This announcement is an example of why I am not using ProtonMail anymore. There are a lot of things they do that sound very good on marketing materials, but upon examination are security theater.<p>For example, they claim, "We have chosen a particular elliptic curve system known as X25519, which is fast, secure, and particularly resistant to timing attacks. It’s simple to implement".<p>However, previously they've said that they use Indutny's library [0]. This library is somewhat infamous because its leadership deciding to discard any pretense of defending against timing attacks on the grounds that would make the library "too slow." [1]<p>There are other options. They could have used something with good timing attack resistance from WebCrypto. Those options exist. Folks with more skill than I have recommended P-256 as an option.<p>[0]: <a href="https://protonmail.com/blog/openpgpjs-3-release/" rel="nofollow">https://protonmail.com/blog/openpgpjs-3-release/</a><p>[1]: <a href="https://github.com/indutny/elliptic/issues/128#issuecomment-302593662" rel="nofollow">https://github.com/indutny/elliptic/issues/128#issuecomment-...</a>
X25519 is great, but it doesn’t make Protonmail (really, OpenPGPjs) a net safe communications mechanism.<p>It inherits all of the flaws inherent in OpenPGP, including optional authenticators (which lead to EFAIL), kitchen sink bulk protocols complete with negotiation (did you know your public keys specify what algorithms you like?), lack of forward secrecy, repudiability, et cetera.<p>We should stop using RSA. But RSA isn’t what was keeping OpenPGP from being a great secure communications channel. That’s aside from the question if it’s meaningful to say you control your keys if you use OpenPGPjs served up every time by a third party. (I say that being extremely on the PGP apologia side of the scale compared to some of my peers!)
I was silly enough to sign up without looking in to it because it was recommended on HN. Then I realised they need this bridge software to connect. I asked about it stating I'd like to build it my self and confirm it is libre software. They just sent back a generic link to a .deb beta file. I had a look and its got this eula.txt with the standard you-have-no-rights. Messaged them again asking what they intended to do license-wise and they ignored me. Someone else has written their own bridge and put it on github but it's a bit of a joke to have to do that. Not sure what to move to now, mailbox.org was another I saw recommended.<p>My email history:
- gmail.com > US spying, escape.
- lavabit.com > Shutdown due to US government legal attack.
- Ran my own server > Too much bother, gave up.
- openmailbox.org > Died for months, ran away with my money.
- protonmail.com > Sketchy, cancelling it now.
- Free mailbox.org with custom domain.
Love ProtonMail. Over the past few years I've slowly switched more and more of my usage onto it as my confidence in the service grows. Gmail now occupies a similar niche as Facebook in my life, where I keep a vestigial & largely empty account for those few organizations which still insist on proprietary apps (Google groups/docs, Facebook groups/chats) for organization.
Off topic<p>I had a proton email created when it was announced & didn't use it. I found out that my mailbox decryption for that email id is not working (not sure how, I use password manager) & I haven't set a recovery email to recover my account.<p>I saw a HN comment earlier telling, the user had recovered their Proton mail account by answering few questions to customer service.<p>I attempted the same, the issue is that I used VPN to create the email id & didn't provide any personal details for the account.<p>They asked questions like,<p>-Do you remember the exact time and date when your account was created?
-When was the last time you have accessed your account?
-What is your display name?
-Do you remember to which addresses you have sent your last messages?
-Do you remember the email subjects of the last sent messages?<p>I tried to answer the account creation date by using the date of password creation in my password manager (the login password was working); but the support didn't seem to buy it.<p>They were insistent on,<p>-Can you please tell us if you remember from which addresses have you received your last few messages?
-Could you tell us if you have used the ProtonMail account to sign up for some other web services?<p>I told them, I don't remember receiving email from anyone else & I didn't sign up for any service<p>-There is a service that the xxxxx@protonmail.com address has been used to sign up for. Can you please tell us what that service is?<p>I told them again that I didn't sign up for any service using that email id.<p>- Can you tell us the full address below?<p>no-xxxxx@drxxxxx.com<p>Even though I could obviously guess the username of that email id. I told them that I didn't sign up with such service, that it must be a spam mail sent by some service.<p>They said,<p>- If you have not signed up for this service, the account probably belongs to someone else.<p>Then I typed 'no-xxxxx@drxxxxx.com' on Google Search, the instant results gave 'no-reply@dropbox.com' as the first result.<p>I sent them,<p>Hey sorry, I remembered the service. I did signed up for Dropbox & used the account for a while.<p>The email id you asked was,<p>no-reply@dropbox.com<p>They reset the account & I got access to it.<p>Edit: Had to fix the xxxxx.
