Can You REALLY Trust Proton Mail?

Поділитися
Вставка

КОМЕНТАРІ • 782

  • @techvishnuyt
    @techvishnuyt Рік тому +1905

    you guys use e-mail services? pfff i always count on my pigeon george. trust me he never speaks a thing about me

    • @bacalhau_seco
      @bacalhau_seco Рік тому +92

      real mfs send letters manually

    • @Naokarma
      @Naokarma Рік тому +28

      Funfact: Carrier pigeons were a distinct species, and one that went extinct due to over-hunting.

    • @bacalhau_seco
      @bacalhau_seco Рік тому +50

      @@Naokarma idk who told you that but carrier pigeons still exist...
      They mostly exist for showoff tho, people buy pigeons and breed them to get better pigeons each generation.

    • @sazanlip
      @sazanlip Рік тому

      Wait until your avian carrier gets intercepted by feds' falcon. This is VERY unlikely to happen, unless you're Osama kind of guy.

    • @Leon-qo2vl
      @Leon-qo2vl Рік тому

      @@a-_-a men of culture rfc 1149 is the future

  • @AnalyticMinded
    @AnalyticMinded Рік тому +548

    Exactly. I don't fully trust in any e-mail service precisely for the reason you mentioned: the protocol itself. If you have something sensitive to share to anyone, e-mail is not the right medium.

    • @folksurvival
      @folksurvival Рік тому +50

      Same for SMS text messaging.

    • @sazanlip
      @sazanlip Рік тому +15

      Except, maybe, you and your intended recipient exchanged ciphers ahead. Preferably in a face-to-face real world meeting. In a place where there's not a single camera for miles away.

    • @Darkk6969
      @Darkk6969 Рік тому +12

      That's what PGP is designed to do. Problem is trying to explain the sender on how to use it is the problem in itself. ProtonMail supports it and they make it fairly easy to use. I generate my own PGP keys on my computer so I know there's no escrow key attached to it. My Thuderbird e-mail (Linux) client automatically attaches my PGP public key so they can use it to send me encrypted e-mails.

    • @Dowlphin
      @Dowlphin Рік тому +18

      It also frustrates me when people refuse to communicate by e-mail or such because they consider it unsafe but then act like Telegram is totally rock-solid. Well, to begin with, it requires a contract-based global ID (phone number) attached to an account, and then Telegram is under jurisdictions, too.
      It is often better to use e-mail but have no smartphone than to use Telegram and a smartphone. But the 'popculture security sheeple' cannot be convinced after they already believe they are totally safe now with their cute little mass-used gimmick.

    • @sazanlip
      @sazanlip Рік тому +12

      @@Dowlphin Or, even worse, Whatsapp, because it *allegedly* has E2E encryption enabled by default. But I have doubts if their 'encryption' doesn't have any backdoors, which can be used both 'legitimately' and illicitly.

  • @cenewton3221
    @cenewton3221 Рік тому +875

    Email in general cannot ever be truly secure. If one needs that level of total privacy there are other tools for said communication. With email, at best it's the equivalent of locking our doors at night - enough to keep honest people honest, that's about it. Determined people, either individuals or government agents, will find a way to crack emails.

    • @adamz1977
      @adamz1977 Рік тому +11

      Why not? Email has transport encryption between servers and between clients, it can have content encryption via autocrypt (or other methods including the Signal protocol like criptext), it has DNSSEC, TLSA, DANE. Encryption at rest can be done as well, or messages can be removed from server when delivered. What security holes are still left after all of that?

    • @gakukid991
      @gakukid991 Рік тому

      @@adamz1977 It was explained on the video, if you don't use PGP yourself and send encrypted data, the gov can make the company server comply with encryption removal at rest for that specific users etc.
      Heck, proton if wanted can also push an logger script on the web so even PGP would not work if typed on the web app of them.
      The only way for email to be secure is to type it on a offline editor which is not related to the email comany and encrypt it with PGP there. Then send it through email.

    • @eatbreakfasts7993
      @eatbreakfasts7993 Рік тому +21

      I.T. guy here; I hope I'm not witnessing someone defending faxes right now 😏

    • @EntityVsEntityInteractions
      @EntityVsEntityInteractions Рік тому

      @@adamz1977 You can always manually encrypt your own data with a cipher. The only reason why Enigma was cracked was because an entire nation was intercepting hundreds of messages, original Enigma machines, etc - and devoting thousands of man-hours to cracking it! If you make up your own encryption, the scale that you operate at will make it even harder for people to crack.

    • @sylpisophia5612
      @sylpisophia5612 Рік тому +34

      As someone who literally sets up servers and mail servers are one of them, I can agree at some degree that you CAN secure email. BUT, can you still call it an email? And, the more you make it secure, the more complex it becomes that its a nightmare to maintain or even use. In the end, emails should never be used for something that requires security. Never send account information over email. And never use email for 2FA.

  • @joaomaria2398
    @joaomaria2398 Рік тому +713

    ProtonMail is just a better alternative to gmail. That is it.
    It isn't the holy savior of the mail privacy.

    • @EricMurphyxyz
      @EricMurphyxyz  Рік тому +237

      It's pretty good but I agree, it's neither the holy savior or the devil, it's just a good option if you don't trust Google

    • @joaomaria2398
      @joaomaria2398 Рік тому +54

      Functionality and availability wise, google is also very good. It just works. Both of them, indeed.
      But privacy wise.... I will just say I try to not use anything coming from google. I am not there yet... but one day!

    • @terrydaktyllus1320
      @terrydaktyllus1320 Рік тому

      Yes, I absolutely agree with you.
      The 5 most evil corporations that make money from harvesting user data are Google, Apple, Faecesbook, Microsoft and Amazon.
      If you use any other service (including email) provider that isn't affiliated to those corporations or the CCP, then you are going to be more private than you were using services on any of them.
      Email isn't encrypted unless you use PGP, at which point the body of the email is encrypted but the headers and the metadata are not - so someone from the outside can see who you were communicating with and what times, and may be able to guess what you were discussing purely because of that relationship. And that's something you just can't change with email.

    • @nwerd7584
      @nwerd7584 Рік тому

      @@joaomaria2398 the issue is once you use it you already lost the privacy, and your id.. you can only stop them from continuing to collect current data to send personalization at you.

    • @trueriver1950
      @trueriver1950 Рік тому +8

      I'd rephrase that: pm is not as bad as Gmail. Only in algebra is "not as bad" the same as "better".

  • @xymaryai8283
    @xymaryai8283 9 місяців тому +33

    honestly this was the best Ad for Proton Mail, sensibly discussing the technology and history, flaws and benefits. i hope they pay you, because they probably got a few subscriptions bc of this video.

  • @Sunrise-d819i2
    @Sunrise-d819i2 Рік тому +193

    the only privacy i care about is being sold for ads, i knew from the start they have to give up info for warrants which is fully justified. i just don't want random workers and ad companys in my emails. proton is perfect for daily use.

    • @YountFilm
      @YountFilm 6 місяців тому +20

      It's "fully justified"... until the laws keep changing and the warrant is for "suspicion of collecting rainwater in barrels on your own property."

    • @harvivekdhindsa6809
      @harvivekdhindsa6809 5 місяців тому +11

      @@YountFilmsure but honestly who is using email for anything other than signing up for things or sending colleagues or businesses a message to start a line of communication. Afterwards if security is a concern no one is using email…

    • @axton9521
      @axton9521 5 місяців тому +6

      ​@@YountFilmLaws dont just change by accident. At least in the US and Germany we ellect governments. I think we should try our best to fight this at the government level. There are lots of surveillance options way harder to circumvent like hardware backdoors, public cameras, other peoples digital devices etc.. So yeah, I'll definitely try to fight on that side. If this fight is ever lost, then yeah just ditch mail.

    • @cristianhakansson7443
      @cristianhakansson7443 5 місяців тому +1

      It seems to me that covering your tracks because the cops are after you is probably (hopefully!) more privacy than the average person needs.

  • @jagildown
    @jagildown Рік тому +78

    The people that don't care about pivacy at all "I have nothing to hide" should think what could happen if uncle adolf was in command with access to all this data.

    • @tziirkq
      @tziirkq Рік тому +19

      Just tell them to give you all their passwords so you can read what they say on facebook or in their emails. If they have nothing to hide then they should be OK with it.

    • @jagildown
      @jagildown Рік тому +2

      😂😂😂

    • @mikaelbihl-matias9462
      @mikaelbihl-matias9462 Рік тому +14

      Plot twist: uncle KLAUS is in command with all the datas

    • @manuelp7472
      @manuelp7472 3 місяці тому +4

      The reality is that the people in charge are just as bad if not worse than him.

    • @AlexandreLefaure
      @AlexandreLefaure 2 місяці тому +3

      I wonder how many of those who have nothing to hide would let anybody put a camera in their house just to watch.

  • @mazzysmainframe
    @mazzysmainframe Рік тому +69

    I have no illusions about Proton being a beacon of inviolable privacy against the evil forces of the world, I just like the service they provide. Not just the email but the entire ecosystem of services. It works really well for me in my situation.

  • @marcogenovesi8570
    @marcogenovesi8570 Рік тому +638

    As a fellow glowing fed I approve this message

    • @folksurvival
      @folksurvival Рік тому

      @@rft253 Because the greatest programmer who ever lived told us so.

    • @the_null_man
      @the_null_man Рік тому

      ​@@rft253It's because of the legendary quote by Terry A Davis, on how "the CIA (hard R nwords) glow in the dark, and you can see them while you're driving". Look it up, it's kinda funny, to be honest

    • @2012Accounts
      @2012Accounts Рік тому

      ​@@rft253cause they're feds

    • @BasedChad
      @BasedChad Рік тому +1

      ​@@rft253do NOT look up terry davis

    • @magnum333
      @magnum333 Рік тому +1

      CIA n*gg*rs glow in the dark @@rft253 Why? Probably the nanotech in their blood, luciferase, graphene oxide... who knows...

  • @MrBelles104
    @MrBelles104 Рік тому +177

    I switched to it after your email video, and I’ll use it because although they have shown they aren’t perfect, it is absolutely safer than Google Mail so switching to Proton was a net positive.

    • @QuantumFantasy
      @QuantumFantasy Рік тому +34

      Exactly this. The people that kick and scream about protonmail to someone who's never heard of a VPN and have 1-3 Gmail accounts is really just missing the point. If they don't use proton they're probably just going to keep using Gmail, not open their own personal email server.

    • @AshnSilvercorp
      @AshnSilvercorp Рік тому +4

      I've had caution to doing it for everything since some services are allergic to you using it. I guess if you wanted to be 99.9% private, you shouldn't be using the services that would have a problem with it in the first place.
      If anything, I'm getting very mad with other email services making account deactivation policies that are going to just get shorter and shorter until maintaining them becomes a chore and a risk of massive account lockouts...
      Edit: I read that Proton is doing the same thing... I guess it's neat you can pay for it once and cancel later and the account can remain active? But if they change the policy once, they'll do it again I guess...

    • @MrBelles104
      @MrBelles104 Рік тому

      @@AshnSilvercorp Oh yes, not just email services, but all internet services in general seem to be trying to prune anything they label as "dead". At this point in time, Proton is only resending any emails my Gmail gets, so nothing I use actually goes to Proton but rather Gmail, but I'll see what services in the future I can use Proton with natively.

    • @Grubyauau
      @Grubyauau 9 місяців тому +1

      @@AshnSilvercorp They were forced by the Swiss government to give his data, and unless you know the context, as I read this peasant what he wrote to the US government or somewhere, he threatened them and seriously, so I guess it's better after all to turn one man in than to have others commit su*cide from his false threats.... in short: it's one good thing, one bad thing that they ratted him out, because they broke their confidence a bit, but at the same time they helped catch the person through whom suic*des out of desperation could sprinkle

    • @ThisOLmaan
      @ThisOLmaan 8 місяців тому +2

      Plus Gmail now ask to add a phone number with out a choice, dont know how long or when that start it. But it wasn't a thing when a open account at Gmail, now i'll Try Proton Mail till they decide to also start asking for such verifications to verify.

