ProtonMail takes aim at Google with an encrypted calendar
venturebeat.comI recently left ProtonMail and went back to Fastmail. My reason was that they will never be able to fully support IMAP and now CalDAV because of the encryption they use. I grew to accept that email is not for secure messaging and my paranoia of "I'm being watched" just went away.
If you need secure messaging, use something other than email.
I came to a similar conclusion. You should write every email as if it were public, because it's entirely likely that it will be. They can be forwarded, made public through legal discovery, or exposed in a data breach (eg. Sony/North Korea).
Forget security for a second, imagining every email as public record will make you more considerate and less biased writer. And from a business perspective, email should be viewed as a public legal record, because in some cases it will be used that way.
That's not to say that there shouldn't be private messaging options, it's just that email isn't one of them and was never really built to be. PGP was always sort of a tacked on solution with a lot of faults (no forward secrecy, plenty of meta data leakage, usability issues)
All that being said, I still left Gmail for Fastmail. Just because I consider every email I write to be public doesn't mean I want Google getting a free pass to mine and sell my data.
I agree with most of what you have written, but this:
> doesn't mean I want Google getting a free pass to mine and sell my data.
AFAIK, they don't do that with gmail. Do you have any evidence to the contrary?
We need to hold Google's feet to fire on privacy, but it is also important that we do not exaggerate or distort the facts.
Unlike most other responders, I generally trust Google not to do this. Everything they say they don't do has been confirmed to me one way or another by people working there that I trust.
They may make money off ads but I don't think they have any real incentive to lie about what they're doing. Because most of their users don't actually care. I would be curious if anyone knows of any scenario where Google has outright lied about what they do and don't do with information, because I've never heard of it.
For me, I moved off gmail for other reasons: my email is too important to randomly lose access to because e.g. their youtube AI thinks I'm spamming a channel on Youtube. I look at all my data in Google as if I might lose access to it forever some day, because someday I might, with zero recourse.
What exact behavior of Google are we talking about here? I'm pretty sure they do mine emails for their own ad targeting. On the other hand, I'm equally sure they handle the information securely and don't pass it on to anyone else.
> I'm pretty sure they do mine emails for their own ad targeting.
They do not. See https://support.google.com/mail/answer/6603?hl=en
"We will not scan or read your Gmail messages to show you ads."
Yet, they state
https://policies.google.com/terms?hl=en
> Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.
> "We will not scan or read your Gmail messages to show you ads."
that reads to me like ""We may do it for other purposes."
They obviously do, as does every mail provider that filters spam, at a bare minimum.
Whenever I book a flight google offers to set alarms and gives me don't forget your flight tomorrow notifications. They are obviously reading the email to achieve this.
Well, if they didn't you wouldn't be able to search in your inbox, among other things.
Interesting, looks like they stopped in 2017.
You're right, "Sell my data" might have been too strong. But they are certainly mining it to train things like their "suggested responses". In my view, it's an ad company, and while they might not be doing it today, there's nothing stopping them from using my data in the future, hence the "free pass".
I don’t trust google products. I will never buy anything they want to sell to me. Burden is on them.
I tore off my nest thermostats and replaced them with dumb ones. I miss the ability to change my heat remotely, but at the end of the day. I don’t need that functionality.
They already scan your purchases in your inbox: https://www.cnbc.com/2019/05/17/google-gmail-tracks-purchase...
They say they won’t use it to sell ads:
> “To help you easily view and keep track of your purchases, bookings and subscriptions in one place, we’ve created a private destination that can only be seen by you,” a Google spokesperson told CNBC. “You can delete this information at any time. We don’t use any information from your Gmail messages to serve you ads, and that includes the email receipts and confirmations shown on the Purchase page.”
What guarantee is there that this is not being used for other purposes? To train other kinds of models? To, say, monitor other people’s AWS bills, in order to optimize their own offerings? How likely is it that such a project was approved with no gain except adding perceived value to the Gmail product? I have a hard time believing they would do it only for that.
> I have a hard time believing they would do it only for that.
Why? Adding perceived values is how you get more users. More users == increased revenue.
I think the important question is: if Google were doing something nefarious like that, why on earth would they tie it to a public feature instead of just keeping it totally secret?
But is that actually nefarious, or meaningfully proscribed, or is it not understood that this kind of stuff is how Google makes money, and how it will continue to make money into the future? Is this unacceptable to most people? I am uncomfortable with it, but isn't this the way "business is done?"
