ProtonMail - Encrypted Email

[pjwalsh]

Version 1.15 released March 30.

New Features

• New Outside Encrypted Email HTML Message Design
• New Reply Feature and Editor for non-ProtonMail users who receive encrypted messages
• Message view redesign & added quick compose feature
• New Hotkey Shortcuts in Inbox

Improvements

• New Welcome Email
• Updated blockquotes and indented messages for message display
• Improved advanced search slightly
• Iframe scrollbar fixes for IE
• Changed the way images are shown or not shown by default
• Updated key generation – better support for IE11
• Changed locks for message view and inbox views
• Removed send message limit meter

For details, bug fixes and security fixes see the release notes.

[scryptmail]

Quote:

Originally Posted by jslaterb

I've tried them both.

protonmail name is stupid, I don't like it. No imap/pop support. I would happily have a none encrypted inbox if it allowed imap. Still no option to create folders (apparently this is coming in the next update)

I like name scryptmail but could never use the service because the servers are in the US. I have read the reasons given by the owner as to why they are in the US but I'm not convinced. Also there is no option to view headers - how do I know who the email has really come from if I can't see the headers? No imap/pop support.

If I had to chose one it would be protonmail because of the server location.

Thank you for the feedback.
May I ask: if you willing to sacrifice encryption for Imap support, why is it matter where server are located?
Currently we run poll in our blog to ask which features to include.

[scryptmail]

Quote:

Originally Posted by jslaterb

Because I use pgp encryption with my desktop client. Either Clawsmail or icedove.

Because of the Snowden revelations.
As you mentiond in the Scryptmail thread Snowden said "any communication being sent over US border ends up being stored on one of NSA servers"
I'm not based in the US so I would rather not send anything your way.

Ok, gotcha. It make sense. Thanks for reply.
Recently we moved our servers to SoftLayer, which is happen to have multiple Data Centers worldwide. Would you be ok to use SCRYPTmail if we deploy one of Server in EU (Germany or France) and serve Europe from those location?

[scryptmail]

Quote:

Originally Posted by jslaterb

Yes, I would.

I do realise that it's hard to avoid being scooped up by the NSA or GCHQ but I like to think it makes a bit more work for them.

Thanks for your input. We definitely will take location into consideration when it will be time for new server.

[emebrs]

Quote:

Originally Posted by jslaterb

Yes, I would.

I do realise that it's hard to avoid being scooped up by the NSA or GCHQ but I like to think it makes a bit more work for them.

I am sympathetic to this point of view. The intention behind it is good. However I think it is too easy to focus on the factors that are most readily understandable and actionable, such as avoiding US infrastructure. We know from Snowden that we are powerless. Paradoxically it is tempting to try to do what little we can to avoid getting our bits scooped. While there are things we do know about the surveillance system, my conclusion is that it is too vast and unpredictable from the perspective of ordinary people and even to those of us who are more technically inclined. There is huge uncertainty about which actions to take. Even those who are dedicated enough to experiment will not get accurate feedback about what works and what doesn't. I am not aware of any reasonably low-cost way of knowing whether a given email message was recorded by a government, government contractor, researcher or criminal. After we implement this or that countermeasure against surveillance, we can only guess or imagine what the results are, and that sets us up for a great deal of self deception.

[zimmermanfan]

Quote:

Originally Posted by pjwalsh

Version 1.15 released March 30.
New Features..
Improvements..

So they're working on cosmetics, and not so much the basic needs like escaping the walled-garden to correspond with openpgp users.

Quote:

Originally Posted by scryptmail

Would you be ok to use SCRYPTmail if we deploy one of Server in EU (Germany or France) and serve Europe from those location?

From a civil libertarian viewpoint, these would be relatively decent choices:

Canada
Germany
Greece
Luxembourg
Sweden
Switzerland

These would not:

China
France
UK
US

[scryptmail]

Quote:

Originally Posted by jslaterb

Snowden also said that Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple were all part of the prism program and they all gave the nsa direct access to their servers.

Quote from here http://www.theguardian.com/world/201...iants-nsa-data
"The Prism program allows the NSA, the world's largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.
With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users."
End quote

The companies have denied this but who do we believe?

So, why use a US based company like Google for email when they have these allegations hanging over them?

I'm under no illusion that Protonmail are out of reach of the NSA or GCHQ but from what we know they aren't complicit in any sort of program which makes it easier for the NSA to get your data.

My point is, why use a US company that has been associated with PRISM when you could use a none US company that hasn't. Surely it would be more effort for them to get your data from Protonmail than Google or AOL.

We should not engage in speculative conversation, of who to trust and effort it takes to get our data. I think all of us agree that creating noise will make such surveillance harder. In other hand, there were dozens of cases, when NSA or DOJ get access to companies outside of US (not protected by fourth amendment - silkroad server seizure). Any company have ties to US susceptible to that. be it dev office in California, or just business connection.

The are just handful of countries where you can be protected from NSA on gov level, like Russia or China. But you would not be protected from their own secret agencies, and who knows which one is less evil. But again, there are no country hosting your server, rather than private entity, on which again US can have huge leverage called fear and $.

In my opinion, any of this services be it partially in Switzerland or Germany, should not speculate to be NSA protected. Or actually its very good quality test detector.

[3m41l]

We are not powerless!
There are some tools to avoid NSA, if not we never had listened Snowden in the first place.
For example Tails live cd is a great tool, used by Snowden, Poitras and Greenwald.

[rockman]

I'm more concerned about my private communications being mined, graphed and sold to the highest bidder by a single entity. I think state surveillance will lean more heavily on laws and access to non-governmental company data as much as, if not more so, than their own devices in the future.

I firmly believe putting your digital "eggs in one basket" is dangerous from both a security and privacy standpoint. Spread the data among different, unaffiliated services or self-host.

[B4its2L8]

Version 1.16 is out (with Archive folder, labels and some other goodies).

[pjwalsh]

Encrypted Attachments – All attachments are now automatically stored encrypted and internal attachments are sent end-to-end encrypted.

[pjwalsh]

I'd rather they take their time and do it right. I have confidence in what they are producing.

[winstonsmith]

Interesting update. Are ALL attachments always encrypted? I think not:
"The Encrypt for Outside Users feature does not support end-to-end encryption of attachments yet."

[DasKevin]

Hello everyone, I'd like to introduce myself, I'm Kevin from the ProtonMail team!

We're happy to have had so much support this past year - it's allowed us to develop and improve ProtonMail to protect online privacy.

I hope you don't mind me posting this - today marks one year since we launched ProtonMail, and we have a special gift for all our existing and new users. We're upgrading every free account to 1GB storage starting today. You can read more about this on our blog: https://blog.protonmail.ch/were-upgr...gb-of-storage/

I'll be happy to answer any questions you have about ProtonMail.

[B4its2L8]

Hi, Kevin

Great news!

Btw, please, contact Edwin for representative status here.

Other questions:

1. I noticed at your feedback site this post. It seems to be a security issue ProtonMail needs to address soon!

2. How soon til we can send from the ProtonMail interface/account using an external mail address (e.g. johnschmidt@outlook.com) in the "from" field?

3. One more suggestion: it would be nice if, after archiving a message while viewing it, the next message would be opened automatically instead of just going back to the message list.