If and when you send or receive e-mail encrypted by PGP, the body (contents) of the message is indeed encrypted and you’re safe from snooping and data collection, which is great. However, privacy-wise this might actually be a bad thing, because almost no one uses PGP and using it makes you stand out in a sea of normal e-mail users for someone who collects and analyzes lot of data. So if that’s your threat model, using PGP might actually be dangerous. Also, you have to remember and remind everyone to use PGP, which is cumbersome if you correspond with non-techie people. You don’t really know how they handle “their side” and PGP software is notoriously not very user friendly.
Whenever you send someone unencrypted e-mail from your Proton account, there’s a chance that the recipients e-mail provider (most likely Google or Microsoft) reads it. Same when they send it to you. It doesn’t actually matter that the message sits encrypted “at rest” in your Proton accounts Sent Items -, the contents have already been read, indexed and sold to a broker.
It’s very hard to do e-mail privacy because the protocol itself doesn’t have any built-in. It’s better to use other communication methods for sensitive transactions.
If and when you send or receive e-mail encrypted by PGP, the body (contents) of the message is indeed encrypted and you’re safe from snooping and data collection, which is great. However, privacy-wise this might actually be a bad thing, because almost no one uses PGP and using it makes you stand out in a sea of normal e-mail users for someone who collects and analyzes lot of data. So if that’s your threat model, using PGP might actually be dangerous. Also, you have to remember and remind everyone to use PGP, which is cumbersome if you correspond with non-techie people. You don’t really know how they handle “their side” and PGP software is notoriously not very user friendly.
Whenever you send someone unencrypted e-mail from your Proton account, there’s a chance that the recipients e-mail provider (most likely Google or Microsoft) reads it. Same when they send it to you. It doesn’t actually matter that the message sits encrypted “at rest” in your Proton accounts Sent Items -, the contents have already been read, indexed and sold to a broker.
It’s very hard to do e-mail privacy because the protocol itself doesn’t have any built-in. It’s better to use other communication methods for sensitive transactions.
Good explanation, and I figured the same.
I feel the ‘encrypted at rest’ is then a false sense of security. Alas it is much better than gmail, etc.