I’ve been using Proton Mail and VPN for a while now, and I’m just wondering how everyone else feels about them. I have this kind of inherent alight distrust of them just because they seem like they offer a lot for free and kind of have a Big Tech vibe about them, but there’s nothing for me to really substantiate that distrust with, its mostly just a feeling. That being said, I do use their services as mentioned and they work pretty well, even on the free teir. So aside from that one instance where they gave that guy’s info to the feds, is there any reason not to trust them with my data?
I’m not trying to argue or anything, but I think you should read this for a quite good overview of the issues involved with trying to secure SMTP email. You can also read any number of expert opinions saying the same thing, if you don’t believe me or that article.
So, basically, never. I’ve run several SMTP servers in my time. I’m having trouble thinking of an example of when I might have been communicating from one of them to someone else who also ran their own secure SMTP server. If you’re trying to set up a secure end-to-end communication channel with one specific person which involves work on both your ends, it’d be way easier and more secure to use some other transport protocol at that point.
It is. 100%. Sorry if I gave the impression I didn’t think it was. For all its age and some amount of minor stone-age baggage it brought with it, SMTP is genuinely quite well-designed and still serves its purpose 43+ years later, which is incredibly impressive. That purpose is, insecure but reliable and interoperable communication.
Yeah, so does your HTTP connection with Proton. That doesn’t mean the end-result system keeps your messages secure, any more than using HTTPS means Proton is secure.
You can read the article I linked to above, but basically the short version is that email is by the design of the protocol subject to being stored or transmitted unencrypted at various intermediate places as it’s being sent around, in ways that are by the design of the protocol impossible to prevent.
You’re not required to agree with me; you can think what you want, but that’s how I see it.
I mean, pretty much everything in that article applies to HTTP too. SMTP basically always runs through TLS now. If you ever get anything over an unencrypted connection, it’s almost 100% likely to just be spam. So mostly that article is complaining about your email being unencrypted on your provider’s server. Well, your Facebook messages are stored unencrypted too. So are your Slack messages. And Discord. And Twitter DMs.
I wrote and run the email service Port87, so I’m pretty familiar with how this all works. Email through a third party is about as secure as any other messenger. It’s not like Outlook.com is any less trustworthy than Discord.
I don’t need to trust anyone to use Port87, because I wrote it, but my users have to trust me, just like Google’s users had to trust me when I worked there, and Facebook’s users had to trust me when I worked there. You trust thousands of people when you use these companies’ products.
If someone is looking for end to end encrypted communication, I agree, they are probably better suited by another protocol. SMTP is really good at what it’s designed to do.
I agree with this. I’ll pretty much leave it at that.