Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Of course they will not. If you look at everything they propose there is always that one thing that makes them control everything. Their IMAP bridge, key generation etc


I don't know much about Proton Mail but presumably they want that so they can actually provide you with a more complete service, other than just being a mail gateway?

I would assume that any technically sophisticated users who just want an SMTP/IMAP server would never let their keys leave their control, but there might be other users for whom a "middle layer" service which has their keys is good enough. (I guess this is especially evident in cryptoassets where people seem to cheerfully let third parties manage their tokens, so it's not really surprising to me that there are a bunch of people willing to do it with their PGP keys for email purposes.)

I guess there's an argument about whether or not they're being responsible in providing such an option at all, which is fair enough.


It's how they make OpenPGP easy to use. Everyone who's ever tried it knows how hopelessly complicated it is. Their bridge's entire purpose is to present a standard email server to email clients so that all the OpenPGP stuff can be done automatically and transparently behind the scenes.

Does that create trust issues? Absolutely. Still, OpenPGP sucks and I just can't fault them for trying to fix it. They're even participating in the standards bodies alongside other OpenPGP projects trying to modernize the whole thing. Somehow it resulted in gpg forking the standard and making everything even worse. It was hard to use before, now it's hard and fragmented.

https://lwn.net/Articles/953797/

https://news.ycombinator.com/item?id=38554393

I suppose they could have gpg or OpenPGP smartcard integration in the bridge, then it could use those keys to sign and encrypt. That's more secure but creates quite a bit of hassle. Suddenly the web and mobile apps become incapable of sending OpenPGP email unless you have the smartcard connected. I've got two NFC enabled YubiKeys and I can't even begin to imagine how to connect this stuff to a smartphone. Looks like there isn't enough support for it.

https://news.ycombinator.com/item?id=40177539




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: