I tried really hard to move to protonmail and detach from a Google ecosystem, but really struggled to import my existing emails (their import/export tool was incredibly prone to breaking).
You're also locking yourself into an ecosystem without open apis. If you want mail on your phone you have to use their client, if you want it on the computer you need to install the protonmail bridge (which seems to restart itself and overlay over the top of whatever you're doing)
The apps don't seem to behave well on MacOS either, something about how the windows are designed means that they won't show up in the Mac cmd+tab switcher.
All this means that their security model is irrelevant to me, if I can't do the basic things that I need to do.
I don’t have that much emails and faced lots of issues with the import tool, moving from a gmail account.
After more than 10 attempts and 3-4 exchange with their support I still have a few emails that haven’t been imported successfully.
Other than that I’m a happy user. But I think that they should invest more in the bridge and importer/exporter tool, the user experience really isn’t that great.
We have been working on improving the Import/Export tool, and have deployed some fixes and improvements requested by users. For example, we've:
- Increased the number of supported mail providers by changing the way folder structures are handled
- Improved the handling for unstable internet and pause/resume behavior
- Fixed the rare cases where the application freezes when starting/stopping imports
- Improved the manual update process
The Import/Export tool will be exiting Beta with these improvements this month. If you try the production version, we're optimistic it'll work a lot better.
yes, very interested in the emails you can't import. I don't work for ProtonMail btw, just have quite bit of experience with smtp and email. Just curious from a tech perspective what kind of email you are having trouble importing.
I had tons of issues with mailman added headers causing entire HTML messages to be interpreted as plain text, rendering their encoding tags visible. I think they fixed this. I was still a bit surprised that this was an issue 1+ years into the IMAP bridge.
Big plus is that if you complain about this to their support things actually seem to get fixed? That was kind of a shocker, I'd suggest sending them a note if you have issues. Though this particular IMAP transfer between accounts has worked between my other email accounts (exchange and some linux server long ago) and gmail since I first tried it so it's a little sad. But a smaller team I guess? But paying for it so...
I can't remember now, and there is a chance that it was the emails that were problematic. The behaviour of the import/export tool was just unforgivable though. It wouldn't handle the emails it couldn't import gracefully it would just hard fail.
I’m not exactly sure, I didn’t identify a clear pattern. One thing I noticed is that emails with French or German accents/umlauts in their subject line fail to be imported. But others don’t have that characteristic.
I like fastmail, but the Australian Government has anti-encryption laws that are just a dealbreaker.
Australian companies (of which Fastmail is one) can be forced to handover user data silently[1].
"At its core, the legislation allows law enforcement agencies to compel companies to hand over user information, even if it’s protected by end-to-end encryption. If companies do not have the ability to intercept encrypted information, they can be forced to build tools to do so."
So fastmail can be compelled to hand over user data[2], and if that data is encrypted, can be compelled to build tools to subvert that security (this is a shame because Fastmail itself is anti that bill).
They're a Melbourne-based company, but their servers are in other countries. Does ASIS' reach include data stored in other countries? (NYC, Amsterdam, Iceland)
Yes it does, because they can compel the company employees. A previous company that I worked for used to have data centres in Amsterdam and Sydney (pre-cloud), but it was an Australian company with Australian engineers, so it wouldn't matter very much in this context.
It's the old xkcd "million-dollar cluster to crack encryption VS wrench"[1]
If you or your engineers with production access live within a jurisdiction then your security and laws are impacted by that jurisdiction.
I agree, I've been with them for years and haven't been able to fully transition yet. I did try finally copying over old emails via their IMAP bridge but it had bugs even after all this time and now a bunch of my old emails have permanent defects. At least they're old emails I guess.
Their technical support has been prompt at least. But my email also doesn't arrive at most google hosted email domains when delivered via a mailing list so it's been a mixed bag. Apparently that one is unsolvable because Google improperly uses DKIM signatures for spam detection.
I'd probably go with something else if I were starting again, I still can't customize swiping left and right to move forward and backwards in my email box, which really seems like a pretty basic feature that all the other clients use. It is odd that it is still missing after 2+ years of development. I really can't recommend it other than that I probably won't switch again for a while and misery loves company.
> I still can't customize swiping left and right to move forward and backwards in my email box, which really seems like a pretty basic feature that all the other clients use.
I just updated the app on Android today and got a notification that they added this feature
Edit: Version 1.13.10? That's the latest I see on the play store, I have it installed, but it does not have the ability to go to the next message while swiping while a message is open. I looked around a bit but I don't think they just added it unless the play store version didn't change globally or I can't find the feature to turn it on. They do reference swiping in the config page and in their update changelog from June but they're talking about marking messages in a folder, not navigating.
> I tried really hard to move to protonmail and detach from a Google ecosystem, but really struggled to import my existing emails ...
The apps don't seem to behave well on MacOS either,
I moved my emails and docs to iCloud, native apps, no problems.
The problem I have with ProtonMail or ProtonVPN is that they rely upon Neustar to handle all of their perimeter security, meaning that every single client that accesses their services will be inspected by Neustar, which IMO defeats the purpose. At the moment, I don't trust Neustar, and presume they're a US military contractor (located in Virginia).
Very few players have the capacity by themselve to handle a large DDoS these days.
And I'm not sure when talking about protonmail kind of encryption that Neustar has any special access to keys relative to say Level3, cogent or any transit provider between you and protonmail.
Or, they are a great choice. Defense contractors have unique defensive insight, and if properly fire-walled off from their other lines of business, can be of a net benefit.
I worked for a British defense contractor, as an American working with the U.S. DoD. We were careful to dot our I's and cross our T's, but over all it worked well.
No why would you? The US has checks and balances to minimize abuse and keep data requests limited to the national security domain (like most countries in the western world or eyes alliances). The other has no such checks on those powers.
Do those "checks and balances" really matter in the light of what we've learned over the last seven years (and even before that)? It doesn't seem like there's much of "minimization" going on from the three letter agencies.
They do matter, completely. Has the data from national security programs ever been used for non-national security purposes (ie in public policing for instance)? It is rare if not unheard of in most western countries. Conversely, it is used all the time for censorship and policing in China.
These checks and balances declared the metadata programs unconstitutional.
Is the system perfect? Not even close, but it does strive to minimize abuse. Plenty of countries here in the EU have national security programs that operate in a similar fashion. The goal shouldn’t be no data collection, it should strive to minimize abuse and keep collection limited to that national security concerns. None of that is true of the programs in China.
"Conversely, it is used all the time for censorship and policing in China."
Sure- in China. I'm not in China. Censorship might be a problem, but outside of that, I'd much rather have the Chinese government (and even Chinese local police!) have my metadata, and even data, than give the US national security apparatus the same access.
Corporate IP is another exception to this- it's pretty clearly better that the US, rather than China, have access to my work data.
But for, say, a Snowden-esque whistleblower in the US- can you really say they'd be better off with, say, DHS having access to all their data instead of the Chinese government? Obviously ideally nobody would, but for them, a system whose failure mode is "China can associate your IP and email address" is, I believe, dramatically better than "DHS/NSA can associate your IP and email address".
> But for, say, a Snowden-esque whistleblower in the US
Sure if you are acting on the state level against US or European governments China would be better but for everyone else I think it’s extremely safe to say US/EU.
I’ll add though that I am fairly confident the security of your data in the hands of the Chinese Government is far less secure than when in US/EU. Just last year hundreds of millions (yes hundreds) of social media logs and private chats were released on the web from a hack on a Chinese surveillance system.
I'm not sure that's a fair presumption. Neustar was spun as a separate entity out of Lockheed many years ago, as a neutral body to do number porting mainly. It was a government contract, but not a military one AFAIK.
In trying to resolve some of their latency issues for their Linux client (on Github) I realized everything was being funneled through Neustar, which was the issue. So I questioned them about it, and they confirmed it.
