ProtonMail: someone use it?

Discussion in 'Apple Music, Apple Pay, iCloud, Apple Services' started by AGX, Oct 20, 2015.

  1. AGX macrumors regular

    Joined:
    Oct 12, 2014
    #1
    Hi!

    Some one use this new email service with iCloud?

    Your review and experience?
     
  2. iRock1 macrumors 6502a

    iRock1

    Joined:
    Apr 23, 2011
    #2
    Hi,

    I'm all in for anything that helps me to improve my privacy, which is why I created a ProtonMail account as soon as I learned about the project in a TED talk.

    However, I don't get your question. What do you mean by using ProtonMail with iCloud?
     
  3. maxsix Suspended

    maxsix

    Joined:
    Jun 28, 2015
    Location:
    Western Hemisphere
    #3
    How long have you been using it?

    Do you use the iOS mobile app on your iPhone?

    Thanks in advance:D
     
  4. iRock1 macrumors 6502a

    iRock1

    Joined:
    Apr 23, 2011
    #4
    I created it like a couple of months ago may be. However, I have to be honest and recognize that I've never used it in a real-case scenario, lol. I played a little with the web interface and that's it.
     
  5. aajeevlin macrumors 6502a

    Joined:
    Mar 25, 2010
    #5
    Can you point me to the TED talk? This look interesting, but I'm not sure what their business model is like.

    Secure is good, but free? I don't know.
     
  6. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #6
    They are planning to introduce paid premium tiers in addition to the free basic accounts in the future.
     
  7. Ulenspiegel macrumors 68020

    Ulenspiegel

    Joined:
    Nov 8, 2014
    Location:
    Land of Flanders and Elsewhere
    #7
    I have been using ProtonMail for months with poisitive experience. Nevertheless, I prefer Tutanota to ProtonMail. Reasons: ProtonMail is on invitation basis, so the circle of users is limited, the iOS and Android applications are available only if you donate a certain amount of money.
    Last but not least, the ProtonMail servers are in Switzerland, but the inventors and owners work in the US on permanent basis at the moment.
    Tutanota servers are in Germany as well as the inventors and owners. The software is available for all, can be upgraded to premium version. The iOS and Android applications are free to download. Both apps work flawlessly on mobiles.
     
  8. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #8
    It may sound trivial, but Tutanota should have chosen an easier to remember domain name. Most people don't speak Latin and will have trouble remembering and spelling tutanota.com addresses. How do native english speakers even pronounce that?
     
  9. iRock1 macrumors 6502a

    iRock1

    Joined:
    Apr 23, 2011
    #10
  10. aajeevlin macrumors 6502a

    Joined:
    Mar 25, 2010
  11. KALLT, Oct 24, 2015
    Last edited: Oct 24, 2015

    KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #12
    I use ProtonMail for about 8 months now and I turned it into my primary Apple ID which I use for iCloud (just without mail). I have to point out several things in response: (1) ProtonMail is still in beta, which explains the lack of invites, features and apps. (2) You will get an invite within a few days now. I know this from friends and family members who signed up recently. (3) The apps are in closed beta and you can’t get them at the moment, unless you donate some money. The apps will be free once they are released before the end of the year.

    I don’t think it matters all that much where the developers are located, as long as the software is solid, open-sourced and susceptible to public scrutiny. The servers are still located in Switzerland, which is where the security needs to be put into place. Tutanota has its servers in Germany and I personally cannot really understand why this is held out as a plus these days. Germany is still subject to supranational laws with all its flaws and caveats like elsewhere in the EU. Coincidentally, the German parliament has passed a new federal data retention law this month, even though the EU data retention directive was quashed by the European Court of Justice last year. Germany is thus doing this on their own volition. Admittedly, the Swiss parliament has passed a similar law, but is currently awaiting a potential referendum if 50,000 signatures can be collected before the end of the year.

    There are some things that ProtonMail is arguably better at:
    1. They use PGP, whereas Tutanota uses what seems to be their own encryption method (although they claim to use standardised encryption algorithms). This means that it probably hasn’t undergone a lot of scrutiny yet and in practice it means that non-Tutanota users cannot send you encrypted emails as long as this is not supported, making the service unnecessarily complicated. In addition, PGP makes it at least conceivable that ProtonMail can be used with other email clients that support PGP (there is a plugin for OS X Mail for instance). I personally don’t want to be dependent upon client-based encryption with Javascript for too long (which has lots of security problems still).
    2. They use two separate passwords, one for the account, the other for the private key. Tutanota uses one password that unlocks both. Neither have two-factor authentication, which makes Tutanota’s choice a bit odd.
    3. They have a neater and more powerful web client. From what I’ve seen of the iOS and Android apps, they look impressive too. Although Tutanota has apps already, at least the iOS app is a wrapped web-app and it looks and works a bit shabby. I suspect that it uses the same Javascript client-side code.
    In addition, after Lavabit and more recently Lavaboom, I want something dependable and serious and I feel that ProtonMail has the better prospects at this point. That they have some institutional backing and ties to CERN is definitely increasing my confidence. There are too many weird choices with Tutanota at the moment.
     
  12. iRock1 macrumors 6502a

    iRock1

    Joined:
    Apr 23, 2011
    #13
    Like...?
     
  13. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #14
    I just explained several, both how the service is set up and how secure it is. The rest is the impression I got after a bit of web searching.
     
  14. Superhai macrumors regular

    Superhai

    Joined:
    Apr 21, 2010
    #15
    I have a protonmail account, but as said it is still by invitation, so the user base is slowly expanding. I use paid services for my day-to-day emails from Neomailbox using S/MIME for encryption. It works quite well, but their customer service is insanely slow. I also have a countermail account, while based in Sweden claims to toss away all logs and have automatic (delayed) pgp encryption for ordinary email, and claim to not keep the private keys if you decide to delete them from their servers.
     
