Can You REALLY Trust Proton Mail?

Поделиться
HTML-код
  • Опубликовано: 21 дек 2024

Комментарии •

  • @techvishnuyt
    @techvishnuyt Год назад +1947

    you guys use e-mail services? pfff i always count on my pigeon george. trust me he never speaks a thing about me

    • @bacalhau_seco
      @bacalhau_seco Год назад +96

      real mfs send letters manually

    • @Naokarma
      @Naokarma Год назад +28

      Funfact: Carrier pigeons were a distinct species, and one that went extinct due to over-hunting.

    • @bacalhau_seco
      @bacalhau_seco Год назад +51

      @@Naokarma idk who told you that but carrier pigeons still exist...
      They mostly exist for showoff tho, people buy pigeons and breed them to get better pigeons each generation.

    • @sazanlip
      @sazanlip Год назад

      Wait until your avian carrier gets intercepted by feds' falcon. This is VERY unlikely to happen, unless you're Osama kind of guy.

    • @Leon-qo2vl
      @Leon-qo2vl Год назад

      @@a-_-a men of culture rfc 1149 is the future

  • @AnalyticMinded
    @AnalyticMinded Год назад +560

    Exactly. I don't fully trust in any e-mail service precisely for the reason you mentioned: the protocol itself. If you have something sensitive to share to anyone, e-mail is not the right medium.

    • @folksurvival
      @folksurvival Год назад +53

      Same for SMS text messaging.

    • @sazanlip
      @sazanlip Год назад +15

      Except, maybe, you and your intended recipient exchanged ciphers ahead. Preferably in a face-to-face real world meeting. In a place where there's not a single camera for miles away.

    • @Darkk6969
      @Darkk6969 Год назад +13

      That's what PGP is designed to do. Problem is trying to explain the sender on how to use it is the problem in itself. ProtonMail supports it and they make it fairly easy to use. I generate my own PGP keys on my computer so I know there's no escrow key attached to it. My Thuderbird e-mail (Linux) client automatically attaches my PGP public key so they can use it to send me encrypted e-mails.

    • @Dowlphin
      @Dowlphin Год назад +18

      It also frustrates me when people refuse to communicate by e-mail or such because they consider it unsafe but then act like Telegram is totally rock-solid. Well, to begin with, it requires a contract-based global ID (phone number) attached to an account, and then Telegram is under jurisdictions, too.
      It is often better to use e-mail but have no smartphone than to use Telegram and a smartphone. But the 'popculture security sheeple' cannot be convinced after they already believe they are totally safe now with their cute little mass-used gimmick.

    • @sazanlip
      @sazanlip Год назад +13

      @@Dowlphin Or, even worse, Whatsapp, because it *allegedly* has E2E encryption enabled by default. But I have doubts if their 'encryption' doesn't have any backdoors, which can be used both 'legitimately' and illicitly.

  • @cenewton3221
    @cenewton3221 Год назад +887

    Email in general cannot ever be truly secure. If one needs that level of total privacy there are other tools for said communication. With email, at best it's the equivalent of locking our doors at night - enough to keep honest people honest, that's about it. Determined people, either individuals or government agents, will find a way to crack emails.

    • @adamz1977
      @adamz1977 Год назад +13

      Why not? Email has transport encryption between servers and between clients, it can have content encryption via autocrypt (or other methods including the Signal protocol like criptext), it has DNSSEC, TLSA, DANE. Encryption at rest can be done as well, or messages can be removed from server when delivered. What security holes are still left after all of that?

    • @gakukid991
      @gakukid991 Год назад

      @@adamz1977 It was explained on the video, if you don't use PGP yourself and send encrypted data, the gov can make the company server comply with encryption removal at rest for that specific users etc.
      Heck, proton if wanted can also push an logger script on the web so even PGP would not work if typed on the web app of them.
      The only way for email to be secure is to type it on a offline editor which is not related to the email comany and encrypt it with PGP there. Then send it through email.

    • @eatbreakfasts7993
      @eatbreakfasts7993 Год назад +21

      I.T. guy here; I hope I'm not witnessing someone defending faxes right now 😏

    • @EntityVsEntityInteractions
      @EntityVsEntityInteractions Год назад

      @@adamz1977 You can always manually encrypt your own data with a cipher. The only reason why Enigma was cracked was because an entire nation was intercepting hundreds of messages, original Enigma machines, etc - and devoting thousands of man-hours to cracking it! If you make up your own encryption, the scale that you operate at will make it even harder for people to crack.

    • @sylpisophia5612
      @sylpisophia5612 Год назад +39

      As someone who literally sets up servers and mail servers are one of them, I can agree at some degree that you CAN secure email. BUT, can you still call it an email? And, the more you make it secure, the more complex it becomes that its a nightmare to maintain or even use. In the end, emails should never be used for something that requires security. Never send account information over email. And never use email for 2FA.

  • @joaomaria2398
    @joaomaria2398 Год назад +732

    ProtonMail is just a better alternative to gmail. That is it.
    It isn't the holy savior of the mail privacy.

    • @EricMurphyxyz
      @EricMurphyxyz  Год назад +245

      It's pretty good but I agree, it's neither the holy savior or the devil, it's just a good option if you don't trust Google

    • @joaomaria2398
      @joaomaria2398 Год назад +55

      Functionality and availability wise, google is also very good. It just works. Both of them, indeed.
      But privacy wise.... I will just say I try to not use anything coming from google. I am not there yet... but one day!

    • @terrydaktyllus1320
      @terrydaktyllus1320 Год назад

      Yes, I absolutely agree with you.
      The 5 most evil corporations that make money from harvesting user data are Google, Apple, Faecesbook, Microsoft and Amazon.
      If you use any other service (including email) provider that isn't affiliated to those corporations or the CCP, then you are going to be more private than you were using services on any of them.
      Email isn't encrypted unless you use PGP, at which point the body of the email is encrypted but the headers and the metadata are not - so someone from the outside can see who you were communicating with and what times, and may be able to guess what you were discussing purely because of that relationship. And that's something you just can't change with email.

    • @nwerd7584
      @nwerd7584 Год назад

      @@joaomaria2398 the issue is once you use it you already lost the privacy, and your id.. you can only stop them from continuing to collect current data to send personalization at you.

    • @trueriver1950
      @trueriver1950 Год назад +8

      I'd rephrase that: pm is not as bad as Gmail. Only in algebra is "not as bad" the same as "better".

