• oktux@beehaw.org
    link
    fedilink
    arrow-up
    1
    ·
    4 months ago

    The problem is that almost no one uses PGP, as this vice article points out: https://www.vice.com/en/article/vvbw9a/even-the-inventor-of-pgp-doesnt-use-pgp

    If your goal is secure communication with other tech-savvy, privacy conscious people, then I agree that PGP is a reliable, time tested solution.

    But if your goal is to keep email providers from data mining your inbox, then Proton is an easy way to do that, no matter who you’re communicating with.

    • unexposedhazard
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      4 months ago

      How can proton protect your unencrypted emails? Unless you are writing someone that also uses protonmail or pgp, the emails wont be encrypted. This is barely an advantage at all over the existing system. You are just telling people to depend on this single point of failure, which is proton.

      You cant expect everyone to use protonmail, that would be unwise from a decentralization standpoint. The real solution is only using email for people that are unwilling or unable to use something other than email. For everyone else you should simply switch to different communications protocols that were made with e2ee in mind.

      • oktux@beehaw.org
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        4 months ago

        I think we mostly agree, and I appreciate you advocating for secure alternatives and privacy in general!

        How can proton protect your unencrypted emails? Unless you are writing someone that also uses protonmail or pgp, the emails wont be encrypted.

        That’s true. Proton can only encrypt your inbox in that case.

        This is barely an advantage at all over the existing system.

        I disagree. Having my inbox encrypted and using an email provider that doesn’t mine my data is certainly worthwhile for me.

        You are just telling people to depend on this single point of failure, which is proton. You cant expect everyone to use protonmail, that would be unwise from a decentralization standpoint.

        I’m not advocating Proton over other, more secure and private communication methods. My point is that, if you’re choosing an email provider, Proton is a good choice. They’re a nonprofit whose mission is privacy, and they spend considerable technical effort to ensure it.

        I would hate to see someone switch from Proton to Gmail or some other provider that doesn’t offer any privacy because they mistakenly think all providers are the same.

        The real solution is only using email for people that are unwilling or unable to use something other than email. For everyone else you should simply switch to different communications protocols that were made with e2ee in mind.

        To the extent that’s practical, I strongly agree. As you correctly point out, email is a plaintext protocol, and there’s nothing Proton can do about that.

        But if you do use email and not all your contacts have exchanged PGP keys with you, which I’m sure is true for many people, then I think there’s a lot of value in using a provider that offers an encrypted inbox and doesn’t mine your data.