  • @guesswhoscoming9046
    @guesswhoscoming9046 Рік тому +101

    Protonmail is good for what it is. Even hosting your own mailserver isn't 'fully secure' and if you are sharing sensitive data there are better protocols.

    • @tedrice1026
      @tedrice1026 10 місяців тому +8

      I don't know - it seemed to work well for Hillary! Just keep a big hammer on hand.

    • @stevexanny
      @stevexanny 10 місяців тому

      She's got democrat privilege, that's what you're forgetting@@tedrice1026

    • @masterTigress96
      @masterTigress96 10 місяців тому

      @@tedrice1026 I suspect she had insider help, although, admittedly, I have no evidence for this. Only the fact that I cannot, *cannot* imagine that the secret services did not know she was doing it.
      I suspect she or good or Billy had connections of some sort to help them set this up in the first place, and secondly, to prevent them from getting into serious legal trouble.
      If I were to suddenly run my own mail server or my own mail address and use it for work, my employer would have me booted from the company in no time. I do not believe for a second that nobody knew from the get go what she was doing.

    • @electric26
      @electric26 10 місяців тому

      ​@@tedrice1026😂😂 fair enough

  • @___gg421
    @___gg421 Рік тому +95

    If your hiding from the government you need to be using more secure communication anyways, if you just don’t want your email scanned and data sold then proton is pretty good

    • @TheBlackStranger
      @TheBlackStranger 5 місяців тому

      I'm new to internet security. What would you use for such a situation?

    • @sudonim116
      @sudonim116 4 місяці тому

      ​@@TheBlackStrangerEmail is fine if you PGP encrypt the contents

    • @sudonim116
      @sudonim116 4 місяці тому

      ​@@TheBlackStrangeror maybe signal?

    • @yuinyaH
      @yuinyaH 4 місяці тому

      ​@@TheBlackStranger Signal or Telegram

    • @roccociccone597
      @roccociccone597 4 місяці тому

      exactly, that's the main reason I use proton...

  • @GameCyborgCh
    @GameCyborgCh Рік тому +38

    this is actually a good reminder for me to go through my multiple emails and do some house cleaning, delete mails from services i am no longer using, delete emails that are a decade old and most importantly unsubscribe from all the email newsletters

    • @Sl.layer.34
      @Sl.layer.34 9 місяців тому

      Proton + SimpleLoguin

  • @ducksies
    @ducksies Рік тому +151

    PGP is actually easy to use, but it's a pain to maintain a list of public keys for all your friends

    • @AshnSilvercorp
      @AshnSilvercorp Рік тому +7

      I will say doing verification with it isn't really well explained. I've tried to use it to verify Linux iso's a few times, and the process is never really well explained on the install pages.

    • @ducksies
      @ducksies Рік тому

      @@AshnSilvercorp it's pretty easy. If you want a video guide for it, check out Mental Outlaw's new Tails guide- he explains the process of verifying the ISO there.

    • @kj-marslander
      @kj-marslander Рік тому +19

      You're contradicting yourself.

    • @tedrice1026
      @tedrice1026 Рік тому +9

      Try getting anyone else to use it!

    • @jb_lofi
      @jb_lofi Рік тому

      @@tedrice1026 Exactly. That's the only hard part of it. And although I agree that distros should at least link to a guide or something explaining how to verify ISOs, that's a general issue with all open source projects... the number of times I've tried to find a proper install guide for some github project is way too dang high.

  • @danielrobinson3654
    @danielrobinson3654 Рік тому +94

    PGP isn't really confusing, it's just kinda a pain adding extra steps

    • @littlered6340
      @littlered6340 Рік тому

      This

    • @adamz1977
      @adamz1977 Рік тому +1

      Have you tried the autocrypt standard though? There's zero friction using that with clients that support it fully (like Delta Chat).

    • @nds6767
      @nds6767 Рік тому +2

      I find it funny. PGP was great. BUT then Symantec bought it and wtf happened? It’s still around but what a shit show. I miss the PGP desktop.

    • @Kirt44
      @Kirt44 Рік тому

      Pgp I have still not had it work out and i tried it all so what are u talking about its impossible

    • @sotecluxan4221
      @sotecluxan4221 6 місяців тому

      What is ur opinion about OpenPGP as in Thunderbird available?

  • @sidensvans67
    @sidensvans67 10 місяців тому +20

    Rules for Life .
    1. Do not trust any Device , system or service , ever .
    2. Never forget Rule 1.

    • @nightowl425
      @nightowl425 6 місяців тому +1

      Then what's the point of technology? Might as well trust something.

    • @sidensvans67
      @sidensvans67 6 місяців тому +5

      @@nightowl425 Good luck with that .

    • @NeptuneSega
      @NeptuneSega 3 місяці тому

      ​@@nightowl425 you use it cautiously. Just because you use it doesn't mean you have to trust it.

  • @orion10x10
    @orion10x10 Рік тому +53

    As a CIA Agent I love Proton Mail, makes over throwing democratically elected governments the world over a breeze. All my friends, family and global espionage network connected in one place

    • @notafbihoneypot8487
      @notafbihoneypot8487 Рік тому +27

      Tim what did we talk about you telling people you're a CIA agent.

    • @squirlmy
      @squirlmy Рік тому +2

      @@notafbihoneypot8487 let me guess, you wear a white coat and offer people a temporary place to stay? 😉

    • @orion10x10
      @orion10x10 Рік тому +2

      ​@@notafbihoneypot8487 😅

    • @Darkk6969
      @Darkk6969 Рік тому +2

      Oh snaps! 🤣

    • @erickyle5604
      @erickyle5604 Рік тому +2

      Please report to sound proof conference room for "remedial" training regarding the release of internal operational procedures.

