Can You REALLY Trust Proton Mail?

แชร์
ฝัง
  • เผยแพร่เมื่อ 23 พ.ย. 2024

ความคิดเห็น • 781

  • @techvishnuyt
    @techvishnuyt ปีที่แล้ว +1906

    you guys use e-mail services? pfff i always count on my pigeon george. trust me he never speaks a thing about me

    • @bacalhau_seco
      @bacalhau_seco ปีที่แล้ว +92

      real mfs send letters manually

    • @Naokarma
      @Naokarma ปีที่แล้ว +28

      Funfact: Carrier pigeons were a distinct species, and one that went extinct due to over-hunting.

    • @bacalhau_seco
      @bacalhau_seco ปีที่แล้ว +50

      @@Naokarma idk who told you that but carrier pigeons still exist...
      They mostly exist for showoff tho, people buy pigeons and breed them to get better pigeons each generation.

    • @sazanlip
      @sazanlip ปีที่แล้ว

      Wait until your avian carrier gets intercepted by feds' falcon. This is VERY unlikely to happen, unless you're Osama kind of guy.

    • @Leon-qo2vl
      @Leon-qo2vl ปีที่แล้ว

      @@a-_-a men of culture rfc 1149 is the future

  • @cenewton3221
    @cenewton3221 ปีที่แล้ว +876

    Email in general cannot ever be truly secure. If one needs that level of total privacy there are other tools for said communication. With email, at best it's the equivalent of locking our doors at night - enough to keep honest people honest, that's about it. Determined people, either individuals or government agents, will find a way to crack emails.

    • @adamz1977
      @adamz1977 ปีที่แล้ว +11

      Why not? Email has transport encryption between servers and between clients, it can have content encryption via autocrypt (or other methods including the Signal protocol like criptext), it has DNSSEC, TLSA, DANE. Encryption at rest can be done as well, or messages can be removed from server when delivered. What security holes are still left after all of that?

    • @gakukid991
      @gakukid991 ปีที่แล้ว

      @@adamz1977 It was explained on the video, if you don't use PGP yourself and send encrypted data, the gov can make the company server comply with encryption removal at rest for that specific users etc.
      Heck, proton if wanted can also push an logger script on the web so even PGP would not work if typed on the web app of them.
      The only way for email to be secure is to type it on a offline editor which is not related to the email comany and encrypt it with PGP there. Then send it through email.

    • @eatbreakfasts7993
      @eatbreakfasts7993 ปีที่แล้ว +21

      I.T. guy here; I hope I'm not witnessing someone defending faxes right now 😏

    • @EntityVsEntityInteractions
      @EntityVsEntityInteractions ปีที่แล้ว

      @@adamz1977 You can always manually encrypt your own data with a cipher. The only reason why Enigma was cracked was because an entire nation was intercepting hundreds of messages, original Enigma machines, etc - and devoting thousands of man-hours to cracking it! If you make up your own encryption, the scale that you operate at will make it even harder for people to crack.

    • @sylpisophia5612
      @sylpisophia5612 ปีที่แล้ว +34

      As someone who literally sets up servers and mail servers are one of them, I can agree at some degree that you CAN secure email. BUT, can you still call it an email? And, the more you make it secure, the more complex it becomes that its a nightmare to maintain or even use. In the end, emails should never be used for something that requires security. Never send account information over email. And never use email for 2FA.

  • @AnalyticMinded
    @AnalyticMinded ปีที่แล้ว +548

    Exactly. I don't fully trust in any e-mail service precisely for the reason you mentioned: the protocol itself. If you have something sensitive to share to anyone, e-mail is not the right medium.

    • @folksurvival
      @folksurvival ปีที่แล้ว +50

      Same for SMS text messaging.

    • @sazanlip
      @sazanlip ปีที่แล้ว +15

      Except, maybe, you and your intended recipient exchanged ciphers ahead. Preferably in a face-to-face real world meeting. In a place where there's not a single camera for miles away.

    • @Darkk6969
      @Darkk6969 ปีที่แล้ว +12

      That's what PGP is designed to do. Problem is trying to explain the sender on how to use it is the problem in itself. ProtonMail supports it and they make it fairly easy to use. I generate my own PGP keys on my computer so I know there's no escrow key attached to it. My Thuderbird e-mail (Linux) client automatically attaches my PGP public key so they can use it to send me encrypted e-mails.

    • @Dowlphin
      @Dowlphin ปีที่แล้ว +18

      It also frustrates me when people refuse to communicate by e-mail or such because they consider it unsafe but then act like Telegram is totally rock-solid. Well, to begin with, it requires a contract-based global ID (phone number) attached to an account, and then Telegram is under jurisdictions, too.
      It is often better to use e-mail but have no smartphone than to use Telegram and a smartphone. But the 'popculture security sheeple' cannot be convinced after they already believe they are totally safe now with their cute little mass-used gimmick.

    • @sazanlip
      @sazanlip ปีที่แล้ว +12

      @@Dowlphin Or, even worse, Whatsapp, because it *allegedly* has E2E encryption enabled by default. But I have doubts if their 'encryption' doesn't have any backdoors, which can be used both 'legitimately' and illicitly.

  • @joaomaria2398
    @joaomaria2398 ปีที่แล้ว +713

    ProtonMail is just a better alternative to gmail. That is it.
    It isn't the holy savior of the mail privacy.

    • @EricMurphyxyz
      @EricMurphyxyz  ปีที่แล้ว +237

      It's pretty good but I agree, it's neither the holy savior or the devil, it's just a good option if you don't trust Google

    • @joaomaria2398
      @joaomaria2398 ปีที่แล้ว +54

      Functionality and availability wise, google is also very good. It just works. Both of them, indeed.
      But privacy wise.... I will just say I try to not use anything coming from google. I am not there yet... but one day!

    • @terrydaktyllus1320
      @terrydaktyllus1320 ปีที่แล้ว

      Yes, I absolutely agree with you.
      The 5 most evil corporations that make money from harvesting user data are Google, Apple, Faecesbook, Microsoft and Amazon.
      If you use any other service (including email) provider that isn't affiliated to those corporations or the CCP, then you are going to be more private than you were using services on any of them.
      Email isn't encrypted unless you use PGP, at which point the body of the email is encrypted but the headers and the metadata are not - so someone from the outside can see who you were communicating with and what times, and may be able to guess what you were discussing purely because of that relationship. And that's something you just can't change with email.

    • @nwerd7584
      @nwerd7584 ปีที่แล้ว

      @@joaomaria2398 the issue is once you use it you already lost the privacy, and your id.. you can only stop them from continuing to collect current data to send personalization at you.

    • @trueriver1950
      @trueriver1950 ปีที่แล้ว +8

      I'd rephrase that: pm is not as bad as Gmail. Only in algebra is "not as bad" the same as "better".

  • @Sunrise-d819i2
    @Sunrise-d819i2 ปีที่แล้ว +193

    the only privacy i care about is being sold for ads, i knew from the start they have to give up info for warrants which is fully justified. i just don't want random workers and ad companys in my emails. proton is perfect for daily use.

    • @YountFilm
      @YountFilm 6 หลายเดือนก่อน +20

      It's "fully justified"... until the laws keep changing and the warrant is for "suspicion of collecting rainwater in barrels on your own property."

    • @harvivekdhindsa6809
      @harvivekdhindsa6809 6 หลายเดือนก่อน +11

      @@YountFilmsure but honestly who is using email for anything other than signing up for things or sending colleagues or businesses a message to start a line of communication. Afterwards if security is a concern no one is using email…

    • @axton9521
      @axton9521 5 หลายเดือนก่อน +6

      ​@@YountFilmLaws dont just change by accident. At least in the US and Germany we ellect governments. I think we should try our best to fight this at the government level. There are lots of surveillance options way harder to circumvent like hardware backdoors, public cameras, other peoples digital devices etc.. So yeah, I'll definitely try to fight on that side. If this fight is ever lost, then yeah just ditch mail.

    • @cristianhakansson7443
      @cristianhakansson7443 5 หลายเดือนก่อน +1

      It seems to me that covering your tracks because the cops are after you is probably (hopefully!) more privacy than the average person needs.

  • @jagildown
    @jagildown ปีที่แล้ว +78

    The people that don't care about pivacy at all "I have nothing to hide" should think what could happen if uncle adolf was in command with access to all this data.

    • @tziirkq
      @tziirkq ปีที่แล้ว +19

      Just tell them to give you all their passwords so you can read what they say on facebook or in their emails. If they have nothing to hide then they should be OK with it.

    • @jagildown
      @jagildown ปีที่แล้ว +2

      😂😂😂

    • @mikaelbihl-matias9462
      @mikaelbihl-matias9462 ปีที่แล้ว +14

      Plot twist: uncle KLAUS is in command with all the datas

    • @manuelp7472
      @manuelp7472 4 หลายเดือนก่อน +4

      The reality is that the people in charge are just as bad if not worse than him.

    • @AlexandreLefaure
      @AlexandreLefaure 2 หลายเดือนก่อน +3

      I wonder how many of those who have nothing to hide would let anybody put a camera in their house just to watch.

  • @xymaryai8283
    @xymaryai8283 9 หลายเดือนก่อน +33

    honestly this was the best Ad for Proton Mail, sensibly discussing the technology and history, flaws and benefits. i hope they pay you, because they probably got a few subscriptions bc of this video.

  • @mazzysmainframe
    @mazzysmainframe ปีที่แล้ว +69

    I have no illusions about Proton being a beacon of inviolable privacy against the evil forces of the world, I just like the service they provide. Not just the email but the entire ecosystem of services. It works really well for me in my situation.

  • @marcogenovesi8570
    @marcogenovesi8570 ปีที่แล้ว +638

    As a fellow glowing fed I approve this message

    • @folksurvival
      @folksurvival ปีที่แล้ว

      @@rft253 Because the greatest programmer who ever lived told us so.

    • @the_null_man
      @the_null_man ปีที่แล้ว

      ​@@rft253It's because of the legendary quote by Terry A Davis, on how "the CIA (hard R nwords) glow in the dark, and you can see them while you're driving". Look it up, it's kinda funny, to be honest

    • @2012Accounts
      @2012Accounts ปีที่แล้ว

      ​@@rft253cause they're feds

    • @BasedChad
      @BasedChad ปีที่แล้ว +1

      ​@@rft253do NOT look up terry davis

    • @magnum333
      @magnum333 ปีที่แล้ว +1

      CIA n*gg*rs glow in the dark @@rft253 Why? Probably the nanotech in their blood, luciferase, graphene oxide... who knows...

  • @MrBelles104
    @MrBelles104 ปีที่แล้ว +177

    I switched to it after your email video, and I’ll use it because although they have shown they aren’t perfect, it is absolutely safer than Google Mail so switching to Proton was a net positive.

    • @QuantumFantasy
      @QuantumFantasy ปีที่แล้ว +34

      Exactly this. The people that kick and scream about protonmail to someone who's never heard of a VPN and have 1-3 Gmail accounts is really just missing the point. If they don't use proton they're probably just going to keep using Gmail, not open their own personal email server.

    • @AshnSilvercorp
      @AshnSilvercorp ปีที่แล้ว +4

      I've had caution to doing it for everything since some services are allergic to you using it. I guess if you wanted to be 99.9% private, you shouldn't be using the services that would have a problem with it in the first place.
      If anything, I'm getting very mad with other email services making account deactivation policies that are going to just get shorter and shorter until maintaining them becomes a chore and a risk of massive account lockouts...
      Edit: I read that Proton is doing the same thing... I guess it's neat you can pay for it once and cancel later and the account can remain active? But if they change the policy once, they'll do it again I guess...

    • @MrBelles104
      @MrBelles104 ปีที่แล้ว

      @@AshnSilvercorp Oh yes, not just email services, but all internet services in general seem to be trying to prune anything they label as "dead". At this point in time, Proton is only resending any emails my Gmail gets, so nothing I use actually goes to Proton but rather Gmail, but I'll see what services in the future I can use Proton with natively.

    • @Grubyauau
      @Grubyauau 9 หลายเดือนก่อน +1

      @@AshnSilvercorp They were forced by the Swiss government to give his data, and unless you know the context, as I read this peasant what he wrote to the US government or somewhere, he threatened them and seriously, so I guess it's better after all to turn one man in than to have others commit su*cide from his false threats.... in short: it's one good thing, one bad thing that they ratted him out, because they broke their confidence a bit, but at the same time they helped catch the person through whom suic*des out of desperation could sprinkle

    • @ThisOLmaan
      @ThisOLmaan 8 หลายเดือนก่อน +2

      Plus Gmail now ask to add a phone number with out a choice, dont know how long or when that start it. But it wasn't a thing when a open account at Gmail, now i'll Try Proton Mail till they decide to also start asking for such verifications to verify.

  • @___gg421
    @___gg421 ปีที่แล้ว +95

    If your hiding from the government you need to be using more secure communication anyways, if you just don’t want your email scanned and data sold then proton is pretty good

    • @TheBlackStranger
      @TheBlackStranger 5 หลายเดือนก่อน

      I'm new to internet security. What would you use for such a situation?

    • @sudonim116
      @sudonim116 4 หลายเดือนก่อน

      ​@@TheBlackStrangerEmail is fine if you PGP encrypt the contents

    • @sudonim116
      @sudonim116 4 หลายเดือนก่อน

      ​@@TheBlackStrangeror maybe signal?

    • @yuinyaH
      @yuinyaH 4 หลายเดือนก่อน

      ​@@TheBlackStranger Signal or Telegram

    • @roccociccone597
      @roccociccone597 4 หลายเดือนก่อน

      exactly, that's the main reason I use proton...

  • @guesswhoscoming9046
    @guesswhoscoming9046 ปีที่แล้ว +101

    Protonmail is good for what it is. Even hosting your own mailserver isn't 'fully secure' and if you are sharing sensitive data there are better protocols.

    • @tedrice1026
      @tedrice1026 10 หลายเดือนก่อน +8

      I don't know - it seemed to work well for Hillary! Just keep a big hammer on hand.

