When it comes to the privacy vs usability debate, I come down hard on the side of privacy. Doesn't matter how pretty it is if it's going to get you rubber hosed.
An example of this in practice is eschewing software & services which use privacy and security in their marketing but whose implementations don't hold up under scrutiny, such as Protonmail and Keybase.
A lot of people will defend such products regardless, resulting in a trend I've been thinking of as "privacy roleplaying". It's harmful and needs to stop.
If you're familiar with privacytools.io, by the way, they have a seriously bad problem with privacy roleplaying. I do not recommend them as a resource.
PrivacyTools provides a baseline considered to be reliable and safe based upon criteria and general consensus. We constantly improve and refine.
We always encourage people within our community to consider their threat model. Not everyone needs "dial up to 11" security which usually comes at the cost of UX, or requires substantial background knowledge.
If the choice is between having something or nothing, we encourage people to think about what they need.
Disclosure, I'm a team member.
@dngray why don't you quit privacy roleplaying and actually investigate and explain claims of privacy and how they hold up to scrutiny? Or just keep shilling ProtonMail because you bought their marketing team's bullshit
@dngray "ProtonMail has zero access encryption at rest for your emails, address book contacts, and calendars. This means the messages and other data stored in your account are only readable by you."
Straight up lying
They're pretty clear about what is encrypted:
https://protonmail.com/support/knowledge-base/what-is-encrypted/
https://protonmail.com/blog/protoncalendar-security-model/
Just because someone disagrees with you, does not make them a shill. Personally I do not use ProtonMail (though I have tested it thoroughly). I have a number of mail accounts, mailbox.org, disroot.org, and one hosted at privacytools.io.
That is not to say I think ProtonMail is a bad product however and have recommended it on numerous occasions to people both IRL and through PrivacyTools.
@dngray ProtonMail's privacy "guarantees" are based on trust. Privacy is NOT based on trust, it's based on math.
You need to advise people that accessing their encrypted emails in the web browser is NOT secure, and that they're only taking ProtonMail's at their word that incoming emails are encrypted and that a plaintext version is not stored later, and that if they were compelled to they could store a plaintext copy of your emails.
Actually, ProtonMail needs to be doing this, and because they aren't, you need to stop recommending them. Same for Tutanota.
@dngray you also need to stop recommending Posteo, no support for custom domains is a HARD dealbreaker and you're leading your readers into vendor lock-in. Disgusting.
It might shock you, but most people who use email do not own their own domain.
We clearly state there that you cannot use your own domain with Posteo.
The idea is a reader would consider which option there is most appropriate to their needs.
@dngray "privacy" by populism is a fucking stupid argument, this is just more privacy roleplaying. Usability is never more important than privacy when the stakes are getting black bagged and rubber hosed by the STATE-LEVEL ACTORS you claim to offer tools against on your HOME PAGE
@dngray it also says a lot about where your interests lie that you don't have any ads or affiliates while plastering sponsor logos and donation requests on five times on your home page
Screw you! Buzz off! Shill!
We don't get paid anything. All the money stuff is dealt with by other people and mostly covers server costs etc.
It's also pretty clear what sponsors get https://www.privacytools.io/sponsors/ (surprise ProtonMail is not a sponsor).
Funds can be tracked through OpenCollective https://opencollective.com/privacytoolsio
I also don't have access to any of those wallets https://www.privacytools.io/donate/
@dngray does anyone with access to the money have any level of influence in the content, criterea, policies, etc?
Recommendations are usually discussed in an issue first. From there it moves to a pull request.
Additions to the site require 2+ team member sign offs. If a team member wrote the PR, then that is 2 other people.
afaik @jonah is the only one with access to money. He has not weighed in on any of those pages other than minor corrections.
There is also a warning at the top of that page too:
> When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about email metadata.
> OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. How do I protect my private keys?
@dngray perfect! Now do it for all the other trade-offs you expect uninformed users to make, and get protonmail and tutanota the fuck out of your recommendation list
It's been there since March 1st 2020: https://github.com/privacytools/privacytools.io/pull/1672/files#diff-338290deae83c3bc8c6392188f6d96b5
It also says, which I am sure you will disagree with:
> Rather than use email for prolonged conversations, consider using a medium that does support Forward secrecy.
And guess what? That's not email.
@dngray I would not disagree with this statement, in fact. I also happen to know that the person who added this statement has also campaigned against the other bullshit privacytools.io is doing, to no avail
I'm pretty sure it was me that added that statement, or at least re-worded it to sound better.
All email is about trust. Remember there's a fair amount of metadata in the header of each email too.
Your second point there is about perspective. It is secure from a remote adversary.
They also clearly do state (as all providers do) that they will comply with the laws within Switzerland. https://protonmail.com/blog/transparency-report/
Hosting your own email doesn't protect you from this either, as they could easily turn up to your DC provider or covertly install bugs in your house too.
@dngray I'm not advocating self-hosting email as a better privacy alternative to ProtonMail, though it can be a part of a better solution. Drop the strawman.
I am saying that ProtonMail sucks for a multitude of reasons, including lies about having privacy guarantees they cannot make, and that your website fails to educate users on the trade-offs and limitations of their approach, and as such you are causing real-world harm. You have been told this many times, by many people, regarding many of your service provider recommendations. You are a vain person representing a vain organization which betrays the principles it alledgely espouts. Repent or get the fuck out of my notifications.
@sir
I have also run my own mail before myself, and have set them up for commercial clients.