  • @jorgepenaloza6834
    @jorgepenaloza6834 Рік тому +31

    I agree, but I will also add that the person who wants to be invisible has to not only stop using email, but also reduce social connections to almost zero.
    Facebook was capable years ago of creating panthom profiles of people not on facebook, just by all the info he had on your friends and family. So if you have communications with people who are leaking data everywhere, they can still pin point you.

    • @azure4real
      @azure4real Рік тому

      Facebook is for surveillance and never for privacy.
      Their logo is an evolved form of an freemason logo.
      I trust no tech companies at all that have their hands into survaillance,that is on the Stock Market that is owned by the evil 1% and that funds or funded the WEF.

    • @azure4real
      @azure4real Рік тому +1

      You do not have disown socializing with others.
      You just have to avoid being so honest with others about who you are.

    • @jorgepenaloza6834
      @jorgepenaloza6834 Рік тому +9

      @@azure4real if they are socializing with a non-existent avatar, are THEY socializing with you? are you socializing with them?
      I'd say not really, one of the joys of socializing is to get to open up about who you are. If not, is just glorified weather-talk.

  • @MushmouthJoe
    @MushmouthJoe Рік тому +21

    I appreciate this explanation. I was completely unaware that Proton Mail was so divisive. No wonder I get weird looks when I give out my email address. I have nothing more than a standard account & I'm not sponsored in any way. But I've been quite happy with it. 👍🏻☕️

  • @drishalballaney
    @drishalballaney Рік тому +11

    I think this feels like a similar situation to signal where all they could give was the ip address where they logged in from
    so I think as long as you pair protonmail with vpn there should not be a danger of leaking ip address

  • @jacksoncremean1664
    @jacksoncremean1664 Рік тому +48

    one thing you forgot to mention that even emails encrypted with TLS are not safe from a MITM, you can trivially downgrade to plaintext or even just straight out not present a valid certificate. The only way to have authenticated TLS connections safe from a MITM is to use a service that supports MTA-STS and DANE, which sadly isn't very widespread.

    • @EricMurphyxyz
      @EricMurphyxyz  Рік тому +15

      True. Another example of email being inherently insecure.

    • @adamz1977
      @adamz1977 Рік тому

      @@EricMurphyxyz No, that's an example of a security hole being fixed. The word "inherently" means permanently, but as @jacksoncremean1664 already said, those MITM attacks can be mitigated with up-to-date security best practices.

    • @AMEER-114-
      @AMEER-114- 10 місяців тому +1

      ​@@EricMurphyxyz
      Hey..
      When I found out it was created by the Intel agency
      I deleted my free Proton app...
      It redownloaded onto my phone all by itself..
      But it doesnt show up in my apps list...
      How the heck do I remove it ?

    • @braddockbrawler
      @braddockbrawler 7 місяців тому +1

      There is no way around coding your own e2e solution if you want peace and freedom.

    • @AMEER-114-
      @AMEER-114- 7 місяців тому +1

      @@braddockbrawler
      Hi.
      Can you please tell me if you get this?

  • @ej2953
    @ej2953 9 місяців тому +7

    I got my first PGP key at a key party in Houston in the 1992 or so.
    A member of the Free Software Foundation or something similar was there with a laptop. We took a floppy diskette to the party where the guy with a laptop would generate our key for us. He was pretty busy at that, too.
    The real problem was that once I got back to the office with the diskette, I had no idea what to do with it.

    • @Dryblack1
      @Dryblack1 4 місяці тому +1

      I must know what a key party is

    • @ej2953
      @ej2953 4 місяці тому

      @@Dryblack1 It was an event at a local bar where you could go to meet people and verify identities to sign each other's keys. And if you didn't have a key, you could take a floppy disk with you and someone there with a laptop could create a key for you and save it on your floppy disk.
      In our case, the guy with the laptop creating keys was a lawyer who was highly involved interested in the EFF (Electronic Frontier Foundation).

    • @Dryblack1
      @Dryblack1 4 місяці тому +1

      @@ej2953 Fascinating, thanks for sharing!

  • @theepicduck6922
    @theepicduck6922 Рік тому +28

    Very nice endorsement Eric, your badge and money payment will be at the standard dead drop.

  • @myguitardidyermom212
    @myguitardidyermom212 Рік тому +18

    Protip; if you're a drug dealer, don't do business over public email

  • @2sourcerer
    @2sourcerer 11 місяців тому +4

    Email used to be just sent and not stored in the server. If everyone were to do that, at least when any entity wants to snoop it they can only see mails in transmit, not seeing years of data.

  • @roflchopter11
    @roflchopter11 Рік тому +14

    Signal still uses a public identifier (phone number) and so can still be used to find your identity. One needs to compartmentalize one's contacts.

    • @brunoterlingen2203
      @brunoterlingen2203 9 місяців тому +1

      Thus Signal is shit re privacy by having to give your phone number- it totally negates so called benefits.

    • @roflchopter11
      @roflchopter11 9 місяців тому

      @@brunoterlingen2203 kind of. Even generating one random number and having you use that has this problem, unless each person you talk to finds you with a different unique number.
      Phone numbers are extra bad, because they are a common identity proxy in all facets of life.
      Signal is still very secure and pretty private, but it is not anonymous.

    • @xchronox0
      @xchronox0 6 місяців тому +3

      Yeah that's why I never understood people constantly advocating and trying to get me into telegram.
      Sure it's not discord. But telegram requires my phone number, constantly broadcasts the last time I even clicked on the desktop app or looked at the mobile app, and then there's the read receipts. It felt like the more someone was trying to convince me to use telegram, the more of a stalker they were.

  • @mx338
    @mx338 Рік тому +10

    You can absolutely verify the code running running in your browser, and therefore you can verify if your PGP/GPG key is generated client side and then only sent to Proton Mail in encrypted form.

    • @laputa2195
      @laputa2195 Рік тому

      Yeah, that seems obvious, I was wondering if he meant something else but then I'm not sure what that something else might be?

    • @masterTigress96
      @masterTigress96 10 місяців тому +1

      Yes but you hit the nail on the head in your first sentence:
      You can absolutely verify the code running running *in your browser*
      I cannot easily deduce what happens on the backend/server side of things. On top of that, as someone else pointed out in the comments, even if you use an open source product (which Proton mail now is), how do you know that the code in the repo is the code that is running in your browser/front end/back end?

    • @knufyeinundzwanzig2004
      @knufyeinundzwanzig2004 8 місяців тому +1

      @@masterTigress96 Well if it's not backend you could just compare the open source code and the stuff you got

  • @saitamagotchi44
    @saitamagotchi44 Рік тому +8

    Proton seems like the happy medium between privacy and convenience, so long as your not the tallest nail or low hanging fruit your probably not worth the governments time.

  • @razorednight
    @razorednight Рік тому +18

    People used to say that email was like a postcard, readable by anyone who handled it. Now, it's like a letter in an unsealed envelope. Super-secure email is like a letter in a sealed envelope: the people at the sorting office know how to steam it open without leaving a trace.
    Of course you can write your letter in code, so it's unintelligible to anyone who can open the envelope. But the envelope still has postmarks/franking, a return address, you've left your fingerprints all over it. You can wear gloves while handling the letter, use a remailing service, but can you be sure that you've covered all your bases? No, you probably can't.
    What matters is WHO you're trying to hide stuff from. If it's a nosey neighbour or jealous partner, they probably don't have the wherewithal to conduct a forensic analysis of your mail. But if it's a government or other serious organisation on your case... you should look into alternatives to the mail.

  • @pauls5745
    @pauls5745 Рік тому +4

    with messaging apps being more secure, I can't remember last time I actually wrote an email. I basically just have an email address for purchase receipts for online shopping and website sign ups

  • @AshnSilvercorp
    @AshnSilvercorp Рік тому +8

    probably a good thing to note how web-based FOSS programs don't always have proof that you're using the version containing the code publicly available.

    • @kj-marslander
      @kj-marslander Рік тому +2

      I didn't think about that before, thanks, now I have another thing in my list to worry about lol.

  • @christophersoutherlin2631
    @christophersoutherlin2631 8 місяців тому +12

    No. Email is an ancient technology. Email will always use port 25, which is unencrypted. ProtonMail may encrypt your email, but port 25 will leave a rabbit trail directly to your contacts. You'll be discovered via your contacts. So, there is no privacy in email.

  • @fosres
    @fosres Рік тому +5

    Love your channel and how honest you are! Please make more videos like this!

  • @Zippy_Zolton
    @Zippy_Zolton Рік тому +11

    You're literally part of my pipeline to privacy-conscious in that image at the end LOL I use a hardened Firefox cuz of you (although I am having a severe memory leak issue with it that I have no idea what's causing it yet [EDIT; it was a CSS theme causing the leak LOL])

    • @SomeRandomPiggo
      @SomeRandomPiggo Рік тому

      Librewolf?

    • @Zippy_Zolton
      @Zippy_Zolton Рік тому

      @@SomeRandomPiggo no I would've said a branch if I was using that

    • @kj-marslander
      @kj-marslander Рік тому

      @@Zippy_Zolton They're not asking if you use Librewolf. They're suggesting to use it.

    • @cjmoss51
      @cjmoss51 10 місяців тому

      Waterfox is better in that regard. Operates on the same code stack as well so you can still use the same plugins.

    • @Zippy_Zolton
      @Zippy_Zolton 10 місяців тому

      @@cjmoss51I'm sure it is, but I am currently sticking with Nightly Firefox

  • @jb_lofi
    @jb_lofi Рік тому +7

    Honestly, PGP/GPG is _not_ difficult or complicated at all. It takes only a few moments with our friends Alice and Bob and you'll educate all but the most technologically challenged. The hard part is finding other people who'll use it, leading to a feedback loop where eventually even privacy/anonymity focused folks give up on it; and that's why if there's one thing I disagree with in this video, it's how Eric constantly refers to it as if it's monstrously complicated, thus dissuading people who might be inclined to give it a try from even looking into it. If you've sat down long enough to install Linux and even learned how to use it, you can figure this stuff out. Believe me.

  • @SvalbardSleeperDistrict
    @SvalbardSleeperDistrict Рік тому +26

    One thing I want to point out is that governments aren't the only party that one should want privacy and protection from. For each case of a government using online services and platforms to gain info on activists, whistleblowers, etc, there is one of corporate entities doing the same. Also in many cases, governments pursue whistleblowers, investigative reporters, etc on behalf of corporations, e.g. the Steven Donziger case.

    • @squirlmy
      @squirlmy Рік тому +3

      I agree completely with your main point, but I don't know if it's fair to call a corrupted judicial system "government working on behalf of corporations", specifically the Donziger case. The line gets a bit blurry, but it's still corporations and their money corrupting the system. usually individual judges. I wouldn't call that "the government".

    • @SvalbardSleeperDistrict
      @SvalbardSleeperDistrict Рік тому +1

      @@squirlmy Yeah true, I was typing "governments" while thinking "states" there.

    • @AntiCookieMonster
      @AntiCookieMonster Рік тому +4

      ​@@squirlmyWhat? Government isn't government when it's local and corrupt?

  • @th3king321
    @th3king321 Рік тому +3

    You gain a subscriber, the way you explain / edit and the quality looks insane effort i wish you be one of the largest youtubers on tech and related topics ❤

  • @ChronicNewb
    @ChronicNewb 8 місяців тому

    You talk with a similar inflection to my childhood best friend’s mom. It’s oddly comforting.

  • @CentreMetre
    @CentreMetre Рік тому +6

    I had complete forgot about the proton mail french activist thing, and i recently made an proton email for crypto just to seperate it for my other ones, im glad i found this after and watched all the way through, you explained it very well, good video

  • @Jordan-hz1wr
    @Jordan-hz1wr 5 місяців тому +2

    I know we all have an anarchistic bent about us, but Proton is meant to provide an alternative to surveillance capitalism NOT lawful subpoenas. They *must* comply with their laws if they want to stay in business. People that think they ought not are simply mistaken about what Proton's stated mission is.

