Proton Encrypted Mail Desktop App Now Available for Mac

[gregmac19]

I started a thread last December regarding the security of email services: https://forums.macrumors.com/threads/security-of-secure-email-services.2413544/

I mention that here since in that short thread there is an excellent post by “Ix-is” that addresses the security issues being discussed in this thread.

 

[cloudyo]

Well, yeah, E-Mail isn’t designed to be a secure communication system.

But, that doesn’t mean you shouldn’t try to encrypt your communication whenever possible. As with most security related discussions, its often insinuated that if no perfect solution is available you might as well use no protection at all.

This is a false conclusion. Yes, proton in particular cannot solve the security issues of e-mail by themselves because they still need to be able to interact with other e-mail services that are not encrypted.

But its still better to encrypt the e-mail content at rest on their servers in a way that only the recipient can decrypt than not doing that, which is what apple and google do.

And if you happen to communicate with another proton user, your communication is even more protected.

 

[boswald]

I probably won’t switch email services, but at least I love the black and purple color scheme.

 

[robertosh]

I like Proton, I know some storage engineers, they are smart and very nice guys.

 

[MrCubes]

I don't doubt that some people find value in Fast Mail and Proton, however, this discussion makes me appreciate iCloud mail. It has high availability, I find search better an more natural than outlook, it uses native clients on all of my devices and offers outstanding integration. Just one example of integration is the ability to auto enter 2FA codes received via email in Safari.

You can use FastMail with standard desktop and mobile clients (like Apple Mail) - which is exactly what I do.

 

[MrCubes]

I don’t know, it seems like strange behavior. Rather quarky IMO

Charming!

 

[paulcons]

2 questions... will it suck in my decades long email done in Apple Mail? Second, I see value in something that I can run in both MacOS and Winblowz. Seems one needs to do IMAP for that to work, but I am unsure how long on can leave mail using IMAP...

BTW, I HAVE had more than one occasion to need to look back years in email.

 

[Mr. Heckles]

I don't doubt that some people find value in Fast Mail and Proton, however, this discussion makes me appreciate iCloud mail. It has high availability, I find search better an more natural than outlook, it uses native clients on all of my devices and offers outstanding integration. Just one example of integration is the ability to auto enter 2FA codes received via email in Safari.

The only things I consider to be a downside are the inability to configure rules, and otherwise fully manage my email accounts without going to the web for some stuff. Spam/Junk filtering is minimally acceptable right now.

Those thing aside, at least for me as a full Appleverse user, the benefits of iCloud mail outweigh the pain points. Everything has pain points, you pick the ones you can live with.

I left iCloud because I feel like it’s just garbage. The Hide My email is way to limited, the spam is junk (blocks way too much, I almost missed out on a job), using your own domain isn’t reliable, and I see too many people who are locked out of their Apple ID way too often on Reddit and other forums. One of many reasons why I stated to separate everything. If my Apple ID/iCloud gets locked out, I’m not dead in the water.

I also can use any email client I like too with Fastmail,

You can use FastMail with standard desktop and mobile clients (like Apple Mail) - which is exactly what I do.

Same here. Fastmail is well worth the money.

 

[vegetassj4]

Charming!

Top response to my comment

 

[bsmr]

Fastmail is still the best and most powerful email system.

That's true... But an Australian Provider with US Servers only... come on. No privacy at all!

 

[bsmr]

Really these companies need to stop trying to reinvent email and just provide a service which isn't crappy for a decent price. Apple surprisingly don't do a bad job in that space. At least they have real clients, standard protocols and you can host your domain with them now.

This! Exactly! Nothing else to add!

 

[bsmr]

Anyone using Swissmail? Comments? I know it's not free.

Don't use it... They read your mails.

 

[bsmr]

Fastmail have an excellent iOS/iPadOS/Android app

The app is a wrapper - that's it. No app at all.

 

[bsmr]

Mine's using ~60mb. I've got a 32GB Mac, and I think this is reasonable for a mail client.

That's a joke!!! And simply not true!

Where are the other processes??? Don't forget to show the helper ones and so on...

It's bloated like many other Electron apps!

 

[bsmr]

honestly this is pretty great usage.

He forgot the renderer, helper and GPU ones... It's around 500-600MB memory usage.

 

[ChromeAce]

Another MacRumors article that leaves out key information… this time failing to mention Proton makes a macOS app that directs their email into Apple Mail, so you can use it alongside other email sources in an interface you already know.

 

[iPay]

You missed the point entirely.

What about when the messages arrive via SMTP over TLS? Assuming they use OpenSSL, they have to BIO_read it out of the stream into RAM (decrypted) and then shovel the message into persistent storage somewhere else, I assume encrypted by whatever private key you supposedly have on the client. Two questions:

1. Where does the key reside which writes it to persistent storage at rest when encrypted?

2. How did it get there only from the client?

Same with AWS's internal KMS operations. The service only offers partitioning of key and data and no guarantee that the key has not been distributed.

Ultimately you would have to control all the hardware from end to end to have secure email. And you don't even then because it arrives from someone else with no security guarantees.

The security claims are ********.

Hi, don't know much about e-mail, but happen to work a bit with crypto protocols.
What you're describing here is no end-to-end encryption (E2EE), is it maybe just Proton to non-Proton mail? in this case, you can't claim confidentiality from server, and it's well known that law enforcement authorities can grab cleartexts or server-side encryption keys when they exist. That was made clear by Tuta(nota) and Protonmail history.
For real E2EE from client A to B, keys must be generated (agreed) between client A and B, and are never transmitted away from clients, so a honest server/protocol has no way to know them: it just receives and stores encrypted payloads which are encrypted and decrypted client-side. If Proton claimed E2EE but stored encryption keys for Proton-to-Proton messages, that would be a huge blow to their reputation.

 

[Mr. Heckles]

That's true... But an Australian Provider with US Servers only... come on. No privacy at all!

Where are Googles and Apple servers located?

I use email as a glorified login/user name. All I get is bills, notifications, and ads that I subscribe too. If they want to see I subscribe to stupid crap, so be it. If I want to message some securely, it was never email, even when I used iCloud.

 

[elliotmoore91]

Its well marketed and I like the look of Proton but I cannot justify their asking subscription fees. Id love to ditch gmail but I honestly don't know what would be the better alternative.

Anyone got any advice?

 

[txscott]

Anyone got any advice?

What devices do you use? If you use all apple equipment, then it’s really hard to beat iCloud mail because it comes with the price of your equipment and integrates with all the apple apps. The only caveat is that if you have a fair amount of mail you will want to up your iCloud data plan.

If you mostly use windows, try Outlook mail, especially if you have an office 365 subscription that comes with 1TB of storage. You don’t have to use the Outlook client. You can use Mac mail or Thunderbird or whatever. Have a hobby website on a web host site, they usually have mail service for your domain too (usually not any frills though). There are so many options out there it will make your head spin.

At one time or another, it have done them all including using Gmail and hosting my own email server on my own equipment. Then I got tired of all the BS and went with Apple for everything.

 

[gregmac19]

Its well marketed and I like the look of Proton but I cannot justify their asking subscription fees. Id love to ditch gmail but I honestly don't know what would be the better alternative.

Anyone got any advice?

Consider Tuta. https://tuta.com/

 

[svish]

Good to know about the availability of the service as a desktop app.

 

[SaucierGravy]

Note this is my domain of expertise.

Firstly, there is no end to end encryption at any of these companies. You have literally the client to server over TLS. The keys are not generated and stored securely on the client so there is no way you can even consider that they cannot read your messages.

Secondly, it's email, which has no security guarantees built in by default and no end to end encryption guarantee so you're screwed everywhere.

Thirdly, their security boundary is some loosely defined legal jurisdiction bullcrap.

As for vendor lock in, that's exactly what it is. They just want you to have one of their provided domains so it makes it difficult for you to leave. Same way ISPs (two large ones of which I've worked for in an architecture capacity) offer their own domains. It makes it very hard to leave.

I don’t know that I’d call their legal claims “loosely defined legal jurisdiction bullcrap”

Look up Article 13 of the Swiss Federal Constitution and the Federal Act of Date Protection. Here are links to each that I’ve dug up…

https://aceproject.org/ero-en/regions/europe/CH/Switzerland%20Constitution%202002.pdf

https://www.fedlex.admin.ch/filestore/fedlex.data.admin.ch/eli/cc/2022/491/20230901/en/pdf-a/fedlex-data-admin-ch-eli-cc-2022-491-20230901-en-pdf-a-1.pdf

It is anything but loosely defined. I wish our 4th Amendment read as strictly as these laws.

 

[SaucierGravy]

Note this is my domain of expertise.

Firstly, there is no end to end encryption at any of these companies. You have literally the client to server over TLS. The keys are not generated and stored securely on the client so there is no way you can even consider that they cannot read your messages.

Secondly, it's email, which has no security guarantees built in by default and no end to end encryption guarantee so you're screwed everywhere.

Thirdly, their security boundary is some loosely defined legal jurisdiction bullcrap.

As for vendor lock in, that's exactly what it is. They just want you to have one of their provided domains so it makes it difficult for you to leave. Same way ISPs (two large ones of which I've worked for in an architecture capacity) offer their own domains. It makes it very hard to leave.

Also have you used Proton Mail? Have you sent yourself a password protected email from a proton account to a non proton account?

If you have, then you know better than to say they have failed to do anything different to secure email. As long as the proton user initiates contact with the non proton user…. it’s pretty slick dude.

 

[AlmightyKang]

At one time or another, it have done them all including using Gmail and hosting my own email server on my own equipment. Then I got tired of all the BS and went with Apple for everything.

That's exactly it. Email is commoditised now. It's barely worth screwing around with minor differences between providers. Go with the path of least resistance.