Sorry for the negative post. I do care about privacy. That’s why I’m here. I was literally one click away from buying my first subscription last night, but I got distracted and in that time, I found out some concerning things. Minor, all things considered, but I want to know what I’m getting into, and evaluate properly if I still want to. I hope I haven’t missed anything below, but if I have, please do let me know.

Proton, so far, seems like it has the best paid email service, VPN, and importantly, comes with a drive. Critical if I’m to degoogle.

Email verification

Already fixed Discord has problems with Proton. Some verification I think. Could it be they use a tracker to verify? Sure it’s Discord’s fault and not Proton’s, but if the bottom line is I’ll be locked out of services, that defeats the purpose of 90% of email. The only workaround is apparently just going back to Gmail

Email registration

Discord is already just for games and terrible for privacy, so I don’t mind using Gmail for that. But if they can do it, who else can? Has anyone encountered a similar problem with any other service? If a company wants to track you, they could just ban the untrackable email company. And many do, but they’re given the benefit of the doubt that they just thought Proton was a spam site.

Holes in encryption

As a PGP user, subject lines aren’t encrypted. I’m here mostly just because it’s not google and one day I might upgrade to Unlimited, which will improve the convenience in my life. Proton is a great company from what i hear. But it’s noteworthy that the encryption isn’t complete. They said they were modernising PGP and this would be an upgrade they’d bring, but that was 3 years ago. Again, it is my opinion that Proton is a good company, at least it’s not overtly evil. But are missed goals such as this a common occurrence? I understand it’s not an official announcement, but I want to know if I need ot temper my expectations compared to the atmosphere around here.

Tracking protection

Sounds like a good thing, and was one of the things I was most looking forward to. But now I find several issues with it

1. Only works on web. I prefer using desktop clients Untrue or no longer true
2. Even when it does work, it breaks some links. Someone had a link to log in to his bank, but it got flagged as a tracker and broken.
3. This concerns me because if it can break innocent links, then tracking can be made mandatory. What’s stopping the sites from blocking untracked links from working at all? Sounds like this is a temporary boon we’ll only get to enjoy for a while.

So, I’m prepared to use the browser app for Proton. But even if I did, the tracking protection isn’t a straight upgrade, it has drawbacks.

Minor issues

Things I’ve come to accept, but minor enough that I can completely overlook. Just writing them down so you know I know. Regarding the environment not just mail, because I want to get Unlimited one day.

1. Desktop app is kinda janky. Slower than Bridge to a 3rd party client
2. Need 2 mobile apps because Proton can neither accept nor register any 3rd party on mobile
3. VPN is a bit slower than others
4. Drive is poor in features (I barely use cloud anything anyway. I actually prefer barebones)
5. Pass doesn’t have key only login. Not entirely sure what it means, but I intend to use Bitwarden anyway.

Hi! Happy to hear that you’re considering a Proton subscription to protect your privacy.

We’d like to address some of the issues you’ve listed:

Regarding the first two points, the Discord issue has been fixed, and you should be able to create an account without any issues using a Proton Mail address. We’ve had similar situations with some other services in the past, and most of them have, in the meantime, made it possible to sign up with Proton Mail. As of now, the vast majority of online services allow you to use your Proton Mail email address when registering for an account. More on our processes and possible course of action in cases like this can be found here.

Regarding PGP, so far, the protocol doesn’t cover subject lines: https://proton.me/support/does-protonmail-encrypt-email-subjects However, the OpenPGP standard we rely on is open-source, battle-tested, and allows Proton’s encryption to be interoperable with any email user relying on it to protect their emails, which we believe are the advantages outweighing the lack of subject line encryption. When it comes to the recent improvements to OpenPGP (as well as the further plans), you can read about them here.

Tracking protection, in fact, exists on Proton Mail web, desktop, and iOS apps, and is planned for Android too. Can you please report the issues you have encountered to us at: https://proton.me/support/troubleshooting?product=mail and provide as many details as possible, so we can investigate? Thank you in advance.

Finally, minor issues:

1. We’re working on improving the desktop app behaviors. Feel free to report any issues you have here.
2. This is impossible due to how our encryption works.
3. VPN speed can depend on multiple factors. We recommend that you contact us at https://protonvpn.com/support-form?ref=contact_product_vpn and share more details about your setup so we can provide some guidelines on how to improve it.
4. Improving Proton Drive is one of our highest priorities at the moment, we have many functionalities planned. Feel free to vote for the ones you consider the most important on our User Voice.
5. Could you please clarify what you mean by key-only login? If you’re referring to the possibility to log in with a U2F key only (without using a 2FA TOTP code), this is part of our future plans.

I’d say probably the biggest reason not to use it is if you want to use your own email client. This has never been a concern to me though.

In addition to what the team wrote about the tracking protection below:

In the email itself you can still access the full URL of the tracker (in web/desktop/iOS/iPadOS), and also the original URLs of the cleaned URLs (in the web app/desktop app).

In my personal experience I do not think this is an issue and if there should be some false-positives (haven’t had anything yet), the support team is a few clicks and keystrokes away.

I found out some concerning things. Minor, all things considered

Have you thought about the major plus point of using an encrypted (whether that is Proton or any other) E-Mail provider? Not giving them your data.

I always imagine a scale, on one side you have privacy, at the other usability. Gmail and the likes have a super high usability, however a very low privacy.

Privacy oriented providers try to even that out as good as possible, by having a very strong privacy, yet also have a good usability. That said, the usability will never be as high as for an unencrypted provider.

This alone for me is worth some minor inconveniences over the likes of gmail and co.

Bro you should never click on a link to your bank account in your mail, even from a trusted source. They may be hacked or whatever, juste use the website directly if you receive something that mention your bank account.

In a Google ecosystem, the non fully integrated contacts across services, calendar etc creates an overall loss of productivity and ease. You have to ask yourself, what benefit are you really getting for the increased headaches and loss of convenience.

Let me address a different issue others haven’t.
The proton mail interface is not as good as Gmail. It’s mandatory for work. And it’s just the best mail client period.
It’s not bad by any stretch. The bar was just so high.

Obligatory Drive has no Linux Client complaint. since you’re doing the full suite.

Is it just me, or is this post just kind of odd in general? OP doesn’t appear to be very well informed about most of this based on their replies, but felt the need to scour a bunch of past reddit threads to bring up issues other people experienced while not fully understanding what those issues actually were.

OP:

Didn’t know other sites/providers can block mail servers

Doesn’t understand how Proton blocks tracking links nor how to test the issue he heard about

Complained about Drive is poor in features then said “eh, it’s fine. It has everything I need”

Doesn’t have a clue what key-only login is, yet called it out as feature lacking because they heard about it somewhere

Just a really weird post.

​

Edit:

Well I want to use Thunderbird. I have been since I was about 11 and thought it sounded cool.

Now it makes sense. OP is most likely on the younger side. Keep learning and being curious OP, there’s a ton of info out there.

I like protonmail, I have a business subscription (for a few of my domains) and some customers on it.

I’ve considered replacing my own mailservers with proton, but…

• No IPv6 support
• You can only upload a PGP/GPG-key that has no expiration date

No smtp server, only there software to open a local tunnel, and no option to get it to work for docker container/lxcs.

I ran into your tracking protection issue 2 today, and got locked out of my healthcare patient portal. I’m sure it’ll get fixed, but itd be nice to have a tracking whitelist

Google has been trying to shut them down. That alone is a reason to get it

I’ve filed multiple support tickets asking to have my mailbox restored from a recent backup. It’s been days and they’ve been ignoring me. They have the worst support of any company I’ve dealt with. I’ve actually gotten support from Google for Gmail! I pay for a Visionary account with ProtonMail, and they seem to make it a point to never respond to my tickets.

Their ISO 27001 compliance is a lie. This compliance requires backups. I’ve contacted the ISO foundation asking that their certification for this standard be suspended and or revoked.

Yes #2 is what I’m having problems. I’m desperate…

How can I use proton email in my ali express app?

Ali sends an email to verify the email I’m going to use and proton doesn’t even accept it. what do I have to dooooo?

protonmail also has a short inactivity policy and they strictly enforce it. Go over the time limit and your account is gone forever. So lets say you signed up some services where you didn’t want to expose your main email, so you made a protonmail for this purpose. You would at some point maybe need to change a password for that service or similar, and then you’d need your protonmail to receive it. But by that time Protonmail has deleted your account.

I can’t speak to why you shouldn’t because I have been using protonmail for several years. Other than the recent servers down, it has been good for me. I couple it with Brave browser for more reduced tracking.

OP: “PASS DOESN’T HAVE KEY ONLY LOGIN!!!”

Proton_Team: “What exactly do you mean by Key-only login?”

OP: “No idea, I read about it somewhere…”

ALSO OP: “DRIVE IS POOR IN FEATURES!!!”

Proton_Team: “Improving Proton Drive is one of our highest priorities at the moment”

OP: “Oh dont worry, it already has everything I need…” (which one is it then OP? Does it lack features or does it have everything you need?)

Key factors for me:

• Subject lines are not encrypted. You are much safer deploying your custom mail server then doing FDE than hosting on proton if subject lines are concern for you. Knowing subject lines alone you can conclude a lot from somebody’s activities.
• Aggresive inactive account policy. You get surprised and get thrown to jail because of political views and you stay one year there. You come back and you lose access to everything and you are unable to recover your username.

Elaborated answers like these is another reason why I use proton.

I’m gonna be honest, just the fact that the admin account replied positively and objectively to a post I was afraid would come off as a smear campaign by a Tuta fanboy is enough to sway me.

the Discord issue has been fixed

Oh that’s great! I already said I’d be fine using Gmail, but the fact that you guys worked to fix it is way better customer care than I’m used to. I have learned a lesson today to check patch notes and such because there’s not going to be any fanfare for improvements like this.

More on our processes and possible course of action in cases like this can be found here.

Yeah that’s the benefit of the doubt I was referring to. I had no idea a site could reject a certain domain. This ability worries me, but I’ll still sign up for Proton sub to be on the right side of history. One day they might actively, maliciously ban any address that doesn’t allow them to track the user, but at least I can say I wasn’t with them.

which we believe are the advantages outweighing the lack of subject line encryption.

I agree. It would be nice, but it’s only a small thing for me. It’s only notable to me because it’s the difference between perfect and imperfect.

in fact, exists on Proton Mail web, desktop, and iOS apps

Again my mistake. I don’t know where I read that it was only on the web app.

Edit: The guy with the broken link problem from tracker blocking is here

1. It’s amazing that I actually believe that. I don’t even trust my government to be “working on it” but you have a much better reputation.
2. Understandable, the alternative would be the allowing random apps to break encryption by asking nicely
3. I have been advised to try other servers, which I will do in the future. Should have been obvious, but I formed my VPN habits while I didn’t know the first thing about networks.
4. Awesome. it’s already got all I need really, since I’m not much of a cloud person, but improvements are always nice
5. I’m not so sure myself. I saw someone mention it in a Proton vs Bitwarden post. I think your guess is right, and I’m glad to hear it. Even so, I’m only getting Mail now, but I’ll make some use of Pass some day in the future when I upgrade to Unlimited. I just can’t afford it at the moment because I regretfully paid for 2 years of Nord about 3 months ago. Gotta let that run out first, or at least come close.

Anyway I’ve been here long enough. I have a subscription to make