> Citing that plain text is readable before proton mail encryption is.... unfair.
Firstly it wasn’t me that made that observation but..
I don’t think fairness comes into it. If you’re concerned with that risk, use something else. All security comes with a set of trade offs and knowing which risks you’re protected from and which you are not, helps you make that choice.
ProtonMail are also very good at publishing their threat model, architecture and technical implementation as well as large parts being open-source.
> What protonmail tries to solve is your mail being encrypted at rest.
Actually it does better than that. It uses message-level encryption using PGP keys to provide that encryption at rest. Which in theory gives them zero access. Lots of services which tout encryption at rest are actually encrypting the block storage which mitigates against fewer and less likely threats.
Firstly it wasn’t me that made that observation but..
I don’t think fairness comes into it. If you’re concerned with that risk, use something else. All security comes with a set of trade offs and knowing which risks you’re protected from and which you are not, helps you make that choice.
ProtonMail are also very good at publishing their threat model, architecture and technical implementation as well as large parts being open-source.
> What protonmail tries to solve is your mail being encrypted at rest.
Actually it does better than that. It uses message-level encryption using PGP keys to provide that encryption at rest. Which in theory gives them zero access. Lots of services which tout encryption at rest are actually encrypting the block storage which mitigates against fewer and less likely threats.