Duffelicious
evacideI'm just a girl, incrementing the counter on the number of times I have been sent a plaintext email from a Protonmail user telling me that the message is encrypted.
Kevin Boyd (he/him) šØš¦@evacide "This is not a place of honour. Nothing important is encrypted here."
RokosunDo you think Proton's marketing is a bit confusing here? They keep saying their emails are encrypted, I assume what they mean is that they keep the info encrypted on their server. And maybe they also use end-to-end encryption if both the sender and recipient are using Protonmail - tho I'm not really sure about this one so correct me if I'm wrong.
@futureisfoss Correct. Most people do not understand the difference between E2EE and TLS encryption.
Joacim Jacobsson@evacide @futureisfoss to be fair to most people, we in tech really suck at explaining how things work. And in many fields we are actively spreading miss-information in order to sell products.
"Military grade encryption" is another one š Actually anything "military-grade" is almost always used as a marketing term, not just in tech products.
Personally I always try to use noncommercial alternatives where I can, like Mastodon for example. It's so much saner when they're not trying to sell you something, like the listings here - https://www.directory.trade-free.org
And people should donate to these good projects to support them.
Trade-Free Directory
These goods and services are submitted and reviewed by people like you. We cannot guarantee that all of what you see here is trade-free, since at times it is very difficult to review them all and do so properly. This is why we need your help! Submit and Review! Letās create a wonderful directory of trade-free stuff! Because we are trying to be 100% transparent, we are making public all of the submissions that were rejected. You can find the list here where you can also object to that decision. DeaDBeeF DeaDBeeF lets you play variety of audio formats, convert between them, customize the UI almostā¦ read more F-Droid F-Droid is a community-maintained software repository for Android, similar to the Google Play store. Theā¦ read more fediverse.party Fediverse is a portmanteau of two words āfederationā and āuniverseā. It is a common nameā¦ read more Shades of gray Theme Shades-of-gray is a flat dark GTK-theme with ergonomic contrasts. It supports Gnome, Cinnamon, Xfce4, Mateā¦ read more wtfismyip.com Why wtfismyip.com? HTML, JSON, XML, and text interfaces ā HTTPS/SSL support ā IPv6 support āā¦ read more Evince Evince is a document viewer for multiple document formats. The goal of evince is toā¦ read more KMahjongg In KMahjongg the tiles are scrambled and staked on top of each other to resembleā¦ read more Password Safe Password Safe is a free and open-source password manager program originally written for Microsoft Windowsā¦ read more GNU social GNU social (previously known as StatusNet and once known as Laconica) is a free andā¦ read more Pencil2D Pencil2D is a free and open-source 2D animation software for Windows, macOS and Unix-like operatingā¦ read more voctomix Full-HD Software Live-Video-Mixer in python read more sK1 sK1 is an open-source, cross-platform illustration program that can be used as a substitute forā¦ read more Kindista Share freely. After decades of consumerism, we live in a world of abundance. Over theā¦ read more deepcards.org Do you really know the people around you? Get to know each other with thisā¦ read more php-proxy-app Web Proxy Application built on php-proxy library ready to be installed on your server. Keepā¦ read more Alovoa Alovoa aims to be the first widespread free and open-source dating web platform. What makesā¦ read more jshero.net Learn to code with JS Hero, the JavaScript tutorial with interactive exercises. On each pageā¦ read more XAMPP XAMPP (/ĖzƦmp/ or /ĖÉks.Ʀmp/) is a free and open-source cross-platform web server solution stack packageā¦ read more The END Fund The END Fund is the only private philanthropic initiative solely dedicated to ending the mostā¦ read more Tetravex Tetravex is a simple puzzle where pieces must be positioned so that the same numbersā¦ read more what are they offering? accomodation audio player bittorrent client books browser calendar cloud storage cursor desktop theme education Etherpad Instance feed file hosting file sharing games humanitarian aid icon theme Jitsi Meet Instance Linux distribution maps media player medical care messaging messenger microblogging mobile operating system movies Mumble Instance music music player operating system p2p password manager privatebin instance puzzle game routing engine rss search engine social network software text editor torrents video editor videos web browser Search Search latest reviews No Title 14/03/2026 Review of Find Your Love Private Service well, what to say about this āserviceā ā seems to be a trade-free ādating plattformā? there seem to be really no ads on the website, but everyone should be aware about āfinding the love of your life onlineā. They also donāt provide any warranty for this service: āThis service is provided without any warranties of merchantability, fitness for a particular purpose, or non-infringement. The service is provided on an āas isā basis, and we do not guarantee that it will be error-free, completely secure, or uninterrupted.ā (https://fml.srht.site/terms.html) No Title 14/03/2026 Review of wanderer Wanderer is an exciting decentralised project and can be listed in this directory, as it is freely available and does not ask anything of its users (the community). There is no data trading, no premium or pro features, etc. No Title 14/03/2026 Review of The Apple Wiki except a cloudflare tracker, this wiki seems trade-free which is why 4/5 blocks may be given. No Title 28/01/2026 Review of Invidious Instances List This is a good alternative for YouTube, I really like it. No Title 20/12/2025 Review of waterwaymap a super cool map that shows waterflows and rivers all around the world. When I looked closely, I could see via the browser extension privacy badger (https://privacybadger.org/) that there is a tracker (analytics.ahrefs.com) on the website which is unnecessary I think. Also ublock origin (https://ublockorigin.com/) blocked gc.zgo.at which seems to be a open source web analytics platform (https://pkg.go.dev/zgo.at/goatcounter/v2#section-readme). Maybe 3/5 blocks because of that.
