I don't trust them.
Proton Mail only uses E2EE when you send mails between Proton users.
If you send mails to other mail providers, they simply allow you to encrypt your mail with a password:
Emails sent between Proton Mail users are automatically end-to-end encrypted.
If you want to send a secure, end-to-end encrypted email to someone who isn’t on Proton Mail, the easiest way is to use a Password-protected Email. You can also use PGP encryption if the person you’re writing to uses it.
If you use that, they literally mention that you have to send the password on another channel that is actually secure.
  1. When you’re ready, click Send. Your intended recipient will need the password to read the message, so share it with them. Make sure you use another secure communication channel, like Signal, or just tell them in person.
So they basically admit that SMTP does not support E2EE.
So I would say in most cases, Proton Mail is useless when it comes to E2EE. If you rely on someone using the same mail provider as you, then you're not really using SMTP. You could just use any other centralized service. They probably don't even have to send a real SMTP message.
So I think they are mostly LARPing about privacy and security. To me, SMTP is unfixable when it comes to privacy. It's way too easy to leak a whole conversation on accident. One person not encrypting their reply is enough since usually, mails have the whole conversation attached. Boom, there go all your efforts to keep your mails secret, lol. Afaik, every mail server between you and the destination can now read the whole conversation.
At least they mention this problem at the end:
Note that, due to technical constraints with end-to-end encryption, if you respond to a message sent by the recipient of a Password-protected Email, your response is not end-to-end encrypted by default. The entire message history will be sent unencrypted to the recipient if you don’t password-protect your email again.
Btw, Mental Outlaw has a good video about them:
Mental outlaw is a complete larp bro proton is fine for a google replacement.
If you are saying it should be secure enough to do full dark web activities with- well obviously fucking not. It’s a centralized service
reply
deleted by author
reply
yeah most people just need to get off google, apple and microsoft
reply
0 sats \ 0 replies \ @ek 3 Jan
if it's just a replacement, is it really better?
reply
Found even more admitting how what they are claiming to be isn't the case the moment you send a mail to someone outside of Proton:
TLS is the security mechanism used in the HTTPS communication protocol that prevents hackers and your ISP from seeing what information you submit to websites (like your credit card number or address) and is responsible for encrypting most of the internet, including your connection to our blog right now. However, TLS is only implemented between endpoints of an HTTP channel. For example, as you’re reading our blog, HTTPS is using TLS to encrypt your connection between your device and our server.
This works fine if you are connecting to a website, but it’s insufficient if you’re sending an email. When you use a standard email provider, such as Gmailor Hotmail, all traffic toward it, including emails sent to you, will be protected in transit by TLS. The same is true in reverse; Emails you send from a standard email provider are also encrypted using TLS and sent to your recipient’s email provider . However, all TLS-protected traffic is decrypted once it arrives at these companies’ servers, including your emails. Most companies will then re-encrypt your messages while they are stored on their servers – using keys they control. This means that the company can decrypt and access the content of your messages at any time.
Services that use end-to-end encryption eliminate this possibility because the service provider does not actually possess the private key required for decryption. With Proton Mail or any other E2EE service, your private key is only available on your device, making E2EE much more secure and private.
reply
deleted by author
reply
Thanks for posting this. My signing-up would hinge on this.
reply
deleted by author
reply
btw, I get the same results.
reply
deleted by author
reply
deleted by author
reply