Mastodawn

Here's the thing about Proton Mail:

With Proton Mail, the content of your email is fully end-to-end encrypted and inaccessible to service providers IF (and only if) you are communicating with another Proton Mail account, or you have set up a PGP key exchange otherwise.

The metadata of your email, however, isn't end-to-end encrypted. It is accessible in plain text to Proton. This includes:

Your payment information
The subject line of your emails
Your IP address(es), which can reveal your location
The email addresses you have communicated with
The time you have sent and received emails

If Proton is legally forced to provide this information to law enforcement, they will. They have to.

If your threat model makes it that it's dangerous for you when this metadata is shared, you need to use another, more private, method of communication.

@Em0nM4stodon and that's why noone should use #ProtonMail and their shitty #PGP setup!

Only #SelfCustody and communicating solely over #Tor can help.
- But @[email protected] fucked up their #OnionService, so I'll stay with @monocles which at least #DontBlockTor and allow anonymous Payment options (#CashByMail & #Monero)…

Is Proton Mail Really Private, Secure, and Anonymous?

In this video I tackle the topic of whether or not Proton mail is Really Private, Secure, and AnonymousPrivacy Watchdogs article about Proton mail being a ho...

YouTube

Show thread

WesDym Mar 7

@kkarhan Proton does exactly what it says it does. It doesn't do everything that everyone wants or needs it to do, but it doesn't claim to.

At least half the complaints I ever hear about anything are from people using the wrong tool for the wrong thing, and getting upset when they find out the hard way.

There's a reason bank robbers don't hire Uber to drive them to bank jobs, and it's not because Uber fails to deliver what they promise, or rolls over for the Man out of spite.

Show thread

Micha Mar 7

@wesdym @kkarhan

Exactly — well said! At the end of the video, Mental Outlaw even says that no email service provides fully secure, impenetrable email because email protocol was never designed to be secure.

I see it as an email service with some extra protection and less tracking. It's definitely miles better than most common email services, especially the 'free' ones from Big tech.

Show thread

Kevin Karhan

@mic @wesdym "well said" doesn't make it less wrong!

If you don't have sole, #SelfCustody of all the #Keys, you have neither control nor provacy!

Unless you want to make it easy to get spied upon amidst centralization!.

Kevin Karhan :verified: (@[email protected])

@[email protected] @[email protected] it's *NOT* #E2EE if you don't have 100% #SelfCustody of all the keys! - Not your keys = not your control! Otherwise we'd allow #MarketingLies like like those of #WhatsApp to be normalized, when clearly it's not the case! - If #ProtonMail was actually E2EE they'd have no keys whatsoever and be unable to provide any data access. - Kinda like @[email protected] / #deltaChat (#PGP/MIME #eMail) and any #XMPP+#OMEMO client does… https://infosec.space/@kkarhan/116186109475109526

Infosec.Space