  • @xymaryai8283
    @xymaryai8283 10 месяцев назад +35

    honestly this was the best Ad for Proton Mail, sensibly discussing the technology and history, flaws and benefits. i hope they pay you, because they probably got a few subscriptions bc of this video.

  • @Sunrise-d819i2
    @Sunrise-d819i2 Год назад +198

    the only privacy i care about is being sold for ads, i knew from the start they have to give up info for warrants which is fully justified. i just don't want random workers and ad companys in my emails. proton is perfect for daily use.

    • @YountFilm
      @YountFilm 7 месяцев назад +23

      It's "fully justified"... until the laws keep changing and the warrant is for "suspicion of collecting rainwater in barrels on your own property."

    • @harveywaek
      @harveywaek 6 месяцев назад +12

      @@YountFilmsure but honestly who is using email for anything other than signing up for things or sending colleagues or businesses a message to start a line of communication. Afterwards if security is a concern no one is using email…

    • @axton9521
      @axton9521 6 месяцев назад +6

      ​@@YountFilmLaws dont just change by accident. At least in the US and Germany we ellect governments. I think we should try our best to fight this at the government level. There are lots of surveillance options way harder to circumvent like hardware backdoors, public cameras, other peoples digital devices etc.. So yeah, I'll definitely try to fight on that side. If this fight is ever lost, then yeah just ditch mail.

    • @cristianhakansson7443
      @cristianhakansson7443 6 месяцев назад +1

      It seems to me that covering your tracks because the cops are after you is probably (hopefully!) more privacy than the average person needs.

  • @jagildown
    @jagildown Год назад +85

    The people that don't care about pivacy at all "I have nothing to hide" should think what could happen if uncle adolf was in command with access to all this data.

    • @tziirkq
      @tziirkq Год назад +19

      Just tell them to give you all their passwords so you can read what they say on facebook or in their emails. If they have nothing to hide then they should be OK with it.

    • @jagildown
      @jagildown Год назад +3

      😂😂😂

    • @mikaelbihl-matias9462
      @mikaelbihl-matias9462 Год назад +17

      Plot twist: uncle KLAUS is in command with all the datas

    • @manuelp7472
      @manuelp7472 4 месяца назад +5

      The reality is that the people in charge are just as bad if not worse than him.

    • @AlexandreLefaure
      @AlexandreLefaure 3 месяца назад +4

      I wonder how many of those who have nothing to hide would let anybody put a camera in their house just to watch.

  • @MrBelles104
    @MrBelles104 Год назад +179

    I switched to it after your email video, and I’ll use it because although they have shown they aren’t perfect, it is absolutely safer than Google Mail so switching to Proton was a net positive.

    • @QuantumFantasy
      @QuantumFantasy Год назад +35

      Exactly this. The people that kick and scream about protonmail to someone who's never heard of a VPN and have 1-3 Gmail accounts is really just missing the point. If they don't use proton they're probably just going to keep using Gmail, not open their own personal email server.

    • @AshnSilvercorp
      @AshnSilvercorp Год назад +4

      I've had caution to doing it for everything since some services are allergic to you using it. I guess if you wanted to be 99.9% private, you shouldn't be using the services that would have a problem with it in the first place.
      If anything, I'm getting very mad with other email services making account deactivation policies that are going to just get shorter and shorter until maintaining them becomes a chore and a risk of massive account lockouts...
      Edit: I read that Proton is doing the same thing... I guess it's neat you can pay for it once and cancel later and the account can remain active? But if they change the policy once, they'll do it again I guess...

    • @MrBelles104
      @MrBelles104 Год назад

      @@AshnSilvercorp Oh yes, not just email services, but all internet services in general seem to be trying to prune anything they label as "dead". At this point in time, Proton is only resending any emails my Gmail gets, so nothing I use actually goes to Proton but rather Gmail, but I'll see what services in the future I can use Proton with natively.

    • @Grubyauau
      @Grubyauau 10 месяцев назад +1

      @@AshnSilvercorp They were forced by the Swiss government to give his data, and unless you know the context, as I read this peasant what he wrote to the US government or somewhere, he threatened them and seriously, so I guess it's better after all to turn one man in than to have others commit su*cide from his false threats.... in short: it's one good thing, one bad thing that they ratted him out, because they broke their confidence a bit, but at the same time they helped catch the person through whom suic*des out of desperation could sprinkle

    • @ThisOLmaan
      @ThisOLmaan 9 месяцев назад +2

      Plus Gmail now ask to add a phone number with out a choice, dont know how long or when that start it. But it wasn't a thing when a open account at Gmail, now i'll Try Proton Mail till they decide to also start asking for such verifications to verify.

  • @mazzysmainframe
    @mazzysmainframe Год назад +71

    I have no illusions about Proton being a beacon of inviolable privacy against the evil forces of the world, I just like the service they provide. Not just the email but the entire ecosystem of services. It works really well for me in my situation.

  • @marcogenovesi8570
    @marcogenovesi8570 Год назад +638

    As a fellow glowing fed I approve this message

    • @folksurvival
      @folksurvival Год назад

      @@rft253 Because the greatest programmer who ever lived told us so.

    • @the_null_man
      @the_null_man Год назад

      ​@@rft253It's because of the legendary quote by Terry A Davis, on how "the CIA (hard R nwords) glow in the dark, and you can see them while you're driving". Look it up, it's kinda funny, to be honest

    • @2012Accounts
      @2012Accounts Год назад

      ​@@rft253cause they're feds

    • @BasedChad
      @BasedChad Год назад +1

      ​@@rft253do NOT look up terry davis

    • @magnum333
      @magnum333 Год назад +1

      CIA n*gg*rs glow in the dark @@rft253 Why? Probably the nanotech in their blood, luciferase, graphene oxide... who knows...

  • @guesswhoscoming9046
    @guesswhoscoming9046 Год назад +103

    Protonmail is good for what it is. Even hosting your own mailserver isn't 'fully secure' and if you are sharing sensitive data there are better protocols.

    • @tedrice1026
      @tedrice1026 11 месяцев назад +8

      I don't know - it seemed to work well for Hillary! Just keep a big hammer on hand.