I think you're right in the simple case, and they're not _currently_ doing something nefarious, but I also think it takes one creative product manager one day to decide they will directly sell that data, and most people will be too invested by that point
IMO the burden should be on Google to prove that they don't. The flow of personal data through their systems is opaque and they have plenty of incentives to monetize the data.
You can't prove a negative.
They said "prove" but really it's about trust. Google has lost many peoples' trust and it's on Google to restore that trust.
Sure you can. Apple does not run its image classification on your images using its cloud servers. You can test this by stepping inside a microwave or other cage and seeing that image classification and search still works on the iPhone.
---
On the other hand, what Apple does with your photos that you allow to be exfiltrated through iCloud... that's your own stupid fault.
We're not talking about mathematical or scientific levels of proof, but assurance and trust.
The usual methods for achieving this are government regulation and oversight (free of capture), and independent third-party audits (likewise).
The good news is that there seems to be ... some, slight ... progress in this direction.
You definitely can [0], but this one would probably be hard for google without significantly modifying the architecture of gmail in ways that would remove its revenue model. For example, they could open source a client that had audit-able end-to-end encryption, but then they couldn't optimize ad revenue by aggregating and mining large email datasets.
> a proof demonstrating that a particular problem cannot be solved as described in the claim, or that a particular set of problems cannot be solved in general
did you even read the article you linked
Apologies, I thought you were saying that you can't prove a negative... that negative proofs (like the examples linked) do not exist.
Google does mine email but does not sell the data.
... because they find it more profitable to retain exclusivity over the data, sure.
If that is so then "public" and "private" are insufficient categories to describe messaging options.
I'm forced to send proof of identity as well as proof of address via email. I'm receiving bank statements and countless other sensitive documents via email. And I have absolutely no other choice.
Whoever gets a hold of my email can impersonate me in almost every context.
So no, I do not consider the contents of my email public. Absolutely not!
I'm not willing to consider a service completely insecure just because it can never be completely secure.
In fairness, I don't think he meant the contents of your email account should be public, he said you should write and behave as if it could be because who knows what a webmail provider will do with your data. That's a very different thing than saying it should or will become public.
The question was whether or not it makes sense to make email services as secure as possible and prefer more secure email providers to less secure ones.
Some say we should give up making email more secure, because it can never be as secure as more modern messaging services.
That doesn't make sense to me, because we don't have a choice other than to use email in ways that require very high levels of security. I cannot behave as if my email could become public any moment.
I would love if the world were to move on to more secure messaging platforms. But it's simply not the world we live in right now.
> You should write every email as if it were public, because it's entirely likely that it will be. They can be forwarded, made public through legal discovery, or exposed in a data breach (eg. Sony/North Korea).
None of these are unique to email.
This is the attitude one should take for any electronic form of communication. Even old-fashioned ink on paper letters of significance have made it into the public record for all to see.
> I came to a similar conclusion. You should write every email as if it were public, because it's entirely likely that it will be
I think this is mainly governed by expectation and received benefits.
I would let my doctor see me naked, because I'm expecting the doctor will fix my problem if I agreed to do so, and I assume the doctor will respect my privacy by not leaking information about my physical characteristics and private parts with others.
But what if it's for example the owner of my favor restaurant asking to see the same? I don't think I would go there anymore.
I agree that email shouldn't be considered secure but disagree that you should just give up as a result.
It's trivial to use an email provider in a more privacy-friendly jurisdiction (e.g. Mailbox.org in Germany) and with a bit of effort you can even move to a provider the PGP-encrypts incoming email which can then be decrypted by your email client (which can connect with IMAP).
Given that the first measure is near-zero effort and saves you from silent/warrantless law enforcement requests, I think it's worth it.
Encryption is a bit more annoying but it does save you from later disclosure of your emails.
Well, snap! Does Tutanota have something akin to this? I also have stopped using Tuta/Proton due to the IMAP incompatibility.
Did some digging, and it seems like it's at least on the roadmap, but I'm not sure how high of a priority it is.
I did. It’s slow. Also, it’s not available on iOS.
When did you last use the bridge? They released an update a month or so ago which has made it significantly faster to sync changes.
I do agree that it would be great to be able to use your own mail client on iOS. Not sure that will ever happen though.
> I grew to accept that email is not for secure messaging and my paranoia of "I'm being watched" just went away.
Agreed. Even if you use protonmail, google still has most of your email because they have the most of everyone else's.
True, though I still think it's preferable to use for business, purchases, and logins. If I'm using an email besides Gmail, at least it means that I have a shot in that Google won't immediately know that I signed up for X service or made X purchase. Sure, they probably can figure those things out in other ways, but I'm not going to willingly hand everything directly to them.
Part of the reason I use Protonmail(and pay for it) is because I want to support the notion that the web can be made up of different services as opposed to all being calls to .google.com or .facebook.com.
I feel very frustrated when I hear this argument, as if it’s futile to switch to a different email provider. It’s actually hyperbole. Most people use chat and messaging platforms (or social media platforms) to communicate with others. Personal email, IME, has reduced drastically over the years. That leaves emails that businesses send to individuals, which are usually sent through non-free-profiling-based-Gmail methods (including GSuite, which Google cannot use to profile people). Only small businesses that don’t know any better or don’t want to spend money on email would use an @gmail address (or @yahoo, @outlook, etc.) to correspond with potential and current customers.
> Even if you use protonmail, google still has most of your email because they have the most of everyone else's.
I have far more incoming emails than outgoing and most of them are automated - probably not using GMail. That includes most of the most sensitive content like invoices and account management.
Please note that Fastmail is an Australian service. I would not trust Fastmail with my email privacy. Not because of the company, but because of the encryption laws in Australia.
Food for thought.
Reporting on Australia's encryption laws is wildly inaccurate. For one, it does not allow authorities to compel companies or individuals to introduce an encryption backdoor. The law very explicitly addresses this issue, see section 317ZG, which forbids any kind of "systematic weakness" or "systematic vulnerability" and very explicitly states that weakening encryption is included in those definitions.
What's permitted is to build something that targets a particular person in such a way that it cannot possibly affect another person's security.
The example I use (though IANAL) is that a request to backdoor WhatsApp's encryption would not be permitted under the law. However I think that pushing an update that checks for a particular person's hard-coded phone number and forwards messages to law enforcement would be permitted.
The law in question: http://www5.austlii.edu.au/au/legis/cth/consol_act/ta1997214...
I don't understand. Email isn't encrypted is it?
And what can the Australian government do that the US government can't these days?
Recent (2018) Australian data encryption laws are insane and archaic. It allows law enforcement to force individuals (including but not limited to developers) or companies to build a back door and requires them not to tell any one, including their employers. I'm not saying the US is better or worse, or that the UK (where I live) is better or worse. I'm raising awareness as not a lot of people know about their data encryption laws.
Personally I'd wanted to move to Australia but stopped chasing that due to their data encryption laws.
Are you suggesting isp’s are more trustworthy in America?
Because you’ve got to get your email over someone’s pipes eventually.
Fastmail is excellent. If you want secure/private/not easily spoofable by a 5 year old and you’re using email.... then you’re doing it all wrong.
> Are you suggesting isp’s are more trustworthy in America?
Certainly not.
My comment is relating to their data encryption laws that was passed in 2018. If you care about your privacy in any way, shape or form, individuals should be very wary of using services that operate from, or are owned by individuals in Australia (and the rest of the 5 eyes for that matter) unless you have your encryption keys and all encryption happens on your client app.
For me it was their app just being so far behind Fastmail.
If they had a better app I'd gladly pay. I just can't stomach gmail anymore and Fastmail was next best.
Amusingly enough, Fastmail is a web app wrapped in WKWebview and Protonmail is a truly native app.
Based on comments over in /r/protonmail there's some redesigns coming for the apps that should hopefully improve on the creature comforts.
I hope this is true because I like the privacy aspect of protonmail and would pay for it in that case.
How do both of these compare to Thunderbird?
I haven't used Thunderbird enough to answer this
Same deal, I loved the service but I don’t love living in my browser. I wanted IMAP and eventually that meant installing an app that ran a local IMAP sever that your client needed to connect to.
I suppose it’s a limitation of the protocol, and it’s good that protonmail doesn’t store your emails plaintext. However, they know the encryption keys...and so will any attacker.
I went to the Office 365 email package because I get more value out of the exchange server. Any emails I want to encrypt, I will do so myself. 99.99999% of my inbox is spam and automated mailing list crap and notifications and TOS updates, with maybe one or two emails every couple of months that are actually from a human being.
> However, they know the encryption keys...and so will any attacker.
I might be mistaken, but my understanding is that they encrypt your encryption keys using your password within the browser. They only store the encrypted blob and thus they are unable to decrypt any emails.
Having said that, since emails come in unencrypted anyway, they can, in theory, log everything there. Including the sender, receiver and what the email contains.
"Secure messaging" is a fantasy. Nothing is 100% secure. The question then becomes, how much security is important to you? Personally I prefer a marginal level of security with encrypted email over no security at all. Your argument is the same as saying, "well they might as well store our passwords in plain text since encrypted passwords often get leaked or hacked anyway".
Fastmail doesn’t offer phone support for paid users.
I have an account with them and spent months troubleshooting a carddav sync issue with my two Mac computers before giving up and switching contacts over to iCloud.
Proton mail seems pretty hungry for business. I inquired for a paid plan and they follow up all the time with sales people who have unique email addresses.
Interesting maybe try a fresh contact import on your macs? I know about 20+ people who use IMacs iPhones and MacBooks with fastmail and have no syncing issues.
I used it for two years without issue.
Tried to export and reimport to no avail.
Same here. Unless all parties use the same encrypted email service, this made no sense to me actually.
> If you need secure messaging, use something other than email.
Many services I need do not give me an alternative. I only continue to use email because of those services.
for personal use, maybe? but for business use, you need email security
I moved over to Fastmail from ProtonMail a few weeks ago. I think if you value the encryption and privacy and don’t mind the lack of basic stuff like threading in the mobile app or IMAP integration, ProtonMail is fully worth it. That said, for me I just want a well featured email/calendar service that can replace gmail once Gewgle fucked us over with Inbox. Fastmail does that for me and provides a lot less friction whilst doing so.
ProtonMail feels like a one-trick pony to me. They’re cruising on the allure of privacy features but they have a ways to go on other basics.
I'm not even sure it's all that great of a trick, considering that no amount of encryption and security on Proton's own servers or in their app can protect the contents of emails that are sent to (edit: or received from) someone who doesn't use Proton.
I am a current customer and think they've got a really well-done service and app, but lately I've been wondering if it's the privacy equivalent of the Maginot Line.
Makes me wonder if its possible or reasonable to consider an option with protonmails (and similar) - have a note in the footer of the email - explaining that encrypted is default in their system, but sending to your email provider has it converted to plain text where others can access it.. if you'd like to keep this mail message private click to login to protonReadPortal - where you can read, and if you'd like make a passphrase, to reply and keep messaging on secure servers.. get an optional app for replies to your contacts that have proton accounts.. then tap to checkbox so further emails to you from proton accounts send you a notice to check out the protonReadPortal instead of including the plain text..
I'd want my protonReaderApp to have default shred message after reading.. keep available on proton server for 48 hours after.. one click to save as pdf or zip or other safer password format, or save on protonServer longer.. with easy to change defaults..
would be nice option. I dunno maybe something like this exists?
There are several use cases for this..
a system like this could make for encrypted form storage and messaging with the right API maybe hippa compliant?
I'd expect my lawyers and accountants and such to use something like this.
You can already do that with protonmail. There are three buttons available when writing an email, doing exactly that.
When I initially set out to change mail providers, I considered both Fastmail and ProtonMail.
Ultimately, my decision was based on the fact that ProtonMail is a Swiss company, a country whose privacy laws are stronger than Fastmail’s country of origin, Australia.
So far I’m really happy with ProtonMail as a replacement for Gmail, as a mobile-first user. The only issue is saying “ProtonMail” to people who have never heard of it (surprisingly prone to misspelling).
You could try out the short-hand version "yourname@pm.me". It is not enabled by default, but it is a simple radio button toggle away in your account settings. Certainly more convenient than the full '@protonmail.com'.
They have IMAP, you just have to install a program they call the bridge. I use the Linux version that's still in beta and have had no issues with it so far.
There is no bridge for iOS or Android. Also no bridge for their calendar at the moment.
I agree 100%, Fastmail is just a superb complete service.
Article is light on the details, but ProtonMail has published some here: https://protonmail.com/blog/protoncalendar-security-model/
> This calendar key will then be symmetrically encrypted (PGP standard) using a 32-byte passphrase that is randomly generated on your device. Once it is encrypted, your calendar key will be stored on the ProtonCalendar backend server.
