Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[QUESTION]: Are ProtonMail and Tutanota fostering email centralization? #308

Open
ghost opened this issue Jan 31, 2021 · 10 comments
Open

[QUESTION]: Are ProtonMail and Tutanota fostering email centralization? #308

ghost opened this issue Jan 31, 2021 · 10 comments

Comments

@ghost
Copy link

ghost commented Jan 31, 2021

Hello Folks!

I have been thinking about this lately. Their client and server components are designed in a custom way to provide the desired features. So their clients can interact with a server only if its compatible. Since these services chose not to release their server-side code, it is not possible to setup different servers for decentralized communication, using the respective clients. I am very concerned that this scheme is going to steer email ecosystem towards centralization, along with the current email centralization issues with Google and Microsoft.

Any thoughts?

Regards,
RG.

@ghost ghost changed the title [QUESTION]: ProtonMail and Tutanota [QUESTION]: Are ProtonMail and Tutanota fostering email centralization? Jan 31, 2021
@ghost
Copy link
Author

ghost commented Feb 1, 2021

Okay, it seems ProtonMail is maintaining their cryptography component OpenPGP.js separately from ProtonMail, so that it can be re-used in other projects. This is good.

@wigy-opensource-developer
Copy link
Contributor

@mpfau @bedhub Maybe you are not reading this, so I mention you so you can give a proper answer here.

@telamon
Copy link

telamon commented Feb 3, 2021

Yes, you are correct, ProtonMail is by all means a centralized service, but to be fair none of the projects listed in this repository are truly decentralized. Most contain some decentral features but as far as I am aware decentralization is questionable to achieve and impossible to sustain.

What ProtonMail brings to the "decentralized" table is that the service provider themselves has vowed to leave your communications private and not relentlessly datamine all your plaintext emails such as the other actors you mentioned.

They also make it dead simple for you to utilize encryption with those contacts that you have exchanged public-keys with
and by using an open standard such as OpenPGP they've ensured your recipients have the freedom to choose their own email-client without lock-ins.
At the end of the day you have to make your own choice if you trust ProtonMail to be your personal courier.
They're is just another service provider with a privacy focused business model.

If you don't want to trust them, then there is nothing stopping you from setting up your own email server such as postfix.
The email protocols are theoretically decentralized as in anyone can run their own node. But that is also the root cause for the unfixable spam problem. (For freedom to exist it must be equally extended to all actors, good and bad)
So be aware that if you choose to run your own node, then you're still going to be drifting towards centralization due to dependency on DNS and SSL that are two centralized systems tethered to the world economy.

TL;DR; the world's entire email system has for the past 5 decades been and is continuing to drift towards centralization.
The day when there is only one email provider left is the day when it's game over.
If you want to avoid that, then it doesn't matter which provider you choose or self host as long as you don't go for the most popular one.
Also you can try to sway your friends opinions, it's not gonna make you popular or rich, but I think it's an interesting subject.

I hope this helps, good luck with mailing! 👍

@ghost
Copy link
Author

ghost commented Feb 13, 2021

@telamon Thanks so much for your detailed response. :-)

@ghost
Copy link
Author

ghost commented Mar 1, 2021

@wigy-opensource-developer @telamon

I came across this article (https://seirdy.one/2021/02/23/keeping-platforms-open.html), that explains this situation.

@netluxe
Copy link

netluxe commented May 4, 2021

Protonmail and Tutanota are only really secure in the sense that they are encrypted between users of the same service, sent within the service. AKA: from user1@protonmail.com to user2@protonmail.com - this will be encrypted, fully. Same as with tutanota. Though sending from user1@protonmail.com to guy@tutanota.com - this will not be.

Like with cryptocurrency:

"not your keys?
not your wallet
not your money"

I find this to generally be a good rule of thumb.

@Kyllingene
Copy link
Contributor

none of the projects listed in this repository are truly decentralized.

Aether is actually P2P, and I'm sure there are others that are too.

@telamon
Copy link

telamon commented Aug 11, 2021

@netluxe

Protonmail and Tutanota are only really secure in the sense that they are encrypted between users of the same service, sent within the service. AKA: from user1@protonmail.com to user2@protonmail.com - this will be encrypted, fully. Same as with tutanota. Though sending from user1@protonmail.com to guy@tutanota.com - this will not be.

I think you confused something there, Protonmail uses the standard OpenPGP, so Protonmail <--> ANYTHING-using-OpenPGP will be encrypted.

I don't know anything about Tutanoa but if they are using some kind of proprietary encryption then yikes be careful of what you communicate...

@blacklightpy
Copy link

I think you confused something there, Protonmail uses the standard OpenPGP, so Protonmail <--> ANYTHING-using-OpenPGP will be encrypted.

More like can be, right? Because there has to be a prior knowledge of the public keys, without a key exchange mechanism.

@telamon
Copy link

telamon commented Sep 8, 2023

@blacklightpy yes. You have to email/send your public key to the person you wish to talk. If they reply with their public key then the rest of the conversation can be carried out in private.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants