I’m trying to get rid of my Google dependency and one of those steps was moving over to Protonmail. Now in the past few days i have been picking up signals that even Protonmail is not as clean as it might be.
Does this really impact the privacy of how i use email and so is moving to Protonmail a step forward from Google, or is Protonmail just as bad?
If so, what could be alternatives?
edit:
Some of the alternatives being mentioned in the comments are:
Email:
VPN:
edit 2 (2023):
There seems to be some new activity around this post. At the time of writing the post (2 years ago) there were some stories going as user @UnfortunateShort described in their comment. This made me question the best options available at that moment. Currently i am still a Proton user, using their Mail and Calendar service, and Mullvad for VPN.
Protonmail is just the “latest” (it’s been open for a few years now) in the technocratic “online privacy” bubble. They probably willingly give backdoors to the NSA.
Basically they sell you the peace of mind, not really any actual security as far as anyone can tell. Until their code is open-source and can be independently reviewed, it’s worthless. That they are based in Switzerland doesn’t mean much because backdoors are meant to be secret. Like in any other country, there is no official organ in Switzerland that will evaluate your app and say “yes, this app is secure. We give it five stars”. However if you find they don’t respect Swiss law you have to open a lawsuit, retain a Swiss lawyer, travel there for the court date, and at that point you start to realize they’re based over there more to protect themselves than you.
There has been another encryption company operating since the 50s in Switzerland that was somewhat recently found to just be a front for the CIA. So clearly being based in Switzerland is not a gage of quality.
Their support of the Hong Kong protest was also kinda suspicious because as far as I’m aware, they’ve never been that interested in any other event. And it wasn’t just a press release that gets picked up by a few hobbyist magazines; it was a full-length email sent to every protonmail customer, even those like me who hadn’t used their account in years.
I also just read that ProtonMail would start using Google infrastructure. While the actual usage of Google’s services would be “limited”, again Proton does not explain the exact nature of this partnership and which services will be routed through Google.
I don’t believe there is any way to be completely secure on the Internet unfortunately. Snowden showed how far backdoors run. So whether you want to keep using protonmail is up to you, but outside of a decentralised p2p system, I don’t think we could fully be anonymous and secure. Maybe though it would be possible to open your own email service – you just have to rent a space on a shared server like you would when hosting a website, and then encrypt it if possible… or open your own mail server in your basement lol. Email doesn’t consume a lot of resources.
Thanks for the extensive answer, I will keep looking into it (and other alternatives) to see if there is something that fits my needs (which at this point is having multiple gmail adresses, so the only way is up i guess).
Isn’t the Protonmail client open source? https://github.com/ProtonMail/WebClient https://github.com/ProtonMail/proton-bridge. Of course they could still read all your non-encrypted mails and you’d have to verify that you are receiving the correct client code every time you connect to the web client. But for the secrecy of your encrypted mails access to the client code should be sufficient, right?
I’d argue that this:
Is demonstrably false, as their encryption methods for emails at rest as well as other options (PGP) are tested. They’re also upfront with their threat protection model ("the ProtonMail threat model document specifically states that, “we cannot guarantee your safety against a powerful adversary.”) and as far as coming from Google or another free provider is concerned are a definitive step in the right direction. A good overview if OP is interested is this writeup here: https://www.techspot.com/news/82776-protonmail-review-secure-email-really-secure.html
Personally I’d be hesitant to recommend self-hosting email unless really necessary (since that has it’s own risks/threat model) and think OP would do well to start off with Tutanota or Protonmail.
As an aside if we’re alluding to Protonmail being a honey pot with the Hong Kong riots I’d rather see it stated as such; this is the second place on Lemmy I’ve seen such criticism levied when a company that has a privacy/security based product and did a statement on the protests and I don’t find it that suspect that they would be interested in furthering their brand or “putting their money where their mouth is” by coming out in support of anti-censorship/CCP measures.
support for the riots is not “support of anti-censorship”. it had nothing to do with censorship. a brief summary of how things began:
it was never about being censored. it was about wanting to continue to exploit others without consequence.
protonmail didn’t just “come out and support” the color revolution by merely making a statement. i’m not making the assertion that their support means that they are a honey pot. i am asserting, however, that their support means that, unlike their claims, they are decidedly not “pro-freedom” (unless, of course, their definition of “freedom” is getting away with murder).
Taiwan later criticised the government of trying to strong arm the citizens with the bill and withdrew their extradition request.
Proton’s support of the what the riots turned into isn’t tainted by what sparked the controversy in my opinion.
I’d agree with you that it’s about wanting to continue to exploit without consequence, though I’d say were talking about different parties doing to exploiting.
Link for those interested in a news recap: https://www.bbc.com/news/world-asia-china-50148577
Taiwan withdrew the extradition request of the murderer of a pregnant woman for the sake of politics? That’s messed up.
edited: the first part of my comment was irrelevant to the true matter at hand so it has been removed
and in my opinion, this actually makes it worse. because then it becomes them promoting a blatant misrepresentation of hong kong in support of a color revolution. this means those deciding to fundraise are openly supporting the interests of the US government. which makes them less trustworthy, not more.
the argument could be made that they saw how many westerners ate up the propaganda around the situation and wanted to capitalize on it. i think that is a fair argument. but them being money-hungry makes them less trustworthy, not more.
I’d much prefer you to source your claims especially when refuting others, we simply don’t agree on this matter (though I do like reading a different side of things) - I appreiciate the discussion though all the same!
Protonmail has opensourced lots of their software in recent years.
damn I really liked proton* too.
Huh?? Everything in that comment was speculative. I keep trying to figure out what specifically wrong Protonmail, and so far it’s all been nothingburgers. This is just a wall of speculative text. I don’t understand why it’s being treated like some knock-down evidence that Protonmail is bad.
thank you for the detailed comment. i didn’t see disroot being mentioned. do you have any comments on it?
My opinion on disroot is that any organization that has a business model run on donations is inherently unsustainable. If disroot became popular, they would no longer be able to host accounts for free. They may end up creating a subscription service after that but it creates uncertainty as to how and what they will do in the future. They might decide to fold. The same thing can be said for paid services but I wouldn’t use Disroot as my main email address if a few years from now the donations stop and they say they’re shutting down. IMO
nice link about google infrastructure
disappointing, google has their hands in everything. I just learned that Standard Notes implemented an opt-out api call to bugsnag, a company backed by Google Ventures.
ProtonMail does seem a bit fishy and flimsy. I tried their VPN for about an hour and kept getting marketing emails afterwards.
I am fucked.
Do you have any more elaboration on this? Is this based on a news article, or a part of their terms of service or something?