Proton: “We’re consolidating our social media presence due to limited resources and no longer posting on Mastodon. Follow us on Reddit for the latest updates: Reddit - Dive into anything”. This is unexpected, as they had around 50k subscribers on Mastodon, and mirroring posts is super easy. I find that concerning that they stopped posting on open and decentralized platform, but keep posting on Meta and X.

Proton: “We’re consolidating our social media presence due to limited resources and no longer posting on Mastodon. Follow us on Reddit for the latest updates”

  • AnAmericanPotato@programming.devEnglish
    101·
    23 hours ago

    Proton does not use end-to-end encryption for email headers. That includes the subject lines, senders/recipients, and other potentially sensitive information.

    Tuta uses E2EE for email contents AND headers.

    Consider for a moment what someone with access to your contacts and subject lines would know about you. For me personally, they would know which political campaigns and causes I donate to, and when. They would know when I see various doctors, and who they are. They would know my travel dates and destinations. They would know what newsletters I read (many of which are also political). Etc.

    • loudwhisper@infosec.pubEnglish
      3·
      13 hours ago

      Sender and recipient can’t be encrypted e2e. How would the server know to whom deliver the email if those are encrypted and not visible to it?

      AFAIK tuta encryption extends to the subject line only.

      Still a nice addition, don’t get me wrong, but I believe you misunderstood something.

      From their own doc:

      The only unencrypted data are mail addresses of users as well as senders and recipients of emails.

      Contacts and everything else is encrypted similarly in all “secure email” providers, including Proton.

      • AnAmericanPotato@programming.devEnglish
        1·
        8 hours ago

        Thank you for the correction.

        Sender and recipient can’t be encrypted e2e. How would the server know to whom deliver the email if those are encrypted and not visible to it?

        “End-to-end” is a bit of a misnomer in this case. Both Proton and Tuta apply encryption after receiving email in the general case, since email is not sent with E2EE across different providers (in general). Both Proton and Tuta can see your incoming email (body and all) from external servers in the general case — they just don’t store it that way. (This is different when sending email between two Proton users or two Tuta users.)

        • loudwhisper@infosec.pubEnglish
          2·
          8 hours ago

          Yes, that’s absolutely true. Assuming a full PGP flow, (e.g., proton to proton) even in that case the recipient and other metadata (in tuta, excluding subject line) is still visible to the provider.

          Hopefully the more people move to secure providers, the more the general case will be transparent PGP, but we are a long way from there…