    • @stevexanny
      @stevexanny 10 หลายเดือนก่อน

      She's got democrat privilege, that's what you're forgetting@@tedrice1026

    • @masterTigress96
      @masterTigress96 10 หลายเดือนก่อน

      @@tedrice1026 I suspect she had insider help, although, admittedly, I have no evidence for this. Only the fact that I cannot, *cannot* imagine that the secret services did not know she was doing it.
      I suspect she or good or Billy had connections of some sort to help them set this up in the first place, and secondly, to prevent them from getting into serious legal trouble.
      If I were to suddenly run my own mail server or my own mail address and use it for work, my employer would have me booted from the company in no time. I do not believe for a second that nobody knew from the get go what she was doing.

    • @electric26
      @electric26 10 หลายเดือนก่อน

      ​@@tedrice1026😂😂 fair enough

  • @ducksies
    @ducksies ปีที่แล้ว +151

    PGP is actually easy to use, but it's a pain to maintain a list of public keys for all your friends

    • @AshnSilvercorp
      @AshnSilvercorp ปีที่แล้ว +7

      I will say doing verification with it isn't really well explained. I've tried to use it to verify Linux iso's a few times, and the process is never really well explained on the install pages.

    • @ducksies
      @ducksies ปีที่แล้ว

      @@AshnSilvercorp it's pretty easy. If you want a video guide for it, check out Mental Outlaw's new Tails guide- he explains the process of verifying the ISO there.

    • @kj-marslander
      @kj-marslander ปีที่แล้ว +19

      You're contradicting yourself.

    • @tedrice1026
      @tedrice1026 ปีที่แล้ว +9

      Try getting anyone else to use it!

    • @jb_lofi
      @jb_lofi ปีที่แล้ว

      @@tedrice1026 Exactly. That's the only hard part of it. And although I agree that distros should at least link to a guide or something explaining how to verify ISOs, that's a general issue with all open source projects... the number of times I've tried to find a proper install guide for some github project is way too dang high.

  • @GameCyborgCh
    @GameCyborgCh ปีที่แล้ว +38

    this is actually a good reminder for me to go through my multiple emails and do some house cleaning, delete mails from services i am no longer using, delete emails that are a decade old and most importantly unsubscribe from all the email newsletters

    • @Sl.layer.34
      @Sl.layer.34 9 หลายเดือนก่อน

      Proton + SimpleLoguin

  • @danielrobinson3654
    @danielrobinson3654 ปีที่แล้ว +94

    PGP isn't really confusing, it's just kinda a pain adding extra steps

    • @littlered6340
      @littlered6340 ปีที่แล้ว

      This

    • @adamz1977
      @adamz1977 ปีที่แล้ว +1

      Have you tried the autocrypt standard though? There's zero friction using that with clients that support it fully (like Delta Chat).

    • @nds6767
      @nds6767 ปีที่แล้ว +2

      I find it funny. PGP was great. BUT then Symantec bought it and wtf happened? It’s still around but what a shit show. I miss the PGP desktop.

    • @Kirt44
      @Kirt44 ปีที่แล้ว

      Pgp I have still not had it work out and i tried it all so what are u talking about its impossible

    • @sotecluxan4221
      @sotecluxan4221 6 หลายเดือนก่อน

      What is ur opinion about OpenPGP as in Thunderbird available?

  • @sidensvans67
    @sidensvans67 10 หลายเดือนก่อน +21

    Rules for Life .
    1. Do not trust any Device , system or service , ever .
    2. Never forget Rule 1.

    • @nightowl425
      @nightowl425 7 หลายเดือนก่อน +1

      Then what's the point of technology? Might as well trust something.

    • @sidensvans67
      @sidensvans67 7 หลายเดือนก่อน +5

      @@nightowl425 Good luck with that .

    • @NeptuneSega
      @NeptuneSega 3 หลายเดือนก่อน

      ​@@nightowl425 you use it cautiously. Just because you use it doesn't mean you have to trust it.

  • @jorgepenaloza6834
    @jorgepenaloza6834 ปีที่แล้ว +31

    I agree, but I will also add that the person who wants to be invisible has to not only stop using email, but also reduce social connections to almost zero.
    Facebook was capable years ago of creating panthom profiles of people not on facebook, just by all the info he had on your friends and family. So if you have communications with people who are leaking data everywhere, they can still pin point you.

    • @azure4real
      @azure4real ปีที่แล้ว

      Facebook is for surveillance and never for privacy.
      Their logo is an evolved form of an freemason logo.
      I trust no tech companies at all that have their hands into survaillance,that is on the Stock Market that is owned by the evil 1% and that funds or funded the WEF.

    • @azure4real
      @azure4real ปีที่แล้ว +1

      You do not have disown socializing with others.
      You just have to avoid being so honest with others about who you are.

    • @jorgepenaloza6834
      @jorgepenaloza6834 ปีที่แล้ว +9

      @@azure4real if they are socializing with a non-existent avatar, are THEY socializing with you? are you socializing with them?
      I'd say not really, one of the joys of socializing is to get to open up about who you are. If not, is just glorified weather-talk.

  • @drishalballaney
    @drishalballaney ปีที่แล้ว +11

    I think this feels like a similar situation to signal where all they could give was the ip address where they logged in from
    so I think as long as you pair protonmail with vpn there should not be a danger of leaking ip address

  • @jacksoncremean1664
    @jacksoncremean1664 ปีที่แล้ว +48

    one thing you forgot to mention that even emails encrypted with TLS are not safe from a MITM, you can trivially downgrade to plaintext or even just straight out not present a valid certificate. The only way to have authenticated TLS connections safe from a MITM is to use a service that supports MTA-STS and DANE, which sadly isn't very widespread.

    • @EricMurphyxyz
      @EricMurphyxyz  ปีที่แล้ว +15

      True. Another example of email being inherently insecure.

    • @adamz1977
      @adamz1977 ปีที่แล้ว

      @@EricMurphyxyz No, that's an example of a security hole being fixed. The word "inherently" means permanently, but as @jacksoncremean1664 already said, those MITM attacks can be mitigated with up-to-date security best practices.

    • @AMEER-114-
      @AMEER-114- 10 หลายเดือนก่อน +1

      ​@@EricMurphyxyz
      Hey..
      When I found out it was created by the Intel agency
      I deleted my free Proton app...
      It redownloaded onto my phone all by itself..
      But it doesnt show up in my apps list...
      How the heck do I remove it ?

    • @braddockbrawler
      @braddockbrawler 7 หลายเดือนก่อน +1

      There is no way around coding your own e2e solution if you want peace and freedom.

    • @AMEER-114-
      @AMEER-114- 7 หลายเดือนก่อน +1

      @@braddockbrawler
      Hi.
      Can you please tell me if you get this?

  • @2sourcerer
    @2sourcerer 11 หลายเดือนก่อน +4

    Email used to be just sent and not stored in the server. If everyone were to do that, at least when any entity wants to snoop it they can only see mails in transmit, not seeing years of data.

  • @MushmouthJoe
    @MushmouthJoe ปีที่แล้ว +21

    I appreciate this explanation. I was completely unaware that Proton Mail was so divisive. No wonder I get weird looks when I give out my email address. I have nothing more than a standard account & I'm not sponsored in any way. But I've been quite happy with it. 👍🏻☕️

  • @roflchopter11
    @roflchopter11 ปีที่แล้ว +14

    Signal still uses a public identifier (phone number) and so can still be used to find your identity. One needs to compartmentalize one's contacts.

    • @brunoterlingen2203
      @brunoterlingen2203 9 หลายเดือนก่อน +1

      Thus Signal is shit re privacy by having to give your phone number- it totally negates so called benefits.

    • @roflchopter11
      @roflchopter11 9 หลายเดือนก่อน

      @@brunoterlingen2203 kind of. Even generating one random number and having you use that has this problem, unless each person you talk to finds you with a different unique number.
      Phone numbers are extra bad, because they are a common identity proxy in all facets of life.
      Signal is still very secure and pretty private, but it is not anonymous.

    • @xchronox0
      @xchronox0 6 หลายเดือนก่อน +3

      Yeah that's why I never understood people constantly advocating and trying to get me into telegram.
      Sure it's not discord. But telegram requires my phone number, constantly broadcasts the last time I even clicked on the desktop app or looked at the mobile app, and then there's the read receipts. It felt like the more someone was trying to convince me to use telegram, the more of a stalker they were.

  • @orion10x10
    @orion10x10 ปีที่แล้ว +53

    As a CIA Agent I love Proton Mail, makes over throwing democratically elected governments the world over a breeze. All my friends, family and global espionage network connected in one place

    • @notafbihoneypot8487
      @notafbihoneypot8487 ปีที่แล้ว +27

      Tim what did we talk about you telling people you're a CIA agent.

    • @squirlmy
      @squirlmy ปีที่แล้ว +2

      @@notafbihoneypot8487 let me guess, you wear a white coat and offer people a temporary place to stay? 😉

    • @orion10x10
      @orion10x10 ปีที่แล้ว +2

      ​@@notafbihoneypot8487 😅

    • @Darkk6969
      @Darkk6969 ปีที่แล้ว +2

      Oh snaps! 🤣

    • @erickyle5604
      @erickyle5604 ปีที่แล้ว +2

      Please report to sound proof conference room for "remedial" training regarding the release of internal operational procedures.

  • @myguitardidyermom212
    @myguitardidyermom212 ปีที่แล้ว +18

    Protip; if you're a drug dealer, don't do business over public email

    • @NeptuneSega
      @NeptuneSega 3 หลายเดือนก่อน +1

      Or online at all

  • @mx338
    @mx338 ปีที่แล้ว +10

    You can absolutely verify the code running running in your browser, and therefore you can verify if your PGP/GPG key is generated client side and then only sent to Proton Mail in encrypted form.

    • @laputa2195
      @laputa2195 ปีที่แล้ว

      Yeah, that seems obvious, I was wondering if he meant something else but then I'm not sure what that something else might be?

    • @masterTigress96
      @masterTigress96 10 หลายเดือนก่อน +1

      Yes but you hit the nail on the head in your first sentence:
      You can absolutely verify the code running running *in your browser*
      I cannot easily deduce what happens on the backend/server side of things. On top of that, as someone else pointed out in the comments, even if you use an open source product (which Proton mail now is), how do you know that the code in the repo is the code that is running in your browser/front end/back end?

    • @knufyeinundzwanzig2004
      @knufyeinundzwanzig2004 8 หลายเดือนก่อน +1

      @@masterTigress96 Well if it's not backend you could just compare the open source code and the stuff you got

  • @ej2953
    @ej2953 9 หลายเดือนก่อน +7

    I got my first PGP key at a key party in Houston in the 1992 or so.
    A member of the Free Software Foundation or something similar was there with a laptop. We took a floppy diskette to the party where the guy with a laptop would generate our key for us. He was pretty busy at that, too.
    The real problem was that once I got back to the office with the diskette, I had no idea what to do with it.

    • @Dryblack1
      @Dryblack1 4 หลายเดือนก่อน +1

      I must know what a key party is

    • @ej2953
      @ej2953 4 หลายเดือนก่อน

      @@Dryblack1 It was an event at a local bar where you could go to meet people and verify identities to sign each other's keys. And if you didn't have a key, you could take a floppy disk with you and someone there with a laptop could create a key for you and save it on your floppy disk.
      In our case, the guy with the laptop creating keys was a lawyer who was highly involved interested in the EFF (Electronic Frontier Foundation).

    • @Dryblack1
      @Dryblack1 4 หลายเดือนก่อน +1

      @@ej2953 Fascinating, thanks for sharing!

  • @theepicduck6922
    @theepicduck6922 ปีที่แล้ว +28

    Very nice endorsement Eric, your badge and money payment will be at the standard dead drop.

  • @pauls5745
    @pauls5745 ปีที่แล้ว +4

    with messaging apps being more secure, I can't remember last time I actually wrote an email. I basically just have an email address for purchase receipts for online shopping and website sign ups

  • @saitamagotchi44
    @saitamagotchi44 ปีที่แล้ว +8

    Proton seems like the happy medium between privacy and convenience, so long as your not the tallest nail or low hanging fruit your probably not worth the governments time.

  • @razorednight
    @razorednight ปีที่แล้ว +18

    People used to say that email was like a postcard, readable by anyone who handled it. Now, it's like a letter in an unsealed envelope. Super-secure email is like a letter in a sealed envelope: the people at the sorting office know how to steam it open without leaving a trace.
    Of course you can write your letter in code, so it's unintelligible to anyone who can open the envelope. But the envelope still has postmarks/franking, a return address, you've left your fingerprints all over it. You can wear gloves while handling the letter, use a remailing service, but can you be sure that you've covered all your bases? No, you probably can't.
    What matters is WHO you're trying to hide stuff from. If it's a nosey neighbour or jealous partner, they probably don't have the wherewithal to conduct a forensic analysis of your mail. But if it's a government or other serious organisation on your case... you should look into alternatives to the mail.

  • @christophersoutherlin2631
    @christophersoutherlin2631 8 หลายเดือนก่อน +12

    No. Email is an ancient technology. Email will always use port 25, which is unencrypted. ProtonMail may encrypt your email, but port 25 will leave a rabbit trail directly to your contacts. You'll be discovered via your contacts. So, there is no privacy in email.

  • @AshnSilvercorp
    @AshnSilvercorp ปีที่แล้ว +8

    probably a good thing to note how web-based FOSS programs don't always have proof that you're using the version containing the code publicly available.

    • @kj-marslander
      @kj-marslander ปีที่แล้ว +2

      I didn't think about that before, thanks, now I have another thing in my list to worry about lol.

  • @Jordan-hz1wr
    @Jordan-hz1wr 5 หลายเดือนก่อน +3

    I know we all have an anarchistic bent about us, but Proton is meant to provide an alternative to surveillance capitalism NOT lawful subpoenas. They *must* comply with their laws if they want to stay in business. People that think they ought not are simply mistaken about what Proton's stated mission is.

