this post was submitted on 03 Aug 2025
555 points (93.7% liked)

Technology

76361 readers
1999 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] DeathByBigSad@sh.itjust.works 7 points 2 months ago* (last edited 2 months ago) (2 children)

Incoming Emails that aren't from proton, or PGP encrypted (which are like 99% of emails), arrives at Proton Servers via TLS which they decrypt and then have the full plaintext. This is not some conspiracy, this is just how email works.

Now, Proton and various other "encrypted email" services then take that plaintext and encypt it with your public key, then store the ciphertext on their servers, and then they're supposed to discard the plaintext, so that in case of a future court order, they wouldn't have the plaintext anymore.

But you can't be certain if they are lying, since they do necessarily have to have access to the plaintext for email to function. So "we can't read your emails" comes with a huge asterisk, it onlu applies to those sent between Proton accounts or other PGP encrypted emails, your average bank statement and tax forms are all accessible by Proton (you're only relying on their promise to not read it).

[–] EncryptKeeper@lemmy.world 18 points 2 months ago* (last edited 2 months ago) (2 children)

Ok yeah thats a far cry from Proton actually “Having your unencrypted emails on their servers” as if they’re not encrypted at rest.

There’s the standard layer of trust you need to have in a third party when you’re not self hosting. Proton has proven so far that they do in fact encrypt your emails and haven’t given any up to authorities when ordered to so I’m not sure where the issue is. I thought they were caught not encrypting them or something.

[–] Vinstaal0@feddit.nl 1 points 2 months ago (1 children)

We need to call for an audit on Protons policy and see if they actually do what they say, that way we can know for almost certain that everything is good as they say

[–] EncryptKeeper@lemmy.world 1 points 2 months ago (1 children)

I mean we know from documented events that Proton doesn’t store you emails in plain text because there have been Swiss orders to turn over information which they have to comply with and they’ve never turned in emails, because they can’t.

[–] Vinstaal0@feddit.nl 1 points 2 months ago (1 children)

Do you have a source for that? I know they handed over an IP address, but I haven't heard about them handing over an email.

[–] EncryptKeeper@lemmy.world 1 points 2 months ago (1 children)

As far as I know they have not handed over any emails.

[–] Vinstaal0@feddit.nl 1 points 2 months ago

That's what I thought, but you never know.

I hate it when people share this bullshit without proof, as far as I know Proton is still fighting for pro consumer and pro privacy laws and services.

[–] cley_faye@lemmy.world -5 points 2 months ago (2 children)

Ok yeah thats a far cry from Proton actually “Having your unencrypted emails on their servers” as if they’re not encrypted at rest.

See my other reply. There is no way to retrieve your mail using IMAP on a regular client if they're encrypted on the server. And Gmail can retrieve your mails from proton using IMAP. It's even in their own (proton's) documentation.

[–] EncryptKeeper@lemmy.world 5 points 2 months ago (1 children)

There is no way to retrieve your mail using IMAP on a regular client if they're encrypted on the server.

That is probably why you can’t retrieve your emails using IMAP from a regular client.

And Gmail can retrieve your mails from proton using IMAP. It's even in their own (proton's) documentation.

I don’t think it can. Where in the documentation did you find that?

[–] cley_faye@lemmy.world 2 points 2 months ago* (last edited 2 months ago) (1 children)
And Gmail can retrieve your mails from proton using IMAP. It’s even in their own (proton’s) documentation.

I don’t think it can. Where in the documentation did you find that?

An online search brought me here : https://www.getmailbird.com/setup/en/access-protonmail-com-via-imap-smtp which did looks like a documentation page about how to do exactly that. Obviously, it has nothing to do with them, and the actual details makes no sense the lower you get in the page. I've been had :)

They still can see most mails transit from their service in plaintext in both directions, though, which remain a privacy issue, but it has more to do with email protocols than anything.

[–] EncryptKeeper@lemmy.world 1 points 2 months ago

You’re right that they can see the emails in transit if you’re not using encryption, but they never said they can’t. They are as secure as they can possibly be, and are honest about what’s secure and what’s not. I would leave Protonmail at the first sniff of trouble but I just haven’t seen anything that concerning.

[–] nymnympseudonym@lemmy.world 2 points 2 months ago

Agreed.

Really, if someone wants to use an LLM, the right place to run it is in a sandbox locally on your own computer

Anything else is just a stupid architecture. You don't run your Second Brain on Someone Else's Computer

[–] cley_faye@lemmy.world -1 points 2 months ago

Now, Proton and various other “encrypted email” services then take that plaintext and encypt it with your public key, then store the ciphertext on their servers, and then they’re supposed to discard the plaintext, so that in case of a future court order, they wouldn’t have the plaintext anymore.

You would not be able to retrieve your mails using IMAP from a regular mail client if they were doing that. You can even retrieve them from Gmail, which is unlikely to support any kind of "bring your own private key to decrypt mails from IMAP".