Anyone using ProtonMail regularly? I created an account but haven’t used it much.<p>How are your experiences? Any iOS users who can comment on their experience with proton mail and the default mail client?<p>I don’t went to switch to something that won’t be around in a decade or so.
As a PM customer of almost a year, I'd definitely say they should focus more efforts on the UI/UX as opposed to advancing the crypto for now. What's the point of having the world's most cryptologically advanced, unusable inbox. Specifically conversation threading/nesting. I don't expect everyone to be as streamlined as say a Gmail, but basic "1 conversation - 1 email" in the inbox would be nice for starters.
While I appreciate advances in cryptography, I would rather protonmail work on things like getting their bridge returning properly formatted IMAP responses[1] so we can use whatever clients we want with it.<p>The mobile experience is fine, but desktop is brutal unless you happen to prefer one of the few clients they support.<p>[1] <a href="https://github.com/Foundry376/Mailspring/issues/429" rel="nofollow">https://github.com/Foundry376/Mailspring/issues/429</a>
I like protonmail and will likely move my domains to it. I don't use it for regular social, dating, or sales emails because it is a privacy brand that creates cognitive friction with people who don't get privacy and security.<p>If I wanted to grow protonmail, I would emphasize users moving domains to it because while the brand has exceptional trustworthiness, anything security and privacy themed runs into the "tacti-cool," problem, where even if it's the best available and used by real operators, it triggers peoples sense of illegitimacy, and depends with users who identify with a "rebel," e.g. "losing" team who are not attractive to other users.<p>IMO, the same problem killed Silent Circle, and the rest of the cryptophone market.<p>When you look at who overcame the tacti-cool problem in security and privacy, the way a brand like arcteryx did it in clothing, Apple's iPhone has done it in hardware, WhatsApp did it for messengers, and protonmail is <i>just</i> on the cusp of it.<p>There is an opportunity to build a new privacy brand that would be as big as a FAANG, and if I were running it, I'd fold protonmail into it.
To answer everyone here, I've been using ProtonMail for 6 months now (and protonvpn) and I love it. The iOS app is great, the web view could be improved but isn't bad.
Slightly OT, but I didn't see an important question being asked:<p>What is the motivating threat model of ProtonMail?<p>If I just want to access my email securely, that's done by HTTPS. If I want an end-to-end encrypted solution, ProtonMail can provide that, though only for emails between ProtonMail users. For e2e outside of ProtonMail, I can use PGP.<p>From what I understand, ProtonMail makes all the PGP stuff easier by baking it into their UI. Is there anything else it offers other than this convenience? Are they encrypting incoming mail with recipient keys and throwing away the original? If so, who is that protecting, and against whom? Presumably the plaintext was stored by the sender and possibly seen by intermediary servers. Can I get similar security properties by periodically downloading my email and deleting it off the server (assuming the deletion is actually happening)?<p>These are honest questions. I admit I'm skeptical of PM's utility, but I'd this fits someone's usecase and threat model, I can't argue with that.
I quit ProtonMail / ProtonVPN after trying over and over and over again to import mail through their IMAP bridge. They won't provide an open API for interacting with their mail services so someone can write a better bridge, and their bridge is very slow, disconnects repeatedly, and basically makes any migrations impossible. If you're willing to start over with an empty mailbox, maybe ProtonMail is for you. I eventually gave up trying to move my mail account in (many tries, with Thunderbird in chunks, with Lamiral's awesome imapsync tool, you name it), and let them keep the money I paid for a year of ProtonMail Visionary.<p>I ended up using StartMail from the StartPage people. It's not perfect, but I was actually able to migrate to it and use it effectively.
Unsolicited opinion on ProtonMail: I'm a big fan. It's not as flashy as gmail, but so far my mails haven't been marked as spam, which was happening with zoho. Unfortunately, zoho doesn't provide free email forwarding, so the migration to PM is taking longer than hoped for.<p>I'll probably soon subscribe to PM for two reasons: to use the @pm.me domain for outgoing (currently only incoming), and for custom domain support. Also subscribing gets IMAP support (I think).