I found out also that Tutanota is essentially the same, except that they do E2EE subject lines between tutanota users, but I am guessing that is because they don’t use PGP unlike Proton. In which case, Proton is in the right in this case because they are increasing E2EE interoperability beyond just their own users. So, my comment about honeypotting was really uncalled for I think, and I apologize for that.
The OpenPGP proposal is interesting, but I couldn’t find anything on it. All I found was this below, which explains that email headers can’t be/aren’t encrypted, and subject is one of those, so that’s why. I have no clue what Proton was talking about, or where they got that info
when it comes to server-side software, FOSS is of little importance unless you are self hosting. there is zero way for you to verify, unlike client software.
jitsi conference room server, or matrix chat server.
you could run an Oxen node for the Session onion messenger, or a relay for the SimpleX messenger. these are especially important things we need to reduce decentralized messenger dependence.
you’re right about the IP thing. that’s a good clarification rather than just “spy”. i suppose it’s less dire than Tutanota not encrypting incoming mails if you use tor and vpn by default.
yeah basically it more or less proves that swiss privacy is a bit stronger in this case vs Germany.
on the proton encryption, i did know about this but does that apply to proton-to-proton, proton-to-NonProton, or both? if you have details on this let me know.
either way the fact that they dont makes me feel that proton is a similar honeypot to signal and telegram, where they make a compromise with the five eyes, to give them metadata even if actual contents are safe. metadata can be much more powerful than contents often times
in general email is just the worst protocol when it comes to privacy. sadly.