samsapti.dev/content/posts/why-i-switched-from-proton-mail.md
Sam A. c5410ed6b6
All checks were successful
continuous-integration/drone/push Build is passing
Remove slug
2022-05-29 23:36:12 +02:00

5.5 KiB

+++ draft = false date = 2022-05-29T16:10:46+02:00 title = "Why I Switched From Proton Mail" description = "This blog post explains why I chose to switch away from Proton Mail." authors = ["Sam Al-Sapti"] tags = ["cryptography", "decentralization", "email", "pgp"] series = [] +++

I wanted to write this blog post (and by the way, this is my first) to shed some light on my recent choice of email provider. You see, Proton Mail is a great email service, and I've used them for years, but it just doesn't fit my needs anymore. This is due to a number of reasons, but it's primarily due to some issues with external PGP handling (I'll talk more about this later on) and their recent change of direction.

Centralization and Proton's new direction

One of the main reasons I chose to switch, is the new direction Proton is going in. Recently, they've revamped all of their products and their website, to make it more clear that both Proton Mail, Proton VPN, Proton Calendar and Proton Drive is under the same family/suite (notice how there's a space now in their product names, that's one of the changes). All of this is great for many reasons, now it actually feels like an alternative all-in-one solution to something like Google's, and I'm sure this will benefit them in the long run and appeal to more people. A lot of people like these kinds of ecosystems, because it usually increases ease of use and convenience. In fact, this change now allows Proton to better integrate their products together. For example, you can now easily send large attachments via email, by letting Proton Mail automatically upload the file to Proton Drive and send a share link in the email, instead of attaching it in the email itself. All of the changes are outlined in this article by Proton's CEO, Andy Yen.

Personally though, this does not appeal to me. I'm not a fan of ecosystems and having all my eggs in one basket, and I'm a huge fan of self-hosting. You see, I'm a big proponent of decentralization. One aspect of decentralization is to not have everything in one place, when you don't control that place. For example, I wouldn't have both my email, calendar, contacts and cloud storage with Google, and neither would I with Proton. Instead, I self-host my cloud storage, calendar, contacts, to-do lists, and notes with the help of Nextcloud at home on a Raspberry Pi. This way, even though it's all in one place, I'm the one in control of the server hosting it and what happens with it.

I can definitely see why Proton chose to go in this direction, and I fully support them. But they should also expect, and I'm sure they did, that some of their customers wouldn't want this change of direction. I have nothing against Proton as a company, but having my digital life centralized with one company is just not my cup of tea.

The way Proton Mail handles PGP

Proton Mail offers zero-access encryption of your inbox, meaning all of your emails are encrypted, and only you have access to read them after unlocking them with your password. Behind the scenes, this works by each customer having a PGP key pair stored on their servers, with the private key being encrypted by the customer's password. This means that not even Proton themselves can read your emails, and this is great for privacy.

PGP has been a standard for email encryption for many years, and it's widely used for sensitive communication via email. Proton has taken PGP and integrated it into their email service, automatically providing end-to-end encrypted emails between Proton Mail users (it also works with other email providers, but it requires some setup by the communicating parties). The thing is though, that you're not in control of the private PGP key when using Proton Mail's PGP integration. Even though it is encrypted on their servers, and only I can decrypt it, I want to be in control of my private key myself. This also relates to the centralization problem I described above. By using Proton Mail, I entrust my email security with a central entity.

This one is more on the technical side of things. I've had some not so great experiences when trying to use my own PGP key on top of Proton Mail's encryption. For example, my signatures wouldn't be recognized by the recipient's email client, due to the second layer of encryption that is Proton Mail's PGP integration. Because I want to use my own PGP key, that I'm in control of myself, this doesn't work for me.

Conclusion

With all that said, I want to end this blog post by saying this: Don't go ahead and delete your Proton account solely based on what I'm saying. This is my own personal opinion. If you're someone who's not very technical and/or are satisfied with what Proton is offering, then stay. I'm not here to trash talk Proton and tell everyone to abandon them. I think Proton offers some great privacy preserving services and their line of products is perfectly suitable for a lot of people, and their work is important in the privacy world. I'm just someone who's a bit more technical than the average person, and because of that, Proton Mail is just not a fit for me personally. For the average person, Proton is fantastic, and I can only recommend them if you're wondering which email, VPN, calendar or cloud storage provider to use.

You might be asking, what am I using now then? I'm now a happy customer over at mailbox.org, and if you're like me, you should totally check them out. If not, go ahead and keep your Proton account (you have one, right?).