Will these emails be more secure?

  • dbx12@programming.dev
    link
    fedilink
    arrow-up
    24
    ·
    1 year ago

    Not exactly. Maybe you benefit from an additional virus scan (if Proton does this). What you certainly benefit from is the “only load external resources when told to” feature. This prevents tracking since loading the external resource == the mail was opened.

    What exactly do you want to achieve in terms of security?

    • amigan@lemmy.dynatron.me
      link
      fedilink
      English
      arrow-up
      21
      arrow-down
      2
      ·
      1 year ago

      What exactly do you want to achieve in terms of security?

      I’m beginning to think many people here just want to throw money at a vague concept of “security” without having a crumb of a threat model in mind.

      • ItsComplicated@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        19
        ·
        1 year ago

        IMO people mainly just want big tech to quit snooping on everything they do.

        On the other hand, it is a lot of hoops and a large learning curve for those to whom have no idea where to start other than having big tech stop snooping.

      • lckdscl [they/them]@whiskers.bim.boats
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        1 year ago

        The problem with a late stage capitalist world is that the moment you realize you want to escape Big Tech, there are already numerous of services selling pseudo or marketable privacy-respecting product with comparable convenience to the competing Big Tech counterpart. This appeal to non-technical consumers means their willingness to “vote” with their wallet what they thinks is the best replacement.

        The drawback of this, for non-technical consumers, is that it’s hard to distinguish between no-nonsense actual privacy-respecting services (with caveats laid out before you pay), where you’re forced to do research, and those filled with buzzwords and marketable features, where it’s easy to completely put your trust in these companies.

        • amigan@lemmy.dynatron.me
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          By definition, if you don’t feel like putting in the homework, you are ceding control to someone else. At that point, all bets are off. Even trustworthy entities can turn on a dime. Ease and full control are mutually exclusive.

  • Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    arrow-up
    11
    ·
    edit-2
    1 year ago

    No. Gmail scans all messages as they come in, so if there’s anything secret in there it’s too late already.

    You can enable PGP to encrypt messages for free, but that only protects your email when the receiving end also enables PGP and has given you their public key beforehand and marked them as sufficiently trusted.

    If your recipient has an S/MIME certificate, you can use that to encrypt messages. These certificates cost money, though. Again you’ll need their public key, but you don’t need to mess with any webs of trust.

    Email encryption is a pain in the ass to use securely. If you want to share messages safely, use Signal or another secure messenger. Even WhatsApp is more secure than standard email.

    • dbx12@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Technically you still have a web of trust with S/MIME. You just don’t say “I trust you because X said you’re good and I trust X” but you say “I trust you, because you paid X money and X did probably a good background check on you”. So rather a tree than a web.

      I guess it is philosophical to argue if a tree can be considered a net as well.

      • Very true, but with S/MIME you have the advantage of not needing to maintain that stuff yourself. Both PGP and S/MIME have huge impersonation risks in theory, but in practice S/MIME is just the expensive, corporate PGP that normal people can actually use for their business email.

        • dbx12@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Basically Let’s encrypt and geotrust certificates :D

          Oooh, something like let’s encrypt but for mails would be nice

  • Eufalconimorph@discuss.tchncs.de
    link
    fedilink
    arrow-up
    9
    ·
    1 year ago

    No. Proton only encrypts message content to/from other Protonmail users. Message subject, sender, and recipient aren’t encryptable for email.

  • 👁️👄👁️@lemm.ee
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    It’ll be stored off of Google servers but they’ll see it anyways. Still, it’s best to do that while migrating emails. Have your old one forward to the new one.

  • GadgeteerZA@lemmy.ml
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    No it’s not more secure going via Gmail. But what I did was to get the paid Proton Mail and I used my own domain name. So yes plenty pain and time now to slowly update my email address everywhere away from Gmail to my own domain name with Proton Mail.

    But hopefully it’s the last time I have to update the email address everywhere, because even if I leave Proton Mail, my mail address is not tied to them, but to my own domain name so I can point that to any other mail provider.

    So every mail address I’m changing now, is one away from Gmail. But if course 99.9% of businesses don’t Encrypt mail, so I’m only really cutting Google out of the loop (assuming the other party is not using Gmail of course).

  • lps@lemmy.ml
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Your emails are already scanned by Gmail at that point, so you’re defeating the purpose

  • kworpy@lemm.ee
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    If you’re forwarding from Gmail, then Google can still see all of your emails.