The other service was Radware. The problem some people had was not the tech (it uses GRE tunnels that doesn't compromise our TLS), but that Israelis are allegedly shady. We don't think that's a fair characterization. We have switched from Radware for other reasons in 2018.
Since the drive can be used to store and share docs related to sensitive topics such as covid, will this prevent it from being used in the Apple store unless they put filters into the app?
I went in hard with email security a year or so ago.
In the end I decided it was a broken system if security is the goal.
I signed up for Hey and have really been enjoying it.
I keep any secure comms on more secure platforms like Signal or Telegram.
Yeah this is what I settled on as well. I still use GMail and PGP for those very few who are willing to go the extra route (like 2 people I know), but use it unencrypted 99.9999% of the time, and secure comms go out over Signal.
That's nonsense, security isn't only about E2E. Telegram is encrypted between clients and their servers, and are stored encrypted in their cloud services (at least if we trust what they say), a defaults that trade some level of privacy/security in exchange of a better UX, but you can decide to do the opposite trade by creating E2E discussions. How does that make their system not secure?
Do you have examples? A chat application that has E2E and also let you carry your conversations between devices, that doesn't require you to pass through your mobile the way WhatsApp do it?
Wire (wire.com) has done it. You can install Wire on multiple devices and have the chats sync up. Every chat is E2E encrypted, one-to-one or group chats.
Even Signal Desktop does not require the communication to pass through the phone (or even to have the phone around after setup). WhatsApp is the odd one in this respect.
That seems similar to what WhatsApp does, but I haven’t tried myself. Do you have more details on how that would work without passing by the mobile app?
It links to your phone to authenticate you. But from there, all messages are sent and received directly from the servers to all clients. So if your phone is off, but your desktop is on, the desktop client still receives them.
The catch is that if your desktop is off, it won't be able to "catch up" later on any messages that it missed. Although I don't see why that's impossible to implement in principle.
> E2E would require me to use only one device for that specific chat, which is makes it really hard to explain to a layperson.
Not necessarily. It is hard, but Wire (wire.com) has done it. You can install Wire on multiple devices and have the chats sync up. Every chat is E2E encrypted, one-to-one or group chats.
Depends on if you can talk your contacts into using it. What I'm more worried about (as a Telegram user) is the lack of metadata protection (contacts stored on the server for example).
The killer feature here isn't end-to-end encryption, other services offer that and you can trivially roll your own with rclone, but the flexibility to share files on your filestore with other users without compromising that E2E encryption. I haven't seen anyone else offering that in a usable manner.
Pretty neat stuff. I hope they open-source it so I can self-host.
There is a few end-to-end encrypted storage providers[0][1], where you can share your files externally with other users without breaking the encryption for a long time.
>model prevents any attacker who gains access to one of our servers from...
If an attacker gains access to your server, they can just inject javascript to gain access to whatever they want on the client's browser. I'm a big fan of Proton* products, and pay for a variety of their services.
However, I can't really get behind this method of data storage. But, it is the best option I've seen for centralized file storage. Syncthing is what I currently use for distributed storage, and I share encrypted files over that. Anyone have a better idea?
I'm already suffering withdrawal even with no shutdown announcement by keybase. There just isn't anything as easy and comprehensive out there.
I don't use all keybase features actively (wallet, looking at you) but the small use I make of everything else warrants me saying I wished they had a paying tier before they sold themselves.
> If an attacker gains access to your server, they can just inject javascript to gain access to whatever they want on the client's browser.
That's a little complicated right and out of the threat model of normal users no?
They mean to say if someone hacks into server and just copies the data, they will just have random nonsense.
For the javascript thing to work, you need to login after the server is compromised. And if they haven't realised their server is compromised by then, you shouldn't use them.
A few things: I think the "average" proton user is super technical and cares about this thing, or they wouldn't use it in the first place.
The threat model is likely law enforcement - they can "compromise" a server legally and restrict owners from notifying people, and have done so many times in the past.
I'm guessing the password is tacked onto the URL as a fragment, which browsers do not send to the server. But this means that it relies on the trust that browsers follow this requirement.
It looks like you are correct, but only if you let them generate the password. If you define your own password, then you would have to share it via another channel-
>> While the Proton server will know the URL, it will never receive the password.
>> When creating a new shareable URL for a file, the web client will first confirm that a share directing to the file exists. The passphrase of this share must then be encrypted with the new password associated with the URL. This new password is either randomly generated by the ProtonDrive client, or is specified by the user.
>> In the case of randomly generated passwords, the user can choose whether they want to include it at the end of the URL, equivalent to sharing the content publicly. This section of the URL isn’t shared with Proton servers, making the password and the content inaccessible to Proton. Alternatively, the user can choose to share the password separately.
>> In the case of user-defined passwords, this option isn’t available and the password must always be communicated separately.
It is exactly same as mega.nz does now. Unfortunatelly it is prone to leak of full URL by malcious or buggy browser extensions. And does anyone know what is sent with Chrome URL check?
I simply can't get around Proton's pricing model. A lot of services already work with rclone, which has a crypt backend on top that encrypts everything stored in the cloud. With ProtonMail's current Visionary plan, you get 40GB of storage for $30/mo and with ProtonDrive it looks like you'd get maybe 140GB of storage for $30/mo. G Suite is $12/mo and you get unlimited storage. If you're worried about security, you'd simply use GPG on top of IMAP or Mailvelope.
Would your mother understand the "simply use GPG on top of IMAP or Mailvelope" part? These E2EE products are not for the tech savy users, who are willing to go to the extra mile.
I like protonmail a lot, and I'm a happy paying customer. But, I'm a bit sad they're rolling this out instead of improving their mail product. I don't want a google drive replacement. I suspect other users probably do.
But, I don't think people should generally be storing files in the cloud. And, I with Protonmail were finally finishing support for FIDO2 authentication rather than rolling out a cloud storage solution.
Never really had issues with Bridge and have been a professional subscriber for about 8 months. I got the subscription mainly to use my ProtonMail email address with Thunderbird instead of mail client on MacOS. I don’t agree with the “LAZY” way around getting a basic app install on Mac and p.c. Either way, I’m still a satisfied customer and haven’t had any issues with my emails and transfers.
I agree here. Literally never have issues with having separate phone app or bridge on PC. Most of these complaints are the typical over engineering stuff that gets built into things and takes up time and resources and less than 1% care about.
I recently reset my password; providing the old password any time you remember it allows you to decrypt old emails (in the case of Proton, your password is the AES decryption password for your PGP RSA key [0]).
From what I read they weren't setup to host multiple apps and needed a somewhat large refactor to do that. The calendar on beta.protonmail.com is probably what will be released to production.
The only thing to smooth over, from my understanding, is the fact that they did a lot of refactoring to become multi-app.
It is already available in Beta at beta.protonmail.com. We're looking to also put out the mobile apps around the end of this year or beginning of next year.
For me the key feature(s) I want that Proton doesn't have is the docs and spreadsheets. If you're already on Google Suites/apps it's hard to move over without those.
If you want secure email on Google you can always use GPG with IMAP or Mailvelope. Additionally, for Drive storage you can use rclone with a crypt overlay.
Not true. I’m a cyber lawyer. Having subpoenaed them in a civil case for a major energy company, which eventually had a criminal element and FBI involvement, I can tell you that basically told me and the FBI to fuck off.
You're also locking yourself into an ecosystem without open apis. If you want mail on your phone you have to use their client, if you want it on the computer you need to install the protonmail bridge (which seems to restart itself and overlay over the top of whatever you're doing)
The apps don't seem to behave well on MacOS either, something about how the windows are designed means that they won't show up in the Mac cmd+tab switcher.
All this means that their security model is irrelevant to me, if I can't do the basic things that I need to do.