One can find interest in an objects technological design while still acknlowledging it's horror when put to practical use. They aren't mutually exclusive options.
Kalcifer
joined 1 year ago
In that case, the email provider that you use makes little difference at all. Because of the way that email works, it will always be visible in plain text (unless manually encrypted through PGP) by a third party other than the recipient at some point. There is of course the exception of, for example, direct communication happening between two Proton Mail accounts, but this is really hardly worth mentioning in any practical sense.
The long and short of it is that email should never be used for secure communications.
Scary, but neat.
Are you going to audit all the code you use ? You need to trust some organizations to make the audit. You NEED to trust some entities
While lacking in practicalicy, this is not a new idea. While It is certainly not impossible to have an entity that one can completely trust, I would just argue that such certainty is improbable.
What I'm trying to get at is that one shouldn't approach this question from an appeal to authority -- i.e. Proton is trustworthy, therefore all of their services must be privacy friendly, and secure. The russian proverb "trust but verify" comes to mind.
at the very least, this is unimplementable for an email provider.
If one ignores the collection of metadata, then this is the very purpose of PGP.
I am trusting someone for my data
The point that I am trying to make is that one should never have to trust someone with their data -- if all data is encrypted, for example, from a privacy perspective, it really doesn't matter where it is stored. Of course, metadata can still be gathered, but that is, in my opinion, a lesser issue, and the user has some, if not complete control over it.
I should also say that it depends on what you mean by "trust". My response, and original comment are under the assumption that "trust" is referring only to privacy.
The issue with email, unless you are comumnicating between two Proton Mail accounts, is that your message will likely be stored on another server which is extremely likely to be unencrypted. The bottom line is that you can never trust the rest of the infrastructure, and you have no control over it. You can end-to-end encrypt using PGP, but this is extremely impractical.
Or, better yet, one should simply not use email for secure communications.
Such a point is rather moot -- one should not be using email for any form of secure communications, as it is inherently insecure.
it is also owned by the people who run it
The ownership of a service, ideally, should make no difference to that service's trustworthiness.
Ill get straight to the question: what should i use?
Are you referring to email?
Do you trust Proton?
For starters, such a question is coming at it from the wrong perspective. One should have trust in the software -- if such sowtware is, indeed, trustworthy -- and not in the entity that created it. If one seeks privacy, then they should be of the mindset that every entity is malevolent.
Introducing our new Stormtrooper™ AI!