  • @Doofus171
    @Doofus171 Рік тому +9

    Swiss laws for privacy are the strictest in the world. Only a Swiss court with a legitimate court order can do anything to Proton. This is why Swiss banks are the popular choice for the wealthiest on the planet. Which makes using Proton Mail the best choice as well. Swiss laws make it so no companies have to comply with outside jurisdictions. Proton doesnt have to comply with any request or any legal action that isnt from a Swiss court ... and Swiss courts dont listen to outside jurisdictions (unless something is a direct threat to the Swiss people).

    • @zhang-boyu
      @zhang-boyu Рік тому

      *a direct threat to the Swiss people* - like Russians😂

    • @rullebullerdmule6703
      @rullebullerdmule6703 Рік тому

      ​@@zhang-boyuHaha, exactly.. "Neutral" Switzerland has implemented more sanctions against Russia than the EU itself but not a single sanction against Izrael. 🤔
      Also, the world's most influential psychopaths meet every year in Davos to discuss how to proceed with their manipulation of world affairs, completely against all the democratic values and processes they claim to stand for while at home in their "sovereign" nation states.😏

  • @MalevolentAB
    @MalevolentAB 11 місяців тому +1

    I mainly use proton for the aliases so that when an alias of mine gets hacked, i can recover my accounts under that alias, switch those accounts to a new alias, and delete the old unsecure alias. My emails use to get hacked a lot so an alias attached to my main email just makes me feel more secure.

  • @Bunstonious
    @Bunstonious Рік тому +2

    My issue with proton is that it's very expensive for personal use if you want a custom domain for your family, this is the sole reason I don't use it.

  • @placek7125
    @placek7125 6 місяців тому +1

    6:53 oh deamn, what an ABSOLUTE CHAD

  • @lilmsgs
    @lilmsgs 10 місяців тому +2

    I'm trying to change my email provider to more safe/secure. I am not concerned about govt snooping, I am fearful of data breach access to my online emails that contain a lot of very sensitive info. Financial, etc.

  • @YannMetalhead
    @YannMetalhead Рік тому +2

    Kind funny that people expect companies to not comply with the government's requests. If they don't comply they can have their business shut down or go to jail.

  • @Knards
    @Knards Рік тому +2

    Proton mail, as compared to google, Yahoo and or Outlook mail, is like a messiah is to a religion. Its the best you can get. But, as noted, it is only encoded end to end if you are sending proton mail to another proton mail address

  • @aureliogutierrez9195
    @aureliogutierrez9195 Рік тому

    Encrypt your text (hard as you wish).
    Convert birary to Base64.
    Paste into any email.
    Send.
    -
    Copy base 64 of the email.
    Convert base64 to binary
    Decrypt the binary.
    Read.
    -
    Just encrypt it by yourself. Send you public keys, protocols, and decryptors in "creative and secure ways."

  • @jesse7631
    @jesse7631 Рік тому +2

    I used PGP many years ago, and I recall how difficult it was to set up and get going.

    • @blackbeast9268
      @blackbeast9268 Рік тому

      Read the bible kid, even if you don't like candy it's useful to learn it

    • @Darkk6969
      @Darkk6969 Рік тому +2

      It has gotten alot better these days. Thunderbird automatically handles the keys without installing some add on.

  • @d34ddud3
    @d34ddud3 11 місяців тому +5

    Showed your bias from the start, had a clear primary point to make supported by a multitude of secondary points and logical conclusions which you even described some potential outliers for. I genuinely appreciate the no bullshit perspective of the video and found it to be incredibly informative and grounded. I am now even more convinced than I was before that Protonmail is right for me, and I now feel properly informed about the strengths weaknesses of the particular company, and the general service as a whole. Thank you.

    • @shishibone
      @shishibone 11 місяців тому +1

      came here for comments like these to be honest. so called "privacy experts" are just shitting on proton for no real reason other than that it was a small company that got big. I trust proton with my data no matter how sensitive. the only downside is that you have to pay up lol

    • @d34ddud3
      @d34ddud3 11 місяців тому

      @@shishibone yeah, the cost is unfortunate. Though I am glad they have options to pay for just the services you want. I'm finding I quite like their password manager.

    • @shishibone
      @shishibone 11 місяців тому

      @@d34ddud3 i agree. I first was sceptical about password managers as i just didn’t use them and it was weird coming from Firefox default login saves. But since I started using it (included in my visionary plan) i think it’s really neat to have my passwords synced between my phone and computer. As i tend to forget some logins quite often

  • @JonathanSwiftUK
    @JonathanSwiftUK Рік тому +23

    You're definitely not simping for Microsoft, you didn't even cover Hotmail, Live or Office 365, which is bizarre.

    • @marcogenovesi8570
      @marcogenovesi8570 Рік тому +10

      He did in his original video, it was the first or the one after it

  • @pabloqp7929
    @pabloqp7929 Рік тому +6

    GPG doesn't need to be CLI only. There are GUI apps like Kleopatra that make it really easy 🎉

    • @Antek1234l
      @Antek1234l Рік тому

      Lol I once reccomended Kleopatra to someone and he wasn't able to figure it out

    • @pabloqp7929
      @pabloqp7929 Рік тому +3

      @@Antek1234l lol yeah I mean it's not for everybody, but it makes 'the thing' easy for anyone invested

    • @Antek1234l
      @Antek1234l Рік тому

      True, I agree, it's much easier than cli version

    • @SuperTort0ise
      @SuperTort0ise Рік тому +1

      ​@@Antek1234lI actually found kleopatra more confusing than cli lol, the gnome one is good, but I use kde so gtk apps look worse, I'll stick with cli.

    • @Antek1234l
      @Antek1234l Рік тому +1

      Yeah, everyone has different preferences, some programs are just better as a cli tbh

  • @GnuReligion
    @GnuReligion 7 місяців тому +10

    It is hard to teach the use of PGP/GPG to people who do not know what a file is.

  • @mx338
    @mx338 Рік тому +5

    E-Mail is not inherently insecure, if you manage your own S/MIME or PGP keys, you have real end to end encryption. You can even use POP3 to collect your mail so it isn't permanently stored on the server.
    The advantage of Signal is that it is easier to use, so your peers bad security practice is less likely to get you into trouble.

    • @frfrankie23
      @frfrankie23 Рік тому

      You mean IMAP, not POP3

    • @moetocafe
      @moetocafe Рік тому +1

      No, he meant exactly pop3 and not imap.

  • @Bhethar
    @Bhethar Рік тому +9

    I think there’s a rabbit hole when you get in to privacy products. I want privacy from the private sector and criminals. I have no expectation that I can have privacy from the government 😂

    • @somethingelse9228
      @somethingelse9228 Рік тому

      But what if government themselves turn into criminals?

  • @Lambda.Function
    @Lambda.Function 9 місяців тому

    I'm a security nerd. I used to run my own email server but you can't get people to use PGP. I've been a ProtonMail visionary supporter since the beginning. It's the only service I'll use now.

  • @jsalsman
    @jsalsman Рік тому +9

    Excellent subject matter explainer, top class!

    • @EricMurphyxyz
      @EricMurphyxyz  Рік тому +4

      Really appreciate it!

    • @sguptzz
      @sguptzz Рік тому

      how you are verified with so low subs

    • @jsalsman
      @jsalsman Рік тому

      @@sguptzz it's a stupid Google+ thing from 2011.

  • @LloydChristmas-vx2wh
    @LloydChristmas-vx2wh 3 місяці тому

    I'm loving Proton email and calendar right now.

  • @splitprissm9339
    @splitprissm9339 Рік тому +1

    With true client controlled end to end encryption (which CANNOT be the case for metadata with inter-provider email, except maybe if you are literally sending them just a webpage that decrypts the message client side) - as you explained earlier about pgp), no need to trust the provider. For any other case: If the provider is in one sort of country, they can be legally compelled to give what they have to law enforcement. In the other sort of country, you cannot legally compel the provider to adhere to what they promised you.

  • @driptcg
    @driptcg 5 місяців тому

    Thanks for the thoroughness and the provided context

  • @_SYDNA_
    @_SYDNA_ 6 місяців тому

    I route Proton mail through my own domain name. When I set that up Proton required/suggested that I install a PGP key at the domain server via DKIM parameters. Your email will work without it, and its a pain to install at some domain providers, but it works, and Proton gives you a tool to test whether you've successfully set it up. I like that and that part of the pgp seems to work from that point forward. Yes if you send something to an email service owned by a company in silicon valley then, yes, there's probably a risk of getting cancelled depending on how based your beliefs are.
    If you're really worried, you can always use Proton's secure function which open's an email taken out in a protected environment using a separate password.
    Not an expert but that seems like a good solution for things like ssn's or your next great invention.

  • @CommandoBlack123
    @CommandoBlack123 Рік тому +2

    I didn't watch the video yet. Answer:
    No you can't. They will randomly close your account and you are SOL. They are unreliable

  • @xCrossBite
    @xCrossBite 8 місяців тому

    Write message in notepad, Zip it and password protect it, then email it as attachment. Then send a hand written letter to the recipient with the password. Easy!

  • @CommsGuy
    @CommsGuy 9 місяців тому +1

    One reason I changed from gmail was I noticed they would go through my emails and create calendar entries from them. A family member sent me their travel itinerary and I started getting calendar notifications for flight times. Confused, I went through and found the entries matched up with the flight times from their travel details.
    But I've now noticed that Proton is doing the same thing. Work emails come in and now there are calendar entries. I don't like this at all. Clearly their systems are going through the emails to some degree.
    Proton has also really slowed down for me over the last month or so too.

    • @andre1987eph
      @andre1987eph 4 місяці тому

      Google is probably getting the flight info from other apps on your phone such as your browser search website activity etc. Even your "Notes" App.

    • @CommsGuy
      @CommsGuy 4 місяці тому

      @@andre1987eph That's possible in other cases. In this case, it was emails sent to me. I had no browser history/searches/etc.. or notes. There really was nothing else apart from the emails as they weren't my flights and I had no idea about them.

  • @andresdelapena1285
    @andresdelapena1285 Рік тому +1

    OWASP principle: don't trust service providers or "trust but verify". It's out there on a manual. It is simply not logical to think of service providers as invulnerable.

    • @terrydaktyllus1320
      @terrydaktyllus1320 Рік тому

      Technically you're correct but it comes under the broader banner of "zero trust" across an entire environment, not just within the bounds of application security.
      For example, it's estimated that around 80% of cyberattacks come from within an organisation through normal users of the system - and therefore zero trust treats users as equal to outsiders in terms of the security model you deploy to control what they do.

  • @eliasbinde2629
    @eliasbinde2629 5 місяців тому

    Honestly I’d prefer a service that is completely honest about these things, telling you: we can’t make it perfect but these are the things we can do

  • @toster41
    @toster41 Рік тому

    Hey Murphy !
    I found myself recently wondering a lot about my privacy and the future of all of ours.
    It's pretty great what you do, and the shout out to Snowden won me over, cheers.

  • @libbyd1001
    @libbyd1001 Рік тому

    Cool. I’m glad Kermit found a voice-over gig. Nice.

  • @michaelcorcoran8768
    @michaelcorcoran8768 3 місяці тому

    I think they have some. I don't know shady tactics for upselling and they also have some complications where if you try to downgrade from a paid account to a free account. The amount of horror stories I see of people that have a paid account and then want to switch back to a free account or they have a paid VPN but they don't want it anymore but they lose access to their free email account.

  • @shadowtabbys
    @shadowtabbys 10 місяців тому +1

    I LOVE PROTONMAIL!!! Better then google and live accounts.

  • @Solizeus
    @Solizeus Рік тому

    Proton is my second email, the "private" one, while gmail is the public one, i did it more because i didn't want google to have just everything, so i branched a bit

  • @kurt120032002
    @kurt120032002 4 місяці тому

    I am just now looking to start using Proton, and to be fair, Government should be able to ask to see data based on a a judge decion, not anythime they feel like. For me, I don't do anything illigal, so I am not necesarely afraid of a judges, but I do want an alternative to Google. I understand that if you want to be as secure as you can be, you need to run your own infrastructure, but for now I am looking basically to not depend on google for e-mail and storage.

