evacideI'm just a girl, incrementing the counter on the number of times I have been sent a plaintext email from a Protonmail user telling me that the message is encrypted.
davecb 🇨🇦@evacide Can you expand on that? ProtonMail loudly claims to be e2e encrypted to me, but the claims seem less than credible if mails is sent to a proton.me address from an unencrypted place like gmail
Bill, organizer of stuff@davecb @evacide They are very clear in their marketing and documentation that e2e only works if you are sending between Proton addresses. They are more important as a Google alternative... I wish they would focus on that instead.
(Edit: to be clear, this is a response to @davecb . I know @evacide knows what she's talking about.)
@CAWguy has moved@CAWguy I would think it's possible... 🤔 As a former PM, I'd wonder if competitive position and/or deeply embedded technical differences make it a tough sell, though.
@wcbdata ‘Competitive position’ would have been my first guess. With encryption set aside, each platform would then be exposed to competing on the best features and user experiences.
Alex Wilson@CAWguy @wcbdata @evacide This is just slightly automated pgp and has basically all the same ergonomic issues. Encryption is lost the instant anyone forwards or ccs someone outside the network and there's no way to fix that without purpose built clients. At that point you might as well be using chatmail or signal.
Justin Derrick@CAWguy @wcbdata @evacide Most eMail is encrypted in transit across the network/internet. SMTPS (SSL/TLS encrypted mail delivery using certificates for verifying identities & negotiating encryption keys) has been a thing for a long time.
It's the eMail provider that's the issue. Once the message is received, the server itself has a plain-text copy, even if the backend storage has filesystem-level encryption.
The real solution is for all eMail clients to have PGP/GPG, with a directory server that publishes public keys.
That way you can query the directory server with my eMail address, receive my public key, then encrypt your message with that key, and then it traverses all of the internet plumbing in an encrypted format that only the intended recipient can decrypt.
The percentage of people who do this is very, very small in the context of the entire internet.
@JustinDerrick Thanks for the long description. So would this small percentage of people using this setup be due to a network effect/getting friends to comply issue, or do most people simply not care about privacy?
@CAWguy You'd have to get everyone you know to leave their webmail providers, and only receive eMail with specific physical devices (phone / laptop / desktop). I haven't been able to get anyone I know to give up their webmail accounts, even by offering them free hosting and vanity addresses on my mail server.
@JustinDerrick Those are definitely many steps too far! I merely suggested using Signal at a small non-profit where I volunteer, and I could see the eye rolls at me.
@CAWguy Yeah, many years ago, I presented info about Signal to a nearby non-profit. Their President still sends stuff through SMS, even after having made it a requirement for their entire team to start using Signal.
The inertia of bad habits is very difficult to overcome.