I'm not looking to discredit the claim, I'm genuinely curious to learn about what they've done to earn the Gold Standard from @tptacek
Google were previously reading our emails for Ad purposes and some of their employees are still able to read our Emails, their privacy policy also indictates they will hand over our emails if requested by law enforcement which suggests it's weaker than protonmail.com end-to-end encryption:
> All emails are secured automatically with end-to-end encryption. This means even we cannot decrypt and read your emails. As a result, your encrypted emails cannot be shared with third parties.
If this is the case, how is Google being held as the Gold Standard?
Elsewhere in the thread I mentioned advanced protection[0]. Gmail/Google is also the only company to my knowledge that gives you a warning like this one[1], and it was certainly the first to do so.
A lot of this comes down to your threat model. If you are most worried about
Unless your threat model is "The NSA gives my hosting provider a court order" or "an employee of my hosting provider goes rogue", its pretty clear that GMail is categorically the best option. And in those two cases, its not clear that there are significantly better options.
I get and am not questioning that. It's just that your curiosity doesn't seem to have motivated you to do a first pass of, I don't want to call it 'research', but just basic poking around on the topic. You want links and info from some dude on the internet because what he says contradicts stuff you know from... something a vendor said about their product.
It's a totally sensible question but it's not some particularly arcane mystery to dig into. In tptacek's case, in a jiffy, you can bring up the 60-odd comments of his that mention 'Gmail' and get a reasonable idea of what he thinks of it and why. And if you think he's got it wrong, you can say, hey, tptacek, I think you're full of poop when you said [...]. And then maybe you can hash it out and one or both of you will learn something. But 'Citation, please', especially on trivially searchable topics mostly says 'I'm kind of curious, but I don't really care'. The person you're asking probably isn't going to care either.
I was hoping there was a quick resource of someone having done a deep analysis dive into advanced techniques Gmail does that makes it more secure than everyone else but judging by tptacek's response it sounds like it's because they have the best security team and by extension all products they make are naturally more secure.
If all we have are the same claim being repeated with the only way to learn about what makes Gmail the most secure email provider is having to trawl through 1000's of comments. It means Gmail is always going to perceived as more secure even when they may not be, because relatively no-one is going to trawl through 1000's of comments to make an informed assessment otherwise.
trawl through 1000's of comments. It means Gmail is always going to perceived as more secure even when they may not be, because relatively no-one is going to trawl through 1000's of comments to make an informed assessment otherwise.
60ish is not 1000s. 69ish if you add the 9 about Protonmail. The guy posts on HN so much you can fairly safely go to https://hn.algolia.com and type author:tptacek [topic of interest] and find out what he thinks about it. If there was, inexplicably, a comic universe about HN mutants, he'd be The Citation.
I think you're conflating several different things here. Their vulnerability to hackers is not at all related to the extent to which they are willing to cooperate with the US Government or to exactly how their GMail ads work. You have to define exactly what your threat model is, and no service can really be the best at all of them. It's perfectly consistent with the worst interpretation of your other assertions that Google is still the gold standard for making sure that no hacker can ever compromise your GMail account, reset your passwords to your services, and hold your data and accounts on other services hostage.
Google were previously reading our emails for Ad purposes and some of their employees are still able to read our Emails, their privacy policy also indictates they will hand over our emails if requested by law enforcement which suggests it's weaker than protonmail.com end-to-end encryption:
> All emails are secured automatically with end-to-end encryption. This means even we cannot decrypt and read your emails. As a result, your encrypted emails cannot be shared with third parties.
If this is the case, how is Google being held as the Gold Standard?