Oddbean new post about login | logout Protonmail & Monero both have the motto of "Privacy of Default" The difference is that if everyone used Proton, It would be centralizing the metadata to a single legal entity that responds to requests, and controls the web app’s password prompt. While as if everyone used Monero, well... privacy by default
Which web apps password?
The run a website which serves you the password prompt. Do you inspect this source code every single time you login?
Its like any other service. Nothing special here.
Do you check every Nostr relay you use, do you check every VPS you use? Do you check your ISP which data they use?
Yes it's like any other web browser app, so you shouldn't be using web apps. We encourage people to use CLIENTS. Nostr clients interact with relays in a way that assumes they are hostile. The relay can't see the password. While as protonmail is purposefully pushing people to their web app, because thunderbird or normal email clients don't work. PGP should be done on the end client, not kept in the cloud.
YOU WOULDN'T upload your bitcoin private key to an exchange SO WHY WOULD YOU upload your pgp private key to an email server
Protonmail is another concept, their concept is build on how to make it super easy for customers. That's it. Even a client can be a problem, that has nothing to do with an web app etc. You also can't never be sure what is really running on an infrastructure. You can never be sure as customer when you buy a email installation service from someone that the someone doesn't install shitty. As you see we have the problem everywhere and there is absolutely nothing special with Proton.
I am being respectful to educate you, but it's possible this conversation could go downhill if you continue to fail to understand the concept. Would you agree that a Nostr client is different than inserting your private Nostr key into a web app text box? If you are capable of understanding this, Then how do you not grasp that PGP on your end client, is radically different than inserting the PGP private key into a web app text box?? Protonmail is propaganda, changing the definition of end-to-end. It’s end-to-cloud.
You educate me? JFC I know what you mean or what you try to say but still there are some things wrong. But we do not have to argue here because it seems to be senseless.
Is proton better than gmail? Yeah do we need perfect? no. something is better than nothing I’m just saying I’m trying to promote decentralization, people on smaller servers doing email. If proton is encouraging people to only use their app, which doesn’t translate to real clients, it encourages centralization. Especially if one can't use external PGP with them, unless it's literally copy pasted as text We all want the same things, just disagree over what’s the best way to do it. I appreciate your time regardless
I agree, but how does a private email provider compare with a private cryptocurrency? How is that a relevant comparison? Just curious about the logic of using that as the comparison haha
logic is to point out that proton encourages centralization and they are not doing "real" PGP
What email apps to you suggest for those that would roll their own? Can you suggest a solid email stack for a debian/ubuntu server? Is there a tool you like for pgp on the client?
For the email setups we do for customers, it’s Debian OS, FOSS Mailu on the backend, and any client can be used such as Thunderbird which has PGP. K9 for android. Also we put on the VPS the web client SnappyMail. Having a web client is less of a big deal IF you’re running the VPS. SnappyMail is a hell of a lot faster to load than Proton, and the tools are decent. If you want guidance on the setup, where we have no access and just tell you commands, we can do that as well, https://simplifiedprivacy.com/email-cloud-combo/index.html
Question is do we trust ETH?
trust it for what? private payments, no metamask, no but for DNS or apps, maybe. would have to see the use-case