Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I agree with everything, just want to add a downside of proton which is often forgotten: there is no search. You cannot search your emails’ body (headers work, but keywords like “from:” still do not work for search), you cannot search the content of your files, etc.

It’s the price of end-to-end encryption.

The only workaround is synchronising everything locally and searching locally.



But you still can use Thunderbird for that. I recommend it no matter what mail provider is used. Web interfaces are so heavy nowadays, compared to that, Thunderbird feels so fast.


yes, so I can search my emails solely on my laptop if I install proton bridge and synchronize 50GB of emails. And in case you have ever tried to search 50GB of data with thunderbird, it’s slow.

I tried synchronising the data directly in the browser, without any email client and the search is mediocre and slow.

This is not a great experience for search.

But again, it’s not a critique of Proton, it’s just how it is with E2EE. At least it demonstrate they are really doing E2EE.

I still hope some time in the future homomorphic encryption will help, but I think we are at least a decade away from that.


Until some time ago they prevented users from using Thunderbird for Protonmail though. Well, good that now it is possible!


You've been able to use it since 2017 on Windows and 2020 on Linux, so only about 8 and 5 years respectively.


This is a problem of encrypted storage in general (and hopefully homomorphic encryption will solve that), but I knew this and for me that is a feature, not a bug. I use 2-step password auth (NOT 2FA) explicitly so no one can read my emails without my consent - not the provider, nor the government.


Can you elaborate on how the second password improves the privacy/security posture? I might switch to it.


I am assuming that the second password is like decryption key. I have saved the second password as "mailbox password"

The way I interpreted is that first password is for the account, so verify I am who I say I am. But since the emails are encrypted, browser can't show my messages in human-readable form. Second/mailbox password decrypts it and shows the emails in human readable format.

This is just a guess.

I would love to hear about second password from other/more knowlegeable folks.


ah, ok, but that’s not what this is for.

Proton does not have access to your email contents, no matter if you use one or two passwords. They do not have you password, neither the first one, nor the second one, they have a hash of it, to be able to verify you have types the correct password. Only the actual password (the first one or the second one) can decrypt email content. Decryption only happens in the browser (Or in the proton app).

Of course you need to trust them on this, it’s difficult to verify, but it as been audited multiple times.

The second password is an old vestige of the time where they couldn’t manage to use a single password for both authentication and decryption.

I use the second one as well, but I use it so I can use VPN on some common devices the family use as well, without having to enter the second password. So if the family device is lost or compromised, only my first proton password has ever been used on it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: