samsapti.dev/content/posts/why-i-switched-from-proton-mail.md
Sam A. c5410ed6b6
All checks were successful
continuous-integration/drone/push Build is passing
Remove slug
2022-05-29 23:36:12 +02:00

102 lines
5.5 KiB
Markdown

+++
draft = false
date = 2022-05-29T16:10:46+02:00
title = "Why I Switched From Proton Mail"
description = "This blog post explains why I chose to switch away from Proton Mail."
authors = ["Sam Al-Sapti"]
tags = ["cryptography", "decentralization", "email", "pgp"]
series = []
+++
I wanted to write this blog post (and by the way, this is my first) to
shed some light on my recent choice of email provider. You see, Proton
Mail is a great email service, and I've used them for years, but it just
doesn't fit my needs anymore. This is due to a number of reasons, but
it's primarily due to some issues with external PGP handling (I'll talk
more about this later on) and their recent change of direction.
## Centralization and Proton's new direction
One of the main reasons I chose to switch, is the new direction Proton
is going in. Recently, they've revamped all of their products and their
website, to make it more clear that both Proton Mail, Proton VPN, Proton
Calendar and Proton Drive is under the same family/suite (notice how
there's a space now in their product names, that's one of the changes).
All of this is great for many reasons, now it actually feels like an
alternative all-in-one solution to something like Google's, and I'm sure
this will benefit them in the long run and appeal to more people. A lot
of people like these kinds of ecosystems, because it usually increases
ease of use and convenience. In fact, this change now allows Proton to
better integrate their products together. For example, you can now
easily send large attachments via email, by letting Proton Mail
automatically upload the file to Proton Drive and send a share link in
the email, instead of attaching it in the email itself. All of the
changes are outlined in
[this article](https://proton.me/news/updated-proton) by Proton's CEO,
Andy Yen.
Personally though, this does not appeal to me. I'm not a fan of
ecosystems and having all my eggs in one basket, and I'm a huge fan of
self-hosting. You see, I'm a big proponent of decentralization. One
aspect of decentralization is to not have everything in one place, when
you don't control that place. For example, I wouldn't have both my
email, calendar, contacts and cloud storage with Google, and neither
would I with Proton. Instead, I self-host my cloud storage, calendar,
contacts, to-do lists, and notes with the help of
[Nextcloud](https://nextcloud.com) at home on a Raspberry Pi. This way,
even though it's all in one place, I'm the one in control of the server
hosting it and what happens with it.
I can definitely see why Proton chose to go in this direction, and I
fully support them. But they should also expect, and I'm sure they did,
that some of their customers wouldn't want this change of direction. I
have nothing against Proton as a company, but having my digital life
centralized with one company is just not my cup of tea.
## The way Proton Mail handles PGP
Proton Mail offers zero-access encryption of your inbox, meaning all of
your emails are encrypted, and only you have access to read them after
unlocking them with your password. Behind the scenes, this works by each
customer having a PGP key pair stored on their servers, with the private
key being encrypted by the customer's password. This means that not even
Proton themselves can read your emails, and this is great for privacy.
PGP has been a standard for email encryption for many years, and it's
widely used for sensitive communication via email. Proton has taken PGP
and integrated it into their email service, automatically providing
end-to-end encrypted emails between Proton Mail users (it also works
with other email providers, but it requires some setup by the
communicating parties). The thing is though, that you're not in control
of the private PGP key when using Proton Mail's PGP integration. Even
though it is encrypted on their servers, and only I can decrypt it, I
want to be in control of my private key myself. This also relates to the
centralization problem I described above. By using Proton Mail, I
entrust my email security with a central entity.
This one is more on the technical side of things. I've had some not so
great experiences when trying to use my own PGP key on top of Proton
Mail's encryption. For example, my signatures wouldn't be recognized by
the recipient's email client, due to the second layer of encryption that
is Proton Mail's PGP integration. Because I want to use my own PGP key,
that I'm in control of myself, this doesn't work for me.
## Conclusion
With all that said, I want to end this blog post by saying this: Don't
go ahead and delete your Proton account solely based on what I'm saying.
This is my own personal opinion. If you're someone who's not very
technical and/or are satisfied with what Proton is offering, then stay.
I'm not here to trash talk Proton and tell everyone to abandon them. I
think Proton offers some great privacy preserving services and their
line of products is perfectly suitable for a lot of people, and their
work is important in the privacy world. I'm just someone who's a bit
more technical than the average person, and because of that, Proton Mail
is just not a fit for me personally. For the average person, Proton is
fantastic, and I can only recommend them if you're wondering which
email, VPN, calendar or cloud storage provider to use.
You might be asking, what am I using now then? I'm now a happy customer
over at [mailbox.org](https://mailbox.org), and if you're like me, you
should totally check them out. If not, go ahead and keep your Proton
account (you have one, right?).