Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
ProtonMail: someone use it?
- Thread starter AGX
- Start date
- Sort by reaction score
How long have you been using it?
Do you use the iOS mobile app on your iPhone?
Thanks in advance
I created it like a couple of months ago may be. However, I have to be honest and recognize that I've never used it in a real-case scenario, lol. I played a little with the web interface and that's it.How long have you been using it?
Do you use the iOS mobile app on your iPhone?
Thanks in advance
Can you point me to the TED talk? This look interesting, but I'm not sure what their business model is like.
Secure is good, but free? I don't know.
They are planning to introduce paid premium tiers in addition to the free basic accounts in the future.
I have been using ProtonMail for months with poisitive experience. Nevertheless, I prefer Tutanota to ProtonMail. Reasons: ProtonMail is on invitation basis, so the circle of users is limited, the iOS and Android applications are available only if you donate a certain amount of money.
Last but not least, the ProtonMail servers are in Switzerland, but the inventors and owners work in the US on permanent basis at the moment.
Tutanota servers are in Germany as well as the inventors and owners. The software is available for all, can be upgraded to premium version. The iOS and Android applications are free to download. Both apps work flawlessly on mobiles.
Last but not least, the ProtonMail servers are in Switzerland, but the inventors and owners work in the US on permanent basis at the moment.
Tutanota servers are in Germany as well as the inventors and owners. The software is available for all, can be upgraded to premium version. The iOS and Android applications are free to download. Both apps work flawlessly on mobiles.
True.
Nevertheless, it is an original idea to use Latin.
(http://www.preces-latinae.org/thesaurus/Introductio/Pronunciatio.html)
Nevertheless, it is an original idea to use Latin.
(http://www.preces-latinae.org/thesaurus/Introductio/Pronunciatio.html)
Think your email's private? Think again
http://www.ted.com/talks/andy_yen_think_your_email_s_private_think_again
I use ProtonMail for about 8 months now and I turned it into my primary Apple ID which I use for iCloud (just without mail). I have to point out several things in response: (1) ProtonMail is still in beta, which explains the lack of invites, features and apps. (2) You will get an invite within a few days now. I know this from friends and family members who signed up recently. (3) The apps are in closed beta and you can’t get them at the moment, unless you donate some money. The apps will be free once they are released before the end of the year.
I don’t think it matters all that much where the developers are located, as long as the software is solid, open-sourced and susceptible to public scrutiny. The servers are still located in Switzerland, which is where the security needs to be put into place. Tutanota has its servers in Germany and I personally cannot really understand why this is held out as a plus these days. Germany is still subject to supranational laws with all its flaws and caveats like elsewhere in the EU. Coincidentally, the German parliament has passed a new federal data retention law this month, even though the EU data retention directive was quashed by the European Court of Justice last year. Germany is thus doing this on their own volition. Admittedly, the Swiss parliament has passed a similar law, but is currently awaiting a potential referendum if 50,000 signatures can be collected before the end of the year.
There are some things that ProtonMail is arguably better at:
- They use PGP, whereas Tutanota uses what seems to be their own encryption method (although they claim to use standardised encryption algorithms). This means that it probably hasn’t undergone a lot of scrutiny yet and in practice it means that non-Tutanota users cannot send you encrypted emails as long as this is not supported, making the service unnecessarily complicated. In addition, PGP makes it at least conceivable that ProtonMail can be used with other email clients that support PGP (there is a plugin for OS X Mail for instance). I personally don’t want to be dependent upon client-based encryption with Javascript for too long (which has lots of security problems still).
- They use two separate passwords, one for the account, the other for the private key. Tutanota uses one password that unlocks both. Neither have two-factor authentication, which makes Tutanota’s choice a bit odd.
- They have a neater and more powerful web client. From what I’ve seen of the iOS and Android apps, they look impressive too. Although Tutanota has apps already, at least the iOS app is a wrapped web-app and it looks and works a bit shabby. I suspect that it uses the same Javascript client-side code.
Last edited:
I just explained several, both how the service is set up and how secure it is. The rest is the impression I got after a bit of web searching.
I have a protonmail account, but as said it is still by invitation, so the user base is slowly expanding. I use paid services for my day-to-day emails from Neomailbox using S/MIME for encryption. It works quite well, but their customer service is insanely slow. I also have a countermail account, while based in Sweden claims to toss away all logs and have automatic (delayed) pgp encryption for ordinary email, and claim to not keep the private keys if you decide to delete them from their servers.
I used mailbox.org before and also tried posteo.de. Tutanota and ProtonMail aren’t conceptually new, but what really breaks the viability of many of these services, for me at least, is a lack of integration into other platforms beyond web-based clients. It just doesn’t work. What sets these two apart is that they provide their own applications and plugins.
