a ProtonMail email address.
I was considering moving to ProtonMail (honestly, not being able to send mail to Russian addresses is now a blocker), but if I ever do, I won't give you a @protonmail address either, because I won't have one.
If you want to actually own your email address, it should be on your own domain. Then you can change your mail provider without changing your primary email address.
I have yet to get told a personalized email address to this day. I want to make a shift to a personalized email domain, but I have yet to go through with it. I want a domain thats easily memorable and easy for almost anybody to type out.
This, for me, is the reason why I still give out my personal @gmail.com address because people understand that. It is troublesome enough to explain people how to spell my name correctly, the last thing I need is that I have to spell the part after the @ sign too.
It isn't just Russia. Every major country is increasing surveillance drastically. As for smaller countries, well they're probably covertly manipulated by the bigger powers to such an extent that their claim for privacy is valid only so long as you don't cross one of the big powers.
And if all else fails, it seems outright bans are being increasingly used.
The best way to pushback against this would be if all of us would choose to deliberately use anonymous services. No govt can afford to ban millions of people including businesses. But of course that won't happen, so everyone's privacy is suffering as a result. It is not inconceivable to think of a future where encryption and Internet access as a whole are regulated and licensed out. That'd be the death knell of online anonymity, which I suspect was always just a flash in the pan... it was never going to last when the masses and their govts got their hands on the technology.
Every country is increasing surveillance, but Russia is one of the few big economies where authorities don't give a shit about laws, even changing the Constitution in a few days to keep the dictator in power.
Pretty much, but that isn’t the idea behind this block. Someone used ProtonMail to send a lot of different bomb threats to the police. Because of this block police now have some legal ground to ignore those threats.
It seems all evidence is based on the emails sent by the author of the bomb threats. I don't think it works as evidence against this being an inside job.
Agreed that it’s not possible to know for sure what’s going on. But it’s not the first time this kind of stuff happens however it’s the first time action was taken.
Not really, most people that use ProtonMail "heard" it was safe but aren't using VPNs daily and would probably struggle to find out how to incorporate it into their daily routine correctly with split tunneling. The smart people host their own email, not rely on someone else.
Hang on, I need to call my peat guy, who assured me that one meter was sufficient. Also, you have to line that tank with shotcrete.
Hosting locations matter when you are buying network-delivered services. Even if it is trivial to bypass for the user, this one time, jurisdictional risk to the provider is something that you have to consider as a factor when comparing competitors and self-host options.
and when a lot of people are talking about 'self-hosting' they're mostly talking about a VPS they rent from some provider who could vanish just as easily as Proton can. I'd like to see the numbers on how many self-hosting evangelists (I don't mean that term pejoratively. I think self-hosting is great) are actually talking about metal they physically control.
Generally, that is why you'd build in redundancy and backups so that if your VPS provider, or cloud provider stopped working you could bring the service back up very quickly, however self-hosted email has proved reliable overall and there are even Helm charts for Kubernetes.
I can't tell where you want to draw the line. I personally have a couple physical servers in a cage. I do not own the data center in which they reside. Does that count?
If I don't "self-host", then neither does the corp I work for, with hundreds of machines in other people's DCs...
My original (sort of absurdist) point was exactly that; saying "here's the line between 'smart people' and 'non-smart people'" is both pointless and rude.
Everyone has different threat models and resources.
As someone with more than one weird hobby, I'm pretty sure conflating 'smart' with 'committed to weird hobbies' is a sin weird hobbyists of every stripe commit.
And even in this case you can't rely on your domain registry not to change your DNS without your consent. And there's not really a big chance you own a dedicated IP address.
I've heard it's relatively common to get allocated an IP that has previously been abused by spammers, or certain providers will reject incoming mail from IPs that have no reputation (but then how can you build reputation?).
I've been considering leaving Gmail for a privacy focused email service but it seems so difficult to switch. So many accounts and services have my Gmail registered, I don't think I could collect them all. Can anybody using ProtonMail (or any other privacy focused email) recommend it? I feel like choosing an email provider these days is as serious as choosing a bank.
One "downside" is having to run the local bridge application that proxies / decrypts your emails if you want a regular desktop client (say thunderbird) connect to it. Other than that haven't had any problems. Also the android app is really nice and so is the web client.
Been running gmail and proton side by side for over a year, slowly moving all accounts and redirecting contacts to my proton address. Really suggest getting a custom domain so moving providers is as easy as changing MX records in the future.
I'm moving away from gmail in favour of protonmail, so far I've experienced no issues.
