• taanegl@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    12
    ·
    6 months ago

    This is why you sign and encrypt the contents of email. If the recipient doesn’t have the public key, they can’t read the content.

    Allowing a service provider to “handle your keys” is tantamount to letting the fox watch the henhouse.

    Proton doesn’t provide IMAP/SMTP access for free accounts, so you won’t be able to encrypt emails locally.

    This ultimately is the tech version of “trust me bro”. This means you are as secure on Proton as you are on GMail, depending upon how you use the service.

    • baseless_discourse@mander.xyz
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      6 months ago

      If the recipient doesn’t have the public key, they can’t read the content.

      Sir, if your recipients don’t have a public key, you cannot even encrypt the message… That is how asymmetric-key crypto works.

    • sudneo
      link
      fedilink
      English
      arrow-up
      8
      ·
      6 months ago

      This comment is completely off the mark. The information that they disclosed is the recovery email -the same exact thing which happened previously- not any content of any email.

      Also, proton does encryption with PGP, but you can’t encrypt if the other side doesn’t use PGP (which is the case for 99.98% of humans on the planet). If they do, proton supports this including with arbitrary clients using their bridge.

    • SaltySalamander@fedia.io
      link
      fedilink
      arrow-up
      5
      ·
      6 months ago

      Proton doesn’t provide IMAP/SMTP access for free accounts, so you won’t be able to encrypt emails locally

      Umm, you absolutely can. Use gpg, encrypt the txt, copy the encrypted text into the email. EZPZ.

      • taanegl@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        4
        ·
        6 months ago

        …yes, that’s what I said. But sign them locally. Do not put your private key on Protons service. Sign and distribute pub keys locally.

        Probably should have clarified.

        Also, paid IMAP/SMTP makes Proton a freemium service. Thought I should just underline that.

    • NeatNit@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      FYI email contents were not decrypted or turned over to police, as far as I know Proton’s E2EE is still as good as whatever system you’re using. Proton doesn’t have the keys to decrypt your emails, it never did. What they have access to is metadata that is necessary to function when your private key is unavailable - e.g. your public encryption key used to encrypt incoming emails from non-Proton sources, or in this case, a recovery email address (I don’t know what the recovery process entails and whether it can restore encrypted emails).