• Proton Mail

    Author
    Topic
    #2594311

    Hi, what’s the opinion of Proton Mail?

    There are Free and two paid options, calendar, VPN plus more.

    Dell Inspiron 7580 i7 16GB Win 10 pro 22H2 (19045.3930), Microsoft 365 Version 2401 (17231.20182) Location: UK

    Viewing 5 reply threads
    Author
    Replies
    • #2594477

      Encryption like theirs where the private keys stay on their end is not secure.  I would never use it.  Just like hushmail and safemail and other honeypots.

      • #2594492

        Biiijoy,  You make some interesting points.  What email provider do you use / like?

        Custom desktop Asus TUF X299 Mark 1 16GB RAM i7-7820X
        Four 27" 1080p screens 2 over 2.
        Laptop Clevo/Sager i7-9750H - 17.3" Full HD 1080p 144Hz, 16GB RAM Win 10 Pro 22H2

      • #2594511

        Proton stores the private key(s) encrypted by your password. This means you can use mail with different clients / devices and attackers cannot steal the private key from your device.
        To maximize security you need a strong password or even better, 2FA.

        cheers, Paul

        1 user thanked author for this post.
    • #2594603

      I have been using Proton Mail since 2018 to get away from the spying eyes of big tech. I use their Mail Plus paid plan (pay yearly for a discounted rate of $3.99 per month, instead of $4.99 if paying by month) which is required to use their bridge application to sync with a mail client. Initially I used Outlook (on Windows 8.1) then about ten months ago switched to Thunderbird (on Linux Mint). I also use the Android app. Otherwise I do not use/need any of the other included services, ex. Calendar, Drive, VPN and Pass. I have never had an issue with their mail service, it has always worked well for me.

      1 user thanked author for this post.
    • #2594607

      Encryption like theirs where the private keys stay on their end is not secure.  I would never use it.  Just like hushmail and safemail and other honeypots.

      Private keys for encryption are stored on the user’s device(s). Some snippets from Proton below:

      Zero-access encryption is just what it sounds like: a type of encryption for data at rest that renders digital files inaccessible to the service provider. The files can only be decrypted using the user’s private encryption key. Because the server does not have access to the user’s private encryption key, once the files are encrypted with the user’s public encryption key they are no longer accessible to the server or the server’s owner. When the data owner wants to view their data, they request the encrypted files from the server and decrypt them locally on their device, not on the server.

      Most companies do not implement zero-access encryption either because they sell your private information to advertisers (Google, Facebook, etc.) or because the technical challenges of implementing it are too great.

      Instead, they might use regular encryption where they retain control over the encryption keys. This is like storing the key to the lock with the lock itself and creates many vulnerabilities. For example, if servers are ever hacked, your private conversations can be leaked (like in the Yahoo! breach of all 3 billion of its accounts).

      Furthermore, this approach also leaves data open for misuse, either by rogue employees or unscrupulous third parties, such as in the Cambridge Analytica/Facebook scandal. This data can also be made accessible to government surveillance agencies or sold outright to advertisers.

      We drastically reduce these security and privacy vulnerabilities by using zero-access encryption to ensure that we ourselves do not have access to your data. That way, even if somehow Proton Mail servers are breached, the contents of users’ private emails will still be encrypted.

      2 users thanked author for this post.
    • #2594826

      Before sending the private key to the server for storage

      Where is it stored encrypted. Proton cannot access it because it’s encrypted by your password (but they could write code to access those keys if they were feeling suicidal).

      cheers, Paul

    • #2595897

      I like Proton Mail a lot. I still use Outlook, as part of my Office 365 subscription, for my business communications; but I opened a Proton Mail account a few years ago and I use it for most of my personal email. I like their attention to privacy.

      I used their free account when I first signed up, but last year they offered a full subscription to all of their services for a reasonable price, and I jumped on it. I don’t use the Calendar function much, but their VPN is really good. I use it all the time, especially when I travel. I also now have 6 Terabytes of online cloud storage using Proton Drive.

      I have had no problems with any of the Proton systems. For me, it is a great alternative for a secure private email.

    • #2603114

      Proton Mail adding Key Transparency to verify receiver’s mail address

      ..Proton Mail uses end-to-end encryption, a secure form of communication that ensures only the intended recipient can read the information. Senders encrypt an email using their intended recipient’s public key—a long string of letters and numbers—which the recipient can then decrypt with their own private key. The issue, Yen said, is ensuring that the public key actually belongs to the intended recipient.

      “Maybe it’s the NSA that has created a fake public key linked to you, and I’m somehow tricked into encrypting data with that public key,” he told Fortune. In the security space, the tactic is known as a “man-in-the-middle attack,” like a postal worker opening your bank statement to get your social security number and then resealing the envelope…

    Viewing 5 reply threads
    Reply To: Proton Mail

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: