I think this is fascinating. The biggest argument against encrypted email providers like Proton is that it's barely a half measure — sure, Proton can't read the email contents in your inbox, but...
When your friends and family use Proton Mail too, messages exchanged between Gmail addresses connected to Proton become end-to-end encrypted, so Google will not be able to read your data anymore. That’s why it’s worth inviting the people you email most to join Proton and connect their Gmail accounts.
I think this is fascinating. The biggest argument against encrypted email providers like Proton is that it's barely a half measure — sure, Proton can't read the email contents in your inbox, but literally everyone you send an email to is using Gmail, so Google is still reading all of your emails.
But if Proton is able to detect when the recipient is using Proton as their mail client and automatically encrypt emails sent to them, then even without switching email providers, suddenly it's a lot more feasible to get some of the people you email the most to be using encryption when you email them.
It sounds like it would be a nicer transition for people who use email a lot, who are probably the target audience for this. Nowadays most of my communication with people has moved to chat and...
It sounds like it would be a nicer transition for people who use email a lot, who are probably the target audience for this.
Nowadays most of my communication with people has moved to chat and email is largely messages from businesses or things like account signups, and I doubt any of them use Proton.
To be real they should have been for 30 years, but that's a sunk ship. Email is much more secure than SMS. Passkeys do bupkiss for initial signins. And I'm not installing an app unless I have...
To be real they should have been for 30 years, but that's a sunk ship.
Email is much more secure than SMS.
Passkeys do bupkiss for initial signins.
And I'm not installing an app unless I have literally no other option.
I'm literally at the point where if they mandate an app to do something as basic as a status update. I'm going to only do business with them over the phone if I can't avoid them entirely.
What does the discovery of a business look like? Probably a web search? How do you know you got the right website? It’s rather hazy, based on reputation, and perhaps vulnerable to impersonation....
What does the discovery of a business look like? Probably a web search? How do you know you got the right website? It’s rather hazy, based on reputation, and perhaps vulnerable to impersonation. But once you have the right website, https is pretty secure.
How does a business identify you, assuming it needs to? A bank doesn’t care what your email address is when you sign up. They will want to see your ID, probably in person at a bank branch. It’s vulnerable to identity theft, but we don’t have anything better.
Other businesses sometimes rely on a bank relationship (for example, via a credit card).
A passkey works pretty well to re-identify you. An email or SMS might be used for login or account recovery, but it assumes you already established a relationship, and their security depends on the provider.
I don’t much like installing apps either, but they’re becoming increasingly popular, particularly for things like banking.
Proton uses PGP under the hood. You can already configure Proton to automatically attach your public key to every email, though it is not enabled by default. So it looks like this is an expansion...
Proton uses PGP under the hood. You can already configure Proton to automatically attach your public key to every email, though it is not enabled by default.
So it looks like this is an expansion of the existing Gmail integration, a welcome one as it kills my need to hop back to the gmail client to send a reply.
So to venture how it's working, they just internally attach your public key to linked gmail addresses, and then does the key exchange any time they send from another linked gmail.
The downside is that this could potentially be used to publicly tie gmail accounts to proton accounts, if the public keys are not unique.
This is an interesting acknowledgement considering Proton has their own vendor lock-in mechanisms. When you stop paying... You lose access to "@pm.me" addresses Any emails sent to...
This is an interesting acknowledgement considering Proton has their own vendor lock-in mechanisms. When you stop paying...
You lose access to "@pm.me" addresses
Any emails sent to "@protonmail.com" addresses cannot be auto-forwarded to a new inbox (paywalled feature, $5/mo)
Exporting emails requires downloading a separate desktop application
It's actually easier to transition off Google than Proton. Granted this can all be avoided if you own a domain and use that for email addresses, but most people get burned before realizing that.
As a burn victim, I can confirm it's an unfortunate truth of Proton. I transitioned to Fastmail as I realised that email encryption wasn't worthwhile when 95% of the people I email are on either...
As a burn victim, I can confirm it's an unfortunate truth of Proton. I transitioned to Fastmail as I realised that email encryption wasn't worthwhile when 95% of the people I email are on either gmail or or whatever corporate email provider their company uses (likely gmail, office365 or something similar). Having not initially used my own custom domain has made getting everything moved over a long slog.
I really like Proton as a company, but felt too much friction from their product. What ultimately pushed me was the lacklustre search capability. They can't offer server based search thanks to encryption, so they try to offset it with a local indexing and search option - but it's poor, or at least it was one year ago. I can no longer recall specifics but found it frustrating when searching for terms that were a substring of something like a sender address or a filename, and it would turn up nothing.
As a subscriber, one of the most exciting thing about this feature is not having to continue to use the now extremely broken Gmail search. I deleted my Gmail app immediately off my phone. Well,...
