• DeathByBigSad@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    6
    ·
    edit-2
    1 day ago

    Incoming Emails that aren’t from proton, or PGP encrypted (which are like 99% of emails), arrives at Proton Servers via TLS which they decrypt and then have the full plaintext. This is not some conspiracy, this is just how email works.

    Now, Proton and various other “encrypted email” services then take that plaintext and encypt it with your public key, then store the ciphertext on their servers, and then they’re supposed to discard the plaintext, so that in case of a future court order, they wouldn’t have the plaintext anymore.

    But you can’t be certain if they are lying, since they do necessarily have to have access to the plaintext for email to function. So “we can’t read your emails” comes with a huge asterisk, it onlu applies to those sent between Proton accounts or other PGP encrypted emails, your average bank statement and tax forms are all accessible by Proton (you’re only relying on their promise to not read it).

    • Encrypt-Keeper@lemmy.world
      link
      fedilink
      English
      arrow-up
      18
      ·
      edit-2
      1 day ago

      Ok yeah thats a far cry from Proton actually “Having your unencrypted emails on their servers” as if they’re not encrypted at rest.

      There’s the standard layer of trust you need to have in a third party when you’re not self hosting. Proton has proven so far that they do in fact encrypt your emails and haven’t given any up to authorities when ordered to so I’m not sure where the issue is. I thought they were caught not encrypting them or something.

      • Vinstaal0@feddit.nl
        link
        fedilink
        English
        arrow-up
        1
        ·
        19 hours ago

        We need to call for an audit on Protons policy and see if they actually do what they say, that way we can know for almost certain that everything is good as they say

        • Encrypt-Keeper@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          18 hours ago

          I mean we know from documented events that Proton doesn’t store you emails in plain text because there have been Swiss orders to turn over information which they have to comply with and they’ve never turned in emails, because they can’t.

      • cley_faye@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        6
        ·
        1 day ago

        Ok yeah thats a far cry from Proton actually “Having your unencrypted emails on their servers” as if they’re not encrypted at rest.

        See my other reply. There is no way to retrieve your mail using IMAP on a regular client if they’re encrypted on the server. And Gmail can retrieve your mails from proton using IMAP. It’s even in their own (proton’s) documentation.

        • nymnympseudonym@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 hours ago

          Agreed.

          Really, if someone wants to use an LLM, the right place to run it is in a sandbox locally on your own computer

          Anything else is just a stupid architecture. You don’t run your Second Brain on Someone Else’s Computer

        • Encrypt-Keeper@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 day ago

          There is no way to retrieve your mail using IMAP on a regular client if they’re encrypted on the server.

          That is probably why you can’t retrieve your emails using IMAP from a regular client.

          And Gmail can retrieve your mails from proton using IMAP. It’s even in their own (proton’s) documentation.

          I don’t think it can. Where in the documentation did you find that?

          • cley_faye@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            21 hours ago
            And Gmail can retrieve your mails from proton using IMAP. It’s even in their own (proton’s) documentation.
            

            I don’t think it can. Where in the documentation did you find that?

            An online search brought me here : https://www.getmailbird.com/setup/en/access-protonmail-com-via-imap-smtp which did looks like a documentation page about how to do exactly that. Obviously, it has nothing to do with them, and the actual details makes no sense the lower you get in the page. I’ve been had :)

            They still can see most mails transit from their service in plaintext in both directions, though, which remain a privacy issue, but it has more to do with email protocols than anything.

            • Encrypt-Keeper@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              17 hours ago

              You’re right that they can see the emails in transit if you’re not using encryption, but they never said they can’t. They are as secure as they can possibly be, and are honest about what’s secure and what’s not. I would leave Protonmail at the first sniff of trouble but I just haven’t seen anything that concerning.

    • cley_faye@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      2
      ·
      1 day ago

      Now, Proton and various other “encrypted email” services then take that plaintext and encypt it with your public key, then store the ciphertext on their servers, and then they’re supposed to discard the plaintext, so that in case of a future court order, they wouldn’t have the plaintext anymore.

      You would not be able to retrieve your mails using IMAP from a regular mail client if they were doing that. You can even retrieve them from Gmail, which is unlikely to support any kind of “bring your own private key to decrypt mails from IMAP”.