This is why you sign and encrypt the contents of email. If the recipient doesn’t have the public key, they can’t read the content.
Allowing a service provider to “handle your keys” is tantamount to letting the fox watch the henhouse.
Proton doesn’t provide IMAP/SMTP access for free accounts, so you won’t be able to encrypt emails locally.
This ultimately is the tech version of “trust me bro”. This means you are as secure on Proton as you are on GMail, depending upon how you use the service.
This comment is completely off the mark. The information that they disclosed is the recovery email -the same exact thing which happened previously- not any content of any email.
Also, proton does encryption with PGP, but you can’t encrypt if the other side doesn’t use PGP (which is the case for 99.98% of humans on the planet). If they do, proton supports this including with arbitrary clients using their bridge.
FYI email contents were not decrypted or turned over to police, as far as I know Proton’s E2EE is still as good as whatever system you’re using. Proton doesn’t have the keys to decrypt your emails, it never did. What they have access to is metadata that is necessary to function when your private key is unavailable - e.g. your public encryption key used to encrypt incoming emails from non-Proton sources, or in this case, a recovery email address (I don’t know what the recovery process entails and whether it can restore encrypted emails).
This is why you sign and encrypt the contents of email. If the recipient doesn’t have the public key, they can’t read the content.
Allowing a service provider to “handle your keys” is tantamount to letting the fox watch the henhouse.
Proton doesn’t provide IMAP/SMTP access for free accounts, so you won’t be able to encrypt emails locally.
This ultimately is the tech version of “trust me bro”. This means you are as secure on Proton as you are on GMail, depending upon how you use the service.
Just encrypt with pgp and send encrypted text
Umm, you absolutely can. Use gpg, encrypt the txt, copy the encrypted text into the email. EZPZ.
…yes, that’s what I said. But sign them locally. Do not put your private key on Protons service. Sign and distribute pub keys locally.
Probably should have clarified.
Also, paid IMAP/SMTP makes Proton a freemium service. Thought I should just underline that.
This comment is completely off the mark. The information that they disclosed is the recovery email -the same exact thing which happened previously- not any content of any email.
Also, proton does encryption with PGP, but you can’t encrypt if the other side doesn’t use PGP (which is the case for 99.98% of humans on the planet). If they do, proton supports this including with arbitrary clients using their bridge.
Sir, if your recipients don’t have a public key, you cannot even encrypt the message… That is how asymmetric-key crypto works.
FYI email contents were not decrypted or turned over to police, as far as I know Proton’s E2EE is still as good as whatever system you’re using. Proton doesn’t have the keys to decrypt your emails, it never did. What they have access to is metadata that is necessary to function when your private key is unavailable - e.g. your public encryption key used to encrypt incoming emails from non-Proton sources, or in this case, a recovery email address (I don’t know what the recovery process entails and whether it can restore encrypted emails).