61
votes
ProtonMail on all the data that Outlook collects about your email
Link information
This data is scraped automatically and may be incorrect.
- Title
- Outlook is Microsoft's new data collection service | Proton
- Published
- Jan 5 2024
- Word count
- 1543 words
I know this is meant to make ProtonMail look more appealing, but what this is actually proof of is why it’s best to use mail clients produced by parties that aren’t inclined toward collecting and sharing data.
Proton is a great service, but the way it’s permanently married to a web interface, web-interface-in-a-can via Electron, or buggy local IMAP bridge means it can’t reasonably be a primary provider for me. Services with high quality IMAP implementations like FastMail are preferred, because accounts with those can happily co-exist in and work well with vendor agnostic clients like Apple Mail, Thunderbird, etc.
Now if Proton decided to build a native standalone client like Mail.app that had first-class support for ProtonMail and standard IMAP without passing through forwarding, that might be interesting. I might even subscribe if quality were high enough, because high quality agnostic mail clients are an oddly rare breed these days.
If they want to get away from IMAP, I wonder about a thunderbird and k9 mail plugin. Let their product coexist with other accounts that still use the standards but they can develop an API based system that meets their privacy goals.
Yeah that would be smart. Do Thunderbird plugins actually allow implementation of new protocols? Wasn’t aware if they were.
In general, mail clients that take a plugin-based approach seem smart. IMAP is dominant now, but there’s always the possibility that FastMail’s JMAP gains traction some day, and as you’ve noted Proton has needs that make IMAP untenable. Clients like this would enable much needed new blood in the email space.
https://protonapps.com/
There is a native desktop app now, but I couldn't find information on whether you could add other IMAP based accounts to it. I'll download and see.
On a side note, I really enjoyed FastMail, but didn't feel for my personal use there was any negative to sticking with Proton. Well, other than not syncing contacts to my phone. Still use Google for that unfortunately.
The Proton app is “native” in that it runs outside of your primary web browser, but it’s not actually native. It’s an Electron app, which means it bundles its own copy of Chromium (open source Chrome) to run in. It’s basically the web version with the browser toolbar hidden. As such, it can’t do anything the web version can’t do.
As an aside, this means that you don’t need to subscribe to Proton to get a “native” app. Using your browser’s PWA functionality (e.g. Safari’s File > Add to Dock…) yields a near identical experience even with free accounts.
If Protonmail were my only email address I might not mind the web UI, but I currently have 4-5 addresses and so mail services that don’t work with Apple Mail, Thunderbird, etc which manage multiple accounts at once are a no-go.
Doesn't Proton Premium open access to their IMAP endpoint? I swear they had something like that listed in their benefits of their premium plan...
Just looked, they have a Proton Bridge thingy which you can use with a paid plan, which permits you to use any email client: https://proton.me/mail/bridge
As mentioned in a comment elsewhere in this thread, last I knew the bridge was buggy. Of course that may have changed since then.
Even if the bugs have been worked out, it still won’t help mobile email clients since you can’t keep daemons running in the background to do bridging.
Wasn't aware it was an Electron app. Good to know.
Additional commentary on ghacks
If I get advertisements that are delivered directly from my email provider I am going to scream.
Back in the day with providers like NetZero that was how you got free email lol. They even baked them into your signature so everybody else had to see em too. I don't doubt it's still a practice today, I just rarely ever use personal email for correspondence these days.
(Sent from my iPhone)
In K9 mail, I can customize the signature, and the one I use is cribbed from a coworker 2 jobs ago, but is perfect for expressing the limitations of mobile.
–––
Sent from a tiny keyboard
Ug. I already try to hold on to the the last vestiges of privacy by denying every cookie, every tracker, having multiple ad blockers, and using a paid email service while Outlook is only for junk mail, but between the increasing invasiveness of "free" services and Google asking if Id like to use them to log in to just about every site I visit, its getting very difficult to retain any kind of privacy. I'd really like to know if ProtonMail is as secure as they sound.
Im just a little too non nerdy to move to a linux OS and havent found a good VPN yet but at some point that might have to happen. The other alternative is just to log off - and apparently the addiction factor is too strong. Really have a love/hate relationship going with it all.
You can disable that prompt in your Google account settings, in case you haven't done so yet. I did that for each account I'm logged into and don't see those prompts anymore.
Go to Google Account > Security > Third-party apps (see all connections) > Cog > Google Account sign-in prompts. Or, just try this link.
https://myaccount.google.com/connections/settings
Thank you. I had no idea I could turn that off. Very helpful link.
Allow me to bump this post to mention that this setting seems to be changing from a Google Account setting to one in the browser. In Chrome, you can edit it at this URL.
chrome://settings/content/federatedIdentityApi?search=PermissionsFollowing up on that bump, any ideas on where to disable the prompt when not logged in?
I constantly get what I think you were describing (“create account” dialog on new site/service, offering to sign in with Google)… despite not using Google’s products nor having an active account, let alone logged in within that tab.
Brilliant - thanks - I've tried to find this a few times, I knew it had to be there... somewhere.
The sad part is, we can be so meticulous and careful about safeguarding our own data, and avoiding services, but that is all undermined when everyone else we communicate with is using those services and companies we're trying to avoid. Maybe your side of the correspondence (email, SMS, phone, video, contact list) is all pristine and private (what you send from your provider, what your provider receives), but the other side is clear and unencrypted in the hands of those services. What will all our care and caution do? Nearly nothing.
Yeah. Personally I believe it's best for my stress levels to not fight too hard, and to spend my energy advocating for EU privacy laws.
I've been using Proton for a decade or more (as a secondary email provider -- I agree that they aren't quite there yet, for my primary service). I believe they are both private and secure. You can start with their free-tier VPN service ... they do (I think) sensible tiered services, with the free tier being legitimately useful, and the paid tiers legitimately providing real extra value for the money.
In other news, I tried switching to Linux many times, many different versions, over many years ... every time I got a new machine, I always set up a "dual-boot" system, half-Windows, half-(some-flavor-of-)Linux ... and after a month or two on the Linux side, I always went back to pure Windows.
Until Linux Mint. I think it matters a lot, which Linux you try to switch over to. Ubuntu is decent, but it's too "different" for most Windows users to adjust to. Mint will feel different, too ... but it's manageable.
I've been using Linux exclusively now for 8 or 9 years, thanks to Mint.
I've been looking for a VPN and been told to be wary of free ones because of the typical "If you aren't paying, then you are the product" concerns. I know that Proton says that their paid users subsidize the free ones, but how could I be sure that it actually works that way? Then I might try it out.
Nutshell ... you can't be sure. Ever. You have to do your best-effort due diligence on the provider, and decide for yourself if you are willing to trust them. There is never any better answer than that, regarding VPN. You need to trust your VPN provider more than you trust your ISP.
Proton has a good track record and a good history, but there are others that seem to be at least as trustworthy (though it's a pretty short list).
Generally speaking, this is the first website I visit, any time I need to do research on the best privacy-based tools available ... I just looked now, and pleasantly surprised to see that Proton is top of the list for their recommended VPN services ... although, anecdotally, I would have ranked Mullvad higher (but they have no free tier, either).
Ooh. I should try Mint then. Thanks for the recommendation.
Give Linux a shot. It has become incredibly mature and stable. Try out Linux mint for a stable cohesive experience. Or anything with plasma if you want it to feel like a windows machine. If you dont have cutting edge hardware there is a solid chance it will work perfectly out of the box. If you stick with a Debian based system and use flatpacks I doubt you will miss anything from windows. There are also tons of options for gaming. No terminal required.
Are you relatively more private on Linux because almost everything is geared to Windows or iOS, or what makes it a superior OS?
For me, the Linux experience is defined by how the OS doesn't get in your way. No annoying pop ups, setting permissions for every app or setting up accounts. No logging into iCloud or being forced to use the app store. Not being forced to download xcode or pay for an app that does window snapping. You won't wake up and find copiolet installed on your computer or have to restart it all the time to install updates. You won't have to install driver packages trying to shove other services down your throat. Unified package managers let you install what you want and then you are done. None of that nonsense where you open an app and it makes you download an update.
In my experience it just works. It runs and stays out of your way. Its not flawless but its a hell of a lot better than Mac and Windows.
The article focused on the new Outlook app, but will data be collected if you solely use a third party app like Thunderbird and IMAP?
That’s my question. I already have email address for my Wordpress site and I can forward those to something other than Outlook, it’s a good way to (sorta) become independent of an email provider, but what if that data is also sold to third party apps?
My understanding of the point of the article is this: your email provider (gmail, yahoo, or even outlook.com) might collect data about your emails as you send them because they have to be routed through their mail servers. Since that's the fundamental nature of email, you have to trust your email provider(1), which is why these privacy focused providers like proton mail and tutanota have cropped up.
The issue here is that the outlook app itself, running locally on your phone or computer, is also going to be collecting your data and sending it to Microsoft's servers regardless of which provider you use.
So yes, if you use Thunderbird, you can avoid this and only be subject to the data collection policy of your provider. The problem is that Outlook is pretty close to the default mail app for windows, so people will use it because they don't know they have options or know how to obtain them.
–––
Another note on email encryption: unlike E2EE instant messaging like Signal, encrypted email still leaks a lot of metadata because only the contents of the message is encrypted — the information in its headers (to, from, bcc, subject, etc) has to remain in cleartext in order to be delivered. It’s better than nothing but non-ideal.
You may find this post from Signal interesting: https://signal.org/blog/sealed-sender/