loudwhisper

Security is hardly a binary property.

Given you mention the specific technical setup, I would say yes - that is secure against most risks relevant for most people.

At least, it's totally fine according to my own threat model, where I looked specifically at broswer-based encryption vs "manual" encryption (I.e. using PGP tools locally).

Sender and recipient can't be encrypted e2e. How would the server know to whom deliver the email if those are encrypted and not visible to it?

AFAIK tuta encryption extends to the subject line only.

Still a nice addition, don't get me wrong, but I believe you misunderstood something.

From their own doc:

The only unencrypted data are mail addresses of users as well as senders and recipients of emails.

Contacts and everything else is encrypted similarly in all "secure email" providers, including Proton.

TBF, they push the same content via their email newsletter.

Tuta is great, I will start from that. But they encrypt the subject line, in addition to the body afaik. It is technically impossible to encrypt "every part of the email" because that would break delivery (e.g., metadata such as recipient or timestamps).

This also has the cost of a nonstandard protocol (not plain PGP), with all that implies in terms of compatibility, maintenance needs etc.

Since I have found it historically hard to engage on this (broader) subject around here, just yesterday I put together my own thoughts at https://loudwhisper.me/blog/proton-fediverse-burnout/

Personally, I did not see the value of their Mastodon presence, it was write only marketing communication, no engagement with the community anyway. That happened only ever on Reddit, which I think is going to continue being the case.

They push the same info via email newsletter, if someone really wants that stuff.

Either way, the post above covers my take on the whole drama, not just this last small chapter.

The biggest items on the graph are all out of bounds accesses, use-after-free and overflows. It is undeniable that memory safe languages help reducing vulnerabilities, we know for decades that memory corruption vulnerabilities are both the most common and the most severe in programs written in memory-unsafe languages.

Unsafe rust is also not turning off every safety feature, and it's much better to have clear highlighted and isolated parts of code that are unsafe, which can be more easily reviewed and tested, compared to everything suffering from those problems.

I don't think there is debate here, rewriting is a huge effort, but the fact that using C is prone to memory corruption vulnerabilities and memory-safe languages are better from that regard is a fact.

Sorry about that :) But you get the credit for spotting the problem! Thanks for that!

Thanks, I have taken @sugar_in_your_tea@sh.itjust.works's suggestion and I have added "create".

With Simplelogin integration Proton does PGP encryption because effectively all emails are forwarded by a simplelogin address. I have just tested to be sure, and I can confirm it is the case. I agree though that this only protects "my side", which is why I said that it doesn't provide all the PGP features.

Publishing your PGP public key next to your email doesn’t require “wasting a domain” or anything like that

It does if I don't have any key that I use for emails. My key(s) is bound to the Proton account with the other domains I use, so for this domain I would need to either add it (back) to Proton (easier option, but "wastes" a domain) or just generate and manage a key myself, that I can then even add manually to Proton, but I didn't bother doing this just yet. I am not going to use any other public key I have because I wanted specifically to keep this domain separated from my identity.

I just thought it was amusing that you didn’t seem to actually follow your own advice.

FWIW, I do follow the described setup for everything personal, which is what matters to me. As I said, ~1/2 months ago I did have my PGP key because I enrolled the domain into Proton, which if anything is a testament to how annoying it is having to manage keys myself (which I already do for signing commits etc.). Maybe I will spend some time to polish the setup, eventually.

I don't think so, does it sound weird? Not a native speaker, so maybe it does :)

Yep, I am aware of the contradiction. I used to, but since then I moved to an alias as it was not worth wasting a domain for a single address. I may spend eventually the time to setup PGP for the alias itself, but I just didn't. It's a Proton alias, so I get anyway PGP encryption, though (obviously without all the features, but good enough for the near-zero volume I currently have).

Not that I know, which is the reason why I essentially didn't consider those threats relevant for my personal threat model. However, it's also possible it happened and it was never discovered. The point is that there are risks associated with having the same provider having access to both the emails (and the operations around them) and the keys/crypto operations.

The cost of stealthily compromising a secure email company is simply disproportionate compared to the gain from accessing my emails. Likewise, it's unrealistic to think some sophisticated attacker would target me specifically to the point that they will discover and then compromise the specific tooling I am using to access/encrypt/decrypt emails. Also, a $5 wrench could probably achieve the same goal in a quicker and cheaper way.

If I were a Snowden-level person, I would probably consider that though, as it's possible that the US government would try to coerce -say- Proton in serving bad JS code to user X. For most people I argue these are theoretical attacks that do not pose concrete risk.