Comment on Privacy-Focused Proton Mail Aids FBI in Uncovering ‘Stop Cop City’ Protester’s True Identity
RIotingPacifist@lemmy.world 1 week agoThey litterally gave information they were legally required to
E2EE stops them from being forced to turn over the emails themselves
Except it doesn’t, E2EE in browser is pointless, they send your browser the code that does the dycription, they can just as easily send your browser code that does decyption & uploads the contents to themselves.
Yes doing actual E2EE emails is harder because both ends need to use an email client and configure it to do encryption, but for amost all scenarios protonmail is no more technically secure than any other webmail provider.
| Scenario | Gmail | protonmail |
|---|---|---|
| Legally required to hand over your emails | can comply | can comply the next time you use the account |
| Datacenter breach | emails encrypted at rest | emails encrypted at rest |
| Persistent threat | can read your emails | requires code injection capability |
I think offering per-user encryption that makes it harder for the company to data mine your emails is good, I just wish people would stop believing companies selling you “secure solutions”.
In this case defendtheatlantaforest would have been more secure if they used any free email provider and GPG, yet there’s a cult-of-produce around protonmail as if it’s offering you a level of security that it can’t.
HyperfocusSurfer@lemmy.dbzer0.com 1 week ago
Except you don’t have to use their browser version and can instead use their apps or their bridge or even a 3rd-party bridge like hydroxide, which makes injections quite a bit harder. They can still get incoming and outgoing plaintext (i.e. not pmail ←→ pmail) emails, tho