16 comments

[ 5.1 ms ] story [ 44.9 ms ] thread
I think that using ProtonMail Bridge defeats the purpose of using ProtonMail in the first place. At this point there is no real difference to other hosts, except that the emails themselves are encrypted on ProtonMail's servers.

Now you are using another email client that you have to take care of its security yourself, and besides, anyone who has access to your machine will have access to your email when you turn on Bridge and open your email client. A big part of Protonmail is that these emails are not "stored" (cached, whatever) on your machine.

i disagree. more of my data has been compromised due to attacks/leaks/etc on the host than has been compromised due to someone having access to my machine.
I can't quite figure out what you disagree about. I stated that 1) ProtonMail Bridge makes things less secure and vulnerable 2) that I think it defeats the purpose of using ProtonMail in the first place 3) that you have to worry about the security of another software with ProtonMail Bridge.

I think you're saying that you're more likely to be compromised because of the host, and this is where I'm confused, because I didn't claim that you're more likely to be compromised by someone having access to your machine.

How much you trust the email provider for security (not get pwned or malicious insider), privacy and more than all that reliability and availability is the major difference. That aside they all do have features the others don't as well as different support and user experience.
I would like to know to what alternative they have moved on.
Yeah that was definitely something I wondered after reading to the end.

Though running a dig against their domain it seems the MX record points to gmail.

I just don't think ProtonMail is really worth it as an individual. 90% of my emails either go to or come from servers operated by Microsoft, Google and Amazon. So they're being seen in clear text anyway. And probably harvested for my data.

PGP is built in to proton to fix this but good luck getting someone else to use it. The added value in terms of privacy is only really there if you email with other proton users. And I don't know any.

I just kinda gave up on email instead. As have most companies. Who sends sensitive information by email anymore? It's become a glorified notification service "Come view your message at our portal". Personally I think email is broken beyond repair.

This is why I have switched to Fastmail and have really enjoyed the benefits. Not having CalDAV/CardDAV with ProtonMail really sucked. And Fastmail's sync feature is helping me slowly wean off of my Gmail account.
Agreed. I had been using Gmail hosted domains for over a decade. When they said they would begin charging, I moved to Fastmail. Their hosted DNS option has some bugs , but otherwise, it’s been remarkably easy.
I haven't yet tried it for Fastmail or Protonmail, but the latter seems to allow you to switch your domain to them.
Who sends sensitive information by email? Are you joking? I can ruin your life and take away all things you hold dear if I take over your email. It is a nightmare. Just about every account or service , commercial, school or government use email as a way of recovering access to your account.

It is so bad one of these days I need to ask HN properly why all these tech companies screw this up royally badly. There doesn't go by a day where some app or tech company sends by email some aspect of what I have been up to by email.

Perhaps you mean strictly from the perspective of what proton can protect which makes more sense but in general you can't be more wrong on this. Brand new apps from fresh startups rely on email all the time.

As for proton's value, it is pretty simple, you are not the product you are the customer. I have helped technically illiterate people start using it and they love it. Few weeks ago one asked me how to recover their yahoo account, i told them if they exhausted all the automated recovery options they are out of luck and gmail is the same as well. With proton, I emailed their support from a separate account and was able to talk to a human within days and get it resolved (you will never talk to a human with gmail because you are never worth the support cost). They abandoned their yahoo as I did mine for the same exact reason many years ago.

Forget the encryption, that's just polishing turd. Given the criticality of personal email, I need a company that has clear business interest to look after not just my privacy and email security but me as a customer. The stories of entire businesses ruined because google took away their account access all of a sudden is too many the ones that get posted on HN and twitter are the minority that know the right people and can make enough social media noise. There are life long contacts that will never be able to reach me again unless I hire a PI to find them because of my lost yahoo lol. They suddenly think your IP and user agent are weird and you need another device you used in the past to allow the login despite a legit password? Whoops, security security you lost your account now lol.

> Who sends sensitive information by email?

Too many people. Example apply for job. Even in Europe, so many employers ask for PDF of all your certificates by email.

BTW, not everyone works in SV or FAANG that uses top encrypted databases from some top recruitment agency. Sure there are 10 jobs in government sector that will ask you to print 100 page of application - hand fill and send it. Everyone else not.

BTW, at my local copier place in Berlin, people come with file in cellphone. They just email or WhatsApp the PDF - can be CV, passport or anything - to the common copier fellow's email/WhatsApp - then print.

Even at most covid testing centres at airports - you need to give your passport number + address etc. You think they use encrypted laptops or GPG emails. The test result is returned by PDF email.

Sadly, proton mail is like iPhone. Sure it is secure, but once you install facebook or tiktok - nothing can be done.

While some whistle blower can use protonmail to send email to some journalist - for the normal citizen it is just useless.

I don't really agree. The account recovery yes, but this requires active access to my account (and is time sensitive). Also, on anything important I use 2FA with backup codes.

I've not needed to send my CV by email for years even. Every time I've applied I needed to submit my CV on their portal (and usually enter my work experience manually there too :/ ).

I understand Proton is more 'on my side' than gmail, but I don't use gmail. Right now I have a paid business O365 account. My remark was more about the added value of ProtonMail over another paid account, not over a free one.

As a techy individual, I found it cost prohibitive with 2 accounts over 2 custom domains for my self and my spouse. Switched to my own nextcloud and migadu and haven't looked back. At this point my strategy is just to desilo as much as I can away from Google, Microsoft, Apple etc.
I genuinely don't understand the appeal of using ProtonMail if you're already using PGP. That's all ProtonMail is, convenient PGP. If they are already using PGP they can just use Fastmail and have the same privacy benefits.