  • @SvalbardSleeperDistrict
    @SvalbardSleeperDistrict ปีที่แล้ว +26

    One thing I want to point out is that governments aren't the only party that one should want privacy and protection from. For each case of a government using online services and platforms to gain info on activists, whistleblowers, etc, there is one of corporate entities doing the same. Also in many cases, governments pursue whistleblowers, investigative reporters, etc on behalf of corporations, e.g. the Steven Donziger case.

    • @squirlmy
      @squirlmy ปีที่แล้ว +3

      I agree completely with your main point, but I don't know if it's fair to call a corrupted judicial system "government working on behalf of corporations", specifically the Donziger case. The line gets a bit blurry, but it's still corporations and their money corrupting the system. usually individual judges. I wouldn't call that "the government".

    • @SvalbardSleeperDistrict
      @SvalbardSleeperDistrict ปีที่แล้ว +1

      @@squirlmy Yeah true, I was typing "governments" while thinking "states" there.

    • @AntiCookieMonster
      @AntiCookieMonster ปีที่แล้ว +4

      ​@@squirlmyWhat? Government isn't government when it's local and corrupt?

  • @YannMetalhead
    @YannMetalhead ปีที่แล้ว +3

    Kind funny that people expect companies to not comply with the government's requests. If they don't comply they can have their business shut down or go to jail.

  • @Bunstonious
    @Bunstonious ปีที่แล้ว +2

    My issue with proton is that it's very expensive for personal use if you want a custom domain for your family, this is the sole reason I don't use it.

  • @GnuReligion
    @GnuReligion 7 หลายเดือนก่อน +10

    It is hard to teach the use of PGP/GPG to people who do not know what a file is.

  • @jb_lofi
    @jb_lofi ปีที่แล้ว +7

    Honestly, PGP/GPG is _not_ difficult or complicated at all. It takes only a few moments with our friends Alice and Bob and you'll educate all but the most technologically challenged. The hard part is finding other people who'll use it, leading to a feedback loop where eventually even privacy/anonymity focused folks give up on it; and that's why if there's one thing I disagree with in this video, it's how Eric constantly refers to it as if it's monstrously complicated, thus dissuading people who might be inclined to give it a try from even looking into it. If you've sat down long enough to install Linux and even learned how to use it, you can figure this stuff out. Believe me.

  • @lilmsgs
    @lilmsgs 10 หลายเดือนก่อน +2

    I'm trying to change my email provider to more safe/secure. I am not concerned about govt snooping, I am fearful of data breach access to my online emails that contain a lot of very sensitive info. Financial, etc.

  • @MalevolentAB
    @MalevolentAB 11 หลายเดือนก่อน +1

    I mainly use proton for the aliases so that when an alias of mine gets hacked, i can recover my accounts under that alias, switch those accounts to a new alias, and delete the old unsecure alias. My emails use to get hacked a lot so an alias attached to my main email just makes me feel more secure.

  • @aureliogutierrez9195
    @aureliogutierrez9195 ปีที่แล้ว

    Encrypt your text (hard as you wish).
    Convert birary to Base64.
    Paste into any email.
    Send.
    -
    Copy base 64 of the email.
    Convert base64 to binary
    Decrypt the binary.
    Read.
    -
    Just encrypt it by yourself. Send you public keys, protocols, and decryptors in "creative and secure ways."

  • @Doofus171
    @Doofus171 ปีที่แล้ว +9

    Swiss laws for privacy are the strictest in the world. Only a Swiss court with a legitimate court order can do anything to Proton. This is why Swiss banks are the popular choice for the wealthiest on the planet. Which makes using Proton Mail the best choice as well. Swiss laws make it so no companies have to comply with outside jurisdictions. Proton doesnt have to comply with any request or any legal action that isnt from a Swiss court ... and Swiss courts dont listen to outside jurisdictions (unless something is a direct threat to the Swiss people).

    • @zhang-boyu
      @zhang-boyu ปีที่แล้ว

      *a direct threat to the Swiss people* - like Russians😂

    • @rullebullerdmule6703
      @rullebullerdmule6703 ปีที่แล้ว

      ​@@zhang-boyuHaha, exactly.. "Neutral" Switzerland has implemented more sanctions against Russia than the EU itself but not a single sanction against Izrael. 🤔
      Also, the world's most influential psychopaths meet every year in Davos to discuss how to proceed with their manipulation of world affairs, completely against all the democratic values and processes they claim to stand for while at home in their "sovereign" nation states.😏

  • @fosres
    @fosres ปีที่แล้ว +5

    Love your channel and how honest you are! Please make more videos like this!

  • @Zippy_Zolton
    @Zippy_Zolton ปีที่แล้ว +11

    You're literally part of my pipeline to privacy-conscious in that image at the end LOL I use a hardened Firefox cuz of you (although I am having a severe memory leak issue with it that I have no idea what's causing it yet [EDIT; it was a CSS theme causing the leak LOL])

    • @SomeRandomPiggo
      @SomeRandomPiggo ปีที่แล้ว

      Librewolf?

    • @Zippy_Zolton
      @Zippy_Zolton ปีที่แล้ว

      @@SomeRandomPiggo no I would've said a branch if I was using that

    • @kj-marslander
      @kj-marslander ปีที่แล้ว

      @@Zippy_Zolton They're not asking if you use Librewolf. They're suggesting to use it.

    • @cjmoss51
      @cjmoss51 10 หลายเดือนก่อน

      Waterfox is better in that regard. Operates on the same code stack as well so you can still use the same plugins.

    • @Zippy_Zolton
      @Zippy_Zolton 10 หลายเดือนก่อน

      @@cjmoss51I'm sure it is, but I am currently sticking with Nightly Firefox

  • @JonathanSwiftUK
    @JonathanSwiftUK ปีที่แล้ว +23

    You're definitely not simping for Microsoft, you didn't even cover Hotmail, Live or Office 365, which is bizarre.

    • @marcogenovesi8570
      @marcogenovesi8570 ปีที่แล้ว +10

      He did in his original video, it was the first or the one after it

  • @mx338
    @mx338 ปีที่แล้ว +5

    E-Mail is not inherently insecure, if you manage your own S/MIME or PGP keys, you have real end to end encryption. You can even use POP3 to collect your mail so it isn't permanently stored on the server.
    The advantage of Signal is that it is easier to use, so your peers bad security practice is less likely to get you into trouble.

    • @frfrankie23
      @frfrankie23 ปีที่แล้ว

      You mean IMAP, not POP3

    • @moetocafe
      @moetocafe ปีที่แล้ว +1

      No, he meant exactly pop3 and not imap.

  • @kkulist
    @kkulist ปีที่แล้ว +1

    my only gripe with protonmail is that they keep trying to charge me for service i cancelled years ago. i don't have an opinion of their service one way or another, i just want them to stop trying to take money from me when i haven't used it in almost 5 years now rofl

  • @JeriDro
    @JeriDro 6 หลายเดือนก่อน +4

    nothing is safe online

  • @pabloqp7929
    @pabloqp7929 ปีที่แล้ว +6

    GPG doesn't need to be CLI only. There are GUI apps like Kleopatra that make it really easy 🎉

    • @Antek1234l
      @Antek1234l ปีที่แล้ว

      Lol I once reccomended Kleopatra to someone and he wasn't able to figure it out

    • @pabloqp7929
      @pabloqp7929 ปีที่แล้ว +3

      @@Antek1234l lol yeah I mean it's not for everybody, but it makes 'the thing' easy for anyone invested

    • @Antek1234l
      @Antek1234l ปีที่แล้ว

      True, I agree, it's much easier than cli version

    • @SuperTort0ise
      @SuperTort0ise ปีที่แล้ว +1

      ​@@Antek1234lI actually found kleopatra more confusing than cli lol, the gnome one is good, but I use kde so gtk apps look worse, I'll stick with cli.

    • @Antek1234l
      @Antek1234l ปีที่แล้ว +1

      Yeah, everyone has different preferences, some programs are just better as a cli tbh

  • @Bhethar
    @Bhethar ปีที่แล้ว +9

    I think there’s a rabbit hole when you get in to privacy products. I want privacy from the private sector and criminals. I have no expectation that I can have privacy from the government 😂

    • @somethingelse9228
      @somethingelse9228 ปีที่แล้ว

      But what if government themselves turn into criminals?

  • @Knards
    @Knards ปีที่แล้ว +2

    Proton mail, as compared to google, Yahoo and or Outlook mail, is like a messiah is to a religion. Its the best you can get. But, as noted, it is only encoded end to end if you are sending proton mail to another proton mail address

  • @CentreMetre
    @CentreMetre ปีที่แล้ว +6

    I had complete forgot about the proton mail french activist thing, and i recently made an proton email for crypto just to seperate it for my other ones, im glad i found this after and watched all the way through, you explained it very well, good video

  • @jesse7631
    @jesse7631 ปีที่แล้ว +2

    I used PGP many years ago, and I recall how difficult it was to set up and get going.

    • @blackbeast9268
      @blackbeast9268 ปีที่แล้ว

      Read the bible kid, even if you don't like candy it's useful to learn it

    • @Darkk6969
      @Darkk6969 ปีที่แล้ว +2

      It has gotten alot better these days. Thunderbird automatically handles the keys without installing some add on.

  • @splitprissm9339
    @splitprissm9339 ปีที่แล้ว +1

    With true client controlled end to end encryption (which CANNOT be the case for metadata with inter-provider email, except maybe if you are literally sending them just a webpage that decrypts the message client side) - as you explained earlier about pgp), no need to trust the provider. For any other case: If the provider is in one sort of country, they can be legally compelled to give what they have to law enforcement. In the other sort of country, you cannot legally compel the provider to adhere to what they promised you.

  • @RemotHuman
    @RemotHuman ปีที่แล้ว +2

    even signal has the same problem of setting up your encryption for you. the app is open source but the desktop app updates like every day, are you really going to check the binaries match the open source version? Or do you trust google play to send you the right program and not spy on you? hopefully you could verify the binary of the open source vs local copy, but most people don't know how to do that. I mean that's still better than web apps but theres still a slight problem

  • @th3king321
    @th3king321 ปีที่แล้ว +3

    You gain a subscriber, the way you explain / edit and the quality looks insane effort i wish you be one of the largest youtubers on tech and related topics ❤

  • @eliasbinde2629
    @eliasbinde2629 5 หลายเดือนก่อน

    Honestly I’d prefer a service that is completely honest about these things, telling you: we can’t make it perfect but these are the things we can do

  • @placek7125
    @placek7125 6 หลายเดือนก่อน +1

    6:53 oh deamn, what an ABSOLUTE CHAD

  • @CommsGuy
    @CommsGuy 10 หลายเดือนก่อน +1

    One reason I changed from gmail was I noticed they would go through my emails and create calendar entries from them. A family member sent me their travel itinerary and I started getting calendar notifications for flight times. Confused, I went through and found the entries matched up with the flight times from their travel details.
    But I've now noticed that Proton is doing the same thing. Work emails come in and now there are calendar entries. I don't like this at all. Clearly their systems are going through the emails to some degree.
    Proton has also really slowed down for me over the last month or so too.

    • @andre1987eph
      @andre1987eph 4 หลายเดือนก่อน

      Google is probably getting the flight info from other apps on your phone such as your browser search website activity etc. Even your "Notes" App.

    • @CommsGuy
      @CommsGuy 4 หลายเดือนก่อน

      @@andre1987eph That's possible in other cases. In this case, it was emails sent to me. I had no browser history/searches/etc.. or notes. There really was nothing else apart from the emails as they weren't my flights and I had no idea about them.

  • @ChronicNewb
    @ChronicNewb 8 หลายเดือนก่อน

    You talk with a similar inflection to my childhood best friend’s mom. It’s oddly comforting.

  • @Lambda.Function
    @Lambda.Function 9 หลายเดือนก่อน

    I'm a security nerd. I used to run my own email server but you can't get people to use PGP. I've been a ProtonMail visionary supporter since the beginning. It's the only service I'll use now.

  • @ahuman4061
    @ahuman4061 6 หลายเดือนก่อน +2

    id rather the government have my info then the government and google

  • @andresdelapena1285
    @andresdelapena1285 ปีที่แล้ว +1

    OWASP principle: don't trust service providers or "trust but verify". It's out there on a manual. It is simply not logical to think of service providers as invulnerable.

    • @terrydaktyllus1320
      @terrydaktyllus1320 ปีที่แล้ว

      Technically you're correct but it comes under the broader banner of "zero trust" across an entire environment, not just within the bounds of application security.
      For example, it's estimated that around 80% of cyberattacks come from within an organisation through normal users of the system - and therefore zero trust treats users as equal to outsiders in terms of the security model you deploy to control what they do.

  • @michaelcorcoran8768
    @michaelcorcoran8768 3 หลายเดือนก่อน

    I think they have some. I don't know shady tactics for upselling and they also have some complications where if you try to downgrade from a paid account to a free account. The amount of horror stories I see of people that have a paid account and then want to switch back to a free account or they have a paid VPN but they don't want it anymore but they lose access to their free email account.

  • @whokilledkenny1522
    @whokilledkenny1522 ปีที่แล้ว +1

    Not sure why people choose to rely on services like email if they’re that highly skeptical

  • @kurt120032002
    @kurt120032002 4 หลายเดือนก่อน

    I am just now looking to start using Proton, and to be fair, Government should be able to ask to see data based on a a judge decion, not anythime they feel like. For me, I don't do anything illigal, so I am not necesarely afraid of a judges, but I do want an alternative to Google. I understand that if you want to be as secure as you can be, you need to run your own infrastructure, but for now I am looking basically to not depend on google for e-mail and storage.

  • @xCrossBite
    @xCrossBite 9 หลายเดือนก่อน

    Write message in notepad, Zip it and password protect it, then email it as attachment. Then send a hand written letter to the recipient with the password. Easy!