    • @stevexanny
      @stevexanny 11 месяцев назад

      She's got democrat privilege, that's what you're forgetting@@tedrice1026

    • @masterTigress96
      @masterTigress96 11 месяцев назад

      @@tedrice1026 I suspect she had insider help, although, admittedly, I have no evidence for this. Only the fact that I cannot, *cannot* imagine that the secret services did not know she was doing it.
      I suspect she or good or Billy had connections of some sort to help them set this up in the first place, and secondly, to prevent them from getting into serious legal trouble.
      If I were to suddenly run my own mail server or my own mail address and use it for work, my employer would have me booted from the company in no time. I do not believe for a second that nobody knew from the get go what she was doing.

    • @electric26
      @electric26 11 месяцев назад

      ​@@tedrice1026😂😂 fair enough

  • @___gg421
    @___gg421 Год назад +97

    If your hiding from the government you need to be using more secure communication anyways, if you just don’t want your email scanned and data sold then proton is pretty good

    • @TheBlackStranger
      @TheBlackStranger 6 месяцев назад

      I'm new to internet security. What would you use for such a situation?

    • @sudonim116
      @sudonim116 5 месяцев назад

      ​@@TheBlackStrangerEmail is fine if you PGP encrypt the contents

    • @sudonim116
      @sudonim116 5 месяцев назад

      ​@@TheBlackStrangeror maybe signal?

    • @yuinyaH
      @yuinyaH 5 месяцев назад

      ​@@TheBlackStranger Signal or Telegram

    • @roccociccone597
      @roccociccone597 5 месяцев назад

      exactly, that's the main reason I use proton...

  • @sidensvans67
    @sidensvans67 11 месяцев назад +22

    Rules for Life .
    1. Do not trust any Device , system or service , ever .
    2. Never forget Rule 1.

    • @nightowl425
      @nightowl425 8 месяцев назад +1

      Then what's the point of technology? Might as well trust something.

    • @sidensvans67
      @sidensvans67 8 месяцев назад +7

      @@nightowl425 Good luck with that .

    • @NeptuneSega
      @NeptuneSega 4 месяца назад

      ​@@nightowl425 you use it cautiously. Just because you use it doesn't mean you have to trust it.

  • @GameCyborgCh
    @GameCyborgCh Год назад +40

    this is actually a good reminder for me to go through my multiple emails and do some house cleaning, delete mails from services i am no longer using, delete emails that are a decade old and most importantly unsubscribe from all the email newsletters

    • @Sl.layer.34
      @Sl.layer.34 10 месяцев назад

      Proton + SimpleLoguin

  • @orion10x10
    @orion10x10 Год назад +56

    As a CIA Agent I love Proton Mail, makes over throwing democratically elected governments the world over a breeze. All my friends, family and global espionage network connected in one place

    • @notafbihoneypot8487
      @notafbihoneypot8487 Год назад +30

      Tim what did we talk about you telling people you're a CIA agent.

    • @squirlmy
      @squirlmy Год назад +2

      @@notafbihoneypot8487 let me guess, you wear a white coat and offer people a temporary place to stay? 😉

    • @orion10x10
      @orion10x10 Год назад +2

      ​@@notafbihoneypot8487 😅

    • @Darkk6969
      @Darkk6969 Год назад +2

      Oh snaps! 🤣

    • @erickyle5604
      @erickyle5604 Год назад +2

      Please report to sound proof conference room for "remedial" training regarding the release of internal operational procedures.

  • @ducksies
    @ducksies Год назад +151

    PGP is actually easy to use, but it's a pain to maintain a list of public keys for all your friends

    • @AshnSilvercorp
      @AshnSilvercorp Год назад +7

      I will say doing verification with it isn't really well explained. I've tried to use it to verify Linux iso's a few times, and the process is never really well explained on the install pages.

    • @ducksies
      @ducksies Год назад

      @@AshnSilvercorp it's pretty easy. If you want a video guide for it, check out Mental Outlaw's new Tails guide- he explains the process of verifying the ISO there.

    • @kj-marslander
      @kj-marslander Год назад +20

      You're contradicting yourself.

    • @tedrice1026
      @tedrice1026 Год назад +9

      Try getting anyone else to use it!

    • @jb_lofi
      @jb_lofi Год назад

      @@tedrice1026 Exactly. That's the only hard part of it. And although I agree that distros should at least link to a guide or something explaining how to verify ISOs, that's a general issue with all open source projects... the number of times I've tried to find a proper install guide for some github project is way too dang high.

  • @danielrobinson3654
    @danielrobinson3654 Год назад +94

    PGP isn't really confusing, it's just kinda a pain adding extra steps

    • @littlered6340
      @littlered6340 Год назад

      This

    • @adamz1977
      @adamz1977 Год назад +1

      Have you tried the autocrypt standard though? There's zero friction using that with clients that support it fully (like Delta Chat).

    • @nds6767
      @nds6767 Год назад +2

      I find it funny. PGP was great. BUT then Symantec bought it and wtf happened? It’s still around but what a shit show. I miss the PGP desktop.

    • @Kirt44
      @Kirt44 Год назад

      Pgp I have still not had it work out and i tried it all so what are u talking about its impossible

    • @sotecluxan4221
      @sotecluxan4221 7 месяцев назад

      What is ur opinion about OpenPGP as in Thunderbird available?

  • @jorgepenaloza6834
    @jorgepenaloza6834 Год назад +31

    I agree, but I will also add that the person who wants to be invisible has to not only stop using email, but also reduce social connections to almost zero.
    Facebook was capable years ago of creating panthom profiles of people not on facebook, just by all the info he had on your friends and family. So if you have communications with people who are leaking data everywhere, they can still pin point you.

    • @azure4real
      @azure4real Год назад

      Facebook is for surveillance and never for privacy.
      Their logo is an evolved form of an freemason logo.
      I trust no tech companies at all that have their hands into survaillance,that is on the Stock Market that is owned by the evil 1% and that funds or funded the WEF.

    • @azure4real
      @azure4real Год назад +1

      You do not have disown socializing with others.
      You just have to avoid being so honest with others about who you are.

    • @jorgepenaloza6834
      @jorgepenaloza6834 Год назад +9

      @@azure4real if they are socializing with a non-existent avatar, are THEY socializing with you? are you socializing with them?
      I'd say not really, one of the joys of socializing is to get to open up about who you are. If not, is just glorified weather-talk.

