Close
Results 1 to 10 of 34

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 03-06-2019, 13:23 #30
    DireWolf
    DireWolf is offline
    Varmiteer DireWolf's Avatar
    Join Date
    Nov 2012
    Location
    DENVER CO
    Posts
    713

    Default

    ^^^thanks for bumping this to remind me; had written up something last week during some in-flight down time, but ended up being way too much, so here's the condensed version:

    Without taking any additional items/steps into consideration, mail sent from a ProtonMail account to a Gmail (or any other external/non-ProtonMail) address would only be encrypted while in-transit between mail-hosts (at best), and would still be stored in plain-text on the Google (or other provider) mail servers, fully available to them to access, mine/analyze, and/or disseminate your data within the sphere of those parties identified in the privacy policy (which is a damn large list).

    ProtonMail uses OpenPGP to encrypt mailboxes and messages between ProtonMail users, with encryption/decryption through either the website, Mobile App, and/or ProtonMail Bridge (note that the messages retrieved through the Bridge are decrypted in local storage).

    Also, they've exposed this functionality (and keyring management) to provide options for exchanging fully-encrypted email with external non-ProtonMail recipients - (e.g. Gmail, etc.); This allows for the message contents to be fully protected & unreadable even on remote servers (but watch out for those headers/subject-lines, which stay plaintext and are captured in any number of locations during message transit/processing).

    All that's required for this is to simply create/associate a PGP Public Key with an address/contact, and PM will automatically encrypt all outbound email to that address (bidirectional encrypt/decrypt is seamless once Public Keys have been exchanged & verified; do not ever share a private key). Also, other than rules configured in a mail client, there is no native "auto-forwarding" capability in the PM service.

    gpg4win is a good Windows/Outlook client bundle for creating and managing PGP Keyrings, and for "one-off's", PM has option for message encryption/expiration using OTPs.

    Finally, be careful to (securely) store any keyrings & passphrases, or anything encrypted with such is toast should they be lost...
    Last edited by DireWolf; 03-06-2019 at 13:32.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules