This post would be improved by discussing that their [threat model](https://en.wikipedia.org/wiki/Threat_model) is so different than Google's that it regards some of Google's business practices as threats. And that, in turn, there are threats that Google treats as much bigger threats, bringing their own world-class security team to.
Calling this fundamental difference in approach "more secure" manipulates the less-informed instead of educating and almost eliminates the chance of a worthwhile conversation about tradeoffs and values that could be very flattering to ProtonMail.
Neither is ProtonMail. They see all email plaintexts unless you're using end-to-encryption like GPG/PGP. They only encrypt data at rest, and we can only take them at their word that they're even doing that.
They claim (tho I haven't confirmed myself) to do encryption at the device - automatically between Protonmail accounts (right now though, they do not support sending pgp encrypted email to a protonmail account with a keypair not generated by them... Which seems a _very_ odd design decision):
In simple terms, end-to-end encryption means that messages are encrypted on the sender’s device (before it even leaves their computer or mobile phone), and can only be decrypted by the recipient on their device. This means that no third party which transmits or intercepts the email between the sender and recipient (i.e. internet service providers, the NSA, or even ProtonMail as the mail server operator) can decrypt and view the message.
This powerful protection is possible because ProtonMail has PGP email encryption built-in. End-to-end encryption is done automatically without user interaction whenever messages are exchanged between ProtonMail users. For an enterprise using ProtonMail for their email hosting, this means all communications between employees are automatically protected with end-to-end encryption. ProtonMail can also support sending/receiving end-to-end encrypted messages with recipients who are not using ProtonMail. The use of end-to-end encryption makes ProtonMail a better choice for security conscious individuals and organizations.
> End-to-end encryption is done automatically without user interaction whenever messages are exchanged between ProtonMail users.
Which would correspond to a tiny fraction of all email a normal user exchanges and Even corporate users would be unprotected if they were to use protonmail to communicate with third parties such as service providers.
Protonmail has the ability to get all your messages plaintext. Because they have to SEND your email to the recipient. Unless you encrypt the plaintext, when you jump domains and email someone outside of protonmail, they can get text
In practice it's a rather thin attack surface and serious cloud providers rely on it so it's both well-tested and any exploit can be used on much more valuable targets than your OS.
It's not a panacea. There are physical threats, there are threats from the very hardware you're using. But, like it says on the box, it is a reasonably secure operating system.
Yes, Qubes is only as secure as Xen which, itself, has had some pretty big security flaws pop up [1].
At the end of the day one has to decide what kind of trade offs they are willing to make in order to balance simple UX and security.
For Qubes 4, they are planning to deprecate the Xen paravirtual drivers in favor of the HVM drivers. These drivers are much more battle-tested and less complicated than PV drivers.
Also, with their recent foray into enterprise support, they will hopefully be able to expand their auditing efforts in the next couple of years.
And, in turn, as secure as the hardware, with ROWHAMMER giving means to flipping bits in arbitrary memory locations, including recent work showing that one VM can flip bits in another.
I signed up last week and it isn't inconvenient at all. Security keys are only used when you first sign in to a device, after which devices are "remembered."
Gmail isn't floating around any brochures on security though - it's pitch to the majority of its users is "It's Google and Mail and where most people have their emails. You don't want to be that one weirdo at @yahoo.com do you?" and that just about does it. ProtonMail is trying to recruit users with the brochure.
That said, even though the argument is a bit flawed here, I think most attracted by it would still prefer ProtonMail for other sound arguments.
Do you really believe people use gmail because of its brand?
I don't know about any security brochure, but I know I can setup 2FA to use push notifications (not an insecure SMS number), and can check where all of my logins are from, and have "suspicious" logins blocked automatically, etc, etc. I can also create single-use passwords for insecure devices (such as a youtube password just for my apple TV). Not to mention how amazing they are about spam detection.
I think their security posture is actually excellent.
Do you really believe people use gmail because of its brand?
Yes. Most definitely. I don't use Gmail and I recently had a discussion with my coworkers about Gmail. When I asked why they use it one person said, "because it's Google" and another said, "What else would I use? Yahoo or Hotmail? Hahahah". A third person responded by saying , "it's just easy because it's Google so it connects to everything else from them."
Yes, absolutely. I would guess at least 90% of the users are simply there by defaulting to it. The tech community is not the target market for Gmail. I never said they had bad security, simply that they were not advertising and trying to attract users from it.
Many people think google is professional. My AP lit teacher said so. I thought it was stupid at the time, but in terms of professional capability, google offers the most services (at the cost of surveillance and advertising). And many other people would question using something like hotmail or yahoo because it's different.
That sounds a bit formalistic and abstract to me. Perhaps you could educate us on which specific threats you think we should pay attention to when choosing between Gmail and Protonmail.
What are some specific threats that Gmail defends us against more effectively than Protonmail?
If Protonmail servers are hacked, it's game over (that could be mitigated by having verified client code, but at this time there's the web client that is served dynamically, and the mobile clients are closed source...). That is where Protonmail are at a huge disadvantage unless they have a really really good security team. Server hacking is done a dime a dozen nowadays.
Off the top of my head I think the number 1 "threat" that Google doesn't protect you from is privacy. They are actively watching your email with algorithms to use for advertising purposes.
On the other hand, they have more resources than anyone else to protect against things like DDOS, nation-state hacking/phishing, and physical disasters. They also have a legion of lawyers to protect against improper legal requests, however they will roll right over for a government if it's legal.
Protonmail is on point with the privacy, but their security engineering team is probably less than 1/10th that of Google's.
From the link: "G Suite’s Gmail is already not used as input for ads personalization, and Google has decided to follow suit later this year in our free consumer Gmail service."
They are definitely still reading your gmail. How else would the spam and other filters work? They can also use it under this policy for anything but "ads personalization". Machine learning, Google product integration, other recommendation not deemed to be ads, refining your google profile, etc. A very narrow scope of exclusion.
Well, one might reasonably ask whether "reading your mail" (as in, running an algorithm on it to try to classify phishing vs non) is a security cost or benefit.
Spearphishing is a huge source of compromise at the moment; antiphishing filters might, in that view, be considered a security feature rather than a security fault.
On the other hand, I have, frankly, never understood these privacy arguments. Is it a privacy violation if someone checks a checksum of my incoming mail against a blacklist? What if they compute a hash of my mail to check the DKIM signature? And if those are OK, why is an ML model more of a problem?
>Is it a privacy violation if someone checks a checksum of my incoming mail against a blacklist?
No, the privacy concern is about the potential for abuse if there is a known place in the world where a very detailed account of all my online (and some offline) activities, contacts, communication and personal interests is stored.
It obviously arouses the interest and desires of criminals, governments, employers, politicians, landlords, insurance companies, creditors, marketers, ex partners, extremists and bigots, journalists, potential mates, researchers, etc.
Some of these groups are overlapping and some of the concerns might only arise in the distant future. Governments change. Ownership of companies changes. Personal circumstances and opinions change, but you can't take anything back once its out.
Spam filters don't need to store all the contents. They can simply store hashes of contents.
So even if someone hacks into the spam filters, they won't be able to reconstruct content from your account. They _might_ have insight into things like word usage, but they won't have reconstructed sentences or the like, a priori.
You can build systems like this without having long-term storage of the content, which protects against data issues for one-time leaks.
Why would the cigar seller ask to show me an ad for a STOP SMOKING CIGARS product? Also as I said, this showed up in Youtube the day after I ordered and the email hit my gmail. Never seen those ads before.
The cigar seller sells its customer list to a data broker or uses a third party service that does the same (e.g. it uses your email address as a user identifier in a third party analytics product). Then advertisers buy that data.
Sometimes hilariously. A few years ago a friend emailed me a barbershop quartet video, and I spent the next couple of weeks getting hairdresser ads ...
Given their vast amounts of information about mail, might their spam filter work by only examining the header? That is, of course, still 'reading' mail - though it may be an acceptable trade off for privacy minded people.
And, if it's being interpreted by a machine, does that really count as reading?
SMTP has headers that are visible to the email provider while the email is in transit. The absence of logs, etc., goes far to mitigate this threat. As an added benefit, there is a lot of anti-spam functionality that can be used with only this metadata available, and only ephemerally. I don't think it's true that zero-knowledge at rest means inability to provide common email provider value adds like anti-spam.
To add to the above post, the headers have to be unencrypted, else they'd have no method to actually send the email. If it were encrypted, they'd have no idea what the address was, or who to bounce it to if the address doesn't exist.
Email headers contain a lot of information. It has the various email addresses, servers involved, ip addresses, time stamps, subject, priority, and things like that.
The body of the email is the only part that gets encrypted when encryption is in use.
You are conflating the SMTP envelope and the mail headers. The SMTP envelope is necessary for delivery, the mail headers are not (the addressee information is duplicated)
There are also false positives than never make it into your spam folder - that just get dropped silently. (I have a friend who's company's GSuite email _regularly_ does this...)
I think the right size of any security engineering team is largely determined by the diversity of threats it has to defend against. Same for the legal team.
So team size alone doesn't convince me one way or the other, even if I were to completely disregard all privacy issues.
I am a Gmail user as is my company, so I do trust them quite a bit. But I feel that Google has a much bigger problem on its hands than Protonmail. Both because of its business model and because Gmail does things like search and spam filtering, which Protonmail cannot do.
This comment seems to conflate resistance to mass surveillance with resistance to targeted surveillance. It's almost as if the fact that I'll never be able to resist a targeted attack means that I shouldn't attempt to have any privacy at all, but surely that's not right.
Encrypted messaging apps and services like ProtonMail have never been primarily to help people with Snowden's threat model. They're for people like you and me to reclaim a semblance of privacy, and they work even with "Uncle Sam" as the threat model in a limited, dragnet surveillance sense.
> They're for people like you and me to reclaim a semblance of privacy, and they work even with "Uncle Sam" as the threat model in a limited, dragnet surveillance sense.
They don't work, because the US government's modus operandi is compromising machines or forcing users to provide access to their encrypted data. It's unclear to me why, if you take as premise a government capable of forcing one of the most valuable organizations in the world to hand over its data, you believe a company several orders of magnitude smaller is safe because it's "end to end encrypted" and has servers in Switzerland.
Put another way, I find the concept of a government willing to force Google to give up data but unwilling to use operational vulnerabilities to achieve the same thing to be contrived - how is this not just an arbitrary line in the sand?
Furthermore, the heuristic itself is a red herring, in my opinion. It is far more likely that Protonmail has a critical security vulnerability inherent to its software than Gmail does. And even if we assume that the government doesn't want to spend economic resources on actively compromising you as an individual, why would the government not spend resources on a system to compromise you passively as part of an en masse campaign? In other words, are you using a custom built computer with parts designed by a boutique firm from another country immune to the wiles of government backdoors?
How do you decide where you want to stop down the rabbit hole, and are you really doing so empirically?
"Put another way, I find the concept of a government willing to force Google to give up data but unwilling to use operational vulnerabilities to achieve the same thing to be contrived - how is this not just an arbitrary line in the sand?"
In the US we have a constitution the prohibits searches of our papers without a warrant signed by a judge. It might be out of fashion is some circles, but the rule of law and not just rule of power is quite popular and I would say a superior system of governance. Many Chinese who are acquiring assets outside of China feel the same way.
With the current legal uncertainty around whether your fingerprint or retina scan locking your device has the same legal protection as a passcode - do you _really_ think every Three Letter Agency isn't operating under flimsy legal advice that "papers" does not include anything stored digitally? "The rule of law" is _very_ open to interpretation... (And it's not like parallel construction isn't a well known tool used to hide questionably legal (or outright illegal) law enforcement activity from whatever limited oversight they have anyway... A "Superior system of governance"? My opinion differs somewhat there...)
"willing to force Google to give up data"
first they issued a gag order, and then they came for the gold
"use operational vulnerabilities" am I the only one who strongly believes that Micro$oft is in bed with every 3-leter-agency in haning out backdoors/vulns for the last 20 years?
"They don't work, because the US government's modus operandi is compromising machines or forcing users to provide access to their encrypted data."
I'm not so sure - at least as recently as 2013, Lavabit showed that even top level US govt targets had some realistic reliance on properly encrypted 3rd party email providers...
The "dragnet" is the thing that's potentially useful - if it's difficult enough for them, they can't do warrantless "full take" surveillance - even for non US citizens, then choose to individually target you later based on a complete historical record being open to keyword/"selector" based searches.
(And for the appropriately paranoid - even Levison's comments back then suggested the thing he was prepared to fight and maybe go to jail for was handing over the SSL key that'd have exposes _all_ users. Reading it the right way suggests he may have sold Snowden out on his own - and I can't exactly say I wouldn't have done so myself in his position - but he was principled enough to not hand over the keys to the entire userbases's security. I sincerely hope _I_ never have the protection of privacy of a user like Snowden being my responsibility while the full pressure of the US government bears down on me. I strongly suspect my strongly-held personal principles would not stand up to that...)
> This comment seems to conflate resistance to mass surveillance with resistance to targeted surveillance.
ProtonMail doesn't meaningfully address the mass surveillance aspect, though. Most emails still hit its servers in plain-text form. Encrypting once it hits their server doesn't help the mass surveillance aspect, it only helps the targeted surveillance when a warrant comes in.
And if you're willing/able to get everyone that emails you to switch to PGP to get real end-to-end encryption then protonmail is worth even less, since none of their benefits matter anymore (google is obviously not able to decrypt your PGP emails, either).
And sadly - if someone emails a PGP encrypted mail to a protommail address using a key the recipient knows but protonmail doesn't - it doesn't work. Protonmail gives an "unable to decrypt" error, and doesn't hand over the encrypted body...
For me - I think they're useful protecting against dragnet "full take" surveillance (especially since I'm a non-US citizen, so am considered "fair game" for warrantless surveillance), but I don't for a moment think they'll protect me from any sort of state actor level interest targeting me specifically (I'm still gonna get Mossad`ed upon...)
(In more paranoid moments, I suspect that the first "dragnet" protection quite probably makes the second "targeted interest in _me_" more likely...)
There is still a possibility, a scenario only a crazy conspiracy theorist could imagine a few years back, but I believe the current development of closed chipsets could soon allow remote penetration into any machine using any network card by any vendor, and in a way that nobody can even sniff the suspicious traffic over the network.
It seems really complicated, if not impossible, but I'm starting to think it can be done if one has full access to the chipsets and their firmware (users, admins and developers don't, vendors and their "partners" do).
Let's assume a system where every piece of hardware has a closed device driver, or part of it, CPU included. We're there, or very close. It's not that hard to imagine a system within the system that can access data (hard drives have closed blobs), read passwords before they are encrypted through keylogging (USB sniffing), make screenshots of the desktop (video card closed blobs) and send them wherever they're instructed to (network card blobs), not to mention downloading and executing arbitrary code.
Now one could object that the traffic could be easily intercepted, but what if all network chipsets of all vendors, including those inside routers, had a small set of instructions to intercept any magic packet satisfying some rules and treat it differently. Let's say send it to some hardcoded addresses without counting them or reporting them to user applications; even leds on front panels would not report those packets passing through. The only way to realize something fishy is going on would be by tapping physically into the network cable using non-network dedicated chipsets, say very fast digital analyzers, decode all traffic and match it with what a normal sniffer would report.
I admit this is a crazy scenario, but if an entity with nearly infinite resources had the power to force any hardware vendor to put spying hardware/firmware into every machine, wouldn't it attempt to do something like that?
100% correct. Even with fully patched software/OS/hardware/drivers/firmware we are regularly 'surprised' by a number of 0-day vulns that has been around for 1-2-5-10 years and 'suddenly' we discover it/them.
Putting my tinfoil hat on, I'd say that they got a new-improved way to get in, and they patch the old one because now the 'others' got whiff of this (e.g. shadowbrokers) and are about to start abusing it themselves :)
Uncle Sam can’t dragnet root everyone’s machine, but they can (and do) dragnet surveil large email providers not focused on security.
“The government can hack anyone, just give up” is a dumb objection if you view security from an economic perspective. Defenders have a huge advantage over attackers that we aren’t sufficiently taking advantage of yet.
I am more worried about hacking from a competitor than I am from the government. That being the case, I trust Google far more than most.
I am not sure I understand the “fear” of the US government. Do we have cases of “normal” people being harmed from NSA type activities? We’ve had a ton of cases of normal people being harmed from non-government “hackers,” so, from a risk management perspective it seems silly to prioritize surveillance avoidance over garden variety thieves. To think Proton has the same level of experience and technology that Google has is a bit naïve.
And server location doesn’t particularly mean much. Plenty of Swiss banks have been compelled to turn over US citizen information due to FATCA — it’s not a stretch that a legitimate request for information by the US government would be honored by the Swiss if it pertains to a US citizen. For non-US citizens, there might be some benefit to an offshore server, however email is generally not the weakest link in surveillance. Also, you’d need to ensure that all your recipients are also using non-US as well as non-British, or non-French systems as well.
US surveillance is in the spotlight, but France and the UK are equally aggressive, if not more so since the actual laws in the UK and France are much more liberal in terms of allowing government to intercept communications. The French law doesn’t even require a judge (secret or not.)
I think Proton is a nice alternative, but other than effective marketing, there isn’t much differentiation from paid Google Apps/Gmail plans. Comparing “free” gmail with Proton isn’t exactly honest, comparing paid gmail to Proton is probably a more valuable comparison.
With Gmail, for example, it’s possible to get a Business’s Associates Agreement for HIPAA compliance.. which means that it’s possible to have email that’s more secure than “normal” free Gmail. Of course HIPAA isn’t relevant to government surveillance, but really, how many people are actually at risk from the NSA? If that concern is part of your risk profile, then perhaps you ought to be living in a Tora Bora cave with messages being delivered encoded with a one time pad. If you are worried about your Antifa or KKK meeting minutes being intercepted, it’s likely Proton isn’t going to be much help.
This is not a good heuristic, for several reasons.
First and foremost, despite widespread fetishization of things like end-to-end encryption, real world software rarely differentiates its security based on superior cryptography. Most security vulnerabilities occur at the endpoint level and are not even technical vulnerabilities, they're just successful, targeted phishing campaigns. The next most common set of vulnerabilities are in mundane software, typically in the infrastructure and peripheral logic. These are due to developer ignorance, misconfiguration or sometimes both. From there we have crypto implementation flaws, which are typically due to software engineers' fascination with implementing their own cryptography libraries or taking strange liberties with existing libraries that deviate from the explicit or implicit intentions of the original author. Finally, on a peak so remote and small it's scarcely visible from the ground, we have actual cryptography design flaws, where someone literally rolls their own crypto at the conceptual level and deploys it.
Second, email is a fundamentally antagonistic medium when it comes to end-to-end encryption. If you are actually concerned about your privacy and you're discussing something that warrants extreme care, email is the least user-friendly and most error-prone method of going about it. You should consider a synchronous medium with forward security if possible, probably based on a well-known and well-audited messaging protocol (to avoid a flame war I'm not going to suggest any particular one - do your research).
Third, if your threat model is honestly the US government, you need to significantly revise your opsec entirely if you're realistically considering Protonmail. Regardless of its actual security, you're (implicitly) saying that you trust Protonmail to be capable of withstanding the resources of a motivated three letter agency with an armada of security compromising tools at its disposal. Why trust a third party at all then? What makes you think the servers being in Switzerland is going to help you if you distrust the government this much? By all means, don't use Gmail either, but then Protonmail isn't really a coherent security measure either - again, use a synchronous messaging platform, or develop the opsec needed to consistently use PGP correctly on your own.
Given the foregoing, if your adversary is actually the US government, neither Gmail or Protonmail are effective strategies, and if your adversary is not the US government, Google's security team is vastly more qualified and has overwhelmingly more resources at its disposal to secure its email infrastructure.
Seconded! You could add Tutanota + 1$ per month = you will never see ads for a <insert_item_name> like the one you just bought, plus you will be driving Uncle Sam crazy!
A missing threat model gives this more credit than it merits. You can replace 'zero knowledge' with 'military grade' and it will be just as meaningful (if somewhat more obviously poor).
Plus, you could say they are describing a threat model. If ProtonMail were compromised in this one particular way the confidentiality of your mail would be 'stronger' or 'improved'. This should be as reassuring as 'Switzerland', which is, of course, also trotted out.
Without a threat model (that is, the set of threats that one is trying to secure a system against), you have no idea what someone means by "secure". It could mean unpickable doorlocks, it could mean unbreakable windows, it could mean angry-Hippopotamus-proofing. It could mean that you smelly farts can't escape your pants.
Any claim of security without a threat-model is in the most literal sense meaningless. And don't get me started on "Military Grade Encryption", which is a term that at this point should give you a sense of concern, rather than safety.
I'm not sure I understand what your counterpoint here is since we seem to be saying the same thing but I had to go back and fix 'thread model' twice myself. An underestimated threat model to commenting about threat models!
There are some people for whom "The government is literally after me, personally" is a valid threat model. There are some people for whom "Google employees with privileged access to Gmail are conspiring to be after me, personally" (one assumes there's a two-person rule for access to individual inboxes or deploying code that scans inboxes) is also a valid threat model.
However, those people should consider that the government will be willing to use either software 0-days or algorithmic 0-days to attack them (see e.g. Stuxnet taking out Iran's nuclear program using a previously unknown method of generating SHA-1 collisions, that looked kind of like how the academic community knew to generate collisions but with a different fingerprint), in the government case. Or that any interaction with anyone who uses Google must be avoided, in the Google case. See e.g. https://mako.cc/copyrighteous/google-has-most-of-my-email-be...
For normal people (which includes me and probably everyone else commenting here)? Google seems at least as likely, probably a tiny bit more, to protect me from threats like "A personal relationship has gone bad and someone who isn't a government and isn't Google is trying to impersonate be me" or "I don't want to lose access to my email" (remember that availability is a part of security!).
Which says don't use it if you are up against state actors and:
"Sensitive business communications – You have sensitive business information that you want to make sure is protected from competitors and other malicious parties. For example, you fear a competitor may want to sue you under false pretenses to get access to sensitive data. In this case, ProtonMail offers a great deal of protection. ProtonMail will not release ANY data unless provided with an enforceable Swiss court order. To get such an order, the case must first work its way through the Swiss courts where stricter privacy laws might result in a different ruling. Even if an adversary went through the expensive and time consuming procedure of obtaining such an order, ProtonMail’s zero access cryptography means we would only be able to release data that is encrypted since we do NOT hold the decryption keys."
Given that they have Javascript to handle the decryption keys, couldn't they demand ProtonMail change the code delivered to your browser session to give up the keys? This would make the only extra security provided by this scheme would be the multiple court jurisdictions and the less tested legality of a court order making their product less secure, ala the FBI and Apple.
I'm not sure there is a legal mechanism to force ProtonMail to add a backdoor...
> "Nearly every country in the world has laws governing lawful interception of electronic communications. In Switzerland, these regulations are set out in the Swiss Federal Act on the Surveillance of Postal and Telecommunications Traffic (SPTT) last revised in 2012. In the SPTT, the obligation to provide the technical means for lawful interception is imposed only on Internet access providers, so ProtonMail, as a mere Internet application provider, is completely exempt from the SPTT’s scope of application. This means that under Swiss law, ProtonMail cannot be compelled to backdoor our secure email system."
If a government really wanted access to a specific user's ProtonMail account, couldn't they get a court order from a domestic CA, say Verisign, to generate a fake certificate that they can use to MITM a browser session, and deliver key-stealing javascript to the user? I'm not sure what the state of certificate pinning is, but it seems that for the "uber security conscious users" they have instructions to check the SHA-1 fingerprints[0] manually. I feel like there are just an infinite number of technical ways a state actor with unbounded resources and legal access to basically every authority and pipe that operates the internet could MITM a service like this without compelling ProtonMail to do anything.
EV certificates must be submitted to CT logs, which means ProtonMail and the public will be able to detect the malicious certificate. If it's not a EV certificate, the browser user interface changes and a security-conscious user may notice. That said, if a powerful government is after a user specifically, it is just a matter of time and effort before the government gets in.
> If it's not a EV certificate, the browser user interface changes and a security-conscious user may notice.
This is often used as an argument by EV advocates, but it doesn't hold up under scrutiny. An attacker with access to a non-EV certificate can selectively intercept only connections for subresources of the targeted site (i.e. JavaScript). The "main" connection would still use the EV certificate and thus show the browser indicator. This attack was first made public in 2008[1] and has been further refined in later work[2].
HPKP and the Expect-CT header provide some viable mitigations for this. That said, it seems unlikely to me that a nation-state adversary would choose to attack at the Web PKI level in this scenario. Compromising ProtonMail or the user's device would probably cheaper and less likely to be detected.
ProtonMail has never painted an accurate picture of the surveillance requirements in Switzerland – and laws have been and are changing too.
Switzerland is not an island of privacy with regard to state surveillance – and with regard to private data privacy, it basically mirrors the European Union’s standard. According to Snowden documents, Swiss intelligence and security services are close partners with the NSA and other foreign services.
IANAL, but that just seems to say that under that particular law (SPTT), Internet access providers have to provide the technical means for lawful interception. It does not say that no other entity has to provide the technical means for lawful interception.
In other words, the law does not say that ProtonMail is exempt for having to provide lawful interception. They might still have to do so, based on some other law.
Further, it's quite conceivable that unlawful means (such as blackmail, threats, or bribery) could be used to coerce ProtonMail. That's not to mention perfectly lawful means of enticing them -- like appealing to their patriotism, willingness to help in a critical investigation, or demonstrating some credible threat.
This attack actually happened years ago at a company called Hushmail. Law enforcement had the encrypted email provider serve malicious code to the target which leaked the secret key.
Hushmail operates out of Canada, though. Jurisdiction matters a lot here since Switzerland has a reputation for making it difficult for foreign governments.
Swiss authorities and security services cooperate closely with partners all over the world including the NSA. And there is a longstanding and working network of mutual legal assistance including the Convention on Cybercrime (CCC).
Cooperation isn't quite the same as cooperation. There's a world of difference between sharing intelligence on other countries and working together when conducting espionage elsewhere, vs actively attacking domestic targets. Rule of law is taken seriously, and government hacking is a thing - but the scope is very very narrow.
Our company is not legal (details in profile). We chose Protonmail to start because our biggest concern was getting our emails served to the government on request down-the-line. We pay a significant monthly charge to use their services and feel it is worth every penny.
A lot of people in our industry and others have this same model. It is not that the NSA is after you. It's local law enforcement. In our case, SEC and FBI. For average users, local LE will not have 0 days or anything special. Protonmail is out of reach for a lot of LE and that is important.
The best choice for us when we're fully operational is to run a Protonmail-like setup, self-hosted. Deal with mail issues and spam. It is a pain!
> "I don't want to lose access to my email" (remember that availability is a part of security!).
Arent there many (difficult to judge how many) cases of people losing access to their Google account, and therefore about everything they had online (photos, email, videos, etc...). That is also scary enough, especially when it happens randomly with no clear reason why and the support of Google seems to be limited to sending info via forms in the hope of a future human interaction.
Why include the elected representatives? Is that an implied threat of “reinstate my email or these legislators will regulate you into being a public utility”?
It shows you're serious. Most people complain to blow off steam. This is what customer service handles. If you want something done at the corporate policy level, e.g. to have policy changed or have a decision made per policy reversed, you attack at higher levels.
The traditional form of leverage is legal. Have a lawyer pen a letter gets you out of customer service. It is as effective as it is expensive. Next best is a regulator (you can think of these as narrowly-scoped, publicly-funded lawyers). Unfortunately, nobody regulates Google.
So your final threat is getting a lawmaker pissed off with you. This is less about passing legislation (it's hard to pass legislation; everyone knows that) than creating an official, reliably-corroborated paper trail which could go public, causing PR damage, and/or damage relationships the company may want to lean on in the future.
More practically, I don't want to sit around writing and responding to letters. Having someone else do the back and forth with me Cc'd is more pleasant.
Disclaimer: I am not a lawyer. This is not legal advice. If you need legal advice, contact a lawyer.
> Arent there many (difficult to judge how many) cases of people losing access to their Google account, and therefore about everything they had online (photos, email, videos, etc...). That is also scary enough, especially when it happens randomly with no clear reason why and the support of Google seems to be limited to sending info via forms in the hope of a future human interaction.
There are, but that's not incorporated into a threat model because it's not a security issue (at least not a first-order security problem).
Denial of service (or access) is one of several possible security threats.
Unauthorised access, content modification or deletion, impersonation, and several other categories of security policy violations are also fairly typical.
> Denial of service (or access) is one of several possible security threats. Unauthorised access, content modification or deletion, impersonation, and several other categories of security policy violations are also fairly typical.
Most of the cases of people losing access to their Google account that I've seen are not ones which would could feasibly be induced by a dedicated attacker unless they already had access to your account in the first place.
That may be a part of your personal threat model and also your decision-making, but from Google's perspective, that's not a security issue.
I definitely wouldn't say many. I can count the number of cases it has happened in the past few years on one hand, and as far as I remember, almost all of them got their accounts back.
Yes, you could argue that only the loud ones making noise get their accounts back, which my be true, but considering that billions of people use GMail, the fact that so few stories even show up means that it's probably safer than even air travel.
> see e.g. Stuxnet taking out Iran's nuclear program using a previously unknown method of generating SHA-1 collisions, that looked kind of like how the academic community knew to generate collisions but with a different fingerprint)
To my knowledge, it was Flame that did this not Stuxnet, and it was an attack on MD-5, not SHA-1 [1]
Around 100 people have root @ Google. They get a tshirt with it on.
With months of effort researching tripwires and auditing systems, any of them could read your mail.
There's a pretty good chance they'd get caught by some auditing or alerting system they were unaware of though. Many of those systems are kept secret from employees for obvious reasons.
Any two employees collude to much more easily read your mail. There's probably ~1000 people in that position (not only the gmail team, but anyone who writes any kind of library code used by any of the databases, datastores, or application servers). They would leave audit records though, although they might go unnoticed.
That's cool in that it's such a small number. Netflix shared how they do ephemeral access by publishing bless *[1]. It would be cool to see how Google does it as well. Googling for the usual terms doesn't return anything.
Access controls are actually fairly locked down. I would guess the access control list for Gmail data is only ~10 people. If any of them were to make use of their access permissions, it would automatically trigger a review of their actions.
I don't know anything about Google's internals, but, like, there's some data. It gets to your screen. There's code written by Google employees that makes that happen. That code gets modified on a regular basis by Google employees. If enough Google employees get together, they can modify that code to do whatever they want.
I expect that any single Google employee does not have access, in the sense that they've locked themselves out of making changes to their systems without a computer seeing multiple human approvals. But there is a point at which someone can fix that computer.
But yes, my point was that the threat model here isn't "one Google employee goes rogue," it's "multiple Google employees with extremely privileged access to Gmail and/or their code deployment servers all decide that they want to read your email without telling you, and nobody blows any whistles," which seems much more far-fetched.
> "I don't want to lose access to my email" (remember that availability is a part of security!).
Really? You've heard just as many stories of unexpected Google account closures as I have.
I'm quite confident ProtonMail just don't do that. And if they did, you'd have a much more credible chance of talking to a human and rectifying the situation.
That is a pretty good counterargument, and I do think that you should count that risk when evaluating Google's security.
But I think there are lots of other options besides ProtonMail that will do the same. (I pay $50/year for Pobox.com, personally, and vaguely feel like paying a bit of money for my email instead of relying on a free service is worthwhile.)
Actually ProtonMail does do this. They can't read your email so they can't know if you're actually abusing it via their terms of service. Thus if you file complaints against users ProtonMail will actually suspend the account without evidence until you clear your name.
There are a lot of cases but I'm at work and can't spend too much time collecting much. The gist however is that they are bound by Swiss speech laws, which are very ambiguous. "Inciting violence" is one such example, but of course, they can't see what you are supposedly inciting, so they suspend you.
Here's the thing with email. You can sign up for Protonmail ... but you've still got to use email to correspond with others. And in all likelihood many of those individuals will be on GMail or some other less-secure provider unless you're using Protonmail as an enterprise solution, in which case the ratio of "secured" vs. "unsecured" recipients would likely tilt towards secured.
Email is insecure, and most users don't even consider security when using it. I've seen my own social security numbers sent out via email. I've seen corporate card credit card numbers sent via emial. I've seen other confidential financial documents and a myriad of other things sent via email by people who didn't know or didn't care that the method of transmission isn't secure because frequently it's not their information at risk. In my experience, medical data is treated differently because there are laws around how it can be communicated and stored. Until there's regulation placed around other pieces of information, and those laws get enforced, I don't know that people will change how they use and abuse email.
This was probably the biggest unsolved issue I had when seeking out a new email provider.
"Switch to this other email provider" is not going to get much of a result from your gmail/outlook-using contacts (especially if money is involved), and wouldn't even solve this issue unless you convert absolutely everyone to, for example, Protonmail. "Hey man can you set up this thing called PGP?" is probably even worse unless your social circle is all technically minded already. Even in a group of "nerds that play video games", I'd be surprised if even half of the group even know what PGP is.
So long as we're stuck with email as we know it today, it really seems like there is just no bolt-on solution that can be used to "fix" it.
>And in all likelihood many of those individuals will be on GMail or some other less-secure provider unless you're using Protonmail as an enterprise solution
This is true of the marginal utility of the first and last element in a network effect. We might as well push for a paradigm where hosts have no access to data rather than, in 1950 say "Why should I join the internet, there are no other computers on it"
The engineer in me loves the promised End-End encryption and all the cool stuff. But, the inconvenience of "unable to search contents of emails" is a deal breaker towards encrypted email for me.
My primary concern was Google/Microsoft scraping my emails to build a profile of me. My emails could give away very personal information that I do not want to be used for advertising.
My money finally went to Fastmail. Excellent email service - just works and doesn't try to be super smart and take over the world.
Under the Stored Communications Act, law enforcement may get emails or other information under third party control with only a subpoena.
Retrieving email via the POP3 protocol typically deletes the email upon retrieval, making it impossible for the third party to comply with requests for already-retrieved emails.
I'm writing something that uses POP3 right now and thankfully it doesn't delete anything. I'd have to do things a lot differently if that were the case
G Suite (former Google Apps) has a different Terms of Use compared with Google's user oriented products, like Gmail.com, otherwise usage wouldn't fly in most big companies, especially in Europe.
In general, if you aren't paying, then you're the product.
You can totally search email contents with ProtonMail -- it just does it clientside. I just tested with my 125MB of emails and it was fast (under 1s) but maybe if you have more emails it could be slower.
I'm curious how? This FAQ page on their site claims you cannot search email contents, although they plan to support that in their upcoming Protonmail Bridge (which works with a desktop client to search locally): https://protonmail.com/support/knowledge-base/search/
That is what I'd expect, since obviously they cannot build a search index over text they cannot read. Transferring the entire contents of your emails to your web browser to search locally would be slow and impractical on anything but a very fast connection.
"Zero Knowledge Encryption" is just a marketing term...
I wish marketing would not cross wires with real crypto, it makes me skeptical that they really know what they're doing. They're not the only company doing this and they should be called out for it like spideroak [1].
ZKP[2] is real branch of cryptography and they do not use it AFAIK.
I was just as bothered / put off by the "Zero Knowledge Encryption." But your comment is a little disingenuous. Spider Oak ultimately did the right thing and given your link it is clear you are aware that SO has stopped using the term.
I don't understand this. Let's say I receive a newsletter from some website.
That newsletter is not PGP-encrypted, so at some point the Proton Mail servers
must be able to see a plaintext version of it. That means I have to trust that
they never store that plaintext version.
In addition, even if they immediately encrypt it and store the encrypted
version, how can they do so such that only I can read it? Is the key generated
from my password? How come it's possible to reset my password with a recovery
email address then? Surely they must be storing the key somewhere, in which
case storing encrypted messages is pointless.
EDIT: apparently my second point is incorrect, forgetting your passphrase will indeed leave your emails permanently encrypted. The first point still stands though, it's not zero-knowledge at all if they receive the plaintext of my private emails in the first place and I have to trust that they don't store it.
In asymmetric encryption, the key for encryption is different from the key for decryption. You can encrypt something without being able to decrypt it, or vice versa.
You can encrypt your "master" key with another key derived from your password. When you change your password, you just decrypt and re-encrypt the master key so that it doesn't have to change.
The combination of these two techniques in one form or another is responsible for much of modern computer security, including the encryption used on this very website.
Sure they see the plaintext version in flight from the router.
That's where a warrant would install the TAP. Before it arrives the protonmail server, where it is encrypted and stored.
Outgoing mail similar, but there it can be encrypted, so the TAP would be directly at the server, before it is encrypted.
In contrast to gmail TAP's are installed by a warrant ordered by a judge and per customer only. With gmail warrants are not needed, data is just handed over, and search interfaces are available to any agency which wants it.
You are correct in your assessment, but this statement holds true for any application. You must read the source before executing it -- and en suite you need to trust the hardware that's executing said code.
As it stands you don't send your password to proton -- they send you an encrypted private key that the password you type decrypts (at email creation time you generated that private key in your browser via openppg.js ) They most certainly could change their API to send the password to the server once it's typed in the UI. This isn't unheard of and there is large suspicion that law enforcement made hushmail modify their API for certain users of interest in order to decrypt their mail.
The lack of code signing in web apps and the added attack surface of having your web and application server (which are in control of the code that users run) exposed to the internet matter a lot in this context.
Attacks on build systems of native applications aren't unheard of (CCleaner, that Ukrainian tax software, etc.), but it's far more involved and more likely to be detected, whereas web app backdoors can easily be delivered exclusively to the target and only for as long as needed to pull off the attack.
It's true for applications delivered live (mostly webapps). For vast majority of apps, I expect that at least the package maintainer at least glanced at the changes before building a new version. This is hardly foolproof but there is another layer of verification.
The key is not sent anywhere. Your recovery mail allows you to recover access to your account, but not access to your keys. So if you ever lose your password you will also lose the ability to decrypt your mail.
The end-to-end encryption is only between protonmail addresses, in practice when you email people with gmail/hotmail/yahoo etc. it doesn't matter if protonmail can't read the e-mail, the other party can. (Their solution for that is to send an e-mail that contains a password-protected link with the actual message [0], I find this procedure inconvenient.)
Gmail could be as secure as Protonmail by using PGP yourself [1]. And then you can keep your desktop mail client.
I wanted to touch this part: "And then you can keep your desktop mail client." . Actually you can use your desktop mail client with ProtonMail too. All you need to do, is install ProtonMail Bridge. It's in closed Beta right now, but it works pretty well (i'm using with Thunderbird).
Anyone remember HushMail? The end-to-end encrypted email service that didn't have the ability to decrypt your emails? They were eventually coerced to change their code and record passwords in order to gain access to an encrypted email account. ProtonMail is the same thing, give or take, just in Switzerland. They can be coerced just like anyone else.
People whose lives are dependent on secure communication still need to manage their own PGP keys. Once protonmail makes it possible to use your own email client with your own keys, then I'd say it's worth trusting.
I'm not sure there is a legal mechanism to force ProtonMail to add a backdoor...
> "Nearly every country in the world has laws governing lawful interception of electronic communications. In Switzerland, these regulations are set out in the Swiss Federal Act on the Surveillance of Postal and Telecommunications Traffic (SPTT) last revised in 2012. In the SPTT, the obligation to provide the technical means for lawful interception is imposed only on Internet access providers, so ProtonMail, as a mere Internet application provider, is completely exempt from the SPTT’s scope of application. This means that under Swiss law, ProtonMail cannot be compelled to backdoor our secure email system."
IANAL, but that just seems to say that under that particular law (SPTT), Internet access providers have to provide the technical means for lawful interception. It does not say that no other entity has to provide the technical means for lawful interception.
In other words, the law does not say that ProtonMail is exempt for having to provide lawful interception. They might still have to do so, based on some other law.
Further, it's quite conceivable that unlawful means (such as blackmail, threats, or bribery) could be used to coerce ProtonMail. That's not to mention perfectly lawful means of enticing them -- like appealing to their patriotism, willingness to help in a critical investigation, or demonstrating some credible threat.
Not all governments restrict themselves to legal means. Turkey for example has recently started abusing Interpol search warrants to go after people outside their jurisdiction. The country of citizenship is usually clued in and is resisting but dare to go on vacation in a another country.
Not all actions of the US government have survived legal review and some may argue the latest administration is more prone to such accidents.
But then it becomes more a question of politics instead of (inter)national law.
Heck, the EU and US are already not on good terms on the subject of privacy/intelligence gathering, so i doubt this would be done so easily. Especially with the current US administration.
Hows the spam filter? I fell in love with the idea of switching to other services before on their marketing copy but I'm back in Gmail. It all rests on how good the spam filtering is by default not after I've received x good and y bad emails.
Unfortunately in this case it sounds like there might be a tradeoff between securing my internet postcards[1] and training spam filters.
[1] and that's all they are really, postcards. We've known that for decades, you can't patch envelopes over emails at this point.
> by default not after I've received x good and y bad emails
That's fair for you to demand. I run my own personal email server with SpamAssassin and I definitely got a lot of spam in the first week. Then I told SA to learn what spam and ham looks like based on what I received and it's been excellent ever since. I have retrained it about once every 2 years but it's really not that bad. Personally, I'm happy to manually filter a handful of spams and then have top-notch filtering plus added privacy.
Yup essentially my requirements are simply "I don't want to spend time on my spam filter"
In a previous life/job I set up, administered, and maintained mail servers. I don't have an exact count but high tens to low hundreds over multiple clients.
I think that's one skill I'm completely burned out on for personal use. Capable, but not willing.
Web based encryption. Pointless. If you trust them enough not to send you bad Javascript, you trust them not to read your emails. You trust them with your private keys.
If you trust them with all that why even encrypt the mail client side?
It's not about whether you trust them not to read your emails, its about whether they would be able to turn them over to anyone with a valid request. The decryption is local, they could send modified code specifically to you that returns whatever password you type in, but there's no legal mechanism for forcing that in switzerland and I imagine that practice wouldn't go unnoticed if they did it to comply with every request they got.
I understand your point of view, but these are different levels of trust. You can audit the javascript they are sending you and (potentially) notice it is a ruse. If they are reading your email after you send it to their server though you have no way of knowing.
I work for them (oath now). and at some point all employers were forced to dogfood it. the UI took a while to get used, but now I miss in app tabs witg several emails (in Gmail I need browser tabs).
...Long story short: after yahoo was acquired we moved to gmail. you cannot belive how much more spam shows up on my imbox that I had never seens before.
not to mention yahoo took the high road on properly fighting spam for everyone, even if made them loose some users using misconfigured email lists.
I would like to respectfully disagree about spam on Yahoo mail. I have so much spam there, you won't believe. And what irks me the most is that a lot of it is easy spam: viagra, etc.
well, you have one anecdotal data point with two different email addresses, while I was providing a fact on 10,000 users with the same email addresses on both platforms.
my guess, you probably had the y email much longer than the g one (yahoo mail is a decade older) and you posted that email in too many geocities guestboards. do the same with your g address and report back in 10 years :)
While I love ProtonMail as an effort to popularize security for end-users and trying to come up with smart technologies to achieve that, the whole risk model behind the writeup barely stands scrutiny. What's worrying, ProtonMail (who declare security a first-class feature) use "features" instead of systems to define security of their service.
If you think of it for a second, web crypto (protection against intermediaries and dishonest server) actually requires trusting the server, so no encryption-derived claims are sound if the server is dishonest. Any third party exploiting (or forcing legally) the server can make it dishonest and collect required keys in few simple steps. And, FWIW, if encryption is controlled by browser, adversary compromising the client itself can simply disable it.
So, while the effort is very important (and I bet they'd be around the first people who will suggest techniques for safe in-browser crypto execution), it isn't that they can be compared security-wise other than:
- ethics
- security policy
- competence of security teams.
Isn't a level playing field for ProtonMail.
And, my final problem is, 99% of people are still outside Protonmail anyway, hence the intolerant winner argument, which ruined PGP and will ruin many optional security systems on top of convenience protocols in the foreseeable future.
We actually agree with some of the points made above, but we'd like to add the following commentary...
Encrypting email while making it more usable than PGP is hard. There's no getting around that. Web crypto is always going to have some shortcomings, but web mail is on the rise, and at the end of the day, web crypto is better than no crypto.
That said, we have been working for some years towards moving ProtonMail encryption entirely to the local environment using our Bridge application, which will be released soon. There is also extensive R&D being done on end-to-end authentication and ensuring key validity.
You are correct in that it is not a level playing field. This is why the tech industry is fast becoming an oligarchy or even a monopoly, owned and controlled by a few big players. However, we think that not playing is taking the easy way out, so even though the game is 'rigged' against us, we have a great team of engineers who have decided to play anyways.
I seriously disagree on this (our company is facing similar challenges, and I've asked these question myself numerous times). It's not better, it's much worse.
"Some crypto" creates illusion of security, where you don't really know has it failed or not - frequently, there is no functional failure in cryptographic failure. It doesn't stop working, it stops providing the very guarantees you're using it for.
> However, we think that not playing is taking the easy way out, so even though the game is 'rigged' against us, we have a great team of engineers who have decided to play anyways.
Truly so, but you need to play better then ;) Godspeed!
+1 while it's nice that you're email at rest is secure most of your personal email is getting sent to someone with a gmail account anyway - perhaps defeating the whole exercise
> The final nail in the coffin for me is this page right here: https://protonmail.com/blog/transparency-report/ Can I draw your attention to this sentence: "After reviewing the relevant evidence forwarded by US authorities, criminal intent was apparent, so Proton Technologies AG decided to comply with the data request"
It uses trust bundles that hold the public key. Identity is vetted so there is no spam and it helps guarantee you are communicating with the right person.
It always surprises me how little this tech community knows about the Direct Project, especially considering how many hundreds of thousands of people have direct addresses assigned to them.
This thing is in production very wide usage by health industry. And the applications for it continue to grow. For example FHIR via Direct promises to empower patients.
But yes, this particular implementation especially is PKI with identity vetting. There are other trust bundles with different logos and requirements.
But the direct project defines more than just the PKI. It defines edge protocols such as XDR and IMAP. It also defines methods for message delivery and processed notifications.
And of course you can create your own trust bundle with whatever requirements you want.
This particular accredited portion means that these organizations have particular identity vetting processes for users, have on site visits to inspect servers, and adhere to a long list of privacy and security practices.
So what happens if, say a hacker breaches the systems and makes an interception at the SMTP level... before they encrypt? They then can read your mail before ProtonMail encrypts it...
There is a lot of marketing bumpf on this page without any link to detail.
There is no conflict of interest with G Suite either, which is governed by a different Terms of Use than normal Gmail.
If that wouldn't be the case, being the "business" version, G Suite would be banned in most European companies.
Bear in mind, European privacy laws only help you with Google (or other US-based providers) if you're a European citizen (via things like Privacy Shield). Whereas with ProtonMail being located in Europe, they're likely to be better protected from US law enforcement requests as a whole. US providers have no obligation to provide US citizens European-quality privacy protections.
“Zero knowledge” of email content means I can’t search my corpus of email without having all of that mail on a PC with a client that has a search feature.
What’s a bigger risk to you?
“End to end encryption” We’ve all had the PGP discussion. That adds a lot of complexity and a lot of cost and risk. Good luck searching it.
“TLS transport” Welcome to 2017, this isn’t meaningful.
It sounds like Proton Mail is a cool service. But that security comes at a capability cost and comes with other complexity that users may not understand.
We are close to solving the search issue actually. With the ProtonMail Bridge, full body search can happen locally so the servers can remain "zero knowledge".
I would not view being hosted outside of the US as an unalloyed good, especially for a US citizen. Legally, the NSA has a much freer hand in terms of surveillance of targets outside of the US. Putting your e-mail traffic outside of the US is no guarantee of anything, it's a set of tradeoffs. As others have noted, security isn't absolute, and depends on your threat model.
For a non US citizen however, Not having your mail hosted in the US atleast makes spying not completely automatic. Because in the US, the NSA has the legal right to wiretap all foreigh communications.
The utility is not in magically making every email sent to or from you unreadable to 3rd parties. The utility is purely on the side or privacy intrusion: be it via court order or hacker. Nobody can compel them to decrypt any messages that have been sent to or from you and stored on their servers.
Protonmail will NOT: Prevent interception of your messages by 3rd-party MITM attacks.
Protonmail WILL: Protect your privacy versus legal authorities. Safeguard your stored communications against hacker breach. Provide a high-quality, ad-free email experience and multiple email addresses.
My point is being that they could be compelled to hand over all future messages to your account, because if they are doing spam detection then they will have it in a readable unencrypted state.
"ProtonMail uses Zero Knowledge Encryption, which means it is technically impossible for us to decrypt user messages" is kind of false within the definition of "impossible". It is exactly as feasible for them to crack encryption as it is for any other party with an encryption and security background, so really this is "The only way for ProtonMail to read your email is by cracking it, which can be prohibitively time consuming" but really it won't be because the fact that "ProtonMail takes care of the security" means that if the service ever becomes mainstream popular, the proportion of people using easier-to-crack-than-should-reasonably-be-the-case password will skyrocket.
I have a paid account and only use protonmail for business and personal emails and use Gmail for anything else. 95% of the emails I get are junk anyway so I just try to separate that even more.
It seems most people care more about spam filters and search functionality than security. Which is kind of a downfall of protonmail because it probably will never have high adoption because if you want good search and spam filters then it means your emails need to be scanned by the servers.
Most people have multiple email accounts anyway, so why not use protonmail for the important emails and another service for junk account signups and everything else?
I run bandgap.io off of protonmail. I have had no problems with deliverability, have had great interactions with customer support, and enjoy using the product. After email hack after hack, I just couldn't see how I could ethically store my own users support emails unless they were end-to-end encrypted.
Potential improvements: Searching the inbox isn't great, and I'd like to reduce my attack surface by moving my transactional email from sendgrid to protonmail (not yet supported). Also, it might make sense for protonmail to become an OAuth provider-I'd be willing to support it on bandgap.io
Had the same idea when I read the comment. However, training your ML models in the browser is probably not the best thing you could do. Granted, it could potentially offer a more personalized service.
If you search for travel, and the SE brings up all your reservations from flights, ferries, bus, etc. It requires some sort of ML. Stupid example but you get the point.
A heavy amount of ProtonMail's infrastructure is in New York at NYI [1] accordingly to blog posts however they say 'ProtonMail stores user data exclusively in European countries with strong privacy protections such as Switzerland.' Now I am confused
It certainly does, but require client software that's capable to decrypt the data.
I think almost every desktop mail client support S/MIME. Many support PGP/MIME, using plugin/extension or natively. Unfortunately, the situation is much worse on mobile.
Anyway, if the client software is capable - which is rarely true but sometimes is the case - any classic mail server can store everything encrypted.
If you self-host - just make your MDA pipe the unencrypted emails to GnuPG or OpenSSL (and encrypted emails are already okay) and that's it. You'll be as good as ProtonMail (note: https://protonmail.com/support/knowledge-base/does-protonmai...). IIRC, there also was some hosted email service that works this way, although I forgot where I saw it and how it was called.
Right, I was going by their knowledge base article titled ‘IMAP, SMTP, and POP3 setup’ where they say:
At this time Protonmail does not support IMAP/SMTP or POP3 due to the technology ProtonMail utilizes within web browsers to encrypt and decrypt your messages. We apologize for the inconvenience and are working on creative solutions to allow IMAP/SMTP use.
If it uses IMAP4 variant under the hood and not completely different/proprietary API - are there any plans of possibly releasing this as a standalone tool someday?
I don't use Protonmail, because I already have self-hosted own-premises mail system for a long while, but I don't have encryption at rest. Given that you use OpenPGP, this bridge app looks very interesting. If it only could talk to a local gpg-agent as an option (rather than an PM account), it would be probably just perfect.
All your emails are stored encrypted with your public key when on ProtonMail's servers. And they do support end-to-end encryption with other email providers (with a user-specified passphrase).
FWIW, ProtonMail also allows you to export your public key from their service. People who you give the key to can use it to send PGP encrypted mail to your ProtonMail mailbox. Unfortunately this isn't bidirectional, there's no built-in way to send PGP-encrypted emails from your ProtonMail account to non-ProtonMail users.
Even as a convinced protonmail user I think this post is too much advertising focused and not addressing the facts correctly. It would be better for the reputation of protonmail if they would resist launching such campaigns and stick to the real advantages that differentiate it from the competition.
What are the security guarantees when emailing someone who does not use ProtonMail? If there is an encrypted mode, can this mode be turned off? This is critically important, and yet most of these email providers who talk up their security fail to bring it up. This article is the same.
When you send an email through ProtonMail to an unencrypted user, you have the option to encrypt the email when sends them a link to a webpage prompting them for the encryption password.
The article doesn't make it clear what this support looks like. If it's optional and complicated, people are not going to use it. And if it's different than what ProtonMail uses internally, all the promises about security might not apply.
If the bulk of your correspondence is with people who have gmail accounts then guess what, you're pooched no matter what flavour of tin foil hat you wear.
The biggest obstacle in becoming secure with email is all of the other people you correspond with over email.
Is it actually legal to not log anything ? They specifically claim they don't log IPs, so if someone wants an email data, all they can give him is just encrypted email dumps ? how can that be a possibility ?
One thing that frustrates me about protonmail and most other mail providers is it's limits on email aliases, even if your using your own domain. With gmail you get an unlimited number of aliases.
For the first question: https://github.com/ProtonMail/WebClient
For the second, it is unlikely, spying on third party app is not in the ToS of android, and if google (or any big tech company, really) is caught doing something not in the ToS, it will cause a PR shitstorm.
I have a Proton Mail account since 2014, but i never really used it. I might give it a try again today.
Ok. But for the first question: is the protocol free? Because if it is proprietary and limited to this one service, I fear that at most a few people will be interested in digging through the source code.
On a phone with Google Play Services, I think Google essentially has root, and can access whatever they like, so it's possible; but it's unlikely. Google is more likely to read the email if the content is posted into the notification feed, or the android search apis.
Does anyone know how they reconcile "zero-knowledge" and allowing people to log in? Do they encrypt your private key with a KDF of your password or something?
I see, thanks. So they use SRP with the password to authenticate, and then KDF(password) to decrypt your email (as they say). I would hope (and they probably do) use the latter to decrypt an encryption key for your email, rather than using your KDFed password directly, as that would mean they'd need to reencrypt all your mail if you changed your password.
I've used ProtonMail for some small number of communications, and I really like it for limited use. I can't speak to using it for everyday email purposes.
Proton has a free tier, if that helps make it more clear. Though I'm not sure that free vs. paid is such a distinguishing characteristic that makes it impossible to compare.
If I give you some blueberries and you buy some from the store, you're still able to compare and contrast the two and the paid blueberries may actually be inferior to the free berries.
Protonmail is not email, and should stop misrepresenting itself as email.
My favorite 'feature' of protonmail is that you can't access your messages via imap or pop, and their suggestion regarding exporting messages is: "At this time, you are able to save individual emails by using the "Print" function found inside each email in your account."
Protonmail had a very weird role in campaigning against the new sigint-law in switzerland, they used it for marketing for their service... now they say it's not that bad because protonmail advises the government on it.
I am very dubious of protonmail's claims. They don't release their server-side code, so nobody can audit it. There is no way to make sure a PGP encrypted message sent to a friend is actually encrypted with their public key only, you have to trust them.
