Security is hardly a binary property.
Given you mention the specific technical setup, I would say yes - that is secure against most risks relevant for most people.
At least, it's totally fine according to my own threat model, where I looked specifically at broswer-based encryption vs "manual" encryption (I.e. using PGP tools locally).
Sender and recipient can't be encrypted e2e. How would the server know to whom deliver the email if those are encrypted and not visible to it?
AFAIK tuta encryption extends to the subject line only.
Still a nice addition, don't get me wrong, but I believe you misunderstood something.
From their own doc:
The only unencrypted data are mail addresses of users as well as senders and recipients of emails.
Contacts and everything else is encrypted similarly in all "secure email" providers, including Proton.
TBF, they push the same content via their email newsletter.
Tuta is great, I will start from that. But they encrypt the subject line, in addition to the body afaik. It is technically impossible to encrypt "every part of the email" because that would break delivery (e.g., metadata such as recipient or timestamps).
This also has the cost of a nonstandard protocol (not plain PGP), with all that implies in terms of compatibility, maintenance needs etc.
Since I have found it historically hard to engage on this (broader) subject around here, just yesterday I put together my own thoughts at https://loudwhisper.me/blog/proton-fediverse-burnout/
Personally, I did not see the value of their Mastodon presence, it was write only marketing communication, no engagement with the community anyway. That happened only ever on Reddit, which I think is going to continue being the case.
They push the same info via email newsletter, if someone really wants that stuff.
Either way, the post above covers my take on the whole drama, not just this last small chapter.
The biggest items on the graph are all out of bounds accesses, use-after-free and overflows. It is undeniable that memory safe languages help reducing vulnerabilities, we know for decades that memory corruption vulnerabilities are both the most common and the most severe in programs written in memory-unsafe languages.
Unsafe rust is also not turning off every safety feature, and it's much better to have clear highlighted and isolated parts of code that are unsafe, which can be more easily reviewed and tested, compared to everything suffering from those problems.
I don't think there is debate here, rewriting is a huge effort, but the fact that using C is prone to memory corruption vulnerabilities and memory-safe languages are better from that regard is a fact.
Sorry about that :) But you get the credit for spotting the problem! Thanks for that!
With Simplelogin integration Proton does PGP encryption because effectively all emails are forwarded by a simplelogin address. I have just tested to be sure, and I can confirm it is the case. I agree though that this only protects "my side", which is why I said that it doesn't provide all the PGP features.
Publishing your PGP public key next to your email doesn’t require “wasting a domain” or anything like that
It does if I don't have any key that I use for emails. My key(s) is bound to the Proton account with the other domains I use, so for this domain I would need to either add it (back) to Proton (easier option, but "wastes" a domain) or just generate and manage a key myself, that I can then even add manually to Proton, but I didn't bother doing this just yet. I am not going to use any other public key I have because I wanted specifically to keep this domain separated from my identity.
I just thought it was amusing that you didn’t seem to actually follow your own advice.
FWIW, I do follow the described setup for everything personal, which is what matters to me. As I said, ~1/2 months ago I did have my PGP key because I enrolled the domain into Proton, which if anything is a testament to how annoying it is having to manage keys myself (which I already do for signing commits etc.). Maybe I will spend some time to polish the setup, eventually.
I don't think so, does it sound weird? Not a native speaker, so maybe it does :)
Yep, I am aware of the contradiction. I used to, but since then I moved to an alias as it was not worth wasting a domain for a single address. I may spend eventually the time to setup PGP for the alias itself, but I just didn't. It's a Proton alias, so I get anyway PGP encryption, though (obviously without all the features, but good enough for the near-zero volume I currently have).
They wrote that they don't want to "write and forget" but engage with people (as they do on Reddit, for better or worse). I think it's opinable, but it sounds reasonable to me. What is the value of having an official account which just reposts one-way communication already published on the blog and on the newsletter? Anybody can build such a bot, but it's not "presence" the way I interpret it.