@alrs @aria The #PGP private key is encrypted with your (hashed) password: https://proton.me/support/how-is-the-private-key-stored before being uploaded to Proton's server. This is how you bootstrap on a new machine!

You can export (https://proton.me/support/download-public-private-key) or import (https://proton.me/support/importing-openpgp-private-key) the keypair as you like.

#Proton is "just" doing what people have been doing for decades with things like #Enigmail. I used #Gnus for #Emacs some 20 years ago for the same thing 😄 The achievement of Proton is to make this seem easy!

@rakoo @delta @cy @thunderbird

It is a good tool because it allows for self-custody of keys.

• Also by that notion manually setting up an eMail account is also complicated for anything that Thunderbird can't autoguess or doesn't have in it's database.

Shure that isn't an excuse for #Thunderbird to not deliver sane defaults and handhold users asking them at account creation/import if they want to create/import a keypair and/or wish to automatically activate it.

• Same with pulic keys: #Enigmail used to have the nice feature to automagically attach the Pubkey to every eMail and to automatically sign and encrypt them. In fact I have this preconfigured to the point that any non-encrypted eMail requires me to manually confirm stuff.

I don't "belittle people for not knowing how to use gpg" but instead acknowledge the lack of #TechLiteracy as a matter of facts because most people got groomed into being consoomers and into ignorant users.

• It's not their fault, it's decades of failed education and awareness that now demand compound interest like credit card debt.

@rakoo @cy yeah, tho @thunderbird nowadays has #OpenPGP / #GPG - support built in ( #Enigmail ) and that just works.

• But @delta / #deltaChat does make things way easier for "#TechIlliterate #Normies" and provides them with a familiar #UI & #UX from other #Messengers whilst also not requiring "yet another #server / #service" to be spun up, which is a major no-no in many organizations, espechally #businesses.

• Whereas DeltaChat using #eMail as it's backbone infrastructure works fine, and that is an important point for it like #business use [i.e. #Germany] where all business communications have to be archived for at least 10 years for tax auditability reasons, and the whole #MailArchival issue has been "solved" by multiple providers and solutions so it makes sense to just do a +chat suffix, filter said messages and have them in the same #inbox as all other eMails.

I just wished #Thunderbird would also support displaying such chats similar to deltaChat to provide a #unified experience across platforms...

@ditol @samueljohn @linuzifer

THIS is where I disagree...

You may think it's elitist, but if people are too lazy to learn even fundamentals like how to use #Tails then maybe they should just not do #tech at all?

• Like: We expect people to show at the every least theoretical proficiency in terms of #TrafficCode and #VehicleSafety in +every juristiction I'm aware of* and literally mandated #DrivingLicense|s for that reason.

I'll gladly teach #TechIlliterates but I won't waste my time on people that spread disinfo...

It's 2024: @tails_live / @tails has been out for over a decade and there are a shitload of guides ranging from written documentation to Zoomer-friendly TikTok-Style shorts on how to get started.

• I don't expect people to do #airgapped pffline-PGP but with @thunderbird including #Enigmail and not requiring any external dependencies like the god-awful #GPG4Win stuff's easier than ever.

• Same with #mobile: #Appls like @monocles / #monoclesChat are so easy, I've been able to onboard literal tech-illiterates remotely with few steps and simple instructions.

FOR THE LAST TIME:

*STOP MAKING EXCUSES TO JUSTIFY ESCALATING COMMITMENT TO EVIDENTLY BAD SOLUTIONS!"

• Cuz when push comes to shove @Mer__edith herself would introduce a #Govware #backdoor into @signalapp when faced with indefinite jailtime...

Whereas with #SelfCustody of all the keys as well as #ReproduceableBuilds and real #decentralization, this would be evidently impossible even if all the devs wanted to comply honestly and not just because they could be held at gunpoint.

• #Signal is not your friend. It's merely a tax-exempt "non-profit" corporation, and corporations are explicitly nobodys friend - espechally when they demand #PII like phone numbers for useage.

Compare that to #monocles where you do pay like €2 p.m. but in return get #standard #protocols like #IMAP, #SMTP & #XMPP and can pay anonymously and not have to provide any PII whatsoever!

• And unlike #Signal they ain't dependent on #VC funding and #grant money to keep the lights on.

Make of that what you will, but just like allowing flatearthers to roam freely without caretaker supervision doesn't make the world less round, so won't the facts change about #ITsec, #InfoSec, #OpSec & #ComSec.

• The only reason Signal is still online and not #pwned like #EncroChat is because it's either a Sting op like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield or they have already backdoored their #backend so hard that all their #marketing is just #lies like #Apple...
  

Because all #centralized, #SingleVendor & #SingleProvider solutions are bad, and if they don't even allow for #SelfCustody then they are just a #grift to #scam tech-illiterates that don't know and/or don't care!

#thxbye #EOD