102 lines
5.5 KiB
Markdown
102 lines
5.5 KiB
Markdown
+++
|
|
draft = false
|
|
date = 2022-05-29T16:10:46+02:00
|
|
title = "Why I Switched From Proton Mail"
|
|
description = "This blog post explains why I chose to switch away from Proton Mail."
|
|
authors = ["Sam Al-Sapti"]
|
|
tags = ["cryptography", "decentralization", "email", "pgp"]
|
|
series = []
|
|
+++
|
|
|
|
I wanted to write this blog post (and by the way, this is my first) to
|
|
shed some light on my recent choice of email provider. You see, Proton
|
|
Mail is a great email service, and I've used them for years, but it just
|
|
doesn't fit my needs anymore. This is due to a number of reasons, but
|
|
it's primarily due to some issues with external PGP handling (I'll talk
|
|
more about this later on) and their recent change of direction.
|
|
|
|
## Centralization and Proton's new direction
|
|
|
|
One of the main reasons I chose to switch, is the new direction Proton
|
|
is going in. Recently, they've revamped all of their products and their
|
|
website, to make it more clear that both Proton Mail, Proton VPN, Proton
|
|
Calendar and Proton Drive is under the same family/suite (notice how
|
|
there's a space now in their product names, that's one of the changes).
|
|
All of this is great for many reasons, now it actually feels like an
|
|
alternative all-in-one solution to something like Google's, and I'm sure
|
|
this will benefit them in the long run and appeal to more people. A lot
|
|
of people like these kinds of ecosystems, because it usually increases
|
|
ease of use and convenience. In fact, this change now allows Proton to
|
|
better integrate their products together. For example, you can now
|
|
easily send large attachments via email, by letting Proton Mail
|
|
automatically upload the file to Proton Drive and send a share link in
|
|
the email, instead of attaching it in the email itself. All of the
|
|
changes are outlined in
|
|
[this article](https://proton.me/news/updated-proton) by Proton's CEO,
|
|
Andy Yen.
|
|
|
|
Personally though, this does not appeal to me. I'm not a fan of
|
|
ecosystems and having all my eggs in one basket, and I'm a huge fan of
|
|
self-hosting. You see, I'm a big proponent of decentralization. One
|
|
aspect of decentralization is to not have everything in one place, when
|
|
you don't control that place. For example, I wouldn't have both my
|
|
email, calendar, contacts and cloud storage with Google, and neither
|
|
would I with Proton. Instead, I self-host my cloud storage, calendar,
|
|
contacts, to-do lists, and notes with the help of
|
|
[Nextcloud](https://nextcloud.com) at home on a Raspberry Pi. This way,
|
|
even though it's all in one place, I'm the one in control of the server
|
|
hosting it and what happens with it.
|
|
|
|
I can definitely see why Proton chose to go in this direction, and I
|
|
fully support them. But they should also expect, and I'm sure they did,
|
|
that some of their customers wouldn't want this change of direction. I
|
|
have nothing against Proton as a company, but having my digital life
|
|
centralized with one company is just not my cup of tea.
|
|
|
|
## The way Proton Mail handles PGP
|
|
|
|
Proton Mail offers zero-access encryption of your inbox, meaning all of
|
|
your emails are encrypted, and only you have access to read them after
|
|
unlocking them with your password. Behind the scenes, this works by each
|
|
customer having a PGP key pair stored on their servers, with the private
|
|
key being encrypted by the customer's password. This means that not even
|
|
Proton themselves can read your emails, and this is great for privacy.
|
|
|
|
PGP has been a standard for email encryption for many years, and it's
|
|
widely used for sensitive communication via email. Proton has taken PGP
|
|
and integrated it into their email service, automatically providing
|
|
end-to-end encrypted emails between Proton Mail users (it also works
|
|
with other email providers, but it requires some setup by the
|
|
communicating parties). The thing is though, that you're not in control
|
|
of the private PGP key when using Proton Mail's PGP integration. Even
|
|
though it is encrypted on their servers, and only I can decrypt it, I
|
|
want to be in control of my private key myself. This also relates to the
|
|
centralization problem I described above. By using Proton Mail, I
|
|
entrust my email security with a central entity.
|
|
|
|
This one is more on the technical side of things. I've had some not so
|
|
great experiences when trying to use my own PGP key on top of Proton
|
|
Mail's encryption. For example, my signatures wouldn't be recognized by
|
|
the recipient's email client, due to the second layer of encryption that
|
|
is Proton Mail's PGP integration. Because I want to use my own PGP key,
|
|
that I'm in control of myself, this doesn't work for me.
|
|
|
|
## Conclusion
|
|
|
|
With all that said, I want to end this blog post by saying this: Don't
|
|
go ahead and delete your Proton account solely based on what I'm saying.
|
|
This is my own personal opinion. If you're someone who's not very
|
|
technical and/or are satisfied with what Proton is offering, then stay.
|
|
I'm not here to trash talk Proton and tell everyone to abandon them. I
|
|
think Proton offers some great privacy preserving services and their
|
|
line of products is perfectly suitable for a lot of people, and their
|
|
work is important in the privacy world. I'm just someone who's a bit
|
|
more technical than the average person, and because of that, Proton Mail
|
|
is just not a fit for me personally. For the average person, Proton is
|
|
fantastic, and I can only recommend them if you're wondering which
|
|
email, VPN, calendar or cloud storage provider to use.
|
|
|
|
You might be asking, what am I using now then? I'm now a happy customer
|
|
over at [mailbox.org](https://mailbox.org), and if you're like me, you
|
|
should totally check them out. If not, go ahead and keep your Proton
|
|
account (you have one, right?). |