14 votes

Why I don't believe in encrypted mail providers anymore

6 comments

  1. [2]
    smores
    Link
    I’ve seen takes like this a few times, and I think they might a be a little bit misguided. I use Protonmail and have never used Tutonota, so I can only speak for Protonmail but: Protonmail...

    I’ve seen takes like this a few times, and I think they might a be a little bit misguided. I use Protonmail and have never used Tutonota, so I can only speak for Protonmail but:

    Protonmail supports OpenGPG, like you mention in your post, which IS an open standard for encryption. I agree that it’s not one that’s easy to grok or use for folks that aren’t pretty technically literate, and that’s a shame, because it’s a great tool. I’d love to see a larger effort to create better systems around supporting everyday computer users understand and use tools like OpenGPG, but I don’t think moving away from one of the only email providers that supports it will accomplish that goal.

    For what it’s worth, Protonmail does also support the interface you describe with Tutanota, where you can email someone an encrypted message, and they get a link asking for a password. I don’t think this is a particularly nice experience for most people, but I have used it in the past for remote secret sharing in a pinch, and it is fairly simple to use, even for people without a lot of computer literacy.

    All that said, even without any truly end to end encryption, I think there are significant benefits to using encrypted email providers. I think by now there’s a pretty good cultural awareness of the kinds of harms that come from a large corporate entity having access to things like a user’s web browsing history. We know how companies are able to use those datasets to create profiles of their users, and sell manipulative advertisements and even the profiles themselves, often to other companies that the user themself would prefer to never interact with, let alone give a huge set of identifying data to.

    Your email inbox is akin to your web browsing history, at least for most people. Almost every website you make an account with ends up sending at least one verification email to you. In many ways this is an even stronger signal than just browsing history; it shows a much clearer intent than just visiting a link.

    If Protonmail is my email provider, then at the very least I can know that the contents of my inbox are being stored in a way such that they simply cannot be read by anyone who isn’t me. As someone who isn’t particularly concerned about a specific person or entity targeting my communications, but is frustrated by and concerned about largescale corporate spying on individual browsing habits, this is what I’m looking for in an email provider. I pay them money, they store my emails, and they give me a key to access them, but don’t keep a copy for themselves. I think this is how all cloud storage should work, always.

    One more minor quibble: running Protonmail Bridge doesn’t remove “all of the benefits of encryption”, it specifically allows you to continue to use your encrypted email service through a client that knows nothing about encryption. If you receive an email while running the bridge, encrypted or otherwise, it will be decrypted by the bridge, using your key, before being sent to the client you’re using. That way the email only lives unencrypted on your machine, but is still encrypted on Protonmail’s servers.

    9 votes
    1. lionirdeadman
      Link Parent
      Well, the thing that isn't a standard is the way Protonmail does key discovery, it's still manual like any old OpenPGP client and well, that's not very good. It means most people will likely not...

      Protonmail supports OpenGPG, like you mention in your post, which IS an open standard for encryption. I agree that it’s not one that’s easy to grok or use for folks that aren’t pretty technically literate, and that’s a shame, because it’s a great tool. I’d love to see a larger effort to create better systems around supporting everyday computer users understand and use tools like OpenGPG, but I don’t think moving away from one of the only email providers that supports it will accomplish that goal.

      Well, the thing that isn't a standard is the way Protonmail does key discovery, it's still manual like any old OpenPGP client and well, that's not very good. It means most people will likely not use it. OpenPGP still lacks what I think are important like perfect forward secrecy which otherwise means that one key leak and your whole mail is unencrypted but that's more so a problem with OpenPGP itself. I wish they worked on making key discovery and key management more accessible to people but really, it's probably best to just scrap OpenPGP altogether if we want that because it still leaks the subject line.

      Furthermore, the biggest problem is that the webmail can leak your key at any point in time and most people simply won't bother so all the email in your mailbox could be secretly kept unencrypted.

      For what it’s worth, Protonmail does also support the interface you describe with Tutanota, where you can email someone an encrypted message, and they get a link asking for a password.

      Yeah, It's not ideal, I really dislike it personally.

      I think by now there’s a pretty good cultural awareness of the kinds of harms that come from a large corporate entity having access to things like a user’s web browsing history.

      Well, OpenPGP leaves all the juicy metadata for all to see.

      Your email inbox is akin to your web browsing history, at least for most people. Almost every website you make an account with ends up sending at least one verification email to you. In many ways this is an even stronger signal than just browsing history; it shows a much clearer intent than just visiting a link.

      I really agree, it's one of the most important parts of the modern digital life and it's the premise to this article.

      If Protonmail is my email provider, then at the very least I can know that the contents of my inbox are being stored in a way such that they simply cannot be read by anyone who isn’t me. As someone who isn’t particularly concerned about a specific person or entity targeting my communications, but is frustrated by and concerned about largescale corporate spying on individual browsing habits, this is what I’m looking for in an email provider. I pay them money, they store my emails, and they give me a key to access them, but don’t keep a copy for themselves. I think this is how all cloud storage should work, always.

      But the thing is, this interface is either the bridge which might be safe if it doesn't auto-update, the webmail which does auto-update so it could be change at any point and get your key. The mobile client I'm not sure but Tutanota's clients are all based on the web code so I believe it could be changed and poisoned. There is some cultural value, I suppose but it's not really worth imo if we made the new standard something which actually isn't very good.

      One more minor quibble: running Protonmail Bridge doesn’t remove “all of the benefits of encryption”, it specifically allows you to continue to use your encrypted email service through a client that knows nothing about encryption. If you receive an email while running the bridge, encrypted or otherwise, it will be decrypted by the bridge, using your key, before being sent to the client you’re using. That way the email only lives unencrypted on your machine, but is still encrypted on Protonmail’s servers.

      Well, okay, I did exaggerate a bit there. What I meant is that 1) It's incredibly inconvenient and potentially insecure because you become the IMAP provider at least from my understanding and 2) you can't use their E2EE feature and you risk using a client which will just siphon all your data. It's not the worst solution but I really don't think it's how it should be.

      3 votes
  2. [4]
    NoblePath
    Link
    This makes a lot of sense. I use protonmail, but the ios app is lousy. Amd like tfa points out, only another protonmail user will benefit. My query: for long form communication, what electronic...

    This makes a lot of sense. I use protonmail, but the ios app is lousy. Amd like tfa points out, only another protonmail user will benefit.

    My query: for long form communication, what electronic method is most secure? And if the answer is differnent, which one has serviceable security and user-frindliness?

    4 votes
    1. [3]
      krg
      Link Parent
      You might wanna check out this website that covers many secure communications platforms.
      5 votes
      1. [3]
        Comment deleted by author
        Link Parent
        1. krg
          Link Parent
          Yea, the list hasn't been updated in a bit... though, according to the website it should be, soon. Your criticisms are valid!

          Yea, the list hasn't been updated in a bit... though, according to the website it should be, soon. Your criticisms are valid!

          3 votes
        2. lionirdeadman
          Link Parent
          Well, Matrix != Riot nor Element. Also, encrytpion has been turned on by default for Element and Riot since I believe late 2019? Nope, mid-2020, source. At the time, it would've been fair to...

          but leaving out Matrix (still called Riot here, the name of an old messaging client which is no longer developed) because, I guess, encryption is not turned on by default, is a little suspect.

          Well, Matrix != Riot nor Element. Also, encrytpion has been turned on by default for Element and Riot since I believe late 2019? Nope, mid-2020, source. At the time, it would've been fair to discard it for not having it on by default though imo.

          I would say that Signal is generally a good choice right now for the majority of users and threat models, but Matrix is the one to watch.

          I agree with the recommendation (assuming you are comfortable with people having your phone number) but they wanted long form communication which unfortunately (and this is why I didn't say anything previously) is not really a thing..?

          1 vote