
ProtonMail takes aim at Google with an encrypted calendar - vabmit
https://venturebeat.com/2019/12/30/protonmail-takes-aim-at-google-with-an-encrypted-calendar/
======
EduardoBautista
I recently left ProtonMail and went back to Fastmail. My reason was that they
will never be able to fully support IMAP and now CalDAV because of the
encryption they use. I grew to accept that email is not for secure messaging
and my paranoia of "I'm being watched" just went away.

If you need secure messaging, use something other than email.

~~~
mdp
I came to a similar conclusion. You should write every email as if it were
public, because it's entirely likely that it will be. They can be forwarded,
made public through legal discovery, or exposed in a data breach (eg.
Sony/North Korea).

Forget security for a second, imagining every email as public record will make
you more considerate and less biased writer. And from a business perspective,
email should be viewed as a public legal record, because in some cases it will
be used that way.

That's not to say that there shouldn't be private messaging options, it's just
that email isn't one of them and was never really built to be. PGP was always
sort of a tacked on solution with a lot of faults (no forward secrecy, plenty
of meta data leakage, usability issues)

All that being said, I still left Gmail for Fastmail. Just because I consider
every email I write to be public doesn't mean I want Google getting a free
pass to mine and sell my data.

~~~
wstrange
I agree with most of what you have written, but this:

> doesn't mean I want Google getting a free pass to mine and sell my data.

AFAIK, they don't do that with gmail. Do you have any evidence to the
contrary?

We need to hold Google's feet to fire on privacy, but it is also important
that we do not exaggerate or distort the facts.

~~~
bcrosby95
Unlike most other responders, I generally trust Google not to do this.
Everything they say they don't do has been confirmed to me one way or another
by people working there that I trust.

They may make money off ads but I don't think they have any real incentive to
lie about what they're doing. Because most of their users don't actually care.
I would be curious if anyone knows of any scenario where Google has outright
lied about what they do and don't do with information, because I've never
heard of it.

For me, I moved off gmail for other reasons: my email is too important to
randomly lose access to because e.g. their youtube AI thinks I'm spamming a
channel on Youtube. I look at all my data in Google as if I might lose access
to it forever some day, because someday I might, with zero recourse.

~~~
thebean11
What exact behavior of Google are we talking about here? I'm pretty sure they
do mine emails for their own ad targeting. On the other hand, I'm equally sure
they handle the information securely and don't pass it on to anyone else.

~~~
wstrange
> I'm pretty sure they do mine emails for their own ad targeting.

They do not. See
[https://support.google.com/mail/answer/6603?hl=en](https://support.google.com/mail/answer/6603?hl=en)

"We will not scan or read your Gmail messages to show you ads."

~~~
tuananh
> "We will not scan or read your Gmail messages to show you ads."

that reads to me like ""We may do it for other purposes."

~~~
jdminhbg
They obviously do, as does every mail provider that filters spam, at a bare
minimum.

------
jamwaffles
I moved over to Fastmail from ProtonMail a few weeks ago. I think if you value
the encryption and privacy and don’t mind the lack of basic stuff like
threading in the mobile app or IMAP integration, ProtonMail is fully worth it.
That said, for me I just want a well featured email/calendar service that can
replace gmail once Gewgle fucked us over with Inbox. Fastmail does that for me
and provides a lot less friction whilst doing so.

ProtonMail feels like a one-trick pony to me. They’re cruising on the allure
of privacy features but they have a ways to go on other basics.

~~~
mumblemumble
I'm not even sure it's all that great of a trick, considering that no amount
of encryption and security on Proton's own servers or in their app can protect
the contents of emails that are sent to (edit: or received from) someone who
doesn't use Proton.

I am a current customer and think they've got a really well-done service and
app, but lately I've been wondering if it's the privacy equivalent of the
Maginot Line.

~~~
stevenicr
Makes me wonder if its possible or reasonable to consider an option with
protonmails (and similar) - have a note in the footer of the email -
explaining that encrypted is default in their system, but sending to your
email provider has it converted to plain text where others can access it.. if
you'd like to keep this mail message private click to login to
protonReadPortal - where you can read, and if you'd like make a passphrase, to
reply and keep messaging on secure servers.. get an optional app for replies
to your contacts that have proton accounts.. then tap to checkbox so further
emails to you from proton accounts send you a notice to check out the
protonReadPortal instead of including the plain text..

I'd want my protonReaderApp to have default shred message after reading.. keep
available on proton server for 48 hours after.. one click to save as pdf or
zip or other safer password format, or save on protonServer longer.. with easy
to change defaults..

would be nice option. I dunno maybe something like this exists?

There are several use cases for this..

a system like this could make for encrypted form storage and messaging with
the right API maybe hippa compliant?

I'd expect my lawyers and accountants and such to use something like this.

~~~
floriol
You can already do that with protonmail. There are three buttons available
when writing an email, doing exactly that.