  • @OH2023-cj9if
    @OH2023-cj9if 3 หลายเดือนก่อน

    The problem is people are misled through lack of knowledge. They don't understand that mail in and out of protonmail is plain text to and from all others. This is where law enforcement waits.
    It doesn't go encrypted. Protonmail can't see it when the email has been encrypted or decrypted, but can before and after.
    The only time it is secure is when two users connect to the site and keep emails inside protonmail.
    There are so many that use their app and get caught.
    Protonmail is encryption to server, not encryption in transit.

  • @Serjo777
    @Serjo777 10 หลายเดือนก่อน +1

    I find it very weird that they _insist_ on you linking "your" gmail account (which is non-existant) to your Proton account if you want the storage to be doubled. It's one of 4 requirements, and if you don't use gmail (because why would you?), or don't want to link it to your Proton, you're stuck with a measly 500 MB. Plus every single e-mail that you receive from Proton, like notifications etc., is _gigantic_ in comparison to normal mails, even though they don't contain much aside from some text. Normal e-mails mostly use up only a few KB, like usually well below 20 KB, but everything I got directly from Proton was around 1 MB large, even though there wasn't much else besides text in them.

  • @SnLeo-zx6qy
    @SnLeo-zx6qy ปีที่แล้ว +7

    Please, make a video about tempest search engine and browser.

    • @Marty_YouTuber
      @Marty_YouTuber ปีที่แล้ว

      Even i have never heard of that.

  • @_SYDNA_
    @_SYDNA_ 6 หลายเดือนก่อน

    I route Proton mail through my own domain name. When I set that up Proton required/suggested that I install a PGP key at the domain server via DKIM parameters. Your email will work without it, and its a pain to install at some domain providers, but it works, and Proton gives you a tool to test whether you've successfully set it up. I like that and that part of the pgp seems to work from that point forward. Yes if you send something to an email service owned by a company in silicon valley then, yes, there's probably a risk of getting cancelled depending on how based your beliefs are.
    If you're really worried, you can always use Proton's secure function which open's an email taken out in a protected environment using a separate password.
    Not an expert but that seems like a good solution for things like ssn's or your next great invention.

  • @inspectorchicken
    @inspectorchicken 2 หลายเดือนก่อน

    It's one thing to mistrust a service or a provider if they really encrypt how they say. But at least with a commercial provider you've got a mutual binding contract and that helds someone liable to encrypt your email. On the other hand, you still got to prove they didn't in case of a breach. Buy when you said "it's convenient" what most people really want by paying someone besides convenienceis liability.

  • @LloydChristmas-vx2wh
    @LloydChristmas-vx2wh 3 หลายเดือนก่อน

    I'm loving Proton email and calendar right now.

  • @dienand_
    @dienand_ ปีที่แล้ว +11

    Ultimately as long as you’re not breaking any laws Proton is probably fine.

    • @squirlmy
      @squirlmy ปีที่แล้ว +5

      Yes. The Swiss government does not want to be seen violating privacy lightly, and is unlikely to request anything without strong evidence of crimes being committed. Switzerland, compared to other countries, is fairly reliable.They're not part of the 5 Eyes, 9 Eyes, and 14 Eyes Alliances. In contrast, for example, LibremMail I'm sure has good technology behind it, but they're based in the US.

    • @muammar007
      @muammar007 ปีที่แล้ว +4

      It's not always about laws. Not all governments follow their own laws.

    • @annoyingbstard9407
      @annoyingbstard9407 2 หลายเดือนก่อน

      Same as all the others.

  • @JacobP81
    @JacobP81 3 หลายเดือนก่อน

    11:01 Actually Thunderbird supports PGP so you can set it up on that without a lot of work or needing the command line.

  • @tedrice1026
    @tedrice1026 ปีที่แล้ว

    If you really must send secret messages over the internet, you need to encrypt them offline on a small computer that is kept locked away and NEVER connected to the internet and the recipient needs to do the same. Use one time pads that were hand delivered. Then you can send them over any email service, but an encrypted one like Proton Mail provides you with another level of protection. However, governments will still know you sent an encrypted email and will have access to the big data.

  • @DeadBaron
    @DeadBaron 10 หลายเดือนก่อน +1

    The only way to send and receive emails securely and get away with it, is to host your own server in your basement, and be a high level democrat from a certain famous family, then it gets completely ignored even when the rest of us would be in federal prison for the classified content that was being hosted.

  • @richiepatil
    @richiepatil ปีที่แล้ว +1

    See man I wouldn't mind switching over to any mail service as long as it lasts, that why I willingly use gmail or outlook because I know it will be there even years after, how many third party mail services have lasted 10+ years and still update with new features?

  • @Solizeus
    @Solizeus ปีที่แล้ว

    Proton is my second email, the "private" one, while gmail is the public one, i did it more because i didn't want google to have just everything, so i branched a bit

  • @RyanMcQuen
    @RyanMcQuen ปีที่แล้ว +12

    The problem with Proton Mail releasing that IP address, is that their website explicitly stated that they were not logging IP addresses. The lie is what I have an issue with.

    • @Wellington-je9nx
      @Wellington-je9nx ปีที่แล้ว

      They probably have different policies for different services, like not logging IPs for Proton VPN but logging it for Proton Mail

    • @RyanMcQuen
      @RyanMcQuen ปีที่แล้ว

      @@Wellington-je9nxread the Ars Technica article, that is not what happened.

  • @Jazzy--
    @Jazzy-- 6 หลายเดือนก่อน +1

    Google: constantly reads through your email.
    People: Yeah I use Google.
    Proton: We give some information to the government of they pin us to a wall.
    People: *Is proton really that secure?*

    • @bobowon5450
      @bobowon5450 5 หลายเดือนก่อน +1

      yeah this isn't like we're comparing two services that are so similar that a slight mistep by proton is a death sentence. We're talking about two services where one is actively bending you over every day for any excuse that they can get, and the other one is taking bullet after bullet for you but sometimes the government fires a tank shell instead of a 9mm.

  • @jsalsman
    @jsalsman ปีที่แล้ว +9

    Excellent subject matter explainer, top class!

    • @EricMurphyxyz
      @EricMurphyxyz  ปีที่แล้ว +4

      Really appreciate it!

    • @sguptzz
      @sguptzz ปีที่แล้ว

      how you are verified with so low subs

    • @jsalsman
      @jsalsman ปีที่แล้ว

      @@sguptzz it's a stupid Google+ thing from 2011.

  • @UndyingEDM
    @UndyingEDM 10 หลายเดือนก่อน

    This is what I understood, correct me if I'm wrong. Email was never meant to be private and messages are encrypted during transit but google for example stores emails in plaintext. PGP can solve this by enabling 'end to end' encryption. I'm not sure how Whatsapp achieves its end-to-end encryption but despite PGP being a solution, it's a pain to setup and use by yourself. Luckily, protonmail enables PGP between proton accounts but if a gmail account sends you an email, proton scans the contents for spam and THEN encrypts it, which means they can read it. There was one case where proton revealed an IP address to the government which ended up in someone getting arrested. One IP isn't much which is good, but there's always a risk from the government with any email provider. Signal was meant to be encrypted from its foundation which I'll learn about soon probably from your channel (edit, you haven't made a video on signal, pls do one). So, proton is more convenient than alternatives and seems trustworthy but it can't be trusted 100%. Note: I haven't seen your emails video yet.