32-byte passphrase: might be fine, depending on what those bytes are; the interesting question is how much entropy it got generated from.
> Each member of a calendar will have a copy of the same passphrase that is encrypted and signed using their primary address key. The signature ensures that no one, not our server or any third-party adversary, changed the passphrase.
This is where it gets weird. Why do both? The obvious way to encrypt with an ECC key comes with authentication for free. Signing mostly has negative privacy implications. (I think the answer is "we incorrectly decided PGP was a good idea a long time ago and now we are stuck with its problems, which include being wrong about authenticators".)
> The invited member, if they decide to join the calendar, can decrypt the passphrase using their address key. They can also verify that the signature on the passphrase belongs to your email address key. This lets the invited member cryptographically verify that you invited them. To accept the invitation, ProtonCalendar will then pin the passphrase for the invited member by replacing your signature with one created using their own email address key. This signature will later be used by the invited member to verify the passphrase at each application start.
Again, with designs less than twenty years old you can do that without a signature.
> To accept the invitation, ProtonCalendar will then pin the passphrase for the invited member by replacing your signature with one created using their own email address key. This signature will later be used by the invited member to verify the passphrase at each application start.
what
I'm reviewing the attendee scheme next, but I need more coffee first.
What are your thoughts on Protonmail's security in general?
Specifically this part from their whitepaper https://pbs.twimg.com/media/EKpHwB-WwAE4YN0?format=png&name=...
This is a bad idea right? We aren't supposed to decrypt then verify usually, correct? I'm told this is standard for implementations of OpenPGP, but it just seems like a horrible design (of course OpenPGP itself is probably bad).
I didn't write https://latacora.micro.blog/2019/07/16/the-pgp-problem.html (the writing is too good, a giveaway that it's a 'tptacek joint) but I did review it and helped shape its contents and generally subscribe to its message :) In particular you are correct, and specifically GPG's MDC thing is some weird nonsense that does not deserve to be in use in 2019, let alone being in a product that describes itself as having top-notch security.
(Mostly I think I get why Protonmail does what it does, but GPG+email is a losing horse. It also doesn't help that protonmail addresses are a mild predictor for content not worth reading. I haven't quite had Popehat's experience of protonmail being a proxy for overt, virulent white supremacy, but... certainly have seen it be a proxy for poorly informed opinions on security :-))
Setting aside the technical issues for a moment, your last point is interesting to me.
One of the things that bugs me about security/privacy discussions is the rampant paranoia and misinformation, and it tends to be the louder voice in the discussions lately. I have to wonder if Protonmail being such a visible figure means that it attracts people who're inclined to fall under the aforementioned.
i.e, the people who use Protonmail for mostly innocuous reasons just don't say anything, so the poorly informed bits float to the top.
It's like apartment ratings, I guess - nobody writes a rating for a good one.
Disclaimer: I interviewed with PM last year and was offered a role, but for various life reasons didn't take it. They're pretty smart people though so I'm inclined to give the team the benefit of the doubt - I don't think any of this influences my comment above, but worth noting.
When I decided to ditch google a while back I considered switching to proton mail. Their marketing resonated with what I was looking for. After some thought I realized that email is fairly insecure by design. Even if proton mail fixed all of the security issues associated w/ email it all goes out the door the moment I communicate with a non-proton-mail address. Almost all of my friends and family use gmail, and most of the volume of email I receive comes from businesses. For my usecases, proton mail is basically security theater.
What's worse, proton mail makes many dubious claims. They claim that "All emails are secured automatically with end-to-end encryption." This is clearly false. They state that "ProtonMail's infrastructure resides in Europe's most secure datacenter, underneath 1000 meters of solid rock." Ok, cool, but how does that benefit me? The emails are already end-to-end encrypted (but not really). Am I expecting commandos to raid a datacenter and steal my encrypted emails? They say that "Our story begins where the web was born, at CERN." Again, who cares?
End-to-end encrypted email is not on my list of must-haves (or even on my list of wants). When I need a secure communication channel, I use Signal. Proton mail overstates what they provide, and they spend a lot of effort on frankly useless security measures.
Maybe! Certainly other environments with an emphasis on anonymity, pseudonymity or privacy in general have turned out to be terrible cesspools. But on the other hand, Signal and Whatsapp aren't. It's also not necessarily a broadcast-vs-1on1 problem: while I'm often frustrated with HN, it takes care of the white supremacists pretty effectively.
