Post got deleted, posts removed…

  • AnAmericanPotato@programming.dev
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 month ago

    Not the encrypted mail, mind you, because they can’t do that

    Just want to point out for anyone new that ProtonMail does not use E2EE for email headers. That means they CAN access your subject lines, to/from fields, and other email headers. That means they CAN be forced to hand it over to the government.

    Source: https://proton.me/support/proton-mail-encryption-explained

    Subject lines and recipient/sender email addresses are encrypted but not end-to-end encrypted.

    Personally I am disappointed in a lot of Proton’s wording about this. They frequently promise they can’t access “your data” and “your messages” when they do, in fact, store potentially sensitive data in a format they CAN access.

    • jherazob@beehaw.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      It’s email, that’s the best you can get with email, if you want to have more privacy, DON’T USE EMAIL

    • _cryptagion@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      edit-2
      1 month ago

      A bit more context is important here. They aren’t E2EE, but they are stored encrypted. In the case of the person whose meta information was turned over, ProtonMail wasn’t forced to hand over the information right away, they were forced to collect it the next time that person accessed and used their email. That tells us that they didn’t store the information beforehand and could not access it without preparing to intercept it the next time their service was used.

      Ultimately, though, if something like that’s a dealbreaker, it’s likely you’re doing something that would benefit from a more secure way of communicating than email.