The theory is that companies that have a presence in the US may be pressured under patriot-act provisions even if the affected operation is outside the country. For example, Microsoft is currently fighting US government requests to hand over information that is stored in their European data centers.
Yes, sad. At least email is excluded though, and the retention period (10 weeks) is relatively short compared to other countries that have data retention laws (or no restrictions at all, like the US).
On the other hand, Protonmail is only partly open source and the closed part cannot be independently scrutinized at all.
They have a plugin for Outlook though, which is far easier to use than PGP and apparently makes the service quite popular among lawyers. It also encrypts the subject line (while it is sent in the clear with PGP).
Tutanota have announced 2-factor authentication for early 2016.
I haven't used the mobile client a lot, but it didn't seem "shabby" to me.
But it remains at heart a conflict of laws and the data still remains on Swiss soil. To my knowledge, ProtonMail has no (official) presence in the US beyond the domicile of some of the developers and that gives already little leverage to US authorities to enforce compliance.
What worries me about this is that people hold German privacy law in high regard. This is something that really annoyed me about mailbox.org and posteo.de as well; they take it as self-evident. As someone who is frequently in Germany, I don't want to use a German provider for that exact reason.
As of yet, but they are planning to do this once the web client is out of beta. I treat ProtonMail as an unfinished product presently and I give them the benefit of the doubt. I think it will be good to compare both services again at the beginning of next year.
Popular among lawyers? You must be joking. I can't imagine any lawyers who would ever use such newer services without respectable security credentials. Encryption or not, but all of these services are not airtight yet (example: https://twitter.com/sweis/status/595051847934672898). The Outlook plugin is the only strong advantage it currently has, but it is a proprietary implementation of their own encryption method and it is quite expensive too (€10 a month for a single account and you don't even get more space or aliases). It's more suitable for teams and companies, I suppose. I also don't see how it is easier than PGP. Within the service, whether you use Tutanota or ProtonMail, the correspondence is seamless. The benefit is that it allows you to access the inbox within Outlook. As soon as it involves another provider though, PGP will have the advantage. The encrypted subject line will only be supported within the service, nowhere else.
I read that they are also planning to come up with a scheme to get some PGP support. We'll have to see.
Well, agree to disagree, but I find it bad. I hate wrapped web-apps with a passion. The web client itself uses these awful and slow animations which have tricked me more than once into swiping the whole page away. It also has no multi-select, no search, no draft support, no mark-as-unread option. ProtonMail has all of this in their web app and from what I've seen the mobile apps too.
Considering all this, I personally just find ProtonMail the better horse to bet on and I'm still happy with my choice even though I keep an eye on how the other services are coming along.
Last edited:
They have a branch in San Francisco.
Well, most of them primarily compare themselves to the situation in the US, and compared to that Germany does have relatively strong protections. There is also a lot more resistance against the surveillance state in the general population, probably in part because many still remember the GDR. Just the politicians don't seem to be listening.
Not joking, just repeating what I read in a law magazine a while ago.
It's how they plan to fund the company. 10 Euros is very cheap for businesses.
The problem with PGP is that the key exchange is a mess. Most of the existing mail wrappers are also not exactly user friendly.
Protonmail has its own issues (e.g. they currently don't even have PFS in their SSL implementation, not to mention DANE). They are both not quite ready for primetime IMO.
ProtonMail DDoS attack
http://www.theinquirer.net/inquirer...l-service-struck-by-unprecedented-ddos-attack
http://www.theinquirer.net/inquirer...l-service-struck-by-unprecedented-ddos-attack
Interesting read, I'm not familiar with the topic at all (interested but never had the chance to look into it). Doesn't Google Gmail and such come under attack as well? Or are they simply bigger to take down? If it's a matter of size, when they said "unprecedented", I suppose that's a rather relative term based on their own size?
Companies like Google can afford advanced DDOS mitigations, either on their own or by buying the service from specialized providers or ISPs. Essentially this involves operating a distributed infrastructure of DDOS filtering devices at multiple locations in the Internet and blocking DDOS traffic before it reaches the premises where the actual servers are located.
The most interesting question in this case is IMO: Who could possibly have an interest in attacking a small company like ProtonMail? If you're only after money, there are much juicier targets out there.
Well as you have stated bigger could probably be harder? Or even if not harder, simply more resource (police influence, lawyer, or even hiring their own hacker to do a counter attack or find who did it).
Last edited:
I was more thinking of medium sized enterprises that often don't have a large IT budget and shy away from contacting the authorities because they don't like publicity for incidents like this. ProtonMail is a small startup that hasn't even achieved break-even AFAIK, so they can't pay big ransoms.