• dai@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    10
    ·
    1 year ago

    Protonmail isn’t great, their deliberately misleading about the encryption. Many consider protonmail to be a honeypot.

      • dai@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        https://www.wired.com/story/protonmail-amends-policy-after-giving-up-activists-data/

        https://cldc.org/does-protonmail-snitch/

        In addition protonmail do not protect your metadata (from memory), it’s not encrypted in transit.

        Protonmail also keep your public and private keys on their servers, it’s PGP however they don’t want the end users to have to manage their own keys. That to me isn’t ideal.

        Receiving from another provider you’ll get TLS encryption until it hits protonmail servers but protonmail will then decrypt your email and again encrypt your email using your PGP stored on their servers.

        Sending an email from proton to another provider will be encrypted on protonmail servers but that’s where it ends. TLS will take care of the in-transit and again may not be stored securely on the receiving end.

      • dai@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Tuta (in my eyes) is a step in the right direction, using a client like thunderbird or enigmail and managing PGP yourself would be more secure as the message is decrypted by the recipient and not a company owned server.