-
Notifications
You must be signed in to change notification settings - Fork 501
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[QUESTION]: Are ProtonMail and Tutanota fostering email centralization? #308
Comments
Okay, it seems ProtonMail is maintaining their cryptography component OpenPGP.js separately from ProtonMail, so that it can be re-used in other projects. This is good. |
Yes, you are correct, ProtonMail is by all means a centralized service, but to be fair none of the projects listed in this repository are truly decentralized. Most contain some decentral features but as far as I am aware decentralization is questionable to achieve and impossible to sustain. What ProtonMail brings to the "decentralized" table is that the service provider themselves has vowed to leave your communications private and not relentlessly datamine all your plaintext emails such as the other actors you mentioned. They also make it dead simple for you to utilize encryption with those contacts that you have exchanged public-keys with If you don't want to trust them, then there is nothing stopping you from setting up your own email server such as postfix.
I hope this helps, good luck with mailing! 👍 |
@telamon Thanks so much for your detailed response. :-) |
@wigy-opensource-developer @telamon I came across this article (https://seirdy.one/2021/02/23/keeping-platforms-open.html), that explains this situation. |
Protonmail and Tutanota are only really secure in the sense that they are encrypted between users of the same service, sent within the service. AKA: from user1@protonmail.com to user2@protonmail.com - this will be encrypted, fully. Same as with tutanota. Though sending from user1@protonmail.com to guy@tutanota.com - this will not be. Like with cryptocurrency: "not your keys? I find this to generally be a good rule of thumb. |
Aether is actually P2P, and I'm sure there are others that are too. |
I think you confused something there, Protonmail uses the standard OpenPGP, so Protonmail <--> ANYTHING-using-OpenPGP will be encrypted. I don't know anything about Tutanoa but if they are using some kind of proprietary encryption then yikes be careful of what you communicate... |
More like can be, right? Because there has to be a prior knowledge of the public keys, without a key exchange mechanism. |
@blacklightpy yes. You have to email/send your public key to the person you wish to talk. If they reply with their public key then the rest of the conversation can be carried out in private. |
Hello Folks!
I have been thinking about this lately. Their client and server components are designed in a custom way to provide the desired features. So their clients can interact with a server only if its compatible. Since these services chose not to release their server-side code, it is not possible to setup different servers for decentralized communication, using the respective clients. I am very concerned that this scheme is going to steer email ecosystem towards centralization, along with the current email centralization issues with Google and Microsoft.
Any thoughts?
Regards,
RG.
The text was updated successfully, but these errors were encountered: