Comment on E-Mail with own domain
berber@feddit.org 2 days agoactually, i was talking out of my ass a little. i am not sure itself how things work, i was under the impression that proton can’t access your clear text mails, once they are stored (of course, they can build backdoors that snoop when receiving mails, but we shall not assume this), similar to how mailbox.org allows you to have all incoming mails be immediately encrypted via your chosen pgp key, effectively having e2ee. i was under the impression proton did this automatically and stuff, i mean why else do you need to use their own apps for everything and to even use basic stuff like imap? but yeah i don’t know their setup exactly.
activistPnk@slrpnk.net 2 days ago
PM’s apps perform the encryption on your own device because it’s your device that runs the apps. That is e2ee, but still only in the two scenarios I mention and even then it’s also vulnerable to targeted attack. PM could ship malcious j/s if it wanted (the likely case being to comply with a court order). It’s better if your own non-j/s FOSS MUA handles the crypto, which is actually easier if you don’t use PM.
If mailbox.org works the way anonaddy works, then that’s not e2ee. The msg payload is seen by the server that does the encryption, in the very least. The sender’s ESP would have already seen the msg.
berber@feddit.org 1 day ago
so in both cases, proton and mailbox, you have “less” snoopability, in the sense that they wouldn’t be able to snoop your stored mail retroactively. i am (in some sense naively) assuming “good” conditions here, such as that they don’t keep copies somewhere.
of course without actual e2ee there is always a way for a provider to snoop any incoming email if they wanted to.