Hacker News new | past | comments | ask | show | jobs | submit login

Yes I'm not a fan of Proton either. Especially because they hammer so much on their "Encryption" thing while 95% of the mails you get will come unencrypted from one of the big tech parties, Google, Microsoft, Amazon. So what is the point, really? And because of this indeed it is very hard to connect to it.

Email is just dead as a tech. It's no surprise nobody uses it for sensitive content anymore but instead just uses it as a notification service ("Please log in to our portal to read your message").

I don't personally like bitwarden either because it uses a master password, I prefer "pass" which encrypts each password with your GPG key (which can be stored on a yubikey for hardware security). But yeah self hosted bitwarden is a good option too and very popular.




> It's no surprise nobody uses it for sensitive content anymore

I get password reset links for pretty much every website on email. Few things as sensitive as that.

I also receive and send documents, signed or for signing, with pretty sensitive information, over email.

I agree it shouldn't be used for those but it certainly still is.


There's so many organisations moving away from it though. Email password recovery yes. But really, what does Proton's E2EE add to this? The email is still sent unencrypted across the internet. And only gets encrypted when it gets to their mailbox. It's not as if someone could easily break into gmail either. Unless they know your password but then Proton is just as vulnerable.

I just consider their "Security" window dressing to be honest. It totally ignores the gaping wide problem and fixes only a tiny pretty irrelevant part of it.


Many emails aren't sent unencrypted any more — just not E2E encrypted. It's harder to stop an active MITM from downgrading the connection, but the bulk of non-spam messages to my server come in with TLS. And while it's not going to be possible for most people, I have pinned most of my larger destinations to require TLS with a suitable certificate, so I can have confidence that my outbound email won't transit the Internet unencrypted.

Obviously if you're a client of a big hosting service that you don't trust then E2E has value. But that's not the whole problem, or the whole solution.


Encryption at rest is still worth something.

>It's not as if someone could easily break into gmail either. Unless they know your password...

Google employees, the NSA, hackers, ... they can all break into your Gmail without knowing your password.


I agree. My comment was not related to Proton in any way, only as a counter to the idea that e-mail is on the way out.

Yes, there are companies and services getting away from it but there's still a lot of sensitive information flowing through it.


>Email is just dead as a tech.

It's really the only game in town for messaging. Like sure, there are a zillion incompatible alternative systems out there but email is the only system with worldwide adoption. ... and its federated. ... and it actually works somewhat reliably. ... and it's actually fairly secure these days, using a network of trusted email servers.

Like sure, it would be great if we could make end to end encryption usable for regular people for the email case. It would also be equally great if we could make E2EE usable for regular people for all the other cases.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: