Sounds like Mailbox.org with encrypted mailbox + K9-Mail + OpenKeychain is the best option then for zero knowledge email hosters.
Why tf does Proton Mail need Google Play Services to show notifications?
- Edited
[deleted] I believe any app shouldn't start on it's own by default. That would clog up the memory. They have to be designed that way & the problem is specific to you. I believe you're restarting your device on the task basis. Do the same with Tuta too. Make it open on restart with something like tasker & you're good to go.
@DeletedUser28 Mailbox.org is not available in all countries across the globe.
Re: proton notifications + tuta
Quote in that comment from a AMA done with Proton last month.
- Edited
@akc3n Tuta was way ahead in this department. Proton is already susceptible to Apple/Google Push notification theft, since they also reveal the mail titles as well as the sender mail, which is very insecure tbh. Tuta solves this through SSE, by hiding it & only revealing that a new message(s) has/have been arrived (with message count), so that even if the notification got stolen, no one would know who sent with what mail title.
Also, check this customer support backlash since 2020, it's hilarious.
https://protonmail.uservoice.com/forums/284483-proton-mail/suggestions/40261009-indenpendent-push-notification-gsf-independet
RRZishe Does graphene have a plan of providing an alternative to Google for push messages? Because I sadly need to use Google for push notifications and it really bothers me.
As previously mentioned, there are a few alternatives already available. You have the unified push which was already mentioned, as well as conversations/jabber & NTFY
I sent couple of emails to Proton developers requesting to implement web socket for the apk available on their website but they don't even bother. So, I switched to Tutanota.
- Edited
And they took these steps in 2020 (right when requested in pm uservoice, which till now they didn't do anything)
https://tuta.com/blog/open-source-email-fdroid
Again a good marketing strategy by Tuta against PM.
- Edited
My workaround until Proton implements its alternative push notification framework:
Profile 1: Owner Profile, Sandboxed Google Play installed
Profile 2: daily driver, degoogled
So that I am notified of incoming emails in Profile 2 (pull instead of push strategy is unfortunately not an option for professional reasons), I have also installed the Protonmail app in Profile 1.
Via "sent notifications to current user" I am immediately informed in Profile 2 about the receipt of an email and can then open Protonmail in the de-googled profile and read / reply to the email without switching profiles.
Not a very sexy workaround, but it works for me (especially because the owner profile is always active anyway).
[deleted]
Murcielago with this approach you are just hiding from the fact that you use Firebase for notifications albeit in an indirect way (by thinking that two different users can not be linked by other personally identifiable activity, network connection or tracking and fingerprinting).
Good point, thanks for clarifying. I didn't mean to say that activities of two user profiles cannot be linked by other measures - I am aware of that problem.
That's why it's just a suggestion of a workaround that might offer the original questioner an idea until Proton implements alternative push notification, if he
- is dependent on push notifications
- can't/won't change his email provider
foxjaw Proton is already susceptible to Apple/Google Push notification theft, since they also reveal the mail titles as well as the sender mail, which is very insecure tbh.
This is incorrect. Please double check your statements before posting.
For Apple users, on each login, the app generates an asymmetric keypair, saves the private key on Keychain, and sends the public key to Proton’s push notification server accompanied by the user’s session ID. This server encrypts every push notification with the public key, and the application extension decrypts it using the private key from Keychain, ensuring that Apple (or an intelligence agency sitting on Apple’s servers) does not have access to the contents of push notifications. Raw push notifications are not persisted on the device for long and are not included in backup. The private key is removed from Keychain on logout, and the public key is not reused across sessions.
https://proton.me/blog/ios-security-model
For Android users, Proton Mail’s push notification servers always encrypt the notifications they send, and the Proton Mail client decrypts these notifications locally. These notifications are never stored on the device.
https://proton.me/blog/android-client-security-model
If need be, an individual could always simply turn off their device's notifications on the lock screen to be more private. That way, someone who picks up their phone won’t be able to see the individual's contacts, message previews, reminders and alerts.
- Edited
@ErnestThornhill It's not about encryption. It's about readability. ProtonMail still relies on Google Services Framework to deliver push notifications. Whether encrypted or not doesn't matter, as long as the underlying service controlled by Google themselves.
Whatever you see in the notification, Google sees that too.
And beware that proton can write anything in their blog. As long as they don't back it up, we're never sure. Their backend is closed source.
foxjaw And beware that proton can write anything in their blog. As long as they don't back it up, we're never sure. Their backend is closed source.
That doesn't really mean anything. The same could be said about any website.
What's your source for your last sentence?
de0u Beware that anyone can write anything anywhere at anytime. As long as they don't back it up, we're never sure.
Whether encrypted or not doesn't matter, as long as the underlying service controlled by Google themselves.
Whatever you see in the notification, Google sees that too.
Is that the case? Proton says that their "notification servers always encrypt the notifications they send, and the Proton Mail client decrypts these notifications locally."
Would be interesting to know what exactly Google sees of this...
Murcielago Beware that proton can write anything in their blog. As long as they don't back it up, we're never sure.
- Edited
Notification theft by google & apple might be claims. But not just this, there are a lot more reasons we're trying to move away from them. The whole concept of "We provide privacy with atmost care" is not to be believed, the only reason being they're not FOSS. Notifications are never encrypted on both Android & Google. On top of that utilizing GSF for push notifications is another red flag. I can't give any more reasons than these.
foxjaw A personal opinion is as reliable of a source as Wikipedia. There's a reason why Wikipedia is not an approved source for information when writing a paper for school...
You don't have to take their word - check the GitHub: https://github.com/ProtonMail/proton-mail-android