  • @GabrielMirandaLima-hv7oe
    @GabrielMirandaLima-hv7oe ปีที่แล้ว +1

    it is better eating suspicious food than eating rotten food

  • @MitsyWuzHere
    @MitsyWuzHere 28 วันที่ผ่านมา

    My threat model does not include the feds because I'm not doing anything they would care about. I do not want to have an advertising profile built on me is the thing. Also, Proton just runs way faster than Gmail

  • @d34ddud3
    @d34ddud3 11 หลายเดือนก่อน +5

    Showed your bias from the start, had a clear primary point to make supported by a multitude of secondary points and logical conclusions which you even described some potential outliers for. I genuinely appreciate the no bullshit perspective of the video and found it to be incredibly informative and grounded. I am now even more convinced than I was before that Protonmail is right for me, and I now feel properly informed about the strengths weaknesses of the particular company, and the general service as a whole. Thank you.

    • @shishibone
      @shishibone 11 หลายเดือนก่อน +1

      came here for comments like these to be honest. so called "privacy experts" are just shitting on proton for no real reason other than that it was a small company that got big. I trust proton with my data no matter how sensitive. the only downside is that you have to pay up lol

    • @d34ddud3
      @d34ddud3 11 หลายเดือนก่อน

      @@shishibone yeah, the cost is unfortunate. Though I am glad they have options to pay for just the services you want. I'm finding I quite like their password manager.

    • @shishibone
      @shishibone 11 หลายเดือนก่อน

      @@d34ddud3 i agree. I first was sceptical about password managers as i just didn’t use them and it was weird coming from Firefox default login saves. But since I started using it (included in my visionary plan) i think it’s really neat to have my passwords synced between my phone and computer. As i tend to forget some logins quite often

  • @Zinnshady
    @Zinnshady 11 หลายเดือนก่อน

    I dont care about the government (technically speaking I am government), I just want to avoid hackers. Im not super literate when it comes to software and network stuff, identity theft/having my finance accounts robbed are things that keep me up at night.

  • @driptcg
    @driptcg 5 หลายเดือนก่อน

    Thanks for the thoroughness and the provided context

  • @max_ishere
    @max_ishere ปีที่แล้ว +2

    Govt goes to email providers asking for a criminals inbox. Finds spam and password reset forms. Lol.

  • @yxtqwf
    @yxtqwf ปีที่แล้ว +7

    Another (imo bigger) issue with ProtonMail you don't mention is that it does not support mail clients and only allows you to use their own client in your web browser. This means that they can make immediate chnages to it whenever they want, which includes the ability to send malicious JavaScript to read and save your decrypted emails, and you wouldn't even know because it simply is infeasible to read all the JavaScript in the HTML every time you load the website. Another problem resulting from this is that you don't have control over your data as files; ProtonMail does, and you can only access it through a web browser.

    • @daliareds
      @daliareds ปีที่แล้ว +3

      That only applies to the free plan. You can use regular clients on the premium plans

    • @notafbihoneypot8487
      @notafbihoneypot8487 ปีที่แล้ว

      I also think another issue about this that someone brought to the attention of me.
      You also have to trust that mail client to not weaken your security. Its a risk still.

    • @squirlmy
      @squirlmy ปีที่แล้ว

      What motivation would they have to send malicious JavaScript??? On the contrary, they have motivation to keep any mail that is routinely accessed by users safe. They have a reputation to keep up. On linux there is both an Import-Export app to "make offline backups with the Import-Export app", and for paying users, Proton Mailbridge. (BTW the arch/Majaro/Endeavor version is from the community and not directly Proton AG) You can immediately make backups and delete what's on their server. "Only access it through a web browser" is totally wrong.

    • @yxtqwf
      @yxtqwf ปีที่แล้ว +3

      @@daliareds Such a basic feature is behind a paywall? That's even more sus

    • @yxtqwf
      @yxtqwf ปีที่แล้ว

      @@notafbihoneypot8487 If ProtonMail allowed you to use a mail client, then *you* can choose a mail client you trust, even read it's source code, and update it only when you want. Since it doesn't, you do not have a choice but to place your trust on ProtonMail.

  • @goretex101
    @goretex101 ปีที่แล้ว

    Thanks for the video. I only want to use it for advertising trackers. I get ads inside Google email and when using Chrome it's just a treasure trove of targeted promotions. If I can avoid most of that I feel it's worth the money.

  • @kanskje5855
    @kanskje5855 10 หลายเดือนก่อน

    I wish we could not use any email , but everything asks for a email to register and use their site. Its annoying

  • @llpolluxll
    @llpolluxll 9 หลายเดือนก่อน

    TLS is not HTTPS for email, it literally implemented in HTTPS because it is the upgrade from SSL.

  • @_repentence
    @_repentence 2 หลายเดือนก่อน +1

    I think nothing is private, if the government take interest in you then say goodby to your supposed privacy, they can outlaw and force provider to spill any info about you one way or another, true anonimity is boil down to just make sure you leave a little as digital footprint as possible, and dont be outspoken ot worse, record yourself.

  • @apmcd47
    @apmcd47 10 หลายเดือนก่อน

    I know this sort of thing can be off-putting. We use SSH at work and guess who my colleagues come to if a new public/private key pair needs to be set up?

  • @tntredstone
    @tntredstone ปีที่แล้ว +1

    I just use outlook, nowdays privicy is screwed in general

  • @TheProtonSpinner
    @TheProtonSpinner 11 หลายเดือนก่อน +1

    Protonmail handed over specific data on certain users after being ordered to by the Swiss courts after being petitioned by the US. So, if you have Uncle Sam actually going to a Swiss court to obtain a warrant for your email, you've really screwed the pooch.

  • @madeyeQ
    @madeyeQ 10 หลายเดือนก่อน +1

    Email is unsecure. Period.
    Proton mail is no better or worse than other email services. But I do like it's hosted in Switzerland who has pretty good privacy.
    Yeah, if the government/police show up with a warrant they will have to hand out the information they have on you, but that's true for ALL companies in the world.
    Do you trust MS to not hand out the information if asked? (I wouldn't trust MS with my socks drawer)
    btw. I am using Proton mail for some of my email, but I also (still) use gmail.

  • @danielhoglan3468
    @danielhoglan3468 10 หลายเดือนก่อน

    This video is 100% spot on. Email could have been made secure, but it wasn't. Truly secure email with end to end encryption, requires that both ends have the tools to encrypt and decrypt. This is why protonmail to protonmail communications are secure in as much as you can trust protonmail. Even perfectly executed, if there were vulnerabilities in the encryption methods that the agencies were aware of, it wouldn't be made known to the public. I'm also not sure how far they've come with quantum proof encryption they've come, but that's an issue too. Then there's the idea that the agencies are storing information that they aren't able to decrypt today, because one day they will be able to. So current encryption methods that aren't quantum proof, that they can't read now, they likely have and will be able to read in the future. The scope of that goes way beyond email.

  • @sabai111
    @sabai111 5 หลายเดือนก่อน

    It's all about TRUST... everywhere!