this post was submitted on 18 Nov 2024
458 points (96.9% liked)

Privacy

32442 readers
749 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Post got deleted, posts removed...

you are viewing a single comment's thread
view the rest of the comments
[–] AnAmericanPotato@programming.dev 23 points 1 month ago (2 children)

Not the encrypted mail, mind you, because they can’t do that

Just want to point out for anyone new that ProtonMail does not use E2EE for email headers. That means they CAN access your subject lines, to/from fields, and other email headers. That means they CAN be forced to hand it over to the government.

Source: https://proton.me/support/proton-mail-encryption-explained

Subject lines and recipient/sender email addresses are encrypted but not end-to-end encrypted.

Personally I am disappointed in a lot of Proton's wording about this. They frequently promise they can't access "your data" and "your messages" when they do, in fact, store potentially sensitive data in a format they CAN access.

[–] jherazob@beehaw.org 8 points 1 month ago (1 children)

It's email, that's the best you can get with email, if you want to have more privacy, DON'T USE EMAIL

This is good advice, because email is very difficult to make reliably private. However, it's not the best you can get. Tutanota, for example, stores headers with E2EE, and still has a search function.

The goal should be to make it as private as it can realistically be. Ideally, any cloud service you use should only store end-to-end encrypted data.

I'm not trying to shit on Proton — it's a huge step up from the popular mainstream email services, and the inclusion of cloud storage makes it a much easier transition than going piecemeal with 2-5 different services.

[–] _cryptagion@lemmy.dbzer0.com 3 points 1 month ago* (last edited 1 month ago)

A bit more context is important here. They aren’t E2EE, but they are stored encrypted. In the case of the person whose meta information was turned over, ProtonMail wasn’t forced to hand over the information right away, they were forced to collect it the next time that person accessed and used their email. That tells us that they didn’t store the information beforehand and could not access it without preparing to intercept it the next time their service was used.

Ultimately, though, if something like that’s a dealbreaker, it’s likely you’re doing something that would benefit from a more secure way of communicating than email.