  • @max_ishere
    @max_ishere Рік тому +2

    Govt goes to email providers asking for a criminals inbox. Finds spam and password reset forms. Lol.

  • @SnLeo-zx6qy
    @SnLeo-zx6qy Рік тому +7

    Please, make a video about tempest search engine and browser.

  • @danielhoglan3468
    @danielhoglan3468 10 місяців тому

    This video is 100% spot on. Email could have been made secure, but it wasn't. Truly secure email with end to end encryption, requires that both ends have the tools to encrypt and decrypt. This is why protonmail to protonmail communications are secure in as much as you can trust protonmail. Even perfectly executed, if there were vulnerabilities in the encryption methods that the agencies were aware of, it wouldn't be made known to the public. I'm also not sure how far they've come with quantum proof encryption they've come, but that's an issue too. Then there's the idea that the agencies are storing information that they aren't able to decrypt today, because one day they will be able to. So current encryption methods that aren't quantum proof, that they can't read now, they likely have and will be able to read in the future. The scope of that goes way beyond email.

  • @RemotHuman
    @RemotHuman Рік тому +2

    even signal has the same problem of setting up your encryption for you. the app is open source but the desktop app updates like every day, are you really going to check the binaries match the open source version? Or do you trust google play to send you the right program and not spy on you? hopefully you could verify the binary of the open source vs local copy, but most people don't know how to do that. I mean that's still better than web apps but theres still a slight problem

  • @ahuman4061
    @ahuman4061 6 місяців тому +2

    id rather the government have my info then the government and google

  • @Grunfeld
    @Grunfeld Рік тому +1

    Good video, thank you. Good graphic at 16:35

  • @sabai111
    @sabai111 5 місяців тому

    It's all about TRUST... everywhere!

  • @SuperCartoonist
    @SuperCartoonist Рік тому +1

    My email been compromised before I was even born.

  • @youcefg9760
    @youcefg9760 Рік тому +1

    A similar video about proton VPN would be great!

  • @inspectorchicken
    @inspectorchicken 2 місяці тому

    It's one thing to mistrust a service or a provider if they really encrypt how they say. But at least with a commercial provider you've got a mutual binding contract and that helds someone liable to encrypt your email. On the other hand, you still got to prove they didn't in case of a breach. Buy when you said "it's convenient" what most people really want by paying someone besides convenienceis liability.

  • @Zinnshady
    @Zinnshady 11 місяців тому

    I dont care about the government (technically speaking I am government), I just want to avoid hackers. Im not super literate when it comes to software and network stuff, identity theft/having my finance accounts robbed are things that keep me up at night.

  • @goretex101
    @goretex101 Рік тому

    Thanks for the video. I only want to use it for advertising trackers. I get ads inside Google email and when using Chrome it's just a treasure trove of targeted promotions. If I can avoid most of that I feel it's worth the money.

  • @StyleshStorm
    @StyleshStorm 7 місяців тому

    This guy is to the point and secretly has ASMR energy.

  • @kkulist
    @kkulist Рік тому +1

    my only gripe with protonmail is that they keep trying to charge me for service i cancelled years ago. i don't have an opinion of their service one way or another, i just want them to stop trying to take money from me when i haven't used it in almost 5 years now rofl

  • @tedrice1026
    @tedrice1026 Рік тому

    If you really must send secret messages over the internet, you need to encrypt them offline on a small computer that is kept locked away and NEVER connected to the internet and the recipient needs to do the same. Use one time pads that were hand delivered. Then you can send them over any email service, but an encrypted one like Proton Mail provides you with another level of protection. However, governments will still know you sent an encrypted email and will have access to the big data.

  • @sofiacaldas6280
    @sofiacaldas6280 6 місяців тому +1

    Thank you so much for your channel..
    What are your thoughts about Calyx Institute and Hotspots?

  • @DeadBaron
    @DeadBaron 10 місяців тому +1

    The only way to send and receive emails securely and get away with it, is to host your own server in your basement, and be a high level democrat from a certain famous family, then it gets completely ignored even when the rest of us would be in federal prison for the classified content that was being hosted.

  • @TheProtonSpinner
    @TheProtonSpinner 11 місяців тому +1

    Protonmail handed over specific data on certain users after being ordered to by the Swiss courts after being petitioned by the US. So, if you have Uncle Sam actually going to a Swiss court to obtain a warrant for your email, you've really screwed the pooch.

  • @DefeatedInk
    @DefeatedInk Рік тому

    I don't care what people say. I've been using Proton for a while now, and I'm completely happy with it.

  • @Green-Tomatoes
    @Green-Tomatoes Рік тому +5

    i believe in protonmail

  • @D.von.N
    @D.von.N 7 місяців тому

    This is an excellent overview. I tink I'll buy a few pigeons. Or no, crows, training them like pigeons. I just hope they won't read my secret messages, crows are too clever. But nobody would suspect crows delivering secret mssages, right?

  • @JeriDro
    @JeriDro 6 місяців тому +4

    nothing is safe online

  • @downrightlefthiill8081
    @downrightlefthiill8081 7 місяців тому

    Damn, that one news you flashed on the screen is more than enough to make me NOT make a protonmail account 😂💀

  • @Viral757_
    @Viral757_ 11 місяців тому

    Yes, you should trust it just as much as you trust your spouse. ☘☘

  • @setoman1
    @setoman1 7 місяців тому

    Proton is not perfectly private, but it’s better than anything else out there, including Tutanota. Proton Visionary here.

  • @ManInSombrero
    @ManInSombrero Рік тому +1

    I trust only my post pigeons. Are they fast? No. Are they secure? Yes, and I take this trade-off any day.

  • @whokilledkenny1522
    @whokilledkenny1522 Рік тому +1

    Not sure why people choose to rely on services like email if they’re that highly skeptical

  • @youarethesaltofearth
    @youarethesaltofearth Рік тому

    That video have been circuling in my recommendation for 3 years