The iCalendar spec[1] already features "encryption by committee" by being thoroughly obfuscated through its innate unreadability and undocumented vendor extensions.
On a more serious note, a sibling comment asked if there's an API. And, really, for an API to work, we'd need to agree on some kind of data structures. Reading that spec, and having mucked with LDAP, IMAP and related specs, it really feels like we're still banging rocks together in how we define the semantics of data exchange.
The Fastmail devs have been working on getting JMAP for calendars standardised through the IETF. It’s intended as a mature, modern replacement for all the iCal / CalDAV junk. The biggest bottleneck at the moment is getting past the chicken and egg problem - we really need Apple and Google and others to adopt the new protocols for them to start to be useful. JMAP for email is currently struggling against the same adoption issue.
This is a welcome development. ProtonMail has worked well for me. Now if I could only find a way to make a Pixel phone accept that email address instead of one of my several one-off fake name gmail addresses that I use for such things.
Don't integrate privacy-focused email service (hushmail/proton etc) into a non-private phone. Access it via the webmail interface.
I've been asked several times to decrypt my phone at international boarders. If you leave things to webmail, unlocking your phone doesn't give them access to your email account, or even tell them where it is. All the TSA/Cops get is my "gmail-for-phone-2018@gmail.com" address that I haven't checked since day one with the phone. My access to my real email is covered by a web browser that doesn't keep records.
My ProtonMail installation on Android supports PIN/fingerprint locking
They could definitely ask you to unlock it. It's why apps like 1password added a "Travel Mode" https://blog.1password.com/introducing-travel-mode-protect-y...
That's pretty cool! Similarly, couldn't you just uninstall the ProtonMail native app when traveling?
If memory serves you can create a Google account with your existing email address. They won’t create a gmail account for you, but you can still use other Google services with it. I’m guessing it’s worth trying with your Android phone?
http://accounts.google.com/SignUpWithoutGmail for reference.
You sure you want them linked?
I feel that it is better to have them compartmentalized.
I switched to tutanota for the price and features already provided, protonmail is really quite nice though. I'd love to better understand the legal implications of the hosting countries laws better.
Same here, using tutanota for the last year. They also offer a calendar, which I haven't tried but assume is encrypted.
It says "Free Encrypted Calendar" on their website.
I'm a bit confused it took Protonmail more than a year yo develop ProtonCalendar. Is it really that difficult to develop?
A calendar?
Yes. I'm surprised they could develop it as quickly as a year in fact.
Calendars are difficult, there is a lot of hidden complexity in the way that users use calendars. They are iceberg products, they look simple from the outset but if you try making one you'll run into the myriad of edge cases.
Calendars are software so directly related to time, I'm not surprised. There are so many edge cases. Timezones, daylight savings time. The fact that so many regions don't use the same standards. We alter year length with leap years and doing things like adding leap seconds. Time is a nightmare to program around.
I somewhat believe our society would be easier if we had a better, simpler standard for time.
Technically I’d agree. In practice I think people would progressively bring back crazy use cases and requests that would need to be dealt in the model.
For instance date formats are a complete mess only because people value different informations. Even in a countey with a single official representation, people will write checks with shorthands and mixing of different norms.
It’s also interesting to look at China would try to simplify pretty hard, and still ended up with a tangled mess (https://en.wikipedia.org/wiki/Time_in_China)
I've spent much more time than I care to admit researching calendars, the general counting of time from seconds to centuries — actually, ahem, from the Planck time unit to the age of the universe. I find that there would be elegance in having a metric system aligned with "natural" dimensionless units, orders of magnitudes.
Suffice it to say, not only are you 100% right, but there are many easier and better systems we could use; and a software-defined world makes that actually easier than ever to implement in real life.
But people don't like change, and the biggest obstacle historically has been religion — depending which culture/country, pick one or two who oppose any change whatsoever.
Governments just don't see much incentive in doing anything either, because it's a losing proposition — you'd spend a lot of "political capital" and probably earn a lot of resentment in return, except for a few nerds who'd love it.
I've thought long and hard about how to overcome all these historical roadblocks, but I honestly have no idea in this case. Calendars are... loaded topics for way too many people, and useless concerns for most everyone else.
It's like the dozenal society. They're right, about everything, but it just won't happen.
