I never quite understand why people use Proton. It just automates the exchange of PGP/GPG keys, but only if the other person also uses Proton, right?
Anyhow, +1 to paying a small amount of money for email. I was with posteo.de myself for many years. I heard mailbox.org is even better/safer and has slightly more features. Both start at 1€/month.
BTW, I set up an eternal redirect email address a long time ago, so I can change the actual provider without having to tell all my contacts.
To be precise, even when an email is not from Proton user, they encrypt it with ypur public key, send it to you and delete it (they call it zero access). Which is the best you can get. Also managing PGP keys, especially on multiple devices is a pain.
This is actually good to know. OTOH, aren’t all messages transfered using encryption with most email providers/clients anyhow (TLS/SSL)? This is mostly about making sure your data on the servers stays safe even if someone gains access, right?
So, TLS is just a point-to-point encryption protocol, it doesn’t prevent anybody of the parties involved from having access to the content.
Once the email is encrypted with PGP, Proton loses permanently access to this content.
So this is pretty much what happens with a Gmail <-> Outlook and a Gmail <-> Proton email.
Gmail to outlook:
A writes the email in their editor <- TLS -> Google servers <-TLS-> outlook servers <-TLS-> B reads the email.
While every communication is encrypted with TLS, every server has access to its content. Every time B accesses the email from outlook servers (I.e., their inbox), the data is transferred with TLS, but outlook is the “other end of the tunnel”, so it has access to this content.
Gmail to Proton:
A writes the email in their editor <- TLS -> Google servers <-TLS-> Proton servers -> encrypt original message with B’s public key and discard original -> send to B inbox -> Proton client decrypts email -> B accesses it.
So yes, it is
about making sure your data on the servers stays safe even if someone gains access
As long as you consider the email provider part of those potential “someone”.
The way I would say it essentially is that PGP encryption (even in cases where the original messages was not using it) still gives you the confidentiality property of PGP, even without the integrity and non-repudiation properties (which are not possible to guarantee with respect of the original message of course).
In other words, the biggest difference is that the email provider doesn’t have access to your stuff.
It also encrypts your emails automatically (both incoming and outgoing) and lets you set PGP keys for any address you want, and fetch/manually trust Proton Mail users’ keys.
I think you’ve misunderstood, and my writing was bad. I meant transferring all my accounts to the new email domain, not move all emails (I have already downloaded them) 🙂
I never quite understand why people use Proton. It just automates the exchange of PGP/GPG keys, but only if the other person also uses Proton, right?
Anyhow, +1 to paying a small amount of money for email. I was with posteo.de myself for many years. I heard mailbox.org is even better/safer and has slightly more features. Both start at 1€/month.
BTW, I set up an eternal redirect email address a long time ago, so I can change the actual provider without having to tell all my contacts.
To be precise, even when an email is not from Proton user, they encrypt it with ypur public key, send it to you and delete it (they call it zero access). Which is the best you can get. Also managing PGP keys, especially on multiple devices is a pain.
This is actually good to know. OTOH, aren’t all messages transfered using encryption with most email providers/clients anyhow (TLS/SSL)? This is mostly about making sure your data on the servers stays safe even if someone gains access, right?
So, TLS is just a point-to-point encryption protocol, it doesn’t prevent anybody of the parties involved from having access to the content. Once the email is encrypted with PGP, Proton loses permanently access to this content.
So this is pretty much what happens with a Gmail <-> Outlook and a Gmail <-> Proton email.
Gmail to outlook:
A writes the email in their editor <- TLS -> Google servers <-TLS-> outlook servers <-TLS-> B reads the email. While every communication is encrypted with TLS, every server has access to its content. Every time B accesses the email from outlook servers (I.e., their inbox), the data is transferred with TLS, but outlook is the “other end of the tunnel”, so it has access to this content.
Gmail to Proton:
A writes the email in their editor <- TLS -> Google servers <-TLS-> Proton servers -> encrypt original message with B’s public key and discard original -> send to B inbox -> Proton client decrypts email -> B accesses it.
So yes, it is
As long as you consider the email provider part of those potential “someone”.
The way I would say it essentially is that PGP encryption (even in cases where the original messages was not using it) still gives you the confidentiality property of PGP, even without the integrity and non-repudiation properties (which are not possible to guarantee with respect of the original message of course). In other words, the biggest difference is that the email provider doesn’t have access to your stuff.
Thanks!
It also encrypts your emails automatically (both incoming and outgoing) and lets you set PGP keys for any address you want, and fetch/manually trust Proton Mail users’ keys.
How does that work for recipients I haven’t shared secrets with?
BTW any decent email client has an option or plugin to do that.
The outgoing email leaving the server isn’t encrypted.
The copy that’s stored on your account is encrypted on device with your PGP key.
I just created an account with mailbox.org - now I just need to spend the next months transferring all relevant emails.
Why don’t you just keep them on your machine? No need to clutter online storage with old mails.
Oh wait, you probably don’t use email client software.
I think you’ve misunderstood, and my writing was bad. I meant transferring all my accounts to the new email domain, not move all emails (I have already downloaded them) 🙂
You must have a lot of email accounts.
My password manager has more than 600 accounts stored… Though, I’ll only transfer the ones I still use lol
Yeah same, so I went with Tuta which is a bit cheaper and encrypts more.
Yes, tuta encrypts the subject, which is not encrypted in Proton for example.
But if you have a redirect isnt that service the issue? As in your gmail forwards to proton?
What issue?
I didn’t mean to say that my eternal email has anything to do with Proton.
Sorry I am trying to understand the usefulness of an eternal redirect email address? Im just not familiar with the set up or reasoning.