ProtonMail


#1

ProtonMail is a secure email host.

A few months ago they modified their service to allow for custom domains and multiple accounts, so families or companies can host their accounts there.

Unfortunately, the nature of their encryption currently prohibits using standard protocols from checking mail in a client. They provide a web app, and mobile apps for Android and iOS. That is probably enough for most folks, but I require access via mutt, so for now I am not making the leap.

Considering that the only safe email is text-only email, sticking with mutt is the better decision for my particular use case, though I do wish I incorporated more encryption in my email.


This is a companion discussion topic for the original entry at https://interi.org/notes/protonmail/

#2

I have an account! #lazyweb warning… Just to see if I understand it correctly, it’s encrypted-email-as-a-service, which necessitates having its own client, right?

  • key management: you don’t even have your private key; it only lives on their servers? (I have not looked carefully at the docs.) I’ve seen people post their keys so they must allow you to receive encrypted email from not-protonmail email accounts
  • invisible encrypting: if its from another protonmail user, you don’t have to do anything for it to have e2e encryption

I think it’s good because it makes it easy and invisible. Like signal. But of course then we’re all on a central server. Like signal. There’s always the ease-of-use vs centralization tension. And it’s so very easy to throw away the part about caring about it being not decentralized.


#3

Yeah, that can happen, but not in reverse; ProtonMail users can’t encrypt a message to a GPG user, for instance. They are limited to a web-based one-time password message thing.

One could weigh it against everyone being on GMail. ProtonMail is never going to run ads or process the content of email for profiling. That’s nice!

Kinda. The way they solved a crypto UI problem was by doing it that way.

The reason I don’t jump on that is because my mail needs are different. I need to process my mail quickly, and delete it. People don’t send me sensitive email messages, they use an encrypted instant messenger. I don’t want anyone reading my mail, but honestly most of the mail I get is worthless, so I don’t get too bothered by it.

I do need to change my mail provider, though. It is tough, because I am hosting email for folks I haven’t spoken to in years, so I hafta overcome that first. :upside_down_face:


#4

Ah, thanks!

If I use Gandi’s mail forwarding service and point some address
onlyanexample@judytuna at my protonmail, would the … hmmm … contents of
a plaintext email sent to onlyanexample@j pass through Gandi’s servers? I
guess this question stands whatever server the mail eventually gets to.

What if someone encrypted some mail with my protonmail email address but
sent it to onlyanexample@j? Could I then decrypt it? Does that even make
sense? Keys are tied to email addresses, so…no? I don’t know what part of
the process it would break down though–haven’t messed with the tools
enough–at the point the sender is trying to send it to a different email
address than to which it was encrypted? Lol

What do you think of keybase.io? I’ve never used the mobile app until just
now


#5

Email forwarding:

The term forwarding has no specific technical meaning, but it implies that the email has been moved “forward” to a new destination.

I am sure it is subtle across servers, but I’d count on there being a copy at least “passing” though each server it interacts with. Sending a plaintext message is sending that message into the public, to be read by anyone glancing at the traffic between servers (so, a lot of machines doing that for a lot of humans for good and bad reasons (like monitoring for service quality, or stealing the secrets).

I don’t think that is how it works, exactly. ProtonMail uses OpenPGP, so messages encrypted to a key can be decrypted with the corresponding private key, as usual. It is just the interface to do that is built in a way that isn’t apparent.

The good news, you can give folks your public key generated on ProtonMail, and they can encrypt it as they usually would. And I don’t know exactly how it pieces together as a process, but that ought to work even if someone encrypts it but sends it to a forwarding address, it should be encrypted (except for subject line, per usual) and be able to be decrypted by ProtonMail.

Something I don’t quite understand, and maybe you can test this with someone that has a public key available (I do not, but maybe could test this with ya), is how to send an encrypted message to a non-ProtonMail user using GPG. According to their docs, they do not support sending PGP/GPG messages (though it is unscheduled on their road map).

So in digest:

  • ProtonMail uses standard crypto tech
  • ProtonMail users see end to end encryption, in both transit and storage
  • One can decrypt mail encrypted to their ProtonMail public key, though that needs to be downloaded and shared manually.
  • There is currently no way to encrypt a message in the ProtonMail UI

It is worth noting that there is a way to send encrypted text without integrating fully into the email specs. For instance, just by including cyphertext in the body of a message. Not the best experience for sending or receiving, but still viable.

I’ve seen it around, and noted their encrypted git hosting (though I ought to make an actual note about it…). But as a communications platform I am not interested. I don’t know all that much about the technical details, but from what I’ve seen it is interesting in theory, but not practice.

Nothing against Keybase! It is just the focus on “proving identity” via corporate media, and reinforcing that those companies are somehow qualified to vouch for real humans, it is not a game I am personally playing. I am more interested in Matrix and blockchain tech, which I see filling the space Keybase is working in.

I guess it is worth mentioning that services like ProtonMail and Keybase are valuable for simplifying the techniques we’ve used to communicate securely, and it increases adoption. But it does put everyone in a basket, a single point of failure, even if the tech says everything will be fine. What I mean is, there are non-technical ways to shut down those services, whereas that is much hardy against autonomous individuals deploying the tech in pieces, like anonymous users use GPG natively.


#6

I wrote notes on ProtonMail 3.12. :slight_smile:


#7

https://protonmail.com/blog/thunderbird-outlook-encrypted-email/

That’s a big deal! GNU/Linux users will need to wait until “Spring 2018”, but the way they figured it out is pretty clever! As soon as I can use mutt, I am moving interi.org mail over. :slight_smile: