This guy can be pretty harsh at times, but he’s clearly very knowledgeable..

However, not all providers have a recent review, and his priorities are skewed heavily to the “paranoid” side of the tech world. For example, he considers being able to mail cash to a provider a significant pro. The overwhelming majority of users aren’t mailing cash to pay for their email.

Overall, it’s good info that’s worth sharing.

  • WardPearceEnglish
    2·
    11 months ago

    Not sure if this is entirely true, it is possible Proton mail is encrypting everything at rest (with the users public key) and only following PGP mail limitations during transit.

    Like for example plaintext emails are encrypted at rest on Proton mail, what isn’t ideally (compared to e2ee) but still minimizes the attack surface.

    Actually for reference this is exactly the case

    Message storage All messages in your Proton Mail mailbox are stored with zero-access encryption. This means we cannot read any of your messages or hand them over to third parties. This includes messages sent to you by non-Proton Mail users, although keep in mind if an email is sent to you from Gmail, Gmail likely retains a copy of that message as well. Password-protected Emails are also stored end-to-end encrypted. Subject lines and recipient/sender email addresses are encrypted but not end-to-end encrypted.

    https://proton.me/support/proton-mail-encryption-explained