  • @myguitardidyermom212
    @myguitardidyermom212 Год назад +19

    Protip; if you're a drug dealer, don't do business over public email

  • @MushmouthJoe
    @MushmouthJoe Год назад +21

    I appreciate this explanation. I was completely unaware that Proton Mail was so divisive. No wonder I get weird looks when I give out my email address. I have nothing more than a standard account & I'm not sponsored in any way. But I've been quite happy with it. 👍🏻☕️

  • @ej2953
    @ej2953 10 месяцев назад +7

    I got my first PGP key at a key party in Houston in the 1992 or so.
    A member of the Free Software Foundation or something similar was there with a laptop. We took a floppy diskette to the party where the guy with a laptop would generate our key for us. He was pretty busy at that, too.
    The real problem was that once I got back to the office with the diskette, I had no idea what to do with it.

    • @Dryblack1
      @Dryblack1 5 месяцев назад +1

      I must know what a key party is

    • @ej2953
      @ej2953 5 месяцев назад

      @@Dryblack1 It was an event at a local bar where you could go to meet people and verify identities to sign each other's keys. And if you didn't have a key, you could take a floppy disk with you and someone there with a laptop could create a key for you and save it on your floppy disk.
      In our case, the guy with the laptop creating keys was a lawyer who was highly involved interested in the EFF (Electronic Frontier Foundation).

    • @Dryblack1
      @Dryblack1 5 месяцев назад +1

      @@ej2953 Fascinating, thanks for sharing!

  • @jacksoncremean1664
    @jacksoncremean1664 Год назад +48

    one thing you forgot to mention that even emails encrypted with TLS are not safe from a MITM, you can trivially downgrade to plaintext or even just straight out not present a valid certificate. The only way to have authenticated TLS connections safe from a MITM is to use a service that supports MTA-STS and DANE, which sadly isn't very widespread.

    • @EricMurphyxyz
      @EricMurphyxyz  Год назад +16

      True. Another example of email being inherently insecure.

    • @adamz1977
      @adamz1977 Год назад

      @@EricMurphyxyz No, that's an example of a security hole being fixed. The word "inherently" means permanently, but as @jacksoncremean1664 already said, those MITM attacks can be mitigated with up-to-date security best practices.

    • @AMEER-114-
      @AMEER-114- 11 месяцев назад +1

      ​@@EricMurphyxyz
      Hey..
      When I found out it was created by the Intel agency
      I deleted my free Proton app...
      It redownloaded onto my phone all by itself..
      But it doesnt show up in my apps list...
      How the heck do I remove it ?

    • @braddockbrawler
      @braddockbrawler 8 месяцев назад +1

      There is no way around coding your own e2e solution if you want peace and freedom.

    • @AMEER-114-
      @AMEER-114- 8 месяцев назад +1

      @@braddockbrawler
      Hi.
      Can you please tell me if you get this?

  • @theepicduck6922
    @theepicduck6922 Год назад +29

    Very nice endorsement Eric, your badge and money payment will be at the standard dead drop.

  • @drishalballaney
    @drishalballaney Год назад +11

    I think this feels like a similar situation to signal where all they could give was the ip address where they logged in from
    so I think as long as you pair protonmail with vpn there should not be a danger of leaking ip address

  • @roflchopter11
    @roflchopter11 Год назад +15

    Signal still uses a public identifier (phone number) and so can still be used to find your identity. One needs to compartmentalize one's contacts.

    • @brunoterlingen2203
      @brunoterlingen2203 10 месяцев назад +1

      Thus Signal is shit re privacy by having to give your phone number- it totally negates so called benefits.

    • @roflchopter11
      @roflchopter11 10 месяцев назад

      @@brunoterlingen2203 kind of. Even generating one random number and having you use that has this problem, unless each person you talk to finds you with a different unique number.
      Phone numbers are extra bad, because they are a common identity proxy in all facets of life.
      Signal is still very secure and pretty private, but it is not anonymous.

    • @xchronox0
      @xchronox0 7 месяцев назад +3

      Yeah that's why I never understood people constantly advocating and trying to get me into telegram.
      Sure it's not discord. But telegram requires my phone number, constantly broadcasts the last time I even clicked on the desktop app or looked at the mobile app, and then there's the read receipts. It felt like the more someone was trying to convince me to use telegram, the more of a stalker they were.

  • @2sourcerer
    @2sourcerer Год назад +4

    Email used to be just sent and not stored in the server. If everyone were to do that, at least when any entity wants to snoop it they can only see mails in transmit, not seeing years of data.

  • @mx338
    @mx338 Год назад +10

    You can absolutely verify the code running running in your browser, and therefore you can verify if your PGP/GPG key is generated client side and then only sent to Proton Mail in encrypted form.

    • @laputa2195
      @laputa2195 Год назад

      Yeah, that seems obvious, I was wondering if he meant something else but then I'm not sure what that something else might be?

    • @masterTigress96
      @masterTigress96 11 месяцев назад +1

      Yes but you hit the nail on the head in your first sentence:
      You can absolutely verify the code running running *in your browser*
      I cannot easily deduce what happens on the backend/server side of things. On top of that, as someone else pointed out in the comments, even if you use an open source product (which Proton mail now is), how do you know that the code in the repo is the code that is running in your browser/front end/back end?

    • @knufyeinundzwanzig2004
      @knufyeinundzwanzig2004 9 месяцев назад +1

      @@masterTigress96 Well if it's not backend you could just compare the open source code and the stuff you got

  • @Jordan-hz1wr
    @Jordan-hz1wr 6 месяцев назад +4

    I know we all have an anarchistic bent about us, but Proton is meant to provide an alternative to surveillance capitalism NOT lawful subpoenas. They *must* comply with their laws if they want to stay in business. People that think they ought not are simply mistaken about what Proton's stated mission is.

  • @pauls5745
    @pauls5745 Год назад +4

    with messaging apps being more secure, I can't remember last time I actually wrote an email. I basically just have an email address for purchase receipts for online shopping and website sign ups

  • @saitamagotchi44
    @saitamagotchi44 Год назад +8

    Proton seems like the happy medium between privacy and convenience, so long as your not the tallest nail or low hanging fruit your probably not worth the governments time.

  • @AshnSilvercorp
    @AshnSilvercorp Год назад +9

    probably a good thing to note how web-based FOSS programs don't always have proof that you're using the version containing the code publicly available.

    • @kj-marslander
      @kj-marslander Год назад +3

      I didn't think about that before, thanks, now I have another thing in my list to worry about lol.

  • @JacobP81
    @JacobP81 4 месяца назад +1

    11:01 Actually Thunderbird supports PGP so you can set it up on that without a lot of work or needing the command line.

  • @christophersoutherlin2631
    @christophersoutherlin2631 9 месяцев назад +12

    No. Email is an ancient technology. Email will always use port 25, which is unencrypted. ProtonMail may encrypt your email, but port 25 will leave a rabbit trail directly to your contacts. You'll be discovered via your contacts. So, there is no privacy in email.

  • @fosres
    @fosres Год назад +5

    Love your channel and how honest you are! Please make more videos like this!

  • @razorednight
    @razorednight Год назад +18

    People used to say that email was like a postcard, readable by anyone who handled it. Now, it's like a letter in an unsealed envelope. Super-secure email is like a letter in a sealed envelope: the people at the sorting office know how to steam it open without leaving a trace.
    Of course you can write your letter in code, so it's unintelligible to anyone who can open the envelope. But the envelope still has postmarks/franking, a return address, you've left your fingerprints all over it. You can wear gloves while handling the letter, use a remailing service, but can you be sure that you've covered all your bases? No, you probably can't.
    What matters is WHO you're trying to hide stuff from. If it's a nosey neighbour or jealous partner, they probably don't have the wherewithal to conduct a forensic analysis of your mail. But if it's a government or other serious organisation on your case... you should look into alternatives to the mail.

  • @jb_lofi
    @jb_lofi Год назад +7

    Honestly, PGP/GPG is _not_ difficult or complicated at all. It takes only a few moments with our friends Alice and Bob and you'll educate all but the most technologically challenged. The hard part is finding other people who'll use it, leading to a feedback loop where eventually even privacy/anonymity focused folks give up on it; and that's why if there's one thing I disagree with in this video, it's how Eric constantly refers to it as if it's monstrously complicated, thus dissuading people who might be inclined to give it a try from even looking into it. If you've sat down long enough to install Linux and even learned how to use it, you can figure this stuff out. Believe me.

  • @SvalbardSleeperDistrict
    @SvalbardSleeperDistrict Год назад +26

    One thing I want to point out is that governments aren't the only party that one should want privacy and protection from. For each case of a government using online services and platforms to gain info on activists, whistleblowers, etc, there is one of corporate entities doing the same. Also in many cases, governments pursue whistleblowers, investigative reporters, etc on behalf of corporations, e.g. the Steven Donziger case.

    • @squirlmy
      @squirlmy Год назад +3

      I agree completely with your main point, but I don't know if it's fair to call a corrupted judicial system "government working on behalf of corporations", specifically the Donziger case. The line gets a bit blurry, but it's still corporations and their money corrupting the system. usually individual judges. I wouldn't call that "the government".

    • @SvalbardSleeperDistrict
      @SvalbardSleeperDistrict Год назад +1

      @@squirlmy Yeah true, I was typing "governments" while thinking "states" there.

    • @AntiCookieMonster
      @AntiCookieMonster Год назад +4

      ​@@squirlmyWhat? Government isn't government when it's local and corrupt?

  • @lilmsgs
    @lilmsgs 11 месяцев назад +2

    I'm trying to change my email provider to more safe/secure. I am not concerned about govt snooping, I am fearful of data breach access to my online emails that contain a lot of very sensitive info. Financial, etc.

  • @Doofus171
    @Doofus171 Год назад +9

    Swiss laws for privacy are the strictest in the world. Only a Swiss court with a legitimate court order can do anything to Proton. This is why Swiss banks are the popular choice for the wealthiest on the planet. Which makes using Proton Mail the best choice as well. Swiss laws make it so no companies have to comply with outside jurisdictions. Proton doesnt have to comply with any request or any legal action that isnt from a Swiss court ... and Swiss courts dont listen to outside jurisdictions (unless something is a direct threat to the Swiss people).

    • @zhang-boyu
      @zhang-boyu Год назад

      *a direct threat to the Swiss people* - like Russians😂

    • @rullebullerdmule6703
      @rullebullerdmule6703 Год назад

      ​@@zhang-boyuHaha, exactly.. "Neutral" Switzerland has implemented more sanctions against Russia than the EU itself but not a single sanction against Izrael. 🤔
      Also, the world's most influential psychopaths meet every year in Davos to discuss how to proceed with their manipulation of world affairs, completely against all the democratic values and processes they claim to stand for while at home in their "sovereign" nation states.😏

  • @JonathanSwiftUK
    @JonathanSwiftUK Год назад +23

    You're definitely not simping for Microsoft, you didn't even cover Hotmail, Live or Office 365, which is bizarre.

    • @marcogenovesi8570
      @marcogenovesi8570 Год назад +10

      He did in his original video, it was the first or the one after it

  • @YannMetalhead
    @YannMetalhead Год назад +4

    Kind funny that people expect companies to not comply with the government's requests. If they don't comply they can have their business shut down or go to jail.

  • @Zippy_Zolton
    @Zippy_Zolton Год назад +11

    You're literally part of my pipeline to privacy-conscious in that image at the end LOL I use a hardened Firefox cuz of you (although I am having a severe memory leak issue with it that I have no idea what's causing it yet [EDIT; it was a CSS theme causing the leak LOL])

    • @SomeRandomPiggo
      @SomeRandomPiggo Год назад

      Librewolf?

    • @Zippy_Zolton
      @Zippy_Zolton Год назад

      @@SomeRandomPiggo no I would've said a branch if I was using that

    • @kj-marslander
      @kj-marslander Год назад

      @@Zippy_Zolton They're not asking if you use Librewolf. They're suggesting to use it.

    • @cjmoss51
      @cjmoss51 11 месяцев назад

      Waterfox is better in that regard. Operates on the same code stack as well so you can still use the same plugins.

    • @Zippy_Zolton
      @Zippy_Zolton 11 месяцев назад

      @@cjmoss51I'm sure it is, but I am currently sticking with Nightly Firefox

  • @RemotHuman
    @RemotHuman Год назад +2

    even signal has the same problem of setting up your encryption for you. the app is open source but the desktop app updates like every day, are you really going to check the binaries match the open source version? Or do you trust google play to send you the right program and not spy on you? hopefully you could verify the binary of the open source vs local copy, but most people don't know how to do that. I mean that's still better than web apps but theres still a slight problem

  • @th3king321
    @th3king321 Год назад +3

    You gain a subscriber, the way you explain / edit and the quality looks insane effort i wish you be one of the largest youtubers on tech and related topics ❤

  • @GnuReligion
    @GnuReligion 8 месяцев назад +11

    It is hard to teach the use of PGP/GPG to people who do not know what a file is.

  • @CommsGuy
    @CommsGuy 10 месяцев назад +1

    One reason I changed from gmail was I noticed they would go through my emails and create calendar entries from them. A family member sent me their travel itinerary and I started getting calendar notifications for flight times. Confused, I went through and found the entries matched up with the flight times from their travel details.
    But I've now noticed that Proton is doing the same thing. Work emails come in and now there are calendar entries. I don't like this at all. Clearly their systems are going through the emails to some degree.
    Proton has also really slowed down for me over the last month or so too.

    • @andre1987eph
      @andre1987eph 5 месяцев назад

      Google is probably getting the flight info from other apps on your phone such as your browser search website activity etc. Even your "Notes" App.

    • @CommsGuy
      @CommsGuy 5 месяцев назад

      @@andre1987eph That's possible in other cases. In this case, it was emails sent to me. I had no browser history/searches/etc.. or notes. There really was nothing else apart from the emails as they weren't my flights and I had no idea about them.

  • @MalevolentAB
    @MalevolentAB Год назад +1

    I mainly use proton for the aliases so that when an alias of mine gets hacked, i can recover my accounts under that alias, switch those accounts to a new alias, and delete the old unsecure alias. My emails use to get hacked a lot so an alias attached to my main email just makes me feel more secure.

  • @placek7125
    @placek7125 7 месяцев назад +1

    6:53 oh deamn, what an ABSOLUTE CHAD

  • @jsalsman
    @jsalsman Год назад +9

    Excellent subject matter explainer, top class!

    • @EricMurphyxyz
      @EricMurphyxyz  Год назад +4

      Really appreciate it!

    • @sguptzz
      @sguptzz Год назад

      how you are verified with so low subs

    • @jsalsman
      @jsalsman Год назад

      @@sguptzz it's a stupid Google+ thing from 2011.

  • @Bunstonious
    @Bunstonious Год назад +2

    My issue with proton is that it's very expensive for personal use if you want a custom domain for your family, this is the sole reason I don't use it.

  • @pabloqp7929
    @pabloqp7929 Год назад +6

    GPG doesn't need to be CLI only. There are GUI apps like Kleopatra that make it really easy 🎉

    • @Antek1234l
      @Antek1234l Год назад

      Lol I once reccomended Kleopatra to someone and he wasn't able to figure it out

    • @pabloqp7929
      @pabloqp7929 Год назад +3

      @@Antek1234l lol yeah I mean it's not for everybody, but it makes 'the thing' easy for anyone invested

    • @Antek1234l
      @Antek1234l Год назад

      True, I agree, it's much easier than cli version

    • @SuperTort0ise
      @SuperTort0ise Год назад +1

      ​@@Antek1234lI actually found kleopatra more confusing than cli lol, the gnome one is good, but I use kde so gtk apps look worse, I'll stick with cli.

    • @Antek1234l
      @Antek1234l Год назад +1

      Yeah, everyone has different preferences, some programs are just better as a cli tbh

  • @ChronicNewb
    @ChronicNewb 9 месяцев назад

    You talk with a similar inflection to my childhood best friend’s mom. It’s oddly comforting.

  • @SnLeo-zx6qy
    @SnLeo-zx6qy Год назад +7

    Please, make a video about tempest search engine and browser.

    • @b6yg
      @b6yg Год назад

      Even i have never heard of that.

  • @max_ishere
    @max_ishere Год назад +2

    Govt goes to email providers asking for a criminals inbox. Finds spam and password reset forms. Lol.

  • @CentreMetre
    @CentreMetre Год назад +6

    I had complete forgot about the proton mail french activist thing, and i recently made an proton email for crypto just to seperate it for my other ones, im glad i found this after and watched all the way through, you explained it very well, good video

  • @Knards
    @Knards Год назад +2

    Proton mail, as compared to google, Yahoo and or Outlook mail, is like a messiah is to a religion. Its the best you can get. But, as noted, it is only encoded end to end if you are sending proton mail to another proton mail address

  • @jesse7631
    @jesse7631 Год назад +2

    I used PGP many years ago, and I recall how difficult it was to set up and get going.

    • @blackbeast9268
      @blackbeast9268 Год назад

      Read the bible kid, even if you don't like candy it's useful to learn it

    • @Darkk6969
      @Darkk6969 Год назад +2

      It has gotten alot better these days. Thunderbird automatically handles the keys without installing some add on.

  • @splitprissm9339
    @splitprissm9339 Год назад +1

    With true client controlled end to end encryption (which CANNOT be the case for metadata with inter-provider email, except maybe if you are literally sending them just a webpage that decrypts the message client side) - as you explained earlier about pgp), no need to trust the provider. For any other case: If the provider is in one sort of country, they can be legally compelled to give what they have to law enforcement. In the other sort of country, you cannot legally compel the provider to adhere to what they promised you.

  • @michaelcorcoran8768
    @michaelcorcoran8768 4 месяца назад

    I think they have some. I don't know shady tactics for upselling and they also have some complications where if you try to downgrade from a paid account to a free account. The amount of horror stories I see of people that have a paid account and then want to switch back to a free account or they have a paid VPN but they don't want it anymore but they lose access to their free email account.

  • @chukky4404
    @chukky4404 Год назад +1

    Can you do a comparison between proton suits of products vs skiff products?

  • @d34ddud3
    @d34ddud3 Год назад +5

    Showed your bias from the start, had a clear primary point to make supported by a multitude of secondary points and logical conclusions which you even described some potential outliers for. I genuinely appreciate the no bullshit perspective of the video and found it to be incredibly informative and grounded. I am now even more convinced than I was before that Protonmail is right for me, and I now feel properly informed about the strengths weaknesses of the particular company, and the general service as a whole. Thank you.

    • @shishibone
      @shishibone Год назад +1

      came here for comments like these to be honest. so called "privacy experts" are just shitting on proton for no real reason other than that it was a small company that got big. I trust proton with my data no matter how sensitive. the only downside is that you have to pay up lol

    • @d34ddud3
      @d34ddud3 Год назад

      @@shishibone yeah, the cost is unfortunate. Though I am glad they have options to pay for just the services you want. I'm finding I quite like their password manager.

