foxjaw And beware that proton can write anything in their blog. As long as they don't back it up, we're never sure. Their backend is closed source.
That doesn't really mean anything. The same could be said about any website.
What's your source for your last sentence?
de0u Beware that anyone can write anything anywhere at anytime. As long as they don't back it up, we're never sure.
Whether encrypted or not doesn't matter, as long as the underlying service controlled by Google themselves.
Whatever you see in the notification, Google sees that too.
Is that the case? Proton says that their "notification servers always encrypt the notifications they send, and the Proton Mail client decrypts these notifications locally."
Would be interesting to know what exactly Google sees of this...
Murcielago Beware that proton can write anything in their blog. As long as they don't back it up, we're never sure.
Notification theft by google & apple might be claims. But not just this, there are a lot more reasons we're trying to move away from them. The whole concept of "We provide privacy with atmost care" is not to be believed, the only reason being they're not FOSS. Notifications are never encrypted on both Android & Google. On top of that utilizing GSF for push notifications is another red flag. I can't give any more reasons than these.
foxjaw A personal opinion is as reliable of a source as Wikipedia. There's a reason why Wikipedia is not an approved source for information when writing a paper for school...
You don't have to take their word - check the GitHub: https://github.com/ProtonMail/proton-mail-android
Phead I'm aware. I was (jokingly) quoting foxjaw in that response.
ErnestThornhill
Apologies, didn't get that.
whew-zee Your concerns, along with the post from akc3n have convinced me to ditch the proton mail app and use Vanadium to access my proton and other mail accounts. So far so good - I realize that I do not get mail urgent enough to require notifications from the mail servers.
Somewhere on this P7P there should be a list of accounts which are known to Firebase Cloud Messaging (FCM which I think is the evil mentioned in
Can anyone point me to where I can delete any FCM linkage to PMail and others? Possibly I need to deactivate it in google services in the main account!?
foxjaw Whatever you see in the notification, Google sees that too.
foxjaw Notifications are never encrypted on both Android & Google.
Both of these statements are not really true.
(Just a note, I don't know about Apple's APN, so I won't comment on that)
FCM is a push messaging service, not a push notification service. When a message / "notification" comes in, the app is woken up and can process the notification and display something. Many apps/services send messages with empty data fields, like Signal. Apps/services can also elect to encrypt data in the data field. It all depends on their implementation.
Given that, an FCM message without extra personal data included will only allow Google to see very basic info, like time and which service is sending the message and to who.
But of course there's the flip side to this. Lazy app developers can just shove a bunch of plain text data into notification messages.
As for whether the apps/services in question really send personal info via plaintext in FCM messages, I really don't know, but I seriously doubt it. I'd suggest you read through the code in their apps that process notifications to know for sure.
I suggest you read through this page: https://firebase.google.com/docs/cloud-messaging/concept-options
You can reason these other aspects like security, encryption, etc all you want, except not answering the main question itself ? Did you guys even read the thread title ?
foxjaw besides the fact email is inherently insecure and unless you're emailing another person ALSO with encrypted email using an encrypted email services is a giant waste of time and nothing more than security theatre, why use them at all if you don't even trust them in the smallest sense? Go use tuta.io if you want cessation from GFM
Read through the first 5-10 posts carefully. The answer to the title is "because". What kind of answer would you prefer or expect from the GrapheneOS community? Unless someone has classified intel from the proton dev team and is willing to share it, we all have to rely on publicly available information which is "because they decided to do so".
Apparently you're well aware of the pros and cons of the current implementation and decided to stay away from it. Good on you! But I doubt the truth will reveal itself by repeating the same paragraphs over and over again in this discussion. In fact, you could reach out to Proton and ask then right away - and let us know their answer.
@N3rdTek I'm already on tuta as my primary mail & I have no issues with push notifications (also have protonmail), despite not having any google services (not even microg).
@Phead I apologise for repeating myself. I did read this thread thoroughly. I hope proton implements their own unified push service. As one of their dev replied on reddit that they're working on it.
whew-zee dont use Protonmail. They try to reinvent already existing things, locking you into their apps.
@missing-root That's a different concern. All cloud services do this. Even tuta too. Not a big issue caz no one's restricting you to use of all their services. You're free to use only certain service & discard the rest.
Yes but if you are forced to use their fancy TLS instead or just regular TLS, you have to use their app.
A normal provider, even with enforced TLS (blocks mails that come without, and servers that dont support it) will work with K9mail or FairEmail
