You see, it’s not required for me to agree with whom you are criticizing, to criticize your inability to be civil. So keep making as many strawmen you like. We are in a post complaining about user behavior/content and your behavior and content are both completely unacceptable in a community.

Also, you can stop name-calling, this may have an effect when someone else values your opinion, I don’t.

Ok, but it’s the same thing from the perspective of all the people on an instance vs from the perspective of an individual. Those people are still there, creating posts etc., and they can easily move on other instances if they want too.

It’s just a “bigger blanket”, but the concept is essentially the same, with the plus that more people are “covered” and the minus that someone might be affected against their will.

Either way, it doesn’t solve the problem, it just masks it for the members of an instance. Why would it be a fundamentally better solution in this particular instance?

I had a look at your history, and you seem really incapable of behaving in a civil way, often using insults. I don’t think this is a good strategy to get your point across.

Be respectful of others.

This comment is in clear violation of the rules of this community. Be better, if you want to criticize others.

No, you’re putting a blanket over them and pretending they’re not there any more.

Isn’t defederation the same thing? Users won’t disappear (and they can also create accounts elsewhere…).

Tbh, selling data for profit is not the only thing they do. The cloud act in US exists, and government agencies can get what they want essentially when they want.

This at least applies to the big 3 cloud providers in the picture.

I guess the double standard that is the core idea behind the picture is true. On the other hand, it’s also easy to see why it’s considered different whether your data goes to the NSA or to the CCP, from the perspective of a US citizen.

I went to look for the video and somehow was worse than I had imagined.

I personally like a lot the gazillion bangs also available, the personal up/downranking/blocking of websites and their quick answer is often fairly good (I mostly use it for documentation lookup). The lenses are definitely the best feature though, especially coupled with bangs. I converted even my wife who really loves it.

If you use GnuPG or one of the GUI implementations it does.

No, because it’s the server that terminates the TLS connection, not the recipient’s client. TLS is purely a security control to protect the transport between you and the server you are talking to. It doesn’t have anything to do with e2ee. It’s still important, of course, but not for e2ee.

You do realize e2ee merely means that two users share public keys when they communicate in order to decrypt the messages they receive, right?

And how does TLS between you and your mail server help with this? Does it give you any guarantee that the public key was not tampered when it reached your server? Or instead you use the fingerprint, generally transmitted through another medium to verify that?

Nothing to stop you from hosting your own on an encrypted drive.

An encrypted drive is useful only when the server is off against physical attacks. While the server is powered on (which is when it gets breached - not considering physical attacks) the data is still in clear.

EteSync does E2E already

And…it requires a specialized client anyway. In fact, they built a DAV bridge (https://github.com/etesync/etesync-dav). Now tell me, if you use this on -say- your phone, can you use other DAV tools without using such bridge? No, because it does something very similar to what Proton does. If proton bridge will get calendar/contacts functionality too (if, because I have no idea how popular of a FR it is), you are in the exact same situation.

It doesn’t matter that your private key is stored on their servers encrypted/hased or whatever. If you were simply storing it there, that would not be an issue. The problem is that you’re also logging in and relying on whatever JS is sent to you to only happen client-side.

I feel like I covered this point? They make the client tool you are using, there is 0 need for them to steal your password to decrypt your key. Of course you are trusting them, you are seeing your unencrypted email in their webpage, where they can run arbitrary code. They do have their clients opensourced, but this doesn’t mean much. You are always exposed to a supply-chain risk for your client software.

Most users aren’t sending emails from their Proton to other Proton users either.

So…? The point is, if they do, encryption happen without them having to do anything, hence transparently. That was the point of my argument: my mom can make a proton account and send me an email and benefit from PGP without even knowing what PGP is.

Furthermore, the users that want encryption seek it out.

And that’s the whole point of the conversation: these users are techies and a super tiny minority. This way, they made a product that allow mainstream users to have encryption.

Thunderbird or other mail clients that is open source and their apps are signed or you can reproducibily build from source.

And this control is worth zilch if they get compromised. This is a control against a MiTM who intercepts your download, it’s not a control if “the maker of Thunderbird” decides to screw you over in the same way that Proton would do by serving malicious JS code. If the threat actor you are considering is a malicious software supplier, you have exactly the same issue. There can be pressures from government agencies, the vendor might decide to go bananas or might get compromised.

However, once that is built it doesn’t change. With Proton, everytime you visit their site you don’t know for sure that it hasn’t changed unless you’re monitoring the traffic.

Yes, this is true and it’s the real only difference. I consider it a corner case and something that only affects the time needed to compromise your emails, not the feasibility, but it’s true. I am counting on the other hand on a company who has business interests in not letting that happen and a security team to support that work.

A government is much more likely to convince Proton to send a single user a custom JS payload, than to modify the source code of Thunderbird in a way that would create an exploit that bypasses firewalls, system sandboxing, etc.

Maybe…? If government actors are in your threat model, you shouldn’t use email in the first place. Metadata are unencrypted and cannot be encrypted, and there are better tools. That said, government agencies have the resources to target the supply chain for individuals and simply “encourage” software distributors to distribute patched versions of the software. This is also a much better strategy because it’s likely they can just get access to the whole endpoint and maintain easy persistence (while with JS you are in the browser sandbox and potentially system sandbox), potentially allowing to compromise even other tools (say, Signal). So yeah, the likelihood might be higher with JS-based software, but the impact is smaller. Everyone has their own risk appetite and can decide what they are comfortable with, but again, if you are considering the NSA (or equivalent) as your adversaries, don’t use emails.

You mean their PWA/WebView clients that can still send custom JS at anytime, or their bridge?

Yes.

First, explain what you mean by a fat client? GnuPG is not a fat client.

In computer networking, a rich client (also called heavy, fat or thick client) is a computer (a “client” in client–server network architecture) that typically provides rich functionality independent of the central server.

What I mean is this: a client that implements quite some functionality besides what the server would require to work. In this case, the client handles key management, encryption, decryption, signature verification etc. all functionalities that the server doesn’t even know they exist. This is normal, because the encryption is done on top of regular email protocols, so they require a lot of logic in the client side.

Being able to export things is a lot different than being able to use Thunderbird for Calendars, or a different Contacts app on your phone.

For sure it’s different, I didn’t say it’s the same thing. I am saying that you can migrate away easily if your needs change and you’d rather have interoperability.

DAV is as secure as the server you run it on and the certificate you use for transport.

Exactly. Which is why in the very comment you quoted I said:

There is a security benefit, and the benefit is trusting the client software more than a server, especially if shared.

Are you trusting your Nextcloud instance (yours of hosted by someone else) not getting pwned/the server being seized/accessed physically/etc. more than you trust Proton not to get pwnd? Then *Dav tools might be for you.