I didn’t do more due dilligence than looking at the ProtonMail downloads page + system requirements page—neither of which mentioned source which would instill better trust. So you’ve got me there, but really dumb there isn’t a link.
Open source or not, you still have to use their clients on mobile OSs even if you prefer running a client like K-9 & can’t run on a low-spec OS KaiOS (I suspect the site wouldn’t scale down to this either), etc. Mail protocols are old & should be able to run on a potato without many hoops.
Where I definitely don’t agree tho is the free-tier thing. Having access to the bridge cut off as well as not {Cal,Card}DAV is a real pain that forces the premium subscription, switching providers, or using something like Google for calender/contact defeating much of the purpose. If there was no free tier to subsidize everyone could pay a lot less & get “premium” features others deem as essential. $50 annually is a lot—$12, not so much.
you still have to use their clients on mobile OSs even if you prefer running a client like K-9
If you made K-9 speak their protocol, I’m sure that would work. Additionally, there’s also nothing preventing you from running the bridge on your Android (or whatever) device; it’s a statically linked Go binary.
What your point boils down to is basically that they don’t use or support IMAP. In order for IMAP to work however, the mail server must have access to all of your emails in plain text.
Do you see how that’s an issue when your service is intended to provide privacy to the user? The fact that PM cannot read your emails at rest (even if they wanted to) is one of PM’s explicit selling points. See https://proton.me/blog/zero-access-encryption
This is the primary reason why PM (and Tutanota for that matter) don’t support IMAP. As a software engineer, I can also imagine they wouldn’t want to base their entire operations around such an old and crufty protocol though.
Where I definitely don’t agree tho is the free-tier thing.
That’s fine. I can see both sides. Though, as stated, I’m clearly in the “socialistic” “pay more to support less affluent people” approach to commercial services product camp.
Having access to the bridge cut off as well as not {Cal,Card}DAV is a real pain that forces the premium subscription
For us power users who need that, yes, that’s the point. We should pay.
For your average Joe, they get a fancy web UI calendar and calendar app for free; just like they do with Google but private. I personally find that quite amazing.
If there was no free tier to subsidize everyone could pay a lot less & get “premium” features others deem as essential.
It’s also not altruistic to pay more for to subsidize in the manner you are alluding too since it misses the larger picture of how these wide free tiers have allowed contemporary services to gobble up users to impress investors with growth despite loss-leading products (in code forges look at the publicly-traded GitLab free model vs. SourceHut where everyone pays a small amount to keep servers running (post-beta plan)).
My affordable provider encrypts their servers & the account storage just fine without needing to reinvent the old, tested protocol (might just be a ZFS pool encryption passphrase). But it isn’t security/privacy that’s in question but the accessibility of this standardized protocols with years of tooling built around it & a business model that I don’t think is sustainable.
It’s also not altruistic to pay more for to subsidize in the manner you are alluding too
Whether something is altruistic or not is more of a philosophical debate.
Fact of the matter remains that unprivileged people using PM for free is only possible because us paying users pay at least slightly more. I don’t care whether that’s altruistic or not.
My affordable provider encrypts their servers & the account storage just fine without needing to reinvent the old, tested protocol
That’s nice but that’s just simple disk encryption at rest. That’s not at all comparable to zero-access encryption. Please read the Link in my last reply.
I didn’t do more due dilligence than looking at the ProtonMail downloads page + system requirements page—neither of which mentioned source which would instill better trust. So you’ve got me there, but really dumb there isn’t a link.
Open source or not, you still have to use their clients on mobile OSs even if you prefer running a client like K-9 & can’t run on a low-spec OS KaiOS (I suspect the site wouldn’t scale down to this either), etc. Mail protocols are old & should be able to run on a potato without many hoops.
Where I definitely don’t agree tho is the free-tier thing. Having access to the bridge cut off as well as not {Cal,Card}DAV is a real pain that forces the premium subscription, switching providers, or using something like Google for calender/contact defeating much of the purpose. If there was no free tier to subsidize everyone could pay a lot less & get “premium” features others deem as essential. $50 annually is a lot—$12, not so much.
If you made K-9 speak their protocol, I’m sure that would work. Additionally, there’s also nothing preventing you from running the bridge on your Android (or whatever) device; it’s a statically linked Go binary.
What your point boils down to is basically that they don’t use or support IMAP. In order for IMAP to work however, the mail server must have access to all of your emails in plain text.
Do you see how that’s an issue when your service is intended to provide privacy to the user? The fact that PM cannot read your emails at rest (even if they wanted to) is one of PM’s explicit selling points. See https://proton.me/blog/zero-access-encryption
This is the primary reason why PM (and Tutanota for that matter) don’t support IMAP. As a software engineer, I can also imagine they wouldn’t want to base their entire operations around such an old and crufty protocol though.
That’s fine. I can see both sides. Though, as stated, I’m clearly in the “socialistic” “pay more to support less affluent people” approach to commercial services product camp.
For us power users who need that, yes, that’s the point. We should pay.
For your average Joe, they get a fancy web UI calendar and calendar app for free; just like they do with Google but private. I personally find that quite amazing.
[citation needed]
It’s also not altruistic to pay more for to subsidize in the manner you are alluding too since it misses the larger picture of how these wide free tiers have allowed contemporary services to gobble up users to impress investors with growth despite loss-leading products (in code forges look at the publicly-traded GitLab free model vs. SourceHut where everyone pays a small amount to keep servers running (post-beta plan)).
My affordable provider encrypts their servers & the account storage just fine without needing to reinvent the old, tested protocol (might just be a ZFS pool encryption passphrase). But it isn’t security/privacy that’s in question but the accessibility of this standardized protocols with years of tooling built around it & a business model that I don’t think is sustainable.
Whether something is altruistic or not is more of a philosophical debate.
Fact of the matter remains that unprivileged people using PM for free is only possible because us paying users pay at least slightly more. I don’t care whether that’s altruistic or not.
That’s nice but that’s just simple disk encryption at rest. That’s not at all comparable to zero-access encryption. Please read the Link in my last reply.