would like to write about protonmail.ch or protonmail.com
It might look like I am criticizing the project, while I do not. Apparently I have even donated them money.
Recently they’ve opened free registration, so you can get your protonmail.com address. Actually I do not understand why sometimes you get protonmail.com and sometimes protonmail.ch domain. Your username @ protonmail.com does not work as firstname.lastname@example.org and vice versa.
So, protonmail claims that they encrypt your mailbox, and only you can decrypt it. You need to have two passwords - first for the login, and second to decrypt the mailbox. If you happen to forget the second password, then your mailbox will be lost forever, you can create a new mailbox and encrypt it with different password.
It all seems very attractive, however there are questions:
— if the mailbox is encrypted, then when you receive the email, they cannot put it to the mailbox? Then they have to store it at some temporary location? Wait until you login to decrypt the mailbox, so that they can add the email to that mailbox while it’s temporarily decrypted?
— if there is such a state, then if they required to retrieve your emails, they can do that technically, when you are logged in? and when you are not logged in, they can make copies (again, technically) of your emails while they were not added to your mailbox?
— if you send emails to the other email provider, like google, then obviously, your email will be stored and never erased by google. that is why Protonmail suggests to send emails from proton to proton in order to stay safe.
#protonmail #mail #security #cryptography #privacy