Nuances of Safety with Encrypted Email

One of the most-clicked articles in Roundup 244 had to do with Proton vs. Gmail. Here are a few additional tidbits of information about Proton’s relative safety.

Justin’s notes
1. I do have a Proton email account for secure communications.
2. I don’t find Proton to be the easiest or quickest website to use, and certainly not appropriate for the volume of generic email I get (e.g. newsletters, general correspondence, etc).
3. For most things, I prefer to be “lost in the daily clutter” of Gmail-based email
4. For some pieces of correspondence, ProtonMail is best.

Have we found the most secure email provider in 2021?”
* ProtonVPN gives you access to Proton Mail
* Can send encrypted emails to non-Proton users that expire after 28 days
* Built in PGP protection encrypts your emails, even at rest on servers

Protonmail review
* “there are assistance treaties to make information available to governments”
* “legal complications are an obstacle, not a roadblock”
* “emails encrypted in a way that makes it inaccessible even to proton mail”

Another Protonmail review
* Strips IP addresses from emails
* BUT: uses phone numbers for verification (so tied to email account)
* AND: does not encrypt subject lines

Protonmail Review 3
* specifically states, “we cannot guarantee your safety against a powerful adversary”

Proton is a great encrypted email provider. However, as with all emails, from/to/date/subject can be known and tracked. And, if the email crosses a router that doesn’t use SSL, the meta-information will be public even though the contents of the email will be encrypted.

For me, the far bigger issue is not which email provider you use – for most missionaries, I can barely imagine Google giving over user information to another government, IMHO. The bigger issue is the physical safety of the devices you are using to access and store email. It’s a lot easier for any given government or player to simply seize and interrogate the devices than to try to get Google to give them information about you. As far as I can see, the former risk is often severely underestimated, and the latter risk is often over-estimated.

Additionally
How to keep Google out of your Gmail discusses a bunch of the nuances.
… one thing to clear up: Google no longer scans your email for advertising …