I've emailed my contacts informing of the switch, and I'm passively migrating important accounts/services; in fact, this forced me to consider which services are actually important and worth receiving e-mail from. If I go a couple of months without getting e-mails from some service and nothing bad comes from it, then I probably won't ever read it anyway and it's not important.
As soon as their mobile app is better, I'll likely switch to their paid service, although a private calendar and a corresponding quality app would make the 5€/month seem like better value for money.
I set up auto forwarding from my Gmail to my Protonmail and an auto reply from my Gmail that informs the sender that I have a new address (not including the new address). After a few months of this I had everything switched. I still maintain my Gmail account, but no new mail is going through it.
Buy a domain and use an email provider which supports custom domains (and maybe catch alls) and use this domain from now on. Makes switching providers way more easy as you don't use their domain in your email everywhere.
> so difficult to switch. So many accounts and services have my Gmail registered, I don't think I could collect them all.
Register a domain (e.g. something23423.de for 15USD/year) and use that as your primary email address (e.g., name@something23423.de), then connect it to any provider you wish underneath via editing the MX records at the registrar. Many email providers support this and have instructions [1,2,3].
You can have Gmail then forward all emails to your new address, and then each email that arrives from Gmail, you know needs updating to the new address.
You do not need to change your email address when switching providers.
Proton user and content with it overall. Note that you don't need to switch. Make Proton your primary email and keep Gmail alongside. You can do the switching at your own leisure and reconfigure accounts as needed. Can keep Gmail for low-value subscriptions and spamcatcher. Also could automatically forward from Gmail to Proton (or other privacy-aware provider).
I am using both Proton Mail and VPN and am quite happy with it.
In your case deeper problem is that so much of you digital life depends on a single point of failure - your Gmail account and it can go in a blink of an eye.
Trick for a switch is to do one a time. Next time you visit a site, go to setting and set email to your new provider, like timpy+nytimes@protonmail.com or whatever.
Also can advise you password manager, like 1Password, that will make switch and maintenance much easier.
I use ProtonMail as my primary email address, I kept my Gmail account (auto-forwarding to Proton), and little by little I've been updating all my newsletters and accounts. Very little mail now passes through my Gmail, but I probably won't ever delete the account just in case.
When I switched from gmail to Fastmail I just slowly switched everything over. It took a few years before I was comfortable killing the gmail account. But I got there.
I don’t know how reliable Proton Mail is, but Fastmail has been rock solid for me.
That said, Russia banning Proton Mail is one hell of an endorsement for Proton Mail, in my estimation. I want to believe in the dream of ubiquitous end-to-end encrypted email. I don’t know if Proton is the right manifestation of that, but it certainly doesn’t hurt in terms of keeping the dream alive. So, I wouldn’t want to wave anyone off Proton, even though Fastmail is a great service.
I think the major problem with any PGP Mail system is that nobody else uses it. I have a semi-technical friend who, for ideological reasons, decided to switch to Proton Mail. I dusted off a GPG-capable email client and provided him with my public key. After some technical headaches we exchanged a couple of emails and promptly went back to organizing the occasional happy hour or movie outing via Signal.
I use it for my primary email, absolutely no complaints about it. The web interface is nice and clean, the app is pretty good too. I migrated from Gmail about five years ago (after an invite from a friend) and I've not looked back.
It is quite good but I have found several issues which are annoying and solved by competition.
Protonmail bridge on linux has problem with attachments bigger than 2 MB and it disconnects a lot.
Android app is mediocre at best:
- feels really slow
- shows notifications for emails already read on web
- deleting or moving email to different folder waits for confirmation from backend which is really confusing (you can still see deleted emails but you can't delete them again)
I hope they will work on those UX issues otherwise I really like it.
I had an experience changing email address in the past and it's not that difficult, it's just time consuming. What I did is said to myself "that's it, I'm using this new address from now on". Then over the course of a year I monitored old email and evaluated each message. If I needed it (online shopping account, banking, etc), I went to whatever service sent it and changed my email. Some services don't support changing emails, in that case I would accept the loss and create a new account.
> Can anybody using ProtonMail recommend it?
Privacy concerns aside, to me it's not better nor worse than any other email provider. There is a caveat though. On Android (and web app) you can't search through messages' bodies, only by subject/sender/etc. This is because they don't index them. You can do this on desktop if you're using Bridge app with, say, Thunderbird. Thunderbird then will do the indexing.
As part of my degoogling plan, I opted for Posteo. Upsides are that they are recommended by the FSF [0], and they run on an open source software stack [1], and were in the business for a good number of years.
Changing my old address wasn't as much of a pain as I thought it would be, I personally needed to update around 30 services.
After all this was done, I felt better, and still do after 2 years. Not sure of the other aftereffects regarding privacy and such. But I voted with my wallet, that's for sure.
The approach is a lot more flawed than people necessarily realize. If I move my health insurance, my credit cards, banks, and utilities to protonmail, I'm not sure it's changing much. My credit card company is directly selling my information, and it doesn't matter if they emailed me some information or not. The same goes for the utilities. Gmail can't get at the information, which is a bonus, but they might simply be buying the information about you instead of scraping it from your inbox. Everyone else (the financial companies, the utilities, etc) are already selling your information.
i’m doing it. forward all gmail to proton, reply from proton mail only. unsubscribe or more all junk over. eventually you’ll be fully switched over. takes time.
definitely use a custom domain so you never have to do this again.
I use ProtonMail and I still use my Gmail. I put the really important stuff like bank info etc with ProtonMail and keep things like Blog Subscription emails with Gmail.
I've been using protonmail for the last 3 years, and I've been satisfied with it. For the switch, you don't have to do it at once. I've been migrating services one by one (but I'm quite the procrastinator), and still receive some mail on the gmail account. But I use PM as the primary email for new contacts and new services.
I switched a few years back. forwarded all mail from gmail then set up a filter that adds a label "GMAIL" in red text. anytime you see that label, go to the site and switch to protonmail.
I'm at the point now where I only get see that label every one in a blue moon. I'll probably switch over for good soon enough but I'm not in a rush either
Can you not forward email from Gmail to ProtonMail?
Regardless, use them in tandem and start moving every service over one by one. That is what I did and after a few months, no more Gmail.. and I am very happy that I made the move.
It's been great. Only downside has been some small hiccups with saving drafts via iOS app. The web app seems to be the source of truth and always reliable.
I know it's easy to play conspiracy, but after watching this piece [0] on "active measures", it wouldn't surprise me that FSB finally found a way to hack proton mail, or the way to circumvent the block will expose some part of it. Hence this measure.
> it wouldn't surprise me that FSB finally found a way to hack proton mail
Well, I certainly wouldn't consider that such a big achievement[1]:
> German security expert Thomas Roth published a video over the weekend showing how he exploited a trivial vulnerability found in ProtonMail's systems: using the Chrome web browser's developer mode, he was able to edit an outgoing message to embed arbitrary JavaScript code, which was executed in a would-be victim's browser when opened within the ProtonMail.ch site.
> Roth said he had released the video now because ProtonMail had fixed various flaws he reported back in May via email. However, the Swiss consortium hadn't credited or warned users of his discovery, he claimed, hence his open disclosure of the bugs.
> "The reason I posted the video was because they did not communicate the security problems to their users – and did not even notify me when the bugs were patched," Roth told The Register.
> The researcher said he had reported five vulnerabilities including a cross-site request forgery bug that apparently allowed an attacker to change victims' email signatures, further opening them to malicious cross-site scripts.
This sort of reasoning is almost always spurious. Without enough facts about the truth, people try to think about what the motivations of different entities would be, and then assume that those entities are able to pursue those motivations.
Usually, there is not enough information for a 3rd party observer to actually know the motivations of a large group, or know enough about the facts to know whether those groups were able to successfully pursue their incentives.
Agreed. I do admit it's the "easy" thing to do. I usually resent people who think everything is a conspiracy, but tbh, apart from encrypting everything you upload everywhere, I don't know how to "be safe".
Not that I'm concerned that government agencies would want to "hunt me down" or anything. I'm more concerned of what hackers will be able to do when they steal that info from the government (i.e., very ellaborate and credible scams to close family impersonating me).
Russia, unlike Saudi Arabia, is a democracy. They have elections. If the Russian people wanted to throw the regime out, they would have.
Yes, you could make a good argument about propaganda, freedom of the press, and the unfortunate things that happen to leaders of opposition to Putin. But that is all to make the the population doesn't want to throw the regime out, not that it can't.
Iran an NK both have elections. As for Russia, it casually ignores evidence of election fraud (as in literally throwing in stacks of ballots by local officials caught on camera). Also the official vote results in some especially democratic regions show over 99% support for the putin party, would you claim this result to be possible in real elections?
An election where the public isn't free to get a real opposition candidate on the ballot, isn't a real election. Even if the rest of it was remotely free which it is not, it doesn't matter if you're offered Hobson's choice.
ProtonMail has also been blocked in the Luhansk and the Donetsk People's Republic. Few will notice it. The people who live in those unrecognised states mostly use Yandex Mail, Mail.ru and Gmail.
And it's not like Russians, Chinese and generally people in countries whose governments are in the habit of censoring the internet aren't used to using Tor and/or VPNs to dodge censorship.