Em :official_verified: @Em0nM4stodon@infosec.exchange
Public

Here's the thing about Proton Mail:

With Proton Mail, the content of your email is fully end-to-end encrypted and inaccessible to service providers IF (and only if) you are communicating with another Proton Mail account, or you have set up a PGP key exchange otherwise.

The metadata of your email, however, isn't end-to-end encrypted. It is accessible in plain text to Proton. This includes:

  • Your payment information
  • The subject line of your emails
  • Your IP address(es), which can reveal your location
  • The email addresses you have communicated with
  • The time you have sent and received emails

If Proton is legally forced to provide this information to law enforcement, they will. They have to.

If your threat model makes it that it's dangerous for you when this metadata is shared, you need to use another, more private, method of communication.

Dan (he/him) :twit: @brass75@twit.social
Public

@Em0nM4stodonEm :official_verified: It is important to note that that metadata is unencrypted because that is how the protocol works. It is available to every email provider. Email is not conducive to secure communications. It cannot be made more secure withough significant expense that, quite literally, everyone would need to agree to and take on.
1/2

0
0
0

If you have a fediverse account, you can quote this note from your own instance. Search https://twit.social/users/brass75/statuses/116185350869377349 on your instance and quote it. (Note that quoting is not supported in Mastodon.)