Domain: protonmail.com
Stories and comments across the archive that link to protonmail.com.
Comments · 27
-
Re:I used to really support Google
-
Re:Leave Gmail
Oops! The missing link: How to use PGP.
-
Re:Leave Gmail
People that send you mail without having an encryption client, as far as I can tell, still have mail stored unencrypted (it would make little sense to encrypt it as ProtonMail would have those keys).
I don't think that's the case. On their Security page they say this:
"(...) your data is encrypted in a way that makes it inaccessible to us. Data is encrypted on the client side using an encryption key that we do not have access to. This means we don't have the technical ability to decrypt your messages, and as a result, we are unable to hand your data over to third parties. (...) For this reason, we are also unable to do data recovery. If you forget your password, we cannot recover your data."
Exactly - read what's there and what I said. There's no difference.
:) Truly secure PGP (GPG) encrypted mail requires a unique Public/Private key pair on each unique email user's client(s) meaning that there could be multiple email clients in use by a single user on a single account. User A has a pair, and User B has a pair, for those 2 to communicate, they must first share their public keys. Which admittedly ProtonMail could be the repository of, or A & B could keep one or both locked away only to be shared as they wish. In any case, ProtonMail doesn't have the private key(s) so can't decrypt the email.Now, I happen to know for a fact that you can send email from a non ProtonMail client to a ProtonMail address. That means that there's no key pair on the sender's client, and no way for that mail to be encrypted. There is no way around that simple fact, and those emails will be sent in plain text and remain in plain text everywhere it goes, even if it goes through an encrypted pipe like SSL or a VPN.
-
Re:Leave Gmail
People that send you mail without having an encryption client, as far as I can tell, still have mail stored unencrypted (it would make little sense to encrypt it as ProtonMail would have those keys).
I don't think that's the case. On their Security page they say this:
"(...) your data is encrypted in a way that makes it inaccessible to us. Data is encrypted on the client side using an encryption key that we do not have access to. This means we don't have the technical ability to decrypt your messages, and as a result, we are unable to hand your data over to third parties. (...) For this reason, we are also unable to do data recovery. If you forget your password, we cannot recover your data."
The paid plan also provides the option of using one's own custom domain, so transferring services later wouldn't be difficult.
-
Re:Leave Gmail
Which service is relatively new and might have more open addresses.
I've read good things about ProtonMail. It's the service I've been considering myself, although I haven't committed yet.
How do I get my 50k emails OUT of gmail and the IN to the new service.
Gmail supports IMAP, so you can do that with any IMAP-capable desktop email client such as Thunderbird. Configure both accounts in the client and simply copy the emails by hand. In my experience it's better to do this in batches of 100 to 500 emails at a time.
If you'd like something more automated, you can write a small Python script using the OfflineIMAP module to first download you Gmail messages locally and then upload them to your new email provider. I used it years ago when the small business I worked for at the time switched email providers. It's pretty easy to do. I managed to write something that did the job in about half a day even though I didn't know Python at all at the time. It then took about five days for the 20 accounts or so to transfer. The few emails that didn't transfer failed because they had some malformed headers that the destination email provider disliked, so I had to fix those by hand before managing to successfully upload them too, which took one or two additional days.
-
Educate by sharingPlease share this article far and wide and advise friends and colleagues of this practice and offer them alternatives.
I use ProtonMail.com. what do you good Slashdot readers recommend?
-
Looks like it is herehttps://protonmail.com/bridge/install says:
Download and install the ProtonMail IMAP/SMTP Bridge to use your encrypted email account with any email client. Available for Windows, Mac, and Linux.
-
Actually there is a solution for IMAP/SMTP
I've just read, paid-for accounts can use a bridge to decrypt/encrypt protonmail locally and access it via SMTP and/or IMAP.
-
Re: ProtonMail!
Last I knew, ProtonMail is not set up for access by any desktop client. Other than their webmail, I think the only option is their own mobile app.
This is necessary because of their end to end encryption. Mail is encrypted and decrypted in the browser via JavaScript or in their own app. Using a third-party client wouldn't support this.
-
Here's some.
Electronic Frontier Foundation: https://www.eff.org/
Enough said.
NearlyFreeSpeech web hosting: https://www.nearlyfreespeech.n...
They defend net nuetrality. Their pricing structure is clearly laid out with no hidden fees, and emphasis on efficiency, and they do well when you do well. They are run by highly competent individuals.
DuckDuckGo web search: https://duckduckgo.com/html/
Great search that doesn't track you. Fuck yes.
PaleMoon web browser: https://www.palemoon.org/
A modern, FOSS, secure, fast, lean, extensible, and highly configurable browser that took over where FireFox left off. It's run by individuals who have ethics, and stick to them.
Proton Mail web mail: https://protonmail.com/
FOSS end-to-end encrypted e-mail. The only issue I see here is that it is free, so you're likely not the customer... There is another end-to-end encrypted web-mail solution that is $5/mo. or so but I've forgotten the name. Anyone? -
Proton Mail is a great Alternative
Where Google basically mines your data en masse and gives it out to US government agencies, Proton Mail is in Switzerland and is not subject to involuntary data request from USA government requests. (Of course they could do it voluntarily but it would really hurt their rep if word got out) https://protonmail.com/
-
Re:Proton Mail
I run my own email server, but if I wasnâ(TM)t able to I would likely use FastMail or ProtonMail.
-
Protonmail
It's available via web and on mobile devices, including iOS 8 if you have an older phone. You get 500 MB storage free, uses two passwords (one for account and one for mailbox), and the providers themselves cannot recover your mailbox passwords. You can tag your emails, make folders, identifies spam, and has an easy way to report bugs/features. They also have a bounty program for hacking with no success and are protected by Swiss privacy laws. It was made by CERN and MIT. The servers are located in a bunker 1000 meters below the Swiss Alps that use end-to-end encryption and 4096-bit SSL certificates. No cloud hosting and they manage their own stuff. https://protonmail.com/securit... The only problem is that it uses Azure. I'm not an M$ at all, but it's either this or Enigmail with Thunderbird and Protonmail is very easy to use and the customer support is awesome whether you're a paying member or not.
-
ProtonMail
I'm looking around as well, and what I read about ProtonMail is pretty convincing. They offer free or paid accounts, promise no logging, and they're located in Switzerland.
-
sounds like a job for protonmail
protonmail.com. Offers encryption, promises not to sell your data (you have to trust them), and they have a free service to try. If you like it, you might consider using the paid service, which is fairly cheap, and supports alternatives to the data-mined services like gmail.
If you want the best security, use GnuPG end to end from a local mail client.
Whatever, just stay away from gmail if you want any kind of privacy. You also have to consider what the recipient is using. If you email TO someone on gmail, you have given away the contents unless you use GnuPG to encrypt it end to end.
-
Try Proton Mail
ProtonMail out of Switzerland is pretty good and seems to be pretty secure.
-
Re: Less secure
It seems more likely to me that this will create opportunities for European companies to clone US based services (including everything down to the business model). What person in Europe would choose a Gmail account when they could get a Euromail account which works just well and includes European-style privacy guarantees? You know, Protonmail suddenly comes screaming to mind.
-
Zero knowledge
That's why you always choose a zero knowledge provider. Someone that provides you a service but doesn't have access to read the content.
I'm pretty happy with ProtonMail in that area. They are not only located in Switzerland, with much stronger privacy laws, but also, they encrypt end-to-end, and therefore, have no access to the content. Mail between users in ProtonMail are automatically encrypted, while mail to someone outside the system can be sent as a URL the receiver has to have a password to access (and can be time-deleted).
Of course, it's not Google Inbox in terms of features, but it gets the job done. You can always do full PGP with any service, but you have to know what you are doing.
Until things get insanely simple, in this day and age, you've got to learn, and do what you can for your right to privacy. -
ProtonMail already exists
ProtonMail already exists, has 2 million users, excellent security and architectural design, zero knowledge on the part of the provider, 2 factor authentication, optional two password setup (one for the account, another to decrypt the inbox), is located in Switzerland instead of the US, etc. It's also trivial to use, the importance of which can't be overstated.
In contrast, the new LavaBit is promising end-to-end encryption "later this year", as opposed to PM, which has always had it. It's concerning that a single SSL certificate was the only barrier between the users and total decryption. More competition is always good, but this looks like a significant step down from an existing service.
-
Re:Some of us know how to use PGP in a real client
https://protonmail.com/support...
There are two main reasons why Subject lines in ProtonMail messages are not end-to-end encrypted.
Not Standards Compliant â" ProtonMail adheres to the OpenPGP standard which largely respects the SMTP protocol. In PGP, the subject line is part of the header packet which is not end-to-end encrypted.
That only applies to ProtonMail e-mail messages. As far as I can tell, their special "ProtonMail messages" between ProtonMail users have their metadata protected.
Besides, while metadata does show IP addresses, subject and whatnot it still isn't as important as the message body. For example you could have something like this:
Header
From: CommodoreChimichanga@pipedash.com
To: BuckarooNeville@pipedash.com
Subject: Cat videosMessage body:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2owE9jTEOwjAQBKnp+ME+ILJEQ0+DEiFEB7QXcyQWts/yGVBKPsYH+BRGQnRbzOy8
X/3s9FzYljPDKcKEzHfHD8gFZWTEOluJPNnsNKGL1iDc1FkkTxNng658RU+BG0TB
0W1cA8+q0ESW6wtFEA40UC/xbIC1V8H4K6oErk11WiQj5X2sxK4qXuQKKtUXZSzN
aov9GP6oYhAz/wA=
=W6m/
-----END PGP MESSAGE-----That's encoded with gpg2 -a --store so it's not really encrypted, it says:
Here is my review of the new Honeycrisp Inc. music player. It is lame, no WiFi, less space than a Vagabond. Also here is some resistor prOn. Man look at those 1.6K Ohm resistors go.
See what I mean?
-
Re:So...
Any links as to what Chrome collects?
No, because there is no law which requires a company to publish an honest privacy policy. And even if there was, there is no way in hell Google will ever allow any regulatory body to pry around their data centres and entire database and archives to ensure that they are indeed not spying or doing nasty things with data, like selling to insurance companies, government bodies, highest bidder, etc.
And even if there was such a thing as a regulatory body to monitor Google, Google will simply pay them enough to shut up, like they bribe the US Government and the EU.
The only honest privacy policy (as it appears to me) comes from the likes of EFF, DuckDuckGo, Mozilla, ProtonMail, and Wire, of the few that I've read.
Google on the other hand is very deceptive and vague in their privacy policy, especially data retention... if there is such a thing as privacy and Google!
-
ProtonMail
Try ProtonMail
Based in Switzerland. End-to-end encryption. Even the admins cannot access their user's e-mail. and it's free.
Falls under strict Swiss privacy laws, out of the reach of other governments.
-
Re:There is a solution--if the google weren't so E
I'm just so sick and tired of problems without solutions, and the google's abuse of YOUR privacy is an ENORMOUS problem, and it's only getting worse. However, there is an obvious solution, if only the google weren't so EVIL and would consider implementing it. Remember the google's new motto: "All your attention belong to us", but...
The solution would be an option to invert email storage while still supporting ads. Here is one obvious way to implement it:
The email is stored on your computer and analyzed on your computer. Candidate ads are available and your computer decides which ads to download in accord with YOUR preferences, not the google's.
That's just a short elevator-speech summary, but there are lots of options that could be added, and by clever use of the defaults, I'm sure that the google will still control us anyway. Notwithstanding, by offering the options, at least the google could defend itself from the lawsuit.
Let me give a pie-in-the-sky configuration that I would like: All my email would be copied to each of my computers that is large enough to hold it, but all encryption and decryption for the syncing would be done on my computers, and the google would only handle the message exchanges. If one of my computers (such as a smartphone) is too small, then the latest (or whitelisted) email would be stored on that device and I would be able to choose where that device would get older email if it needs to. I might want to leave one of my larger computers on line for that purpose, or I might choose to let google hold the email (with or without encryption), or I might choose to put the email database on an independent server that I trust (and in a country that I also trust, which would certainly NOT be Donald Trump's America).
The next optional improvement would fix the in-your-face model of advertising by auctioning a SMALL amount of my time for ads, but the google is way too EVIL to go there. Why would the google risk changing the game they are already winning? I think we have to pray for the google's destruction at this point... That seems to be the only real solution to the cancerous monster the google has become.
I believe a solution that's sort of similar to what you're going after already exists: Proton Mail. It's an email service that encrypts and decrypts mail locally, and only uses the mail part of the service to store it. As a bonus, it actually lacks ads completely - the only drawback is that space is somewhat limited. If Google bothers you, it's worth checking out.
-
Re:The mail security divide
Where's the free replacement?
-
Re:The elephants in the room
Google had no need for Postini. Google's own spam filtering in Gmail is pretty good. Probably as best as spam filtering could be, under the circumstances. So that's one elephant in the room.
The other elephant in the room is Microsoft, with Hotmail, or Office 365, or whatever it's called these days. I don't have any firsthand exposure to that service, but from what I hear its built-in spam filtering is also fairly good.
Big email providers like that have no need to use an external, third party spam filtering service, since they have the technology, and the scale, to implement it in house. Organizations that outsource their email service to these elephants get spam filtering as part of their service and, again, have little need for a third party service.
About the only likely market for third party spam filtering services would be small to mid-range ISPs or organizations that want to run their E-mail in house. They wouldn't typically have the in-house technology to implement spam filtering, and would rely on a third party. Seems like a fairly small market to me, and with E-mail generally on a slow, steady decline there doesn't seem to be a lot of market opportunities here, for third party spam filtering services.
No, email in general is as strong as ever. The reason why it's not profitable is precisely there, however: it's mostly small ISPs who would buy this, and I don't think anybody would use their email service to begin with. The vast majority of us use either Gmail or Outlook, or a small number will self host our own personal email servers. It's a little shakier among smaller, paid email services such as Proton Mail(Privacy comes at a price, but I've heard their free version is still pretty decent), but my guess is these people also make enough to run their own spam filtering, so you're correct in saying the market's too small. Email as a whole is still a very popular medium, however, and I wouldn't go so far to say it's on a decline...
-
Re:Donating money to fight a DDOS is dumb
-
SubjectsInCommentsAreStupidCusTheSubjIsTheArticle
Much more info on this official blog post: https://protonmail.com/blog/pr...