As a subscriber, one of the most exciting thing about this feature is not having to continue to use the now extremely broken Gmail search.
I deleted my Gmail app immediately off my phone. Well, disabled anyway, it's a pixel.
I didn’t know that! The search is my main complaint with proton, as it really only searches subjects and senders for me. I’ll have to look for that indexing option!
I didn’t know that! The search is my main complaint with proton, as it really only searches subjects and senders for me. I’ll have to look for that indexing option!
I think it's actually performance! They have to download and index your entire inbox in order to search the body of the emails, which can take a long time for large inboxes. Since the index and...
I think it's actually performance! They have to download and index your entire inbox in order to search the body of the emails, which can take a long time for large inboxes. Since the index and search happens locally, I don't think there's much of a security risk.
I think this is fascinating. The biggest argument against encrypted email providers like Proton is that it's barely a half measure — sure, Proton can't read the email contents in your inbox, but literally everyone you send an email to is using Gmail, so Google is still reading all of your emails.
But if Proton is able to detect when the recipient is using Proton as their mail client and automatically encrypt emails sent to them, then even without switching email providers, suddenly it's a lot more feasible to get some of the people you email the most to be using encryption when you email them.
It sounds like it would be a nicer transition for people who use email a lot, who are probably the target audience for this.
Nowadays most of my communication with people has moved to chat and email is largely messages from businesses or things like account signups, and I doubt any of them use Proton.
TBH businesses should start sending public PGP keys. Proton would integrate seamlessly and it would help tremendously against phishing attempts.
Yeah, good luck with that. The world seems to be moving towards passkeys and mobile notifications. Email is a fallback notification scheme.
To be real they should have been for 30 years, but that's a sunk ship.
Email is much more secure than SMS.
Passkeys do bupkiss for initial signins.
And I'm not installing an app unless I have literally no other option.
I'm literally at the point where if they mandate an app to do something as basic as a status update. I'm going to only do business with them over the phone if I can't avoid them entirely.
What does the discovery of a business look like? Probably a web search? How do you know you got the right website? It’s rather hazy, based on reputation, and perhaps vulnerable to impersonation. But once you have the right website, https is pretty secure.
How does a business identify you, assuming it needs to? A bank doesn’t care what your email address is when you sign up. They will want to see your ID, probably in person at a bank branch. It’s vulnerable to identity theft, but we don’t have anything better.
Other businesses sometimes rely on a bank relationship (for example, via a credit card).
A passkey works pretty well to re-identify you. An email or SMS might be used for login or account recovery, but it assumes you already established a relationship, and their security depends on the provider.
I don’t much like installing apps either, but they’re becoming increasingly popular, particularly for things like banking.
Proton uses PGP under the hood. You can already configure Proton to automatically attach your public key to every email, though it is not enabled by default.
So it looks like this is an expansion of the existing Gmail integration, a welcome one as it kills my need to hop back to the gmail client to send a reply.
So to venture how it's working, they just internally attach your public key to linked gmail addresses, and then does the key exchange any time they send from another linked gmail.
The downside is that this could potentially be used to publicly tie gmail accounts to proton accounts, if the public keys are not unique.
This is an interesting acknowledgement considering Proton has their own vendor lock-in mechanisms. When you stop paying...
It's actually easier to transition off Google than Proton. Granted this can all be avoided if you own a domain and use that for email addresses, but most people get burned before realizing that.
But maintaining a domain isn't free either, no?
As a burn victim, I can confirm it's an unfortunate truth of Proton. I transitioned to Fastmail as I realised that email encryption wasn't worthwhile when 95% of the people I email are on either gmail or or whatever corporate email provider their company uses (likely gmail, office365 or something similar). Having not initially used my own custom domain has made getting everything moved over a long slog.
I really like Proton as a company, but felt too much friction from their product. What ultimately pushed me was the lacklustre search capability. They can't offer server based search thanks to encryption, so they try to offset it with a local indexing and search option - but it's poor, or at least it was one year ago. I can no longer recall specifics but found it frustrating when searching for terms that were a substring of something like a sender address or a filename, and it would turn up nothing.
As a subscriber, one of the most exciting thing about this feature is not having to continue to use the now extremely broken Gmail search.
I deleted my Gmail app immediately off my phone. Well, disabled anyway, it's a pixel.
It seems like encryption would limit how good Proton’s search can be? Is it all done client side?
You can tell the Proton client to index all of your emails client side and use that for search, yes!
I didn’t know that! The search is my main complaint with proton, as it really only searches subjects and senders for me. I’ll have to look for that indexing option!
I was under the impression it does that by default for security reasons.
I think it's actually performance! They have to download and index your entire inbox in order to search the body of the emails, which can take a long time for large inboxes. Since the index and search happens locally, I don't think there's much of a security risk.