------
lvh
Article is light on the details, but ProtonMail has published some here:
[https://protonmail.com/blog/protoncalendar-security-
model/](https://protonmail.com/blog/protoncalendar-security-model/)

> This calendar key will then be symmetrically encrypted (PGP standard) using
> a 32-byte passphrase that is randomly generated on your device. Once it is
> encrypted, your calendar key will be stored on the ProtonCalendar backend
> server.

32-byte passphrase: might be fine, depending on what those bytes are; the
interesting question is how much entropy it got generated from.

> Each member of a calendar will have a copy of the same passphrase that is
> encrypted and signed using their primary address key. The signature ensures
> that no one, not our server or any third-party adversary, changed the
> passphrase.

This is where it gets weird. Why do both? The obvious way to encrypt with an
ECC key comes with authentication for free. Signing mostly has negative
privacy implications. (I think the answer is "we incorrectly decided PGP was a
good idea a long time ago and now we are stuck with its problems, which
include being wrong about authenticators".)

> The invited member, if they decide to join the calendar, can decrypt the
> passphrase using their address key. They can also verify that the signature
> on the passphrase belongs to your email address key. This lets the invited
> member cryptographically verify that you invited them. To accept the
> invitation, ProtonCalendar will then pin the passphrase for the invited
> member by replacing your signature with one created using their own email
> address key. This signature will later be used by the invited member to
> verify the passphrase at each application start.

Again, with designs less than twenty years old you can do that without a
signature.

> To accept the invitation, ProtonCalendar will then pin the passphrase for
> the invited member by replacing your signature with one created using their
> own email address key. This signature will later be used by the invited
> member to verify the passphrase at each application start.

 _what_

I'm reviewing the attendee scheme next, but I need more coffee first.

~~~
anaphor
What are your thoughts on Protonmail's security in general?

Specifically this part from their whitepaper
[https://pbs.twimg.com/media/EKpHwB-
WwAE4YN0?format=png&name=...](https://pbs.twimg.com/media/EKpHwB-
WwAE4YN0?format=png&name=small)

This is a bad idea right? We aren't supposed to decrypt then verify usually,
correct? I'm told this is standard for implementations of OpenPGP, but it just
seems like a horrible design (of course OpenPGP itself is probably bad).

[https://protonmail.com/docs/business-
whitepaper.pdf](https://protonmail.com/docs/business-whitepaper.pdf)

~~~
lvh
I didn't write [https://latacora.micro.blog/2019/07/16/the-pgp-
problem.html](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html)
(the writing is too good, a giveaway that it's a 'tptacek joint) but I did
review it and helped shape its contents and generally subscribe to its message
:) In particular you are correct, and specifically GPG's MDC thing is some
weird nonsense that does not deserve to be in use in 2019, let alone being in
a product that describes itself as having top-notch security.

(Mostly I think I get why Protonmail does what it does, but GPG+email is a
losing horse. It also doesn't help that protonmail addresses are a mild
predictor for content not worth reading. I haven't quite had Popehat's
experience of protonmail being a proxy for overt, virulent white supremacy,
but... certainly have seen it be a proxy for poorly informed opinions on
security :-))

~~~
Klonoar
Setting aside the technical issues for a moment, your last point is
interesting to me.

One of the things that bugs me about security/privacy discussions is the
rampant paranoia and misinformation, and it tends to be the louder voice in
the discussions lately. I have to wonder if Protonmail being such a visible
figure means that it attracts people who're inclined to fall under the
aforementioned.

i.e, the people who use Protonmail for mostly innocuous reasons just don't say
anything, so the poorly informed bits float to the top.

It's like apartment ratings, I guess - nobody writes a rating for a good one.

Disclaimer: I interviewed with PM last year and was offered a role, but for
various life reasons didn't take it. They're pretty smart people though so I'm
inclined to give the team the benefit of the doubt - I don't think any of this
influences my comment above, but worth noting.

~~~
Skunkleton
When I decided to ditch google a while back I considered switching to proton
mail. Their marketing resonated with what I was looking for. After some
thought I realized that email is fairly insecure by design. Even if proton
mail fixed all of the security issues associated w/ email it all goes out the
door the moment I communicate with a non-proton-mail address. Almost all of my
friends and family use gmail, and most of the volume of email I receive comes
from businesses. For my usecases, proton mail is basically security theater.

What's worse, proton mail makes many dubious claims. They claim that "All
emails are secured automatically with end-to-end encryption." This is clearly
false. They state that "ProtonMail's infrastructure resides in Europe's most
secure datacenter, underneath 1000 meters of solid rock." Ok, cool, but how
does that benefit me? The emails are already end-to-end encrypted (but not
really). Am I expecting commandos to raid a datacenter and steal my encrypted
emails? They say that "Our story begins where the web was born, at CERN."
Again, who cares?

End-to-end encrypted email is not on my list of must-haves (or even on my list
of wants). When I need a secure communication channel, I use Signal. Proton
mail overstates what they provide, and they spend a lot of effort on frankly
useless security measures.