    • @shishibone
      @shishibone Год назад

      @@d34ddud3 i agree. I first was sceptical about password managers as i just didn’t use them and it was weird coming from Firefox default login saves. But since I started using it (included in my visionary plan) i think it’s really neat to have my passwords synced between my phone and computer. As i tend to forget some logins quite often

  • @richiepatil
    @richiepatil Год назад +1

    See man I wouldn't mind switching over to any mail service as long as it lasts, that why I willingly use gmail or outlook because I know it will be there even years after, how many third party mail services have lasted 10+ years and still update with new features?

  • @Serjo777
    @Serjo777 10 месяцев назад +1

    I find it very weird that they _insist_ on you linking "your" gmail account (which is non-existant) to your Proton account if you want the storage to be doubled. It's one of 4 requirements, and if you don't use gmail (because why would you?), or don't want to link it to your Proton, you're stuck with a measly 500 MB. Plus every single e-mail that you receive from Proton, like notifications etc., is _gigantic_ in comparison to normal mails, even though they don't contain much aside from some text. Normal e-mails mostly use up only a few KB, like usually well below 20 KB, but everything I got directly from Proton was around 1 MB large, even though there wasn't much else besides text in them.

  • @mx338
    @mx338 Год назад +5

    E-Mail is not inherently insecure, if you manage your own S/MIME or PGP keys, you have real end to end encryption. You can even use POP3 to collect your mail so it isn't permanently stored on the server.
    The advantage of Signal is that it is easier to use, so your peers bad security practice is less likely to get you into trouble.

    • @frfrankie23
      @frfrankie23 Год назад

      You mean IMAP, not POP3

    • @moetocafe
      @moetocafe Год назад +1

      No, he meant exactly pop3 and not imap.

  • @inspectorchicken
    @inspectorchicken 3 месяца назад

    It's one thing to mistrust a service or a provider if they really encrypt how they say. But at least with a commercial provider you've got a mutual binding contract and that helds someone liable to encrypt your email. On the other hand, you still got to prove they didn't in case of a breach. Buy when you said "it's convenient" what most people really want by paying someone besides convenienceis liability.

  • @5DimesPlayer
    @5DimesPlayer Год назад +1

    Speaking of Signal, didnt they end support for MMS and SMS? I'm in need of a good alternative

    • @TormentedHealer
      @TormentedHealer Год назад +1

      I have given you a good alternative two times here but both times my comments was deleted. Simple comments with the name of the app. Eric?

    • @5DimesPlayer
      @5DimesPlayer Год назад

      @@TormentedHealer Does it start with a T and end in gram?

    • @TormentedHealer
      @TormentedHealer Год назад

      @@5DimesPlayer No. Start S end N.

    • @5DimesPlayer
      @5DimesPlayer Год назад

      @@TormentedHealer Hm. I couldn't find anything. I did a Google search and came back empty.

  • @aureliogutierrez9195
    @aureliogutierrez9195 Год назад

    Encrypt your text (hard as you wish).
    Convert birary to Base64.
    Paste into any email.
    Send.
    -
    Copy base 64 of the email.
    Convert base64 to binary
    Decrypt the binary.
    Read.
    -
    Just encrypt it by yourself. Send you public keys, protocols, and decryptors in "creative and secure ways."

  • @_SYDNA_
    @_SYDNA_ 7 месяцев назад

    I route Proton mail through my own domain name. When I set that up Proton required/suggested that I install a PGP key at the domain server via DKIM parameters. Your email will work without it, and its a pain to install at some domain providers, but it works, and Proton gives you a tool to test whether you've successfully set it up. I like that and that part of the pgp seems to work from that point forward. Yes if you send something to an email service owned by a company in silicon valley then, yes, there's probably a risk of getting cancelled depending on how based your beliefs are.
    If you're really worried, you can always use Proton's secure function which open's an email taken out in a protected environment using a separate password.
    Not an expert but that seems like a good solution for things like ssn's or your next great invention.

  • @kkulist
    @kkulist Год назад +1

    my only gripe with protonmail is that they keep trying to charge me for service i cancelled years ago. i don't have an opinion of their service one way or another, i just want them to stop trying to take money from me when i haven't used it in almost 5 years now rofl

  • @SuperCartoonist
    @SuperCartoonist Год назад +1

    My email been compromised before I was even born.

  • @sofiacaldas6280
    @sofiacaldas6280 7 месяцев назад +1

    Thank you so much for your channel..
    What are your thoughts about Calyx Institute and Hotspots?

  • @Lambda.Function
    @Lambda.Function 10 месяцев назад

    I'm a security nerd. I used to run my own email server but you can't get people to use PGP. I've been a ProtonMail visionary supporter since the beginning. It's the only service I'll use now.

  • @kurt120032002
    @kurt120032002 5 месяцев назад

    I am just now looking to start using Proton, and to be fair, Government should be able to ask to see data based on a a judge decion, not anythime they feel like. For me, I don't do anything illigal, so I am not necesarely afraid of a judges, but I do want an alternative to Google. I understand that if you want to be as secure as you can be, you need to run your own infrastructure, but for now I am looking basically to not depend on google for e-mail and storage.

  • @JeriDro
    @JeriDro 7 месяцев назад +4

    nothing is safe online

  • @Bhethar
    @Bhethar Год назад +9

    I think there’s a rabbit hole when you get in to privacy products. I want privacy from the private sector and criminals. I have no expectation that I can have privacy from the government 😂

    • @somethingelse9228
      @somethingelse9228 Год назад

      But what if government themselves turn into criminals?

  • @eliasbinde2629
    @eliasbinde2629 6 месяцев назад

    Honestly I’d prefer a service that is completely honest about these things, telling you: we can’t make it perfect but these are the things we can do

  • @driptcg
    @driptcg 6 месяцев назад

    Thanks for the thoroughness and the provided context

  • @Johnslist
    @Johnslist 8 месяцев назад

    I have my own domain with a webhost, I asked about this, always assuming so, and I was told that they are now secure these days. Was he only meaning in transmission, or something else?

  • @uncrunch398
    @uncrunch398 6 месяцев назад

    How many people can handle PGP manually? How many do it correctly?