You are also just one XSS away from losing your private key...
What about the other things that are important, like does protonmail do full disk encryption? do they log ip addresses? They require you to sign up with a phone number if you use tor, but "promise" not store that. How can we trust them?
Their ToS states: "you agree to not use this Service for any unlawful or
prohibited activities". But hey, if Mr. Robot uses it, it must be good!
They also have a very shifty claim of e2e encryption and a weird de-facto disabling the use of pgp. They do use openpgp.js, but for encrypting your mailbox, not for actually using pgp to mail other people.
They do actually support incoming pgp just fine, but I like to think of e-mail is bidirectional. To be fair, that is something they've had on their roadmap, but for almost three years now. Giving up the ability to send pgp-encrypted e-email is not a great trade-off (and let's not even get started on their notion that you're somehow better off with gmail as long as you use pgp).
So, trust the server, trust the HTTPS connection, trust the browser to not have any backdoors or security flaws in all extensions, and trust other apps that can access the browser's files and syscalls. Trust us, we are in switzerland. Why do people think that switzerland makes them somehow better position to deal with legal issues? Anyone from switzerland will tell you that they are not immune from evil laws and different parts of switzerland are significantly more draconian than others. Tell me how switzerland is some safe-haven that you should use as a criteria to determine your opsec. This selling point is pure snake-oil.
I gave up on ProtonMail. The lack of a calendar means you often need to go back to using Google Calendar or Outlook.com Calendar, kind of negating the privacy benefits if you're a heavy calendar user.
Secondly, its been years and you still can't store more than a single email address for a contact. This is so incredibly ridiculous that I have an extremely hard time understanding how they get away with charging what they do.
Lastly, the mobile app drives me nuts. I just can't get used to using it. You delete a message and a notification pop down drops from the top covering the next email so that you can't select it until the pop down notification goes away. This is deal breaking for me as if I have to go through 20 emails I have to sit and wait over and over and over again for this notification to go away. Yes, a message was deleted, I'm the one that deleted it, I don't need a notification telling me I did so. Infuriating to use.
I'm optimistic about ProtonMail in the long run, but won't use it until it gets out of my browser and onto a native app on my desktop.
If UI problems bother you, and you need a calendar, you can use mailbox.org which (1) can encrypt incoming emails w/ your GPG key, (2) offers SMTP so you can use Thunderbird, (3) comes with a calendar you can use on thunderbird/your phone via network.
Why would you expect an email provider to also provide a calendar?
There are many business, coordination, and communication tools that could be in my mail client (I do a lot of billing over email, is an email provider unusable if it doesn't integrate Quickbooks-like functionality too? What about shipping/receiving, project management, phone, SMS, mapping, etc, all things related to my use of email?), but I don't think they need to be there.
Calendar protocols are not federated like email. Choose between Exchange, Google, and iCloud. You'll have an easier time if you use the same one as most of your contacts.
Choose the best tool for the job. It's not likely that one provider will have the best tool for everything that, say, Outlook does.
>Why would you expect an email provider to also provide a calendar?
Because calendar has become a key part of a productivity suite and Email is the keystone. We use Protonmail right now to avoid Google or Fastmail or someone serving up all our emails in a warrant. We keep sensitive stuff off Protonmail of course but every bit helps LE build their case against us.
Protonmail should have calendaring, wiki, and on and on. An encrypted replacement for Exchange eventually. We disable all audiovideo hardware for core members but I can see even secure voice being useful for our contractors to use.
> ProtonMail takes the opposite approach and by default, does not monitor or record user activity, not even IP addresses.
Hrm, where's the pricing? Oh, it's based on "Messages per day" and "Folders / Labels"...
This doesn't detract from the meat of the article, but when user activity is involved in the pricing, you clearly can't claim 'no activity monitoring'.
There is no evidence that PGP is compromised. In fact, the snowden leaks revealed that the NSA has "serious problems" following people through TOR, and is unable to decrypt some OTR and PGP encrypted messages.
It's a question of perspective.
The US government and the NSA commited treason against basically every person using the internet.
Also you calling him "Snow dawg" says a lot about you...
The HN community has quite a wide variety of views and tends to value civil, considered, constructive discourse (as well as refraining from commenting on down votes). Tone as well as content go a long way: there have been plenty of comments over the years that are critical of Snowden. Choosing to use a pejorative nickname and phrases like "HN worships" don't do anything to promote your argument. You're choosing to participate on HN, and are therefore part of the community and its culture. I doubt you include yourself when you say "HN worships", yet you're participating here. Consider that there may be others on HN who wouldn't categorize their opinions of Snowden as "worshipping" either. (And there definitely are.)
You mention the "divide and wreck of culture of this nation", which indicates to me that you care about such things. Are the comments you've posted going to do anything to make this better? Likely not: people who agree with you are likely going to continue to agree with you, and those that don't are likely to write you off due to how you're presenting yourself. If your goal is to help make things better, I encourage you to think on ways you might be more effective. People may not necessarily agree with the positions you hold, but they may also have reasoned and nuanced reasons for holding the positions they do.
You seem to have good writing skills. Can you now respond to my post whereby I’ve made the claim that Snowden has committed treason, weakened US national security, and possibly ticked off a decline in interest for working for US intelligence?
If the public is aware of our intel capabilities as a direct result of Snowden’s action, it seems close to certain that my points are correct.
I think all of the points you raise are worth discussing. Of particularly interest to me is figuring out how to have discussions on contentious topics in a constructive manner, which is why I commented here. Whether or not I'm effective in this, I do know that I haven't done enough research to weigh in responsibly on Snowden or the other points you raise. (For example, to be effective, I would want to have some facts at hand with respect to education levels and curriculum of high school students in St. Petersburg, Russia, undergrads in the US, rates of entry into the intelligence services over time, etc. I don't have such and am not sufficiently motivated to look them up). I do believe that the points you make in this comment are much more likely to result in a better discussion. Thank you for that!
A new account introducing a very loaded topic that has been discussed over and over again as a tangent doesn't stand much chance. Going after other commenters because of their presumed nationality really doesn't help.
Indeed, and the shock value is necessary given the low quality anti West garbage emanating from the Russia * * camp.
My assertion is that HN has been overtaken by intelligent / unethical / ostensibly respectful trolls. I know a thing or two about this; such behavior used to occur only on Reddit. Why does Snowden exist as a public figure? I have evidence. No I’m not sharing it now.
Topic remains valid. Humanity can’t even agree on what kinds of privacy and for whom are best for society. Conversation hasn’t even occurred yet.
Witness how my comment was cleaned up to be respectful, leaving only the relevant parts, only to end up downvoted into the ether. It would be nice if a moderator could unflag my original comment since it’s relevant, as another commenter pointed out.
Thanks for editing your post. With respect to the voting, unfortunately that's partly an artifact of viewing the site. Unless people are following the thread, they aren't likely to see an edit. There is an option in account settings which permits including a delay before a comment is made visible. This allows a period of time where you can edit the comment before others view it. This can help if you've dashed off a comment in the heat of the moment, reflect, and rewrite it with a cooler head. Admittedly, it doesn't help if the comment has already been viewed, but it may prevent some of what you experienced.
Oh, wow. This makes me want to switch our work email away from Protonmail...
* If you are not comfortable giving Google unlimited access to all of your intimate communications*
Who would? But this is a sleight-of-hand where we somehow got from "google targets advertisement based on email content" all the way to "everyone working at google reads your email, and they all make fun of what you did last night".
By those standards, Google also reads everything on protonmail. At least if you use Chrome.
Besides, there are other factors than just encryption standards that impact security. The largest of all is the organisation you're trusting.
Google is obviously far ahead in terms of expertise and resources. They also have far more to lose, are probably better set up to protect against rogue insiders, and are impossible to compromise with money. OTOH, they're subject to FISA courts and whatnot.
Calling this fundamental difference in approach "more secure" manipulates the less-informed instead of educating and almost eliminates the chance of a worthwhile conversation about tradeoffs and values that could be very flattering to ProtonMail.