Right, but what the author is trying to implement is what is generally considered best practice for secure email.
You’re right that what Proton are doing is a compromise that’s reasonable for most people, but the author here is annoyed that there’s no way to turn it off so he can implement best practice E2EE himself.
Ironically he could probably do that with the vast majority of providers that aren’t Proton, so to me it seems like a totally reasonable ask that a self described privacy focused email provider has some way to allow you to implement best practice email security.
I guess they were probably so caught up in making it easy to use they forgot about the best practice use case.
I agree with you - I don’t think it would take much to adapt their system to support both, even if it’s a manual “I know what I’m doing” power user option hidden away somewhere.
Eh, I don’t think it’s be a big deal. Slap a giant warning on it, all good. Super common on all sorts of platforms. Anyone trying to claim their encryption doesn’t work because they have a (scarily labelled) option to disable it can be easily demonstrated to be disingenuous.
And worst case if someone does disable it but doesn’t implement their own then their email I just falls back to… the same as any other platform.
They might not want to take the time to build it, but I think what this dude is asking for is a totally reasonable thing.
Right, but what the author is trying to implement is what is generally considered best practice for secure email.
You’re right that what Proton are doing is a compromise that’s reasonable for most people, but the author here is annoyed that there’s no way to turn it off so he can implement best practice E2EE himself.
Ironically he could probably do that with the vast majority of providers that aren’t Proton, so to me it seems like a totally reasonable ask that a self described privacy focused email provider has some way to allow you to implement best practice email security.
Exactly this. Why in the world would they not allow that? I don’t believe it’s that hard.
I guess they were probably so caught up in making it easy to use they forgot about the best practice use case.
I agree with you - I don’t think it would take much to adapt their system to support both, even if it’s a manual “I know what I’m doing” power user option hidden away somewhere.
deleted by creator
Eh, I don’t think it’s be a big deal. Slap a giant warning on it, all good. Super common on all sorts of platforms. Anyone trying to claim their encryption doesn’t work because they have a (scarily labelled) option to disable it can be easily demonstrated to be disingenuous.
And worst case if someone does disable it but doesn’t implement their own then their email I just falls back to… the same as any other platform.
They might not want to take the time to build it, but I think what this dude is asking for is a totally reasonable thing.