- cross-posted to:
- technews@radiation.party
- polygon ( @polygon@lemmy.zip ) English53•1 year ago
This is a silly thing to take issue with. I use a password manager. When I need a new password I allow the manager to generate one for me. Is the password inherently insecure or bad because it was generated by “a company” and not myself? Proton generates your key for you, just like a password manager does, and they’ve integrated that functionality into their service for ease of use, and probably ease of administration as well. There is no way someone can screw it up and not be able to read their emails if Proton handles it.
Encrypting email is extremely niche in the first place, the fact that Proton can enable it quickly and seamlessly for users with no prior knowledge on how this all works is a good thing imo. Everyone with just enough knowledge to think they know better seems to get annoyed by this type of thing and starts spreading ridiculous FUD even while Proton is enabling encrypted email for millions of people who otherwise would be using Google Mail. Don’t get so caught up in the details that you miss the big picture of what Proton is actually providing.
- dan ( @dan@lemm.ee ) English13•1 year ago
Right, but what the author is trying to implement is what is generally considered best practice for secure email.
You’re right that what Proton are doing is a compromise that’s reasonable for most people, but the author here is annoyed that there’s no way to turn it off so he can implement best practice E2EE himself.
Ironically he could probably do that with the vast majority of providers that aren’t Proton, so to me it seems like a totally reasonable ask that a self described privacy focused email provider has some way to allow you to implement best practice email security.
- Helix ( @Helix@beehaw.org ) English6•1 year ago
If someone else makes the key to your house, they can make themselves a copy of the key to your house without you noticing.
- CrescentMadeJr ( @CrescentMadeJr@beehaw.org ) English7•1 year ago
Do you make your own house keys?
- minkshaman ( @minkshaman@lemmy.perthchat.org ) English2•1 year ago
I have in the past yes.
- Helix ( @Helix@beehaw.org ) English1•1 year ago
I buy them from the company which makes the lock. If I need an extra key, I make it myself with the machine at my makerspace. People who give their keys away to keymakers and give them their addresses obviously have bad opsec.
- Catsrules ( @Catsrules@lemmy.ml ) English16•1 year ago
Based on the title i was expecting some kind of AI that rewrites your email to make it better or something. But no just encryption drama. :(.
Someday i will be able to send emails and not have people think i am an illiterate moron but not today.
- Helix ( @Helix@beehaw.org ) English2•1 year ago
Someday i will be able to send emails and not have people think i am an illiterate moron but not today.
You know you can copy and paste your emails into ChatGPT right?
Isn’t everything entered into ChatGPT used to further train it?
- Catsrules ( @Catsrules@lemmy.ml ) English2•1 year ago
Yeah I have done that a few times but your assuming I am not a lazy person it is just not worth the extra steps. Not to mention privacy wise that isn’t a very good idea. Especially if the email contains some confidential/sensitive information.
I was thinking it would be cool to have a native one button fix my grammar. Or maybe a spell check like interface that I can just select text and pick alternative phrases.
There would still be privacy issues that may not be acceptable for a privacy based company like Proton Mail but it could be something like this AI will never remember or save the data it is analysing.
- Helix ( @Helix@beehaw.org ) English2•1 year ago
it could be something like this AI will never remember or save the data it is analysing.
How would you know? In fact, how do you know Proton Mail is not a front shop for the NSA exfiltrating all.your data?
- Catsrules ( @Catsrules@lemmy.ml ) English1•1 year ago
That is a good point. I can’t think of a way to know for sure. Without running the software locally.
- milicent_bystandr ( @milicent_bystandr@lemmy.ml ) English1•1 year ago
Not to mention privacy wise that isn’t a very good idea.
“ChatGPT, please write me an email to send to my girlfriend to convince her I’m not cheating on her with her second boyfriend. Please include details <herein enclosed> of my recent Isis involvement so she knows it’s really me. This is a pretty common request so you can use the template to help out other users.”
- karlexceed ( @karlexceed@midwest.social ) English9•1 year ago
That seems… Not great.
- SteleTrovilo ( @SteleTrovilo@beehaw.org ) English5•1 year ago
I still haven’t signed up for ProtonMail. Doesn’t sound like a good idea with this going on!
- lazyvar ( @lazyvar@programming.dev ) English3•1 year ago
Between this and the IP logging scandal, it seems that they’re going downhill fast.
- Guilvareux ( @Guilvareux@feddit.uk ) English23•1 year ago
It was hardly a scandal. They complied with their local laws, as would be expected. They’re very well-known to be a swiss company. Complying with swiss law shouldn’t be a surprise.
A more fair criticism would be that, after this event they changed the precise wording in their marketing (and maybe tos?) to more accurately reflect what they could offer.
- lazyvar ( @lazyvar@programming.dev ) English2•1 year ago
The scandal didn’t lie in following court orders, it lied in the marketing and the fact that the French ToS lacked any nuance to indicate that it would even be a possibility that ip would be logged.
Furthermore, even when dealt with court orders, other companies that don’t tout privacy to be one of their core values, have chosen to fight such orders in court.
Proton could’ve at least tried to show that they were putting their money where their mouth is, by challenging the order.- MtnPoo ( @MtnPoo@beehaw.org ) English5•1 year ago
They told the guy they were going to start logging his activities and he kept going anyway. It’s not Proton’s job to get shut down or fight an endless slew of legal battles.
If a government is coming after you, Proton isn’t the solution to your privacy needs. Know your threat model and ignore FUD.
- CrypticCoffee ( @CrypticCoffee@lemm.ee ) English2•1 year ago
Is it me or a lot of the responses here a little bot like. Looks like anorchestrated discreditation campaign.
What percentage of users actually need GPG encryption? If they really need it, they can find services to do it on.
Everybody I know who is into using GPG, wants to be 100% in control of their keys.
- CrypticCoffee ( @CrypticCoffee@lemm.ee ) English4•1 year ago
I’m sure they do, but this feels like 1% of 1% of users. To trash an email client that will be vastly superior to most for a ridiculously niche case even amongst nerds is a bit weird.
- MtnPoo ( @MtnPoo@beehaw.org ) English1•1 year ago
You can be if you encrypt manually. It’s easy and works everywhere.