this post was submitted on 08 Jul 2023
43 points (65.2% liked)

Privacy

32165 readers
382 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] dan@lemm.ee 17 points 1 year ago (2 children)

Right, but what the author is trying to implement is what is generally considered best practice for secure email.

You’re right that what Proton are doing is a compromise that’s reasonable for most people, but the author here is annoyed that there’s no way to turn it off so he can implement best practice E2EE himself.

Ironically he could probably do that with the vast majority of providers that aren’t Proton, so to me it seems like a totally reasonable ask that a self described privacy focused email provider has some way to allow you to implement best practice email security.

[–] DreadTowel@lemmy.world 6 points 1 year ago (1 children)

Exactly this. Why in the world would they not allow that? I don’t believe it’s that hard.

[–] dan@lemm.ee 3 points 1 year ago

I guess they were probably so caught up in making it easy to use they forgot about the best practice use case.

I agree with you - I don’t think it would take much to adapt their system to support both, even if it’s a manual “I know what I’m doing” power user option hidden away somewhere.

[–] slowbyrne@beehaw.org 3 points 1 year ago (1 children)

I'm on the fence about this since how would proton verify that "best practices" were followed? They are a privacy focused product and a feature like that could be used to decrease their services privacy. This author would likely implement best practices and many other likely would too, but say a competitor wanted to prove that their product was more secure, a feature like that could enable a competitor to showcase a security "flaw". And since headlines are all people read these days it would be damaging.

The feature the author described would be great but ProtonMail would need to make it fool-proof and temper-proof which requires a lot of Dev time and effort. I'm still waiting on proton bridge to work with calendar and contacts. Or contacts birthdays to show up in my calendar.

Like I said, its a good feature, but its likely a large ask for a niche group of customers.

[–] dan@lemm.ee 2 points 1 year ago

Eh, I don’t think it’s be a big deal. Slap a giant warning on it, all good. Super common on all sorts of platforms. Anyone trying to claim their encryption doesn’t work because they have a (scarily labelled) option to disable it can be easily demonstrated to be disingenuous.

And worst case if someone does disable it but doesn’t implement their own then their email I just falls back to… the same as any other platform.

They might not want to take the time to build it, but I think what this dude is asking for is a totally reasonable thing.