When it comes to the privacy vs usability debate, I come down hard on the side of privacy. Doesn't matter how pretty it is if it's going to get you rubber hosed.
An example of this in practice is eschewing software & services which use privacy and security in their marketing but whose implementations don't hold up under scrutiny, such as Protonmail and Keybase.
A lot of people will defend such products regardless, resulting in a trend I've been thinking of as "privacy roleplaying". It's harmful and needs to stop.
If you're familiar with privacytools.io, by the way, they have a seriously bad problem with privacy roleplaying. I do not recommend them as a resource.
PrivacyTools provides a baseline considered to be reliable and safe based upon criteria and general consensus. We constantly improve and refine.
We always encourage people within our community to consider their threat model. Not everyone needs "dial up to 11" security which usually comes at the cost of UX, or requires substantial background knowledge.
If the choice is between having something or nothing, we encourage people to think about what they need.
Disclosure, I'm a team member.
@dngray why don't you quit privacy roleplaying and actually investigate and explain claims of privacy and how they hold up to scrutiny? Or just keep shilling ProtonMail because you bought their marketing team's bullshit
@dngray "ProtonMail has zero access encryption at rest for your emails, address book contacts, and calendars. This means the messages and other data stored in your account are only readable by you."
Straight up lying
They're pretty clear about what is encrypted:
https://protonmail.com/support/knowledge-base/what-is-encrypted/
https://protonmail.com/blog/protoncalendar-security-model/
Just because someone disagrees with you, does not make them a shill. Personally I do not use ProtonMail (though I have tested it thoroughly). I have a number of mail accounts, mailbox.org, disroot.org, and one hosted at privacytools.io.
That is not to say I think ProtonMail is a bad product however and have recommended it on numerous occasions to people both IRL and through PrivacyTools.
@dngray ProtonMail's privacy "guarantees" are based on trust. Privacy is NOT based on trust, it's based on math.
You need to advise people that accessing their encrypted emails in the web browser is NOT secure, and that they're only taking ProtonMail's at their word that incoming emails are encrypted and that a plaintext version is not stored later, and that if they were compelled to they could store a plaintext copy of your emails.
Actually, ProtonMail needs to be doing this, and because they aren't, you need to stop recommending them. Same for Tutanota.
All email is about trust. Remember there's a fair amount of metadata in the header of each email too.
Your second point there is about perspective. It is secure from a remote adversary.
They also clearly do state (as all providers do) that they will comply with the laws within Switzerland. https://protonmail.com/blog/transparency-report/
Hosting your own email doesn't protect you from this either, as they could easily turn up to your DC provider or covertly install bugs in your house too.
@dngray I'm not advocating self-hosting email as a better privacy alternative to ProtonMail, though it can be a part of a better solution. Drop the strawman.
I am saying that ProtonMail sucks for a multitude of reasons, including lies about having privacy guarantees they cannot make, and that your website fails to educate users on the trade-offs and limitations of their approach, and as such you are causing real-world harm. You have been told this many times, by many people, regarding many of your service provider recommendations. You are a vain person representing a vain organization which betrays the principles it alledgely espouts. Repent or get the fuck out of my notifications.