Swiss privacy and security has hidden its fair share of very bad deeds over the years.
AI activity in gmail
- Thread starter GON
- Start date
If a nation or technological platform vetted your activities they wouldn't be offering privacy.
What I was kinda saying is, how do we truly know what Proton, or any vendor’s free email, is doing with your data, especially when the company is protected by a nearly impenetrable veil of private industry and government turning a blind eye to potential abuses?
All you have for sure even with Proton is a pinky promise that’s unenforceable on your end.
Its encrypted end to end. Any proof otherwise?
Easy to sling words. One can do and say that about any company.
https://proton.me/pricing
When you send an email, the Proton client on your device encrypts it with your private key and the public key of the destination user if they also use Proton. Proton cannot decrypt the message body or attachments, because they don't have either party's private key. However, they can see the metadata (to: from: ) and the subject line. The proof of this is if you lose your private key, you'll lose all emails encrypted with it forever. Proton can't help you get them back.
If you receive from a non-proton email account, then yes, proton can see the entire email, but Proton encrypts it with your public key and their private key, it cannot be decrypted until you do so with your private key and their public key.
If you receive from a non-proton email account, then yes, proton can see the entire email, but Proton encrypts it with your public key and their private key, it cannot be decrypted until you do so with your private key and their public key.
Last edited:
Encryption
For email or any other application to be secure between the sender and receiver, better known as end to end encryption. Each end user must have a PKI key pair. I encrypt the message I want to send to you with my private key and your public key, you decrypt the message with your private key and my public key.
The problem with providers like Google is they may or may not even encrypt your email and my guess is they don't. The messages are encrypted with TLS during transport, which is highly secure, but that doesn't mean your email is stored encrypted on Google's servers. It really doesn't matter if it is or isn't, because if it is, Google encrypted it with their keys and can decrypt it at will.
Does Google even offer an end to end encrypted email service like Proton does? No. Have you ever wondered why? Your information is very valuable to Google, so they can advertise to you. Nothing you do with Google is sacred. EVERYTHING you do with Google is subject to Google snooping.
End to end encryption between the sender and receiver is the only way to guarantee nobody else can read your message. The problem with this is how many people understand how to manage their key pair? Almost none.
"Encryption" can mean a lot of different things; and more importantly, the questions "WHEN is the data encrypted?", "WHERE is the data encrypted?" and less critically "WITH WHOSE methods and ciphers is the data encrypted?" define the general overall security of a thing. If I underestand it correctly, Google encrypts data within their own relays; but if it was truly "encrypted" as we hope "encryption" properly secures our data and privacy, their bots would not be able to scour your messages to better advertise to you. "End-to-end" encryption is probably best for security and privacy but removes profitibility for those enterprises that use you as the product.
What prevents the client they made from uploading your key to their server?
Have there been any audits of their code?
False, gmail still scans your mail. Be wary of foggy "diversion" tactics.
"As mentioned, Gmail uses TLS to encrypt messages in transit between servers. This helps protect your emails from being intercepted while they’re moving across the internet. However, this is not the same as end-to-end encryption. Google can still access the content of your emails, primarily for features like spam filtering, malware detection, and smart replies."
....
"Unfortunately, Gmail doesn’t offer end-to-end encryption for regular users. Its only built-in encryption method is TLS, which protects emails in transit, but not once they reach Google's servers."
Google is the master of spies.
Source - (however there are tons of sources)
https://cybernews.com/gmail-encryption-how-does-it-work-and-is-it-safe-enough/
IF there is anything on the planet regarding email you're not going to be more reassured than Proton. Their mission is to allow people in repressive governments to be able to communicate with the outside world and not have security forces come knocking at your door to take your family away.
Other than that, you're not going to get better. Any other wildly used email service does not afford this protection. Conspiracy critics and all the others does not hold water if that helps. They will not allow their severs themselves to be open source, claiming that would be a security threat but everything else, yes.
https://proton.me/community/open-source
Hey, ask google to post this about themselves or any other major
https://drive.proton.me/urls/VGXYGFPE70#txnu5vF12qQU
Desktop
https://drive.proton.me/urls/4858578M7M#AL0OBp9qwqDQ
Regarding their "newer" (to me) VPN service
https://www.tomsguide.com/computing...t-verifying-its-business-security-credentials
"The leading privacy provider adds to its strong reputation for security"
BTW- because of this security there are countries in this world that block access to Protonmail to their population. I believe China is one of them.
Last edited:
That's what I needed. TY.
Welcome, there is so much written on the company. I have used them forever before it became a common name. I always liked the ad free clean email program. BTW- their free service has a limit for storage. I have both paid and free.
Quite honestly, for me it was always about the nice clean interface of their email free of pop up ads, free of all kinds of garbage in even the free version. It wasnt until years later I also acquired the paid version. I have a few.
To be realistic since they dont make money off your data. They do of course make it known about their paid services but they do not put ads on the interface. I think the free version will contain a link at the bottom of your emails for Proton Email
Bottom line, it's free to use and if you dont like it, dont use it. Make sure to back up your password (they now have a system for that) if you ever lose that password, your previous emails are gone forever but not your account. Since it's full encryption the old emails are encrypted with the old password that you forgot and not accessible. (dont ask me how I know but that was a very long time ago)
Last edited:
Because you don't allow any access to your private key. Your public key is just that, public. My public key is published on the internet for the whole world to see.
The client that you use must be trusted. It gets to use your private keys. It can't do the crypto functions without it.
Last edited:
Proton uses SRP, which is good and Proton publishes all of their client source code. The source code is highly scrutinized to make sure Proton does not upload your private key (password). Proton is trusted by security professionals because Proton's source code is open and they are open about how their service works. I don't know of any other email service that can be trusted.
I get it. I don't use it but I've considered it.
The only part I don't like is the mixing of secured and unsecured content in the same client. Compared to something like Signal, where you are encrypted in all messages. But, that's the nature of it when you have email.
I don't know if RHEL + clones do this but in the Debian/Ubuntu world my shell will scream bloody murder - ALL CAPS and lots of "!!!" - if I try to ssh-copy-id or even SSH into a remote machine if my private key isn't chmod'd to 0400, hidden under a blanket and given a Groucho Marx mask.
Oh yeah, they all will and absolutely should!