Oh, bad timing. Just a few months ago I was on the fence about Protonmail vs Fastmail (vs all others) and ended jumping to Fastmail: the privacy pro didn't seem to outweigh the cons. Now with open sourcing stuff the pros do get somewhat better... But reevaluating and switching would be troublesome.... Maybe in a few years I'll revisit it :)
Yeah protonmail charging for the marginally free stuff, like domains and aliases is very disappointing. I make a new email for every account, in the form of [email protected] do I have to pay proton mail $24/month for that privilege?
Also not providing 20GB space as a default paid option in this day in age of $5/month/TB is also very disappointing.
I've been with ProtonMail a couple of years now, and recently made the step to buy my own domain to use for personal email. What I'm hoping is that whenever I want to switch provider in the future, it won't be any more trouble than to switch some DNS settings :)
The easiness to migrating away was one of the cons of Proton Mail to me, but I don't remember the exact reasons for it besides not using standard protocols. Having standard protocols really makes everything easier. With the open sourcing of the tools, maybe it will get better?
Interesting. I run rainloop on my (local) server so I can have mail in my browser (while on my lan). I'll have to see if I can get bridge for linux working with that. Server is headless, so hopefully bridge is too...
I'm happy to see ProtonMail getting exposure. I moved over from gmail about a year ago, and have been quite pleased with their service.
Only downside I've seen is that there isn't a clear way to increase available data storage, independent of other billable line items (like number of users etc).
Other items on my wish list would be more customizable email filtering, I'd love to be able to create filters such as 'is this from [internet provider] and does it contain the word bill? -> inbox, else spam'
Both those things you mention as wanting exist already.
For data storage independent billing, go to Settings -> Dashboard. On Professional tier and above the data storage is a dropdown where you can increase the amount required.
For email filtering go to Settings -> Filters and create as many conditions as you want on a filter.
Interesting, I pay for the professional tier, and do not see a separate dropdown available for storage. The professional plan lists 5gb/user (at a rate of about $5/month), and the only way to scale up storage on my dashboard page is to provision more users (up to 100, so max of 500gb).
It’s a non-issue now, but yeah I’d prefer to interact with my plan the way that you describe and be able to scale storage independently (and ideally at a cheaper rate).
Regarding filters, that’s great! I didn’t see that before and will likely utilize it heavily now that I know it exists.
Ah I see, yeah the Plus plan lets you choose the storage. Professional works differently for some reason. I bet if you contacted their support they'd consider changing it though as it doesn't quite make sense as-is.
I use both protonmail and gmail, with protonmail used for things that I feel require more privacy, such as banking. One thing that I really do miss, and I understand the reasoning, is being able to effectively search for an email. Since the content is encrypted you can only search for what is in the headers.
From their pricing page[0] it looks like their highest-priced plan only goes to 20GB. That's an order of magnitude too little for me just for the current size of all my mail.
(And no, I don't want to clean up 20+ years of email. I want to pay someone else to handle archiving and indexing it and not think about it.)
> Data is actually strongly encrypted using that key before leaving the client.
Except "strongly encrypted message" you should send some extra info for server. And I'm not sure how those two types of info separated in Proton's communication protocol, so binary diff between those "parts" could be a key to select decrypt method.
Their key encryption is fairly safe, if you use one-password mode, they could intercept your password from the webinterface if they wanted, but the password exchange is solid and doesn't reveal the password while still allowing to decrypt the key.
Two password mode is technically more secure since even if the authentication exchange is cracked, the decryption key doesn't touch anything the server can see, it's locally decrypted.
Cool. But neither the audit nor the repository explains if it's possible to create the APK in a reproducible way. Google Play distributed APKs contain their signatures, so in theory it wouldn't be possible to 1:1 reproduce the distributed ones.
However for F-droid this would allow them to sign their own APKs and provide some additional security guarantees in their supply chain.
Also a bit concerning that there is no tags yet in the repository.
This was a showstopper for me back when I decided to go with posteo.net instead. Well, better late than never, hopefully their service will become useful for more people.
I hope the open sourcing helps accelerate the pace of development.
