OK. Let’s leave this topic here, because we are talking about different things and have different concerns. It seems I know all I need to know about the topics you described, because I started this thread asking to check if there is something I’m missing, but none of the answers have mentioned anything that I didn’t know. Proton emails are encrypted at rest, and use LTS while sending and receiving. But none of this guarantees that they are not scanning / profiling me because they do have access to the plaintext emails while they enter and while they leave. I wasn’t looking for alternatives. I was just checking if it was actually worth the switch considering there are no privacy guarantees.

i read the first part of google’s article about MAT-STS. it is good for secury, but does nothing to prevent providersfor reading in and out email

i don’t care about their VPN. the issue you describe is very real, but it’s inherit to all vpn providers. what i care right now, is their email service. you can switch vpn providers in less than 15 minutes, but email takes days. so i wouldn’t want to go around doing all of that every time some employee says something stupid.

and btw, if you use native installed apps, then the worry of them serving malicious javascript goes way down because any change they make on the complied package would be very likely to be very obvios to someone, because its open source ( i won’t go into detail here).

i’m not trying to argue “weird non-existent edge cases”. all i’ve ever used email for is for formal communications wit govenrments, companies, special cases like my landlady. that is also true for everyone i know. i believe if this wasn’t a general thing, then people wouldn’t me using messenger apps, they would just b eusing email. but that is not what hapens. i don’t know your case, but for me using email is non optional. i can’t “just use signal”. i need an email for my government, i need an email because i need a github account, i need an email for any site i want to use, including lemmy. i just want to be able to do it privately. i’m just trying to determine if protonmail is actually private or just one big “trust me bro. we wont read you unencrypted messages as they enter or leave”

Of course. But you didn’t switch to a trustless provider. You switch to a nobody that has nothing to lose by reading you email. Also my point is that google has programs reading every email, but not people. They probably have a lot of locks to stop employees form accessing users email

I don’t understand what you are trying to say

I don’t know how old are you or where you live, but for everyone I know it’s non optional. My government requires an email. And for any site I want to use I require an email. Even Lemmy.

That sounds like the worst option of all. At least I can trust google has some protections in place to stop employees from looking at you email, because if they didn’t there would be thousands of cases all the time.

In your case, you never know who is looking. At any point a rogue admin can issue a bank password reset and just read the email

I’ve never heard of the term web hotel before. I’m guessing its web hosting

Good points.

Interesting. Damm it. I was hoping to go back to gmail because its more convenient. But if it actually provides better privacy, then I guess I can stay :(

Sorry. I don’t understand

My general opinion is that if a company requires trust, it’s not a good privacy option. We have suffered the consequences of trusting companies a lot of times. I’m not doing that again. All I care right now is the code. If we have to alternatives with the same product but one CEO is an asshole and the other not, then I’m going with the non asshole. But I’m not going to sacrifice my privacy to switch companies jus because UNTIL NOW the other provider seems nicer. That can change at any time. Email is specially a problem since switching emails is the most time consuming part

Could you elaborate? What is an email hotel? I’m guessing you mean an email hosting.

Haven’t heard of MTA sts. I’ll have to research it, but it probably doesn’t change the fact that when exchanging emails with another provider, they have to work with plaintext

No.

• One of the main uses of email is communication with companies. And they won’t have a signal account just to exchange passwords with you
• doesn’t work for emailing someone you have no say you want to send an email to… Idk a youtuber (first example I could think of where you know you want to talk to them but you have no other means to do so). They have their email published. Now what? You can’t email them asking for their phone number so that you can exchange email passwords because they won’t give it to you, and that exchange is happening unencrypted
• if I have a way to contact someone over signal, I’d rather use that than email

The thing that razorblades have real tangible consequences. I’m talking about something you can’t even verify. Sire, in principle those that claim not to do something are better, but with that logic, WhatsApp, telegram, and the Facebook messenger are perfectly valid communication platforms and all 3 claim e2ee.

That has nothing to do with privacy

Right. So back to gmail?

You can’t know if they are not reading you emails to do anything. That is the issue. Because of how email works, we know that they COULD. And experience tells us that tech companies profit from breaking promises and laws.

This is the best reply so far. Probably not enough for me to stay, but at least not pretending it’s safer

Yeah. I chose proton over tuta because of this option to send the link to the encrypted message. I think tuta does have it, but it didn’t show the entire conversation. If you wanted to see the entire chain I think you and to either find the mates email to get the latest URL, or open each URL by itself.

The problem with those is that you have to exchange the password by some other means than the email itself, so it’s really not practical for the other person

Exactly. It has to be sent unencrypted. So there is no way to know what either of the providers are doing and is just a big “trust me bro”

Of course not seeing ads on YouTube doesn’t mean they don’t want to profile you to shore ads somewhere else. Premuim is ad free, not tracker free

On terms of using a VPN. They don’t need a reason. They can just do it