LovesThaš„§@futureisfoss @jjacobsson @evacide you mean my F15 lacrosse pole was not really the same titanium used in fighter planes? Maybe that is why they exploded on contact....
Roadskater, Ph.D.@LovesTha @futureisfoss @jjacobsson @evacide That must have been awkward during your lacrosse matches. Did you get penalized when it happened?
@roadskater @futureisfoss @jjacobsson @evacide Didn't happen to me, but there was a recall that was done with pretty generous terms. As the exploding when hitting something did happen.
(Fact checking myself, I found this article, which may be a news paper relaying what STX was saying about them, which would have had PR spin included: https://www.chicagotribune.com/1997/07/09/manufacturers-recall-lacrosse-sticks-and-chaise-lounge-chairs/ )
9pfs@LovesTha @futureisfoss @jjacobsson @evacide @roadskater I would imagine that the structural loads a fighter jet needs to survive and those a sports tool need to survive are quite different /silly
@futureisfoss @jjacobsson @evacide personally, I'd rather use civilian encryption than military encryption, as the former is at least hopefully not going to be designed with backdoors of some kind
@futureisfoss @jjacobsson @evacide A friend is in the US navy and told me "military grade" means "outdated, hard to use, developed by the lowest bidder contractor".
ItsJustZip@futureisfoss @evacide they definitely don't do as good a job as they used to in explaining the limitations of their encryption setup. They used to be very explicit in their marketing that end-to-end encrypted email only worked between two proton users and that for everything else, the email was just encrypted at rest. The marketing still alludes to that, but it no longer explicitly says it. For email to non-proton users, they offer PGP (meh) and a password protected email scheme.
GreatLakeTroutExactly. The key is that all protonmail emails are encrypted at rest on their servers and they do not have a backdoor into them like Microsoft, Google, yahoo, etc etc.
computer maus@evacide their marketing is so annoying, wrong and dangerous "EnCrYpTeD eMaIl SeRvIcE"
š¦āš„nemoā¢š¦āā¬ šŗš¦š@evacide 1st signal/ better Molly(signal fork) and then delta chat for the win.
https://signal-contingency-plan.info/
https://blog.feld.me/posts/2025/03/deltachat-is-actually-good-though/
luckily end of this year autocrypt v2 will be implemented š” https://fosdem.org/2026/schedule/event/TV7GCC-autocrypt_2_post-quantum-cryptography_and_reliable_deletion_forward-secrecy/
Addison
Luke Philipps@evacide
I know that all too well. For example, pharmacies that say, "You can send it to me by email. We have a secure address!" šš
I know that all too well. For example, pharmacies that say, "You can send it to me by email. We have a secure address!" šš
@LukePhilipps @evacide are there providers that force transport encryption at least when talking to their systems? (ofc that isn't good enough, but still)
C++ Wage SlaveI had to send some private information to an accountant recently. Their proposal was to email it in an encrypted spreadsheet and then email the password in a separate message. Their other proposal was to use WhatsApp, which is not compatible with either ethics or self-defence.
In other news, we are changing accountants.
@evacide Proton with their marketing did insane damage to privacy community (not only in email). But at least you can reply to those with actual E2EE thanks to WKD and Proton using PGP and uploading user public keys to key discovery servers.
Matthew Booth
Alex Hoffmann
Gareth Kitchen@evacide
The e-mail is stating the belief of the user or some message appended by the provider?
The e-mail is stating the belief of the user or some message appended by the provider?
AnneH@evacide yeah like, have we stopped pretending encrypted email is actually a viable thing that works and doesn't break apart if you as much as look at it wrong yet? no? O well, I keep hoping the world will learn eventually, but hope is fading fast
davecb šØš¦@evacide Can you expand on that? ProtonMail loudly claims to be e2e encrypted to me, but the claims seem less than credible if mails is sent to a proton.me address from an unencrypted place like gmail
Bill, organizer of stuff@davecb @evacide They are very clear in their marketing and documentation that e2e only works if you are sending between Proton addresses. They are more important as a Google alternative... I wish they would focus on that instead.
(Edit: to be clear, this is a response to @davecb . I know @evacide knows what she's talking about.)
@CAWguy has moved@CAWguy I would think it's possible... š¤ As a former PM, I'd wonder if competitive position and/or deeply embedded technical differences make it a tough sell, though.
@wcbdata āCompetitive positionā would have been my first guess. With encryption set aside, each platform would then be exposed to competing on the best features and user experiences.
Alex Wilson@CAWguy @wcbdata @evacide This is just slightly automated pgp and has basically all the same ergonomic issues. Encryption is lost the instant anyone forwards or ccs someone outside the network and there's no way to fix that without purpose built clients. At that point you might as well be using chatmail or signal.
Justin Derrick@CAWguy @wcbdata @evacide Most eMail is encrypted in transit across the network/internet. SMTPS (SSL/TLS encrypted mail delivery using certificates for verifying identities & negotiating encryption keys) has been a thing for a long time.
It's the eMail provider that's the issue. Once the message is received, the server itself has a plain-text copy, even if the backend storage has filesystem-level encryption.
The real solution is for all eMail clients to have PGP/GPG, with a directory server that publishes public keys.
That way you can query the directory server with my eMail address, receive my public key, then encrypt your message with that key, and then it traverses all of the internet plumbing in an encrypted format that only the intended recipient can decrypt.
The percentage of people who do this is very, very small in the context of the entire internet.
@JustinDerrick Thanks for the long description. So would this small percentage of people using this setup be due to a network effect/getting friends to comply issue, or do most people simply not care about privacy?
@CAWguy You'd have to get everyone you know to leave their webmail providers, and only receive eMail with specific physical devices (phone / laptop / desktop). I haven't been able to get anyone I know to give up their webmail accounts, even by offering them free hosting and vanity addresses on my mail server.
@JustinDerrick Those are definitely many steps too far! I merely suggested using Signal at a small non-profit where I volunteer, and I could see the eye rolls at me.
@CAWguy Yeah, many years ago, I presented info about Signal to a nearby non-profit. Their President still sends stuff through SMS, even after having made it a requirement for their entire team to start using Signal.
The inertia of bad habits is very difficult to overcome.
silhouette 
@evacide but I thought PGP was bad
HTTP 1.1/418 Teapot@evacide State of the art ROT-26 encryption.
Kroppeb
Lars Rohrbach@evacide rot26-encrypted
Martin Seeger@evacide This message reaches you encrypted with the devilish rot0 algorithm.
Soldier of FORTRAN 
ā@evacide @zarchasmpgmr if we all believe hard enough maybe it will come true
River@evacide my biggest gripe about the whole "switch to proton, it's got encrypted email" thing is that this really only works if everybody switches. There's no published standard to my knowledge that other email providers can use that interoperate with proton's encryption.
Hell, you can't even do proton email encryption from a 3rd party client. I understand perhaps that email is a bad platform for making secure, but couldn't they have made an open standard so that other people could plug in, rather than expect the whole world to switch to them? Feels like an open door to Enshittification.
@riverpunk You have come to the correct conclusion, yes. In the meantime, I do need to come up with suggestions for what people should do about sensitive email and I have to cut through a lot of misleading advertising claims in order to do it.
CyberFrog@evacide @riverpunk this, among a long LONG list of other reasons that proton is bad for consumers, is why I just started calling them part of big tech a while ago
really they employ the exact same methods as google to lock their users in, but with a privacy spin... I am also so sick of explaining to their users how the "encrypted" (lol) email actually works
really they employ the exact same methods as google to lock their users in, but with a privacy spin... I am also so sick of explaining to their users how the "encrypted" (lol) email actually works