  • @xCrossBite
    @xCrossBite 9 месяцев назад

    Write message in notepad, Zip it and password protect it, then email it as attachment. Then send a hand written letter to the recipient with the password. Easy!

  • @davidsyrus3157
    @davidsyrus3157 Месяц назад

    Eric, do you have any info on StartMail and their encryption ability.

  • @apmcd47
    @apmcd47 10 месяцев назад

    I know this sort of thing can be off-putting. We use SSH at work and guess who my colleagues come to if a new public/private key pair needs to be set up?

  • @MsHojat
    @MsHojat Год назад +1

    Sure you can't trust a company 100%, but aren't 3rd-party audits a good way to help with that trust. I don't remember the details about Protonmail audits though.

  • @Jazzy--
    @Jazzy-- 7 месяцев назад +1

    Google: constantly reads through your email.
    People: Yeah I use Google.
    Proton: We give some information to the government of they pin us to a wall.
    People: *Is proton really that secure?*

    • @bobowon5450
      @bobowon5450 6 месяцев назад +1

      yeah this isn't like we're comparing two services that are so similar that a slight mistep by proton is a death sentence. We're talking about two services where one is actively bending you over every day for any excuse that they can get, and the other one is taking bullet after bullet for you but sometimes the government fires a tank shell instead of a 9mm.

  • @andresdelapena1285
    @andresdelapena1285 Год назад +1

    OWASP principle: don't trust service providers or "trust but verify". It's out there on a manual. It is simply not logical to think of service providers as invulnerable.

    • @terrydaktyllus1320
      @terrydaktyllus1320 Год назад

      Technically you're correct but it comes under the broader banner of "zero trust" across an entire environment, not just within the bounds of application security.
      For example, it's estimated that around 80% of cyberattacks come from within an organisation through normal users of the system - and therefore zero trust treats users as equal to outsiders in terms of the security model you deploy to control what they do.

  • @TheProtonSpinner
    @TheProtonSpinner Год назад +1

    Protonmail handed over specific data on certain users after being ordered to by the Swiss courts after being petitioned by the US. So, if you have Uncle Sam actually going to a Swiss court to obtain a warrant for your email, you've really screwed the pooch.

  • @BlablablaBla-tp1ws
    @BlablablaBla-tp1ws 9 месяцев назад

    10:08 Oh I’m sure they encrypt you’re private key. Then store the key they used to do it ‘cause of course they totally don’t glow and of course they don’t want to read your email.

  • @anglosaxaphone672
    @anglosaxaphone672 2 месяца назад

    Great video. You just got another subscriber

  • @ahuman4061
    @ahuman4061 7 месяцев назад +2

    id rather the government have my info then the government and google

  • @DeadBaron
    @DeadBaron 11 месяцев назад +1

    The only way to send and receive emails securely and get away with it, is to host your own server in your basement, and be a high level democrat from a certain famous family, then it gets completely ignored even when the rest of us would be in federal prison for the classified content that was being hosted.

  • @libbyd1001
    @libbyd1001 Год назад

    Cool. I’m glad Kermit found a voice-over gig. Nice.

  • @broskichannel4163
    @broskichannel4163 9 месяцев назад

    How do you create an account on TOR with the onion link? You say to bypass the verification check which for me says; 'No verification method available' by creating a new circuit, but that doesn't work?

  • @LloydChristmas-vx2wh
    @LloydChristmas-vx2wh 4 месяца назад

    I'm loving Proton email and calendar right now.

  • @mrtetillas7504
    @mrtetillas7504 Год назад

    So, what is the equivalent of email but is actually secure and anonymous? i mean different providers offer the software and protocols in a decentralize way and all still compatible to send and receiving emails, you can said phone number are a thing but i don't like, i think is actually worse than email.

  • @UmVtCg
    @UmVtCg Год назад

    Since this is a Swiss service located in Plan-les-Ouates, Switzerland which "THE government" do you refer to exactly?

    • @EricMurphyxyz
      @EricMurphyxyz  Год назад

      Every government. Sure, they're not going to respond to foreign governments but foreign governments will just go through Swiss authorities (as they have many times in the past).

    • @marcogenovesi8570
      @marcogenovesi8570 Год назад +1

      Any government that is part of the intel sharing agreements with the Swiss government. They did provide the IP to French government already that would theoretically not have jurisdiction but they asked through the Swiss government (which has)

  • @amay167
    @amay167 Год назад

    I personally hate it now because of the encryption emails it's so buggy. The encryption keeps on asking me to put in a password and it still doesn't work.

  • @toster41
    @toster41 Год назад

    Hey Murphy !
    I found myself recently wondering a lot about my privacy and the future of all of ours.
    It's pretty great what you do, and the shout out to Snowden won me over, cheers.

  • @sga1ac3
    @sga1ac3 Год назад

    how would i switch over from gmail to proton mail? how does that work exactly? is it just specifically for mail or would i have to change my email addresses on jobs and social media as well? will it be a new youtube account? is it safe to use a browser like google chrome or microsoft edge while in my proton mail? can i easily transfer my data from gmail to protom?

    • @Fatih120
      @Fatih120 7 месяцев назад +2

      You would have to change your online accounts to use the new email. You can't transfer emails automatically.

  • @danielhoglan3468
    @danielhoglan3468 11 месяцев назад

    This video is 100% spot on. Email could have been made secure, but it wasn't. Truly secure email with end to end encryption, requires that both ends have the tools to encrypt and decrypt. This is why protonmail to protonmail communications are secure in as much as you can trust protonmail. Even perfectly executed, if there were vulnerabilities in the encryption methods that the agencies were aware of, it wouldn't be made known to the public. I'm also not sure how far they've come with quantum proof encryption they've come, but that's an issue too. Then there's the idea that the agencies are storing information that they aren't able to decrypt today, because one day they will be able to. So current encryption methods that aren't quantum proof, that they can't read now, they likely have and will be able to read in the future. The scope of that goes way beyond email.

  • @spudz7405
    @spudz7405 Год назад +1

    If u want a secure email service rent a server and domain and make ur own email server in thus I mean you dont want someone to give away ur info we'll they can't if they don't have it

    • @xchronox0
      @xchronox0 7 месяцев назад

      @nsoolo And even if the traffic is encrypted... They can just seize your hardware. Or just, simply look at the other person's email and see what they sent you/you sent them.
      Email is a two sided thing. Doesn't matter how much encryption in the world you're using if the person you're sending it to uses none.