Why I don't believe in encrypted mail providers anymore
Written by Lionir
Why would I move away from a provider which provides encryption for all my emails? It's one of the most important parts of someone's digital life, so, why would I want that unencrypted for my provider to see? Let's get into that.
No specification or interoperability for the encryption
Usually, the magic E2EE only works if both recipient and sender use the same provider. If you use anything else, it just won't work without hassle. If Tutanota, you'll require the other person to follow a link and enter a password and be stuck on that Tutanota's web interface which won't be fun for them. In the case of Protonmail, another encrypted mail provider, you'll need to find OpenPGP keys and you're basically back to square one. OpenPGP is just too much pain for people to use and do it properly.
In either case, it's not how you move email forward, you're simply injecting proprietary protocols and/or encryption protocols.
No interopability with the email server in general
Protonmail does have an IMAP bridge program but that assumes you want to run that on your computer all the time to access your email?! You also get none of the benefits of their encryption! It's just worse. As for Tutanota, there's just nothing. You use the web interface (which the desktop and mobile clients also use). I mean, their web interfaces look nice, don't get me wrong but that's not how you move email forward, it's just a pain for anyone who isn't happy with your clients.
This also means that it's generally painful to move from one provider to the other. Protonmail does not offer any way to export your email for free (!!!!). This just traps people in their service. The worst part is that they have a tool to let you export your email but you have to pay for it. Tutanota doesn't have any bulk tools but it's easy enough to just shift-click all the email in the desktop client and export to eml files. It's not ideal but atleast it let me move my email.
(I have asked Protonmail about making these tools available for free because I believe that it may be a GDPR violation. Exporting is not a privilege, it's a right. I'll update when I get a response.)
It's not more private nor secure
The truth is your email is not really any more secure for most if not all communications. The copy on the other side is likely not encrypted. The webmail interface could be poisoned, there's nothing proving that the interface you see is the source code given, they could at any point in time inject something to get your keys. This is something that could be avoided with third-party implementations or clients which can't be updated in the background but those don't exist for those services. Even if we could prove that the client was fine, the server could always just keep a plain copy with no issues at all for most email.
From my time using email, I have actually never email someone with Tutanota's encryption other than myself for testing purposes. Even in that case, the server could still just keep the metadata of who contacted who and when because it needs to have that information to send the encrypted data.
All these issues just give the user a false sense of privacy and security that simply can't be solved in the current state.
Conclusion
My conclusion is simple : Don't use encrypted mail providers. Assume everything you say through email can be read. While I do trust my provider not to do so, I have little reason to think that a government can't and just have to act like it. Use other services for private information, delete information if I don't want it.
Comments
"I concur, and use Migadu too.
Regarding PGP, sharing keys is pretty seamless once you set it up. WKD makes sharing keys from your own site/email domain really easy, without relying on any keyserver; since my email is @seirdy.one, PGP programs like GnuPG simply download my public key from https://seirdy.one. When I open a signed/encrypted email for the first time in my mail client (Neomutt), GnuPG automatically fetches keys via WKD, DNS, DANE, and a list of keyservers so I hardly have to lift a finger.
It also helps to expose a public key with IndieWeb microformats2 for better discoverability." by Seirdy on the Fediverse
The conversation went on and I'd recommend reading if you are interested. Personally, WKD is not possible without hosting my own web server and then I still have the problems of managing, hosting the web server and... the likeliness of someone contacting me this way are essentially null, I believe.
"I’ve seen takes like this a few times, and I think they might a be a little bit misguided. I use Protonmail and have never used Tutonota, so I can only speak for Protonmail but:
Protonmail supports OpenGPG, like you mention in your post, which IS an open standard for encryption. I agree that it’s not one that’s easy to grok or use for folks that aren’t pretty technically literate, and that’s a shame, because it’s a great tool. I’d love to see a larger effort to create better systems around supporting everyday computer users understand and use tools like OpenGPG, but I don’t think moving away from one of the only email providers that supports it will accomplish that goal.
For what it’s worth, Protonmail does also support the interface you describe with Tutanota, where you can email someone an encrypted message, and they get a link asking for a password. I don’t think this is a particularly nice experience for most people, but I have used it in the past for remote secret sharing in a pinch, and it is fairly simple to use, even for people without a lot of computer literacy.
All that said, even without any truly end to end encryption, I think there are significant benefits to using encrypted email providers. I think by now there’s a pretty good cultural awareness of the kinds of harms that come from a large corporate entity having access to things like a user’s web browsing history. We know how companies are able to use those datasets to create profiles of their users, and sell manipulative advertisements and even the profiles themselves, often to other companies that the user themself would prefer to never interact with, let alone give a huge set of identifying data to.
Your email inbox is akin to your web browsing history, at least for most people. Almost every website you make an account with ends up sending at least one verification email to you. In many ways this is an even stronger signal than just browsing history; it shows a much clearer intent than just visiting a link.
If Protonmail is my email provider, then at the very least I can know that the contents of my inbox are being stored in a way such that they simply cannot be read by anyone who isn’t me. As someone who isn’t particularly concerned about a specific person or entity targeting my communications, but is frustrated by and concerned about largescale corporate spying on individual browsing habits, this is what I’m looking for in an email provider. I pay them money, they store my emails, and they give me a key to access them, but don’t keep a copy for themselves. I think this is how all cloud storage should work, always.
One more minor quibble: running Protonmail Bridge doesn’t remove “all of the benefits of encryption”, it specifically allows you to continue to use your encrypted email service through a client that knows nothing about encryption. If you receive an email while running the bridge, encrypted or otherwise, it will be decrypted by the bridge, using your key, before being sent to the client you’re using. That way the email only lives unencrypted on your machine, but is still encrypted on Protonmail’s servers." by smores on Tildes
Protonmail does support OpenPGP, you're right but the key discovery and automation are gone which make using the open standard essentially impossible for the average person which goes against the goal of using Protonmail in the first place in my opinion.
I agree that the link asking for a password interface is unwieldy and I personally don't like it.
The thing that bothers me with the lack of E2EE being accepted is that you're still basing your trust on your provider. Granted, I do believe Protonmail likely has better intentions than if Google were to implement it in Gmail but that entirely still solely relies on trusting the provider. It kinda removes the entire point of encrypting things from my point of view.
Yes, the email mailbox is very important but I don't believe that putting a weak lock and the illusion of security is necessarily the step towards making that private.
Protonmail Bridge indeed doesn't remove “all of the benefits of encryption”, it's more so that it removes a very important part of the Protonmail promise : E2EE. That's a deal breaker for me.
Join can see conversations about this article on Tildes and Reddit.