this post was submitted on 25 Apr 2024
        
      
      286 points (95.3% liked)
      Technology
    76278 readers
  
      
      3212 users here now
      This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
        founded 2 years ago
      
      MODERATORS
      
    you are viewing a single comment's thread
view the rest of the comments
    view the rest of the comments
Yes, agreeing in general, just with some clarifications. I think clarifications are important when talking about a product focused on privacy and security.
I was responding to this part:
Proton uses standard PGP AFAIK (and yes, PGP vs GPG is irrelevant), so your subject line and attachment names are not end-to-end encrypted:
Depending on your threat model, this may or may not be an issue.
At least one other provider (Tuta in my example) doesn't use PGP internally because using SMTP internally w/ PGP for the body leaks the subject line and other metadata. Neither have released the source to their backend, and I haven't read the client code, so I don't know if there are any other concerns.
That I think Proton is absolutely fantastic, and I used it for a few years with absolutely no issue. I do think it's important to be accurate, though, since others may not like the tradeoffs. Proton has a bunch of other benefits as well over alternatives, such as:
Yeah, any email provider will use standard SMTP, otherwise it's not email. The differences are whatever happens after it reaches Proton's servers.