I have similar thoughts thinking about currency. It seems incredible to me that we (in the UK) ever managed to pull off decimalization!
My only agenda as Ruler of the World is to move the prime meridian to the longitude closest to the population center of the globe, and define one global time off that.
You have my full support! There is no reason why we couldn't introduce a better standard.
there are a lot of reasons why you probably couldn't come up with a better time standard, but the most compelling to me is this: no matter how elegant the new system is, everything would still need to be backwards compatible with "legacy" time. unless your calendar only needs to handle dates after the new standard was introduced, the implementation will be more complicated than just sticking with the shitty system we already have.
I think the only realistic strict improvement is abolishing Daylight Savings Time everywhere. In a calendar, you don't really care about past events, though a good calendar will probably need to handle it, but most people would benefit from eliminating that occasional complexity.
Google (but not Apple) is still charmingly unable to tell when I've switched time zones between scheduling an event and attending it.
So, yeah, calendars are hard.
My Google Calendar now sends me two email notifications for every event that I set up notifications for, and I have no idea how to turn one of them off after scouring the settings. I can't remember how I managed to mess it up and I don't even know if it's something I did, but I can't for the life of me undo it.
A couple of references for why building a time-based application is difficult:
Falsehoods programmers believe about time: https://infiniteundo.com/post/25326999628/falsehoods-program...
Falsehoods programmers believe about time part 2 (this one contains most of the timezone related madness): https://infiniteundo.com/post/25509354022/more-falsehoods-pr...
Trying it out now. Its a complete rewrite of "mail" and "contacts", plus new "calendar". Looks pretty nice, so far, and good usability.
Feels really good to be able to migrate more personal data away from G.
Is there an API for this calendar? I looked, but didn't notice anything. That's one of the G features that I like.
Did anyone else notice ProtonMail being used in the movie "Knives Out" to send the ransom note? Cracked me up..
Yes I did! I thought I was alone. I love when movies do their best to have some sense on the tech side, it could have been an annoying "sending ransom note.." loader instead.
I also saw it, and got a chuckle. I noticed how they were using the mobile web-app version instead of dedicated app.
I think its a testament to ProtonMail's popularity, that they get some screentime in a film with such a high-profile cast. Perhaps a techie in the film crew suggested they use it.
It could also be a paid product placement.
The writers likely have a tech-consultant that checks these things. Can't have another NCIS moment.
I'm sure the film's budget could have afforded a consultant. However, if you watch the movie, you may notice that there was no need to show ProtonMail at all. It was a close-up, over-the-shoulder shot of the culprit using a phone to send an email. The whole shot lasted ~2 seconds, with narration. They could have simply chosen a front-facing shot of the culprit using a computer or phone to achieve the same affect.
In any case, there are still plently of TV series and movies that put less effort into a 5 minute 'hacker' scene than this movie did into a 2 second shot. They get my kudos.
I noticed it as well and just that little touch (along with the line "What is this, CSI:KFC?!") pushed me from "I will probably stream this a few times in the background because it's funny" to "I am preordering the 4K disc as soon as it is listed."
Not that surprising. It was also shown on mr. robot a few years ago.
I would say its more suprising that ProtonMail shows up in a movie like Knives Out (which has no technical content), than it is for it to appear in Mr. Robot (a purposefully technical series, and being underwritten by Michael Bazzel, who is an advocate of ProtonMail).
mr robot is uncommonly good about depicting technology and security practices. it also shows elliot booting into kali linux, despite most viewers having no idea what that is.
Duplicate of https://news.ycombinator.com/item?id=21913989 -- I started reading the actual spec here: https://protonmail.com/blog/protoncalendar-security-model/
Here is their write up of the security model: https://protonmail.com/blog/protoncalendar-security-model/
If one doesn't care about web access to their calendar is there any recommended encrypted calendar apps to use on an android device as the default calendar app? Does setting a default calendar app to something other than the calendar on ROM actually prevent calendar data from leaking to third parties?
EteSync[1] has been around for a few years now. It's fully open source and offers secure, end-to-end encrypted, and privacy respecting sync for your contacts, calendars and tasks. Sounds like what you're looking for...
Disclaimer: I created it.
it's based on davdroid / davx5 ?
Years ago, when it was first created, the code was forked from davdroid, though it diverged quite a bit because the other than the part that interacts with the Android system, they are quite different.