  15. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #16
    I used mailbox.org before and also tried posteo.de. Tutanota and ProtonMail aren’t conceptually new, but what really breaks the viability of many of these services, for me at least, is a lack of integration into other platforms beyond web-based clients. It just doesn’t work. What sets these two apart is that they provide their own applications and plugins.
     
  16. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #17
    The theory is that companies that have a presence in the US may be pressured under patriot-act provisions even if the affected operation is outside the country. For example, Microsoft is currently fighting US government requests to hand over information that is stored in their European data centers.
    Yes, sad. At least email is excluded though, and the retention period (10 weeks) is relatively short compared to other countries that have data retention laws (or no restrictions at all, like the US).
    On the other hand, Protonmail is only partly open source and the closed part cannot be independently scrutinized at all.
    They have a plugin for Outlook though, which is far easier to use than PGP and apparently makes the service quite popular among lawyers. It also encrypts the subject line (while it is sent in the clear with PGP).
    Tutanota have announced 2-factor authentication for early 2016.
    I haven't used the mobile client a lot, but it didn't seem "shabby" to me.
     
  17. KALLT, Oct 24, 2015
    Last edited: Oct 24, 2015

    KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #18
    But it remains at heart a conflict of laws and the data still remains on Swiss soil. To my knowledge, ProtonMail has no (official) presence in the US beyond the domicile of some of the developers and that gives already little leverage to US authorities to enforce compliance.

    What worries me about this is that people hold German privacy law in high regard. This is something that really annoyed me about mailbox.org and posteo.de as well; they take it as self-evident. As someone who is frequently in Germany, I don't want to use a German provider for that exact reason.

    As of yet, but they are planning to do this once the web client is out of beta. I treat ProtonMail as an unfinished product presently and I give them the benefit of the doubt. I think it will be good to compare both services again at the beginning of next year.

    Popular among lawyers? You must be joking. I can't imagine any lawyers who would ever use such newer services without respectable security credentials. Encryption or not, but all of these services are not airtight yet (example: https://twitter.com/sweis/status/595051847934672898). The Outlook plugin is the only strong advantage it currently has, but it is a proprietary implementation of their own encryption method and it is quite expensive too (€10 a month for a single account and you don't even get more space or aliases). It's more suitable for teams and companies, I suppose. I also don't see how it is easier than PGP. Within the service, whether you use Tutanota or ProtonMail, the correspondence is seamless. The benefit is that it allows you to access the inbox within Outlook. As soon as it involves another provider though, PGP will have the advantage. The encrypted subject line will only be supported within the service, nowhere else.

    I read that they are also planning to come up with a scheme to get some PGP support. We'll have to see.

    Well, agree to disagree, but I find it bad. I hate wrapped web-apps with a passion. The web client itself uses these awful and slow animations which have tricked me more than once into swiping the whole page away. It also has no multi-select, no search, no draft support, no mark-as-unread option. ProtonMail has all of this in their web app and from what I've seen the mobile apps too.

    Considering all this, I personally just find ProtonMail the better horse to bet on and I'm still happy with my choice even though I keep an eye on how the other services are coming along.
     
  18. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #19
    They have a branch in San Francisco.
    Well, most of them primarily compare themselves to the situation in the US, and compared to that Germany does have relatively strong protections. There is also a lot more resistance against the surveillance state in the general population, probably in part because many still remember the GDR. Just the politicians don't seem to be listening.
    Not joking, just repeating what I read in a law magazine a while ago.
    It's how they plan to fund the company. 10 Euros is very cheap for businesses.
    The problem with PGP is that the key exchange is a mess. Most of the existing mail wrappers are also not exactly user friendly.
    Protonmail has its own issues (e.g. they currently don't even have PFS in their SSL implementation, not to mention DANE). They are both not quite ready for primetime IMO.
     
  19. iRock1 macrumors 6502a

    iRock1

    Joined:
    Apr 23, 2011
    #20
    Bottom line? None of the two services seem to be ready to be used as a primary account yet.
     
  20. aajeevlin macrumors 6502a

    Joined:
    Mar 25, 2010
    #22
    Interesting read, I'm not familiar with the topic at all (interested but never had the chance to look into it). Doesn't Google Gmail and such come under attack as well? Or are they simply bigger to take down? If it's a matter of size, when they said "unprecedented", I suppose that's a rather relative term based on their own size?
     
  21. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #23
    Companies like Google can afford advanced DDOS mitigations, either on their own or by buying the service from specialized providers or ISPs. Essentially this involves operating a distributed infrastructure of DDOS filtering devices at multiple locations in the Internet and blocking DDOS traffic before it reaches the premises where the actual servers are located.

    The most interesting question in this case is IMO: Who could possibly have an interest in attacking a small company like ProtonMail? If you're only after money, there are much juicier targets out there.
     
  22. aajeevlin, Nov 6, 2015
    Last edited: Nov 6, 2015

    aajeevlin macrumors 6502a

    Joined:
    Mar 25, 2010
    #24
    Well as you have stated bigger could probably be harder? Or even if not harder, simply more resource (police influence, lawyer, or even hiring their own hacker to do a counter attack or find who did it).
     
  23. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #25
    I was more thinking of medium sized enterprises that often don't have a large IT budget and shy away from contacting the authorities because they don't like publicity for incidents like this. ProtonMail is a small startup that hasn't even achieved break-even AFAIK, so they can't pay big ransoms.
     

Share This Page