samsapti/samsapti.dev
1
0
Fork 0
Code Issues Pull requests Releases Activity
samsapti.dev/content/posts/why-i-switched-from-proton-mail.md
Sam A. 5e557a141f
All checks were successful
continuous-integration/drone/push Build is passing
Details
Wording / formatting
2023-04-23 19:37:42 +02:00

103 lines
5.5 KiB
Markdown
Raw Blame History

---
draft: false
date: 2022-05-29T16:10:46+02:00
title: Why I Switched From Proton Mail
description: This blog post explains why I chose to switch away from Proton Mail.
authors:
- Sam Al-Sapti
tags:
- cryptography
- decentralization
- email
- pgp
series: []
---
I wanted to write this blog post (and by the way, this is my first) to shed
some light on my recent choice of email provider. You see, Proton Mail is a
great email service, and I've used them for years, but it just doesn't fit my
needs anymore. This is due to a number of reasons, but it's primarily due to
some issues with external PGP handling (I'll talk more about this later on) and
their recent change of direction.
## Centralization and Proton's new direction
One of the main reasons I chose to switch, is the new direction Proton is going
in. Recently, they've revamped all of their products and their website, to make
it more clear that both Proton Mail, Proton VPN, Proton Calendar and Proton
Drive is under the same family/suite (notice how there's a space now in their
product names, that's one of the changes). All of this is great for many
reasons, now it actually feels like an alternative all-in-one solution to
something like Google's, and I'm sure this will benefit them in the long run
and appeal to more people. A lot of people like these kinds of ecosystems,
because it usually increases ease of use and convenience. In fact, this change
now allows Proton to better integrate their products together. For example, you
can now easily send large attachments via email, by letting Proton Mail
automatically upload the file to Proton Drive and send a share link in the
email, instead of attaching it in the email itself. All of the changes are
outlined in [this article](https://proton.me/news/updated-proton) by Proton's
CEO, Andy Yen.
Personally though, this does not appeal to me. I'm not a fan of ecosystems and
having all my eggs in one basket, and I'm a huge fan of self-hosting. You see,
I'm a big proponent of decentralization. One aspect of decentralization is to
not have everything in one place, when you don't control that place. For
example, I wouldn't have both my email, calendar, contacts and cloud storage
with Google, and neither would I with Proton. Instead, I self-host my cloud
storage, calendar, contacts, to-do lists, and notes with the help of
[Nextcloud](https://nextcloud.com) at home on a Raspberry Pi. This way, even
though it's all in one place, I'm the one in control of the server hosting it
and what happens with it.
I can definitely see why Proton chose to go in this direction, and I fully
support them. But they should also expect, and I'm sure they did, that some of
their customers wouldn't want this change of direction. I have nothing against
Proton as a company, but having my digital life centralized with one company is
just not my cup of tea.
## The way Proton Mail handles PGP
Proton Mail offers zero-access encryption of your inbox, meaning all of your
emails are encrypted, and only you have access to read them after unlocking
them with your password. Behind the scenes, this works by each customer having
a PGP key pair stored on their servers, with the private key being encrypted by
the customer's password. This means that not even Proton themselves can read
your emails, and this is great for privacy.
PGP has been a standard for email encryption for many years, and it's widely
used for sensitive communication via email. Proton has taken PGP and integrated
it into their email service, automatically providing end-to-end encrypted
emails between Proton Mail users (it also works with other email providers, but
it requires some setup by the communicating parties). The thing is though, that
you're not in control of the private PGP key when using Proton Mail's PGP
integration. Even though it is encrypted on their servers, and only I can
decrypt it, I want to be in control of my private key myself. This also relates
to the centralization problem I described above. By using Proton Mail, I
entrust my email security with a central entity.
This one is more on the technical side of things. I've had some not so great
experiences when trying to use my own PGP key on top of Proton Mail's
encryption. For example, my signatures wouldn't be recognized by the
recipient's email client, due to the second layer of encryption that is Proton
Mail's PGP integration. Because I want to use my own PGP key, that I'm in
control of myself, this doesn't work for me.
## Conclusion
With all that said, I want to end this blog post by saying this: Don't go ahead
and delete your Proton account solely based on what I'm saying. This is my own
personal opinion. If you're someone who's not very technical and/or are
satisfied with what Proton is offering, then stay. I'm not here to trash talk
Proton and tell everyone to abandon them. I think Proton offers some great
privacy preserving services and their line of products is perfectly suitable
for a lot of people, and their work is important in the privacy world. I'm just
someone who's a bit more technical than the average person, and because of
that, Proton Mail is just not a fit for me personally. For the average person,
Proton is fantastic, and I can only recommend them if you're wondering which
email, VPN, calendar or cloud storage provider to use.
You might be asking, what am I using now then? I'm now a happy customer over at
[mailbox.org](https://mailbox.org), and if you're like me, you should totally
check them out. If not, go ahead and keep your Proton account (you have one,
right?).
Reference in a new issue View git blame Copy permalink