|
Email Comments, Questions and Miscellaneous Share your opinion of the email service you're using. Post general email questions and discussions that don't fit elsewhere. |
|
Thread Tools |
26 May 2021, 02:45 AM | #1 |
Cornerstone of the Community
Join Date: Mar 2002
Location: Hot Springs, AR
Posts: 857
|
Why use Protonmail?
If i use a Protonmail account to send emails to people who only use Gmail or Outlook (whose services keep tabs on the data they receive), why bother using this secure email service? Only to send to someone who already has a Proton account?
|
26 May 2021, 04:47 AM | #2 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,751
|
That's one big reason why I tried ProtonMail and gave it up. Exactly zero of my regular contacts were willing to give encrypted email a try, and I have never received a request to communicate via encrypted email. I suppose there is some additional security in the way they handle your email storage, but in reality I think the most likely way to have your emails read is to fall victim to a phishing attack--be tricked into giving up your password. I don't think ProtonMail can protect you against that any more than other services.
|
26 May 2021, 06:37 AM | #3 | |
Senior Member
Join Date: Jan 2010
Location: Melbourne, Oz
Posts: 133
|
Quote:
Encrypted emails aren't sent to Gmail or Outlook so they can't be read/analysed by those services, although those services would have a record of the "You have received a secure message ..." email and the link. |
|
26 May 2021, 08:49 AM | #4 |
Cornerstone of the Community
Join Date: Mar 2002
Location: Hot Springs, AR
Posts: 857
|
@TenFour - and how is this secret code to open the link delivered to the receiver?
|
27 May 2021, 12:03 AM | #5 | |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,751
|
Quote:
|
|
27 May 2021, 12:45 AM | #6 |
Cornerstone of the Community
Join Date: Mar 2002
Location: Hot Springs, AR
Posts: 857
|
My apologies to jproutledge!
@TenFour - you are right on that secret messages stuff. Besides that, if you're on any "most wanted" list, sending secure message links will likely attract even more attention right? |
27 May 2021, 08:22 AM | #7 |
Senior Member
Join Date: Jan 2010
Location: Melbourne, Oz
Posts: 133
|
I agree with the sentiment that secure mail such as Protonmail is overkill for most everyday stuff.
I have an account, though, that I use when I do want an extra layer of security. For example, when purchasing property in some parts of Australia it's necessary to provide proof of identity, such as drivers license, passport, etc. I realise that the real estate agents will probably save the scans I send them on a system that could be hacked, but I think it's worth my while to clearly annotate the scans (eg with 'Provided to xxx for the sole purpose of yyy') and then send them using an encrypted service like Protonmail. At least the scans are not sitting in somebody's inbox. But for >99% of email I just use Fastmail. |
31 May 2021, 05:42 AM | #8 |
The "e" in e-mail
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,863
|
If the security is achieved by sending a link to the content that is then sent over https when the recipient requests the content of the message, then one can just put the content on any web server, such as Fastmail's files storage, and send a link (that can be protected with a password).
Of course this kind of privacy protection protects the sender's privacy at the expense of the recipient's privacy, as the sender can know that the recipient has accessed the message, when the recipient accesses the message, from what IP address, and usually other stuff such as what browser etc. |
31 May 2021, 12:45 PM | #9 | ||
Senior Member
Join Date: Jan 2010
Location: Melbourne, Oz
Posts: 133
|
Quote:
Also note that Protonmail encrypted email links only work for a specified time (I think the default is 28 days), whereas content on a server would persist until removed. I'm not saying that either is better, just that both may be valid use cases. Quote:
|
||
4 Jun 2021, 11:01 AM | #10 |
Senior Member
Join Date: Dec 2013
Posts: 129
|
My suggestion is to avoid at all cost.
Personally I have bad experience dealing with the support especially Billing. My paid account was inactive for a year and they forced me to pay prorated bill (which is not cheap) before I can view my inbox again, the only option left is to close the account. So beware if you accidentally left it unused. I regret upgrading it because I was one of the first to register with a FREE account and even got a free upgrade to 40gb and then what I did was upgrade to paid account during black friday sales and now I lose everything. |
5 Jun 2021, 04:32 AM | #11 |
Member
Join Date: Nov 2013
Posts: 81
|
How did you get a "free upgrade to 40gb"?
Last edited by chickadee : 5 Jun 2021 at 04:39 AM. |
5 Jun 2021, 07:43 AM | #12 |
Essential Contributor
Join Date: Apr 2002
Posts: 280
|
If you have occasional need to send encrypted messages you could install the “Mailvelope” extension in your browser. Its interoperable with OpenPGP.
|
5 Jun 2021, 12:21 PM | #13 |
Senior Member
Join Date: Dec 2013
Posts: 129
|
|
6 Jun 2021, 11:11 PM | #14 | |
Cornerstone of the Community
Join Date: Jul 2011
Posts: 713
|
Quote:
Then, step 2 is that after they are acclimated with actually paying for email services, then the next step is educating them about encryption and other security matters, and what their options are. That includes social media issues, texting, file sharing/syncing, more private means of communications, etc. For those that care and ask me for more info in my family/circle, I give them a quick "risk assessment" discussion and they can make better decisions for their own unique situations and preferences. It empowers them to make their own choices with more info at hand. So right now the transition for some of them will be to something like Signal for messaging and Tutanota or ProtonMail or one of several other providers that provide encrypted email. It will take time of course. All of them understand, as I have explained to them, that email is inherently insecure due to many factors. BUT the simple equation of explaining levels of privacy such as ProtonMail > FastMail > GMail helps. And they also understand that with more privacy (and in some regards security too) comes more inconvenience. So the "convenience" equation would be reversed from the privacy equation: GMail > FastMail > ProtonMail. That's grossly simplifying things, of course. And some just don't care or won't bother, so the discussion doesn't go far. That's fine, that's their choice. I just don't share certain kinds of email with them, definitely nothing sensitive. I've still got a couple of family members holding out with irresponsible online patterns that post way too personal photos and personal info into free cloud services. They just don't care or don't bother to take the time to understand the ramifications and risk factors. Ironically and sadly, they are also the ones who have had identity theft issues or had their accounts hacked. But they still don't care and keep to the same patterns unfortunately. But with the others, all that effort pays off. And that's just with family. I've personally migrated some friends and clients off of free services too. So while I don't have 100% of my primary contacts that are using more secure services, or at least NOT the free services, each year the number grows who have moved to better patterns, and that means fewer and fewer email exchanges get sucked into the giant processing machines of Microsoft, Google, for example. The main point I'm trying to make is really just to pose the questions: at what point do you want to get started? Do you feel like you have to wait until more people in your circle are doing it? At what point are there *enough* people that you feel ready to make the leap yourself? Why not be the person in your circle that begins the process of educating your friends/family/colleagues? So in my mind it's worth the effort to switch to a service like ProtonMail, Tutanota, Mailfence, Startmail, Posteo, Mailbox.org, etc.... YMMV of course. And there's really nothing major lost -- except for the convenience of some of the fancy features that you are used to... all the more secure providers have feature limitations in one way or another compared to the highly-polished GMail, for example... that's a small price to pay IMO, but you may feel differently. BTW almost all of the good encrypted email services have a feature that allows you to send an encrypted email to an external non-encrypted email user by using a shared password/passphrase. So even just by sending an encrypted email from ProtonMail or Tutanota to someone at GMail with the shared password method, you'll be able to start the larger discussion of encryption and privacy in general, and you'll raise awareness with them about some of the issues. It may not result in an ideal exchange since they can (and sometimes do) just copy and paste the secure email contents into an insecure cloud service, but at least it starts the conversation. Again, it will take a while, but eventually some people in your circle will catch on and you'll start to regain some ground in reclaiming some of your privacy. And who knows where this will lead you? You might surprise yourself and learn about all sorts of fascinating other security and privacy issues that might change the way you use computers, devices, social media, communications in general. No one throws the switch and they are instantly better off by switching to a service like ProtonMail or Tutanota, but it's more like a gradual process of learning what is going on with your personal data, becoming more aware, and reclaiming a bit of your digital life, one bit at a time. |
|
7 Jun 2021, 12:05 AM | #15 | |
Cornerstone of the Community
Join Date: Jul 2011
Posts: 713
|
Quote:
I actually like Tutanota a little more, even though they had a very rough time with DDOS attacks. They have come out of it doing much better now, and their price is still good. They're still going through growing pains, IMO, so they are not quite running perfectly smoothly yet, but I have come to like them again after their DDOS mess. There are other good alternatives to ProtonMail too that are worth looking at besides Tutanota, including Mailfence, Startmail, Mailbox.org, Posteo, Countermail, CTemplar, and yes, I'll even mention Hushmail, although Hushmail still gets a bad rap due to some of their issues/controversies in the past, and they obviously have the worst jurisdiction of that group. But Hushmail might be a good option for someone who needs/wants HIPAA compliant email and doesn't mind the jurisdiction. It depends on your needs. Runbox is also a possibility if you use the Mailvelope plugin, as well as FastMail, although Runbox has a better jurisdiction by far. And technically any provider will work with PGP if you know how to set it up. But I'd suggest that list above as a starting point. But again, ProtonMail is a decent option. Frankly, those kinds of privacy services that are at least trying to fight for our privacy are worth support. If you can, sign up for more than one of them! Give one as a gift! Tutanota even has an easy gift option for your friends and family! |
|