Tangentially, my needs are very minimal and I have a couple of ProtonMail accounts on the free tier that don't get much mail (the size of the mailboxes put together would be 5MB or so). I also aggressively delete unnecessary emails quickly and empty the trash. I'm waiting for multiple account support in the official mobile client for users on the free tier (this was promised quite sometime ago).
I wonder if it's possible to migrate my Gmail-powered email address while keeping my family's inboxes there. I'm interested in joining Protonmail but I can't afford to pay for everyone, nor will they understand my wish to move away from Google.
I guess it can't be done as it's at the domain level, am I right?
does everyone in your family currently have the email name they want or did they have to compromise by putting numbers at the end or use similar tricks? ...because theres probably a better chance of getting the name they want with ProtonMail.
the shorter [email protected] email address is a nice feature to have as well
The lesson from Crypto AG is that you have to assume that every communications provider is a CIA front. You should do things in a way where you don't have to trust anyone but yourself and your correspondent. Open source clients are thus an important moral to the Crypto AG story.
"Crypto AG was a Swiss company specialising in communications and information security. It was secretly jointly owned by the American Central Intelligence Agency (CIA) and West German Federal Intelligence Service (BND) from 1970 until about 1993, with the CIA continuing as sole owner until about 2018.[1] With headquarters in Steinhausen, the company was a long-established manufacturer of encryption machines and a wide variety of cipher devices."
Basically they were world's leading manufacturer of encrypted phones & fax machines for military use and it was revealed that they were controlled by German and US intelligence all along.
My suspicion for ProtonMail is only that it's too good to be true: A small amount per month to solve all my privacy/confidentiality needs w/o really inconveniencing me? I'm in!
At least now that all PM's non-beta apps are open source, you (or someone) can audit all their client-side apps to ensure that it doesn't matter if the sever is trying to do something nefarious. As long as your encryption key and plaintext mail never leaves the client, and the encryption being used is sound, you should be safe.
Now, if it's run by the CIA/NSA/whatever, and they have found vulnerabilities in state-of-the-art encryption algorithms that we don't know about, you're hosed. But we're still hosed even if they aren't running the mail server (that just makes it easier for them to get hold of the data), so I'm not sure that's a threat model the average person could reasonably protect against anyway.
I see. Thanks for the info. PM is competitively priced for the VPN/Email market, so I can’t quite make the leap you mentioned. If your concerns are based on price it would mean the whole market is corrupt. Maybe it is, heh, I’m open to that.
I use PM because fuck Google(Gmail), and fuck my ISP for profiting off my private data. I’ve always figured the 3 letter agencies can get access when they want. I’m not doing anything nefarious so I’m happy just to battle against corporate greed.
been a user for a couple years. open source everything, maybe the community can help fix their basic bugs like not being able to import their VCF exported contacts into thunderbird.
ProtonMail doesn't really try to be general-purpose email client. You can either use the bridge with an email client of your choice, or you can forward your mail.
Not really the email client of your choice. In Mac OS, you can do Apple Mail and Thunderbird well, but if you try something like Airmail, it crashes the app (or other unexpected behavior). Not exactly 100% IMAP compliant for what I can tell.
Great to see this! On another note: there was a six month gap (unless I'm mistaken) between the iOS version being open sourced, and this Android release. I am a bit surprised that iOS got open sourced first. Is this because it did not receive the same security audit that presumably held up the release of the Android source?
> Their audit found that our app has no outstanding vulnerabilities.
Either I'm misunderstanding what they mean by "outstanding" or this is a very bold claim. Shouldn't they be saying something like "Their audit found no vulnerabilities in our app."
I think it means that they resolved any found vulnerabilities before the audit was published. Therefore none of the found vulnerabilities were _outstanding_ when they published it. In this case _outstanding_ means that the auditors have not yet verified a fix.
If you just want a simple way to access your mail over HTTP (without the need for standards) you could probably also run imap-api[1] pointed at the Bridge. Although admittedly it does feel a bit hacky.
Or maybe also getmail or fetchmail which will download your mail over IMAP and put it in the maildir format as files.
[1] https://protonmail.com/blog/proton-bridge-linux-launch/
[2] https://protonmail.com/blog/bridge-open-source/