ugh... looking at the alternatives I am starting to think I might still proceed with my switch to protonmail - the CEO is clearly a dumbfuck and I don't want to support his dumbfuckery, but they seem like the most reliable email hosting option that I don't have to trust
Conversation
Notices
-
Embed this notice
Jesse (misc@mastodon.social)'s status on Thursday, 16-Jan-2025 23:11:31 JST 
Jesse
-
Embed this notice
Paul Cantrell (inthehands@hachyderm.io)'s status on Thursday, 16-Jan-2025 23:11:31 JST 
Paul Cantrell
Fastmail is very good. Used them for many years.
-
Embed this notice
Paul Cantrell (inthehands@hachyderm.io)'s status on Thursday, 16-Jan-2025 23:24:01 JST
Paul Cantrell
@misc
I’m honestly not sure Protonmail is actually all that much better in practice. AIUI, all their E2E stuff is client-side opt-in, just like GPG. No communication initiated by the other party is going to use is (eg bank password recovery link). If you want to keep a conversation you started with a human encrypted, the other person has to use a clunky web portal: https://proton.me/support/password-protected-emails And the whole time, you’re just trusting that this fash-friendly company’s opaque software is doing what it says its doing. Meh.I honestly see no advantage of their service over just taking a conversation to platform actually designed for encryption (e.g. Signal).
-
Embed this notice
Jesse (misc@mastodon.social)'s status on Thursday, 16-Jan-2025 23:24:02 JST
Jesse
@inthehands that keeps coming up but I'm not sure how they are specifically better on the security and privacy front?
-
Embed this notice
Jesse (misc@mastodon.social)'s status on Friday, 17-Jan-2025 04:40:18 JST
Jesse
@inthehands my concern would be more, all my mail in one place, ready to be tied up in a bow and handed over to a gov agency with a subpoena. Wouldn't their model prevent that? (of course, it wouldn't prevent a "wiretap")
-
Embed this notice
Paul Cantrell (inthehands@hachyderm.io)'s status on Friday, 17-Jan-2025 04:40:18 JST
Paul Cantrell
@misc
I mean, yes, their model does prevent that — if you stay stuck inside their tools •and• everybody who emails you also uses them •and• they don’t secretly push a change that breaks their own model •and and and•….That's what I meant by it working in theory but not really in practice. It’s like…yes, technically a colander •can• hold water, but….
-
Embed this notice
Paul Cantrell (inthehands@hachyderm.io)'s status on Friday, 17-Jan-2025 05:08:46 JST
Paul Cantrell
@misc
It’s not just that Google and MS and Apple has them — it’s that •Proton• has them if they came from outside. Their E2EE is opt-in for both sender and received; if a sender doesn’t initiate it encrypted (which no other provider will do by default) then Proton gets it in plaintext too. -
Embed this notice
Jesse (misc@mastodon.social)'s status on Friday, 17-Jan-2025 05:08:47 JST
Jesse
@inthehands The last part seems like the biggest issue for my specific concern though right? If I'm using Proton maybe Google has half of my emails, Microsoft and Apple splitting most of the rest - but they aren't all in one place. I guess that might be a fairly trivial obstacle though?
-
Embed this notice
Paul Cantrell (inthehands@hachyderm.io)'s status on Friday, 17-Jan-2025 05:13:25 JST
Paul Cantrell
@misc
It really, really does.One difference here maybe is that if Proton was previously trustworthy and had stored incoming emails encrypted, then a later compromise only exposes messages received from that point forward and not for all time. That’s not nothing. But again, seems like kind of weak sauce to me. If you need that kind of security, use something like Signal or just keep it offline altogether.
-
Embed this notice
Jesse (misc@mastodon.social)'s status on Friday, 17-Jan-2025 05:13:26 JST
Jesse
@inthehands Yeah, I assume they delete them but then it comes back to trust.
-
Embed this notice
All GNU social JP content and data are available under the