If you test it, can you let me know how it compares to Findroid?
If you test it, can you let me know how it compares to Findroid?
The people you described aren’t the ones being harassed
I think it’s very hypocritical of you to assume that and then call me out for assuming something similar. And then you call this harassment? I made an assumption based on an assumption you felt free to make. But when I make a similar assumption, that’s harassment?
If you are so confident in vegans harrassing almost-vegans who try to live without animal products, please name a single instance.
I’ve personally experienced it, both in real life and on social platforms, including lemmy. I just make it a point to try and avoid interactions like that these days. I don’t go into vegan communities despite being really enthusiastic about stuff like meat substitutes because around 50% of my interactions have been terrible. And 50% is a terrible number btw. The false equivalences, the assumptions and other issues even in this post’s comments section is kind of alarming. But yeah… Play a victim if that’s what suits you i guess.
I like the concept of veganism, but your community isn’t the best to outsiders. One day that too will change hopefully.
Removed by mod
What vegan is out there calling non-vegans rapists?
I’ve been told that before. Not being vegan implies you support terrible breeding practices which makes you a rapist… apparently… Which is especially dumb considering nobody likes the terrible breeding practices to begin with
I guarantee you, he would still have dropped it at least once in two decades of use.
One key aspect that you seem to be missing is that Proton encrypts every mail, including those sent by or sent to unencrypted providers using your pgp key before storing them on the server. This isn’t a case scenario that can be handled without using a bridge. Thunderbird or any other mail client won’t know how to handle that.
What you described only solves the end-to-end encryption portion of the problem Proton is trying to solve. Not zero access.
Yes, mail headers are unencrypted. They never claim otherwise and neither did I. If it were encrypted, it wouldn’t be interoperable, which is something you want it to be as well right? I’ve always been talking about the mail content itself. Unencrypted mail headers don’t make it “not zero access”.
I feel like you’re just not the target audience for Proton. I just use Proton because I’m fine with the web UI and Proton Unlimited is mostly good value for me. I do also pay for Purelymail as i have a few domains and they’ve been wonderful too.
The bridge does the decryption using credentials you give it locally. Sorry for mentioning “auth”. I should have mentioned encryption instead.
Regarding the rest, it comes down to the zero access mailbox encryption’s implementation details. In all described scenarios, you’re not really using your master password as the “key” for your mailbox. But in proton’s and similar services’ case like Tuta, this is true. Any “zero access” service provider offering IMAP access without a bridge is simply lying to you as IMAP (the protocol itself) requires server-side decryption of the content, even if SMTP doesn’t. (Btw, SMTP is really an artificial limitation. Just not IMAP. If they give you smtp access, it wouldn’t send encrypted mails unless specifically configured to do so but would otherwise be the same.)
What you described is encryption at rest, but not zero access encryption (which is what Purelymail does btw).
Whether all this is needed and all depends on your threat model. I think most tech-savvy folks would be happy with something like Purelymail or Migadu tbh…
They can’t do traditional IMAP/SMTP simply because they always do client-side auth rather than tradition server-side auth, which inherently makes them more trustworthy than every other provider that does offer IMAP/SMTP-based provider to whom you always send your passwords in plaintext. This has the added benefit of having at least your own mailbox always be zero access encrypted.
Please don’t use privacytools.io anymore. Use privacyguides.org instead
What Proton is doing to e-mail is about the same that WhatsApp, Messenger and others did to messaging - instead of just using an open protocol like XMPP they opted for their closed thing in order to lock people into their apps.
PGP is not closed. What proton has done is make a really cool JS library for PGP as part of their Web UI (openpgpjs.org) which other projects, even those unrelated to Proton have used, like Mailvelope. They’re also pushing the PGP standard itself to support stuff like post-quantum encryption. So this is really odd to hear as Proton is, without a doubt, the most open and interoperable of all the properly encrypted providers.
Lavabit
With Lavabit, you were simply trusting them mostly blindly on their claims. Yeah it worked out that one time but could have gone very wrong.
Yes, they have it because GDPR does require it.
They’ve had it since far before GDPR took affect. They’ve also had bridge which has always allowed external backups and is in fact real time. They now also support forwarding mails, which should also suffice for your use case.
Open sourcing the server software is desired ofc, but would it really mean a lot for security? Not really. All the relevant bits are already open source. And none of it is really non-standard. But i do still wish for that for the sake of transparency. And yeah i wish they would move away from this almost source-available model.
Regarding SMTP, yeah i agree. But they do provide that through bridge and also for business users based on a per-request basis.
There are definitely a few artificial limitations and stuff that really pisses me off, like the limit on aliases in custom domains and SMTP for normal paid users, but a lot of the talk I’m hearing on lemmy about proton is just FUD.
No company has bought gitea. They just made a commercial entity which can accept contracts for enterprise installations and make some hyper specific customisations not needed for normal users (like some specific mode of internal authentication) in those installations. So far Gitea has been great still.
Why not just use Aegis with a remote backup?
Same, Hetzner Storage Share has been really good for me so far.
Can Authy really be trusted?
I have replied above: https://lemmy.world/comment/1988541
Okay, credit card autofill is there at least on the browser, my bad. But the other two, no. What I mean by auto-fill UI is an overlay like we see in LastPass, Proton, etc.
If you add an item on your desktop, make sure it’s synced and try to use the Android app to auto-fill it, it won’t be there yet. And if you use the basic auto-fill view (“Items for x”), there’s no way to refresh. The main app (not the “Items for” view) does have a refresh option though, so i end up closing everything, going back and refreshing from there.
Also, I like the way Aliases work in Proton. I’m still using both and really like both, and for now, both have its pros and cons.
Ooh, that’s promising. I guess I’ll try it once it matures a bit more then. Thanks for going through the trouble of reviewing it!