Glad to see any encrypted mail grow their services, this is a bit of a sidebar, but what are some of the updated thoughts about the return of Lavabit and the Dark Mail Alliance group?
Still requires google play store to install and google services to run - not really "polar opposite to google" after all.
I'd like to see how this compares to fruux, which hosts a privacy concious calendar for years.
I lost a lot of faith in Proton when I learned how much funding they took from the EU. It just runs entirely counter to evidence we’ve seen of Snowden, 5eyes/14eyes, and other programs that the EU truly wants end to end encrypted comms for people.
Am I wrong to be skeptical?
Edit: oh apparently I’m wrong to even suggest something we have other examples of
I disagree with much of your comment:
> I lost a lot of faith in Proton when I learned how much funding they took from the EU.
Unless the origins of the money are unethical (e.g. blood money), it's not where it comes from that matters, it's what's done with it. I haven't seen any misconduct from ProtonMail and the EU's motivations for giving the money seem to be economic, which makes a lot of sense. They want competitive EU tech companies.
> It just runs entirely counter to evidence we’ve seen of Snowden, 5eyes/14eyes, and other programs that the EU truly wants end to end encrypted comms for people.
The EU is not a member of the 5 eyes nor 14 eyes, some of its member states are. The EU is composed of 28 member states, so not even half are participants in those groups.
Even if the EU were a member of the 5 eyes, the EU is not a monolithic entity. The SIGINT arm of the EU (if such a thing exists) may very well oppose end to end encryption while the economic arm promotes it. The same is true in the US, where the NSA attempts to break encryption while the Department of State funds Tor development.
Possibly. There is very little to no private funding for true privacy products. I think this is one of the reasons that Proton had to initially rely on crowdfunding. Perhaps, this is because so many tech companies are stuck in the AdRev mindset where sharing customer private data is how they make their real money? If you look at the ecosystem, you see many privacy products are actually government supported either directly or indirectly. For example, the Tor Project has directly taken massive amounts of funding from the US Military and you may recall the story of how Microsoft was forced to buy Skype in order to open it up to surveillance or lose massive amounts US DoD software license contracts. Those are just two examples. But, there are really limitless cases. Trust Google? But, Google receives massive DoD/EU contracts. Apple? Same thing. Role your own? But, nearly all standard encryption and hashing algorithms were either developed by or reviewed by government funded academic researchers in the US or EU.
The way I think of the privacy ecosystem is that it makes dragnet surveillance much harder and it provides some protection if the government has specifically targeted you for data collection. So, companies/products like ProtonMail and ProtonVPN are good things. But, creating something that is 100% safe for the individual is impossible (or at best so impractical to be untenable).
They have a grand total of $4.8MM in funding, and €2MM came from an EU grant. Hardly even a modest sum considering the tech funding climate these days.
The EU is one of the most privacy-conscious government entities on Earth right now, and it needs to be noted that ProtonMail is located entirely within Switzerland, an even more privacy-conscious state that is not a member of the EU.
you could say the same thing about tor, which was originally developed by the us military. it could be a long-term honeypot with backdoors, or it could be that giving it to the general public makes it more useful for state-sponsored clandestine operations. hard to say, really.
You could say that, but it would be fundamentally misunderstanding why the US Government needs TOR users.
There is no extra safe guards to encrypted email that lives on a server the more users you add. It doesn't matter. It was a point to point transfer once. All emails are SSL/TLS sent anyhow.
TOR is a different thing. It's active user browsing. If only US spies (example) used TOR, it would be pretty damn obvious what they were doing or at least show that this was vital traffic to inercept. But add in millions of normal users and it's much easier to keep your nefarious deeds hidden by just blending in with the crowd.
I am satisfied with the Protonmail, easy to use, secure, good.
nice, but don't put all your eggs in one basket
Correct me if I'm wrong, but this doesn't appear to be CalDAV-compatible. If so, xkcd-927 strikes again :-(
If you want to build something which can't be compatible with popular standards, what is the better choice? Build it anyway, or let those standards stop you? It's the same reason I can't read my PGP-encrypted email on my phone.
Do what Fastmail did, and work with the community (generally via the IETF) to make your new standard open and compatible:
https://fastmail.blog/2019/08/16/jmap-new-email-open-standar...
Good point, perhaps Proton will do so.
Not yet, anyways.
For IMAP email, there is Proton Bridge, to get around the fact that all data on their servers is encrypted with a key that only you have.