Bitcoin and Protonmail, the calling cards of the cryptoshit techbro
@sir What’s a good alternative to ProtonMail? Multi-device, zero configuration end-to-end encryption that my mother could use? (Legitimately curious, not trolling)
@sir I wasn’t making a fanciful feature request list. Those are the features that ProtonMail currently has. And I believe that’s why people use it. 🤔 Easy encryption.
@jish Protonmail is gaslighting you. They don't have end to end encryption. They can read all of your emails.
@sir oh, do you think they keep copies of the keys around? Do you have a source? (Again, legitimately curious, not trolling)
Send your mother an email from your ProtonMail account to her GMail account.
Can she read it?
If the answer is yes, the message was not end-to-end encrypted! It may have been encrypted in transit, which basically does nothing to really help anything (and which GMail does as well).
No but ur IPs are being logged by Israel when u connect to protonmail
Also they disclose ur data if need be see:
@jish protonmail does the encryption, not the sender, on their mail server. This is not end to end encryption. They could secretly store a copy of the plaintext and you'd never know.
@sir @allie @jish protonmail claim that “All emails are secured automatically with end-to-end encryption. This means even we cannot decrypt and read your emails. As a result, your encrypted emails cannot be shared with third parties.”
Are you saying that this isn’t true? That they only use gpg for specific mails but they store plaintext emails in their servers?
@cfenollosa @allie @jish correct, this is not true. This statement is a lie, used to gaslight users into thinking that Protonmail provides privacy guarantees that it does not. They claim that they don't store plaintext mails, but they have no cryptographic guarantee that they are not storing plaintext emails. Privacy is built on math, not trust.
In fact, they even flat out admit that their marketing copy is inaccurate, here (though they still claim that it's partially accurate):
Lies in the business they're in kill people, and if they can't be trusted on that, you shouldn't trust them on any claims they make, whatsoever.
Thanks for the explanation.
At first sight it seems that they indeed do in browser encryption, in fact, they don't support standard IMAP as apparently the mbox is encrypted.
What kind of audit did you do and how did you discover that they're lying and they're not using e2e? That is a serious statement, I was considering switching to Protonmail but now I guess I have to do more research.
>how did you discover that they're lying and they're not using e2e?
Just send an email to a non-protonmail address from a protonmail account, it will be in cleartext.
So at best they are using e2e between protonmail accounts and encrypted mailboxes.
At at worst (which is what you expect when doing security): you're vendor-locked by cryptography for accessing your mailbox and you need to pay for access without a browser. Kinda sounds too much like ransomware to me.