final
My favorite quote from that blog post:

No matter what service you use, unless it is based 15 miles offshore in international waters, the company will have to comply with the law. The Swiss legal system, while not perfect, does provide a number of checks and balances, and it’s worth noting that even in this case, approval from 3 authorities in 2 countries was required, and that’s a fairly high bar which prevents most (but obviously not all) abuse of the system. Under Swiss law, it is also obligatory for the suspect to be notified that their data was requested, which is not the case in most countries.

Out of curiosity, does Posteo specify which country's jurisdiction they operate under?

    zzz
    Yes, it is Germany (hence the .de in Posteo's domain)

    • zzz likes this.
    • [deleted]

    • Edited

    How does Proton to be zero-access, unlike Posteo ? How do they manage to not be able to read the incoming messages in real-time ? Why doesn't Posteo upgrade to be zero-access ?
    Proton decrypt the emails client-side, unlike Posteo ?
    You said

    Posteo isn't transmitting the encrypted mailbox to you, why do you think using any email client Bworks?
    So this is not the case with Proton ?
    (Sorry @final I asked too much questions because I did not understand well becauae I was tired but your answers are insanely great. Thx.)

      • [deleted]

      It is because Proton's encryption works like Posteo's encryption on entry with PGP ? Activate it for Posteo provides the same level of privacy/security as Proton right ?

        [deleted] Why the fuck dooes posteo do not do an app...

        Because it's a cheap service.
        The saying "you get what you pay for" isn't always the case, but when it comes to Posteo vs. Protonmail, in my opinion, it is. Posteo will cost you a lot less money, but will provide you with a clunky third-party web interface that is rarely updated, and no end-to-end encryption. Last time I checked, and correct me if I'm wrong and if this has been improved, you can also buypass Posteo's 2fa simply by connecting it to a third-party client over IMAP.

        What I don't like about Protonmail is that it requires you to upgrade to the most expensive plan to get more than one custom domain. The Unlimited plan is expensive if you simply want their mail service, and not their VPN etc. in addition.

        (Apparently I don't have permission to edit my own posts).
        Edit: If you do go with Posteo, I recommend using it with a third-party app with good spam filtering. This is because their own filter is complete and utter crap: if one of your email addresses gets leaked in a beach or something, expect spam to appear regularly in your inbox. Posteo does not even provide you with a spam folder, so if you suspect a legitimate email has been stopped by their filter, you have to contact customer support to get them to check.

        I realize this is a lot of ranting about Posteo's negatives. But I do believe that for their price they offer an OK experience. It just doesn't cut it for me personality.

          • [deleted]

          Thanks. I never had any problem with spam with Posteo. I just had to to block one email address in 2years

            [deleted] How does Proton to be zero-access, unlike Posteo ? How do they manage to not be able to read the incoming messages in real-time ? Why doesn't Posteo upgrade to be zero-access ?
            Proton decrypt the emails client-side, unlike Posteo ?
            You said

            Posteo decrypts the mailbox on their servers when they are used and accessed by an authenticated user. When you use ProtonMail the mailbox is sent to you as encrypted and then decrypted on your machine, this means that Proton cannot see the contents of your mailbox at all even when you are authenticated

            This is also why ProtonMail and Tutanota which do zero-access require it's own special apps and cannot use a normal mail app. They need their own app to allow support decrypting the mailbox after downloading it. If you are wondering how it would work for Webmail, ProtonMail decrypts the mailbox via JavaScript run on your browser to my knowledge.

            Relaks I realize this is a lot of ranting about Posteo's negatives. But I do believe that for their price they offer an OK experience. It just doesn't cut it for me personality.

            I would love Posteo more if they provided DMARC policy, considering the only limits on Posteo otherwise would be the interception issue, but that is outside of even my own threat model. To fix it they'd have to cut support for third-party clients, which can be useful to some. Their price is very good and the privacy policy is extremely solid (payment information is handled way better than Proton is, imo) but that's what drops it down for me. I find Posteo to work a lot better for a Tor network user not involved in suspicious activities or who wanted an email to register accounts but not communicate through it... but thats about all I can think with it.

            I mainly use Proton for the custom domain support, better email policies and because I use their VPN.

            [deleted] It is because Proton's encryption works like Posteo's encryption on entry with PGP ? Activate it for Posteo provides the same level of privacy/security as Proton right ?

            ProtonMail stores the mailbox with standard encryption (AES??) set-up so that Proton cannot let the contents be decrypted on their systems, nor would they ever know the keys to decrypt said mailbox. Posteo also store the mailbox this way, but decrypt the contents on their systems when accessed by the user (this is the flaw).

            The PGP in Posteo and ProtonMail is used for end-to-end encryption between emailing one user to another. Using PGP or another end to end encryption method for emails will make Posteo unable to read the contents during an interception, and would make Proton unable to see incoming emails from services that aren't Proton's. Posteo makes you do it manually in all cases, while ProtonMail automates the PGP encryption for you on their service, this is why emailing another ProtonMail user is automatically end-to-end encrypted.

            Big issue with PGP is it isn't well designed, you have to manually do the key transfers between others before communicating on the Email platform. PGP encryption has to be done with consent of both parties, which is practically impossible for emails from a company, and is less possible since most people just won't spend their time learning how to make a key and do it themselves. This is again going back to where there is a big flaw with email not being end to end encrypted.

            While ProtonMail mitigates this by automating the PGP encryption/decryption process, it is only just a small patch fix for a variety of issues email has entirely, since not everybody uses ProtonMail or PGP

              [deleted] It's important to note that Proton is only "zero-access" or "zero-knowledge" so long as they want to be. It's technically possible for them to change their client code (the code loaded into your browser or app and used to decrypt your private key using your password) at any time to make it exfiltrate your key, and then use your stolen key to decrypt any messages in your mailbox which have been encrypted with the corresponding public key. In a typical setup where the user has only generated and used one key pair, this probably means all of them.

              An attack like this was recently used on a Tutanota user, where law enforcement compelled Tutanota to modify the client code served to a particular user suspected of being involved in criminal activity, and they were able to retrieve the key and subsequently access the user's messages. Proton claims this type of attack is not permitted under Swiss law, but if you're an at-risk person trying to use strong encryption, you probably shouldn't rely on one company's interpretation of the law to keep you safe.

              Proton is not a magical vault for your email like their marketing might suggest; they use PGP under the hood and their implementation suffers from all of the same security drawbacks as using PGP in an ordinary mail client: Subject lines, attachment names, sender, receiver and date metadata are not encrypted, there's no forward secrecy (stolen key = access to all messages), and worse, you can't store and manage the keys offline on a trusted machine. You have to trust the JS code loaded from a Proton server each time you want to access your mailbox.

              Posteo does server-side encryption of individual mailboxes, which means the key can be more easily stolen while you're logged in, but data is still protected from passive attack while you're logged out.

              Overall, both companies likely do more harm than good: They promote the idea that email can be made secure and private by bolting bad cryptography and cruft onto an ancient system, and this hinders our ability to move away from said system.

                final Sorry, but this is misinformation. Proton uses only PGP to encrypt your messages at rest, there is no additional "standard encryption" other than the same volume encryption used by other mail services. When you create your account you generate a public/private key pair client-side, your password is used to encrypt the private key, and both are stored on a Proton server. Incoming messages are encrypted with the public key and stored on a Proton server in a similar structure to PGP email in a local client. When you log in, your password is used to decrypt the private key so you can access your mail, and the confidentiality of the key depends on the trustworthiness of the decryption code they serve to your browser or app. This means that they can't steal your password and decrypt the contents of your mailbox only if they don't want to or haven't been compelled to.

                End-to-end encryption within ProtonMail also depends on the same trust in their JS code which can be surreptitiously changed by them. In all cases, Proton or an attacker can at any time access various unencrypted data and metadata such as subject lines, sender, receiver and date headers, and attachment names. Only the message body and any attached files are encrypted.

                The fact that so many people hold these misconceptions is evidence that their marketing is working well and giving users a false sense of security, and they should be condemned for that IMO.

                  418357 Can't edit the above post anymore, but there is some ambiguity I'd like to correct. Where it reads "When you create your account you generate a public/private key pair client-side, your password is used to encrypt the private key, and both are stored on a Proton server." it should read "When you create your account you generate a public/private key pair client-side, your password is used to encrypt the private key, and both the public key and encrypted private key are stored on a Proton server.". My previous post may suggest to readers that the password is stored on a Proton server, but this is not the case. The password is intended to be known only by you, and used for client-side encryption and decryption, never being transmitted to Proton severs.

                    418357 Sorry, but this is misinformation. Proton uses only PGP to encrypt your messages at rest, there is no additional "standard encryption" other than the same volume encryption used by other mail services

                    Was aware of Proton using an encryption for the mailbox, I was aware of PGP being used for messaging between other Proton users but also did not know that the mailbox was encrypted with the same way, since Proton's website is mainly advertising and less technical details its hard for me to discern - big thanks for this, was not an intentional error by any means.

                    418357 In all cases, Proton or an attacker can at any time access various unencrypted data and metadata such as subject lines, sender, receiver and date headers, and attachment names. Only the message body and any attached files are encrypted.

                    I mentioned this in a reply about privacy policies (post #12) although with how Proton phrases and advertises their product, it gives some people the foolish impression that everything isn't accessible when that isn't sadly the case and you have to read the privacy policy just to get the bigger picture.

                    As for the previous post 418357 (too long, wont quote) - sadly this just shows true but also sad examples that if you are using something tied to an online service, there will always be a chance you will be given up. When it comes to threat models where you are at risk of any service giving you in like this, IMO the best bet would just be to avoid everything capable of collecting identifiable information, or use something where your information wouldn't be at risk and with preparation to cover up if that service ever became hostile.

                    Same also can apply to app developers as for the case in the second paragraph of that post, one bad update or exploitation of the Proton app and you're toast...

                    As for the last parts of the last message, it's agreeable. I've constantly mentioned even in this thread that email is a completely flawed system. It would need to either be redone or replaced with something else entirely. For the most of us, these services are more or less just harm reductive alternatives rather than secure alternatives. I would still rather choose Proton over a standard Email provider and do so in about 95% of my emails. While it is condemnable it's also backed partially by the excuse of the terrible design Email is built onto. Business is business and their advertising is likely what made them successful and able to stay afloat in the first place.

                    418357 Edit was seen only after I posted, thanks and noted

                    a year later

                    For what is worth, I love Posteo, having tried over 20 other providers. IMAP compatibility is a must for me, which automatically excluded Proton and Tuta. I guess different people value different things in an email provider, Posteo's privacy policy, reliability and feature set work perfectly for my needs.

                      AlanZ
                      I've also used Posteo in the past. Since I don't need IMAP, I've started using Proton Mail instead.

                      Have you tried ForwardEmail?

                        wuseman
                        No, I am going to stick with Posteo. The list of my past email providers:

                        1. Yahoo (Yikes!)
                        2. Gmail
                        3. Hotmail
                        4. Fastmail
                        5. Runbox
                        6. KolabNow
                        7. Novo-ordo (another yikes)
                        8. Mailbox.org
                        9. Neomailbox
                        10. Disroot
                        11. Countermail (still using occasionally)
                        12. RiseUp (still using, good, not great)
                        13. Proton
                        14. Tuta
                        15. Autistici
                        16. YANDEX
                        17. Abv.bg (Christ!)
                        18. Ctemplar (for about a week)
                        19. Comcast (yeah, I know)
                        20. Danwin1210
                        21. iCloud

                        So I am all but exhausted of switching : )

                          What about Mailbox.org? They have an option to automatically decrypt the mailbox (including all incoming emails and the sent folder) with your public PGP key, which essentially is the same thing thing that Protonmail does.

                          Protonmail requires you to use their apps on mobile, and their "bridge" on desktop to use it with a normal email client. And their web client uses Javascript to decrypt the emails in the browser.

                          Mailbox.org on the other hand allows you to use any email client that supports PGP (e.g. K-9 Mail + OpenKeychain on Android, Thunderbird or KMail on Desktop) to download the encrypted emails and locally decrypt them on your device, and for the web client they are compatible with the Mailvelope extension to decrypt your emails in the browser.

                          I kind of prefer Mailbox.org's approach as it is more "open" with no requirement to use their app. Protonmail on the other hand is all set up out of the box with no thinking and tinkering needed. I think if Proton would offer their bridge for Android, I would prefer them but until then I'm leaning towards Mailbox.org because of their openness.

                          AlanZ

                          What made you switch away from Mailbox.org, Proton and Tuta?