Everything wrong with ProtonMail \ stacker news ~security

195 sats \ 13 comments \ @rizzling 23 May security

I think those are some good points about ProtonMail:

"1. Only the content is encrypted, metadata such as subject lines are not encrypted, even though multiple email clients are compatible with encrypted subject lines exist (K9 Mail, Thunderbird, and a lot more) ProtonMail refuses to add support for this. ProtonMail has so much more metadata than the subject lines, its encryption really doesn't matter at this point. If you want encrypted email, you need to encrypt it yourself using a email client that doesn't send a whole bunch of metadata and GnuPG.

Account info Recovery emails, login times, and much more is not encrypted and can be requested from ProtonMail at any time. It doesn't matter if its Swiss the Swiss courts will happily allow the request.
OpSec - Probably the biggest problem ProtonMail serves as a security and/or privacy product which doesn't encourage good OpSec. Security is a process not a product. You can use ProtonMail over Tor, which is a good idea if you use ProtonMail, but there is a lot more stuff you have to do to not link it to your identity. ProtonMail doesn't encourage this process and doesn't mention it in any beneficial way, in fact they do the opposite encouraging you to link your identity to it. When you register a new account, they ask you to migrate emails from Gmail and even reward you for doing it, linking a Gmail address to your ProtonMail address, which is terrible idea. This ties in with my second point regarding account info.

Stop using ProtonMail."

Author: Mikoyan Gurevich, 05/16/24

view all related items

21 sats \ 8 replies \ @Satosora 23 May

for number 3... You can skip that step. I did. There is nothing linking me to my proton mail account.

10 sats \ 1 reply \ @rizzling OP 23 May

the problem is not that it's optional, the problem is that it's even possible and furthermore that they reward such behaviour....^^

0 sats \ 0 replies \ @Satosora 23 May

Everyone has the freedom of choice. There are other services if you arent satisfied. gmail works fine for most things.

10 sats \ 5 replies \ @TNStacker 23 May

Me either

21 sats \ 4 replies \ @Satosora 23 May

I dont think it is a bad service, I tried linking it to my youtube so I could have more of an anonymous account...didnt work. Needs a gmail. Kind of bummed about that.

10 sats \ 3 replies \ @TNStacker 23 May

Google shyt

21 sats \ 2 replies \ @Satosora 23 May

kind of irksome. I guess I will create a new gmail. Do you have to link stuff with it?

10 sats \ 1 reply \ @TNStacker 23 May

I start with as anonymous a Gmail account as I can, and then limit what I do with it.

21 sats \ 0 replies \ @Satosora 23 May

I will do the same. I just am dragging my feet on creating one.

10 sats \ 3 replies \ @_vnprc 23 May

If you need truly private communications you should not use email. The benefit of protonmail is that google doesn't get to passively scan the body of all your email correspondence to feed their data and ai models. Unless you are corresponding with a gmail account. Which you probably are.

Seriously, if you need better privacy you need to get off email.

0 sats \ 2 replies \ @rizzling OP 23 May

Yes ofc but that approach is way to high if we talk about private communication in general (and not just in the contect of emails). you need to go to the lowest level. I am full anon for a loooong time. but the opsec is extremely expensive on that level. it starts with the hardware and all providers you use. I would never communicate with TCP/IP for a safe connection! And have you ever thought about the charging cables you use for your devices ;) ?! Unfortunately I cant specify the last statement in this env^^

0 sats \ 1 reply \ @_vnprc 23 May

Perfection is impossible. Aim for improvement.

0 sats \ 0 replies \ @rizzling OP 23 May

perfection is only possible in theory as long as you are the best in a specific field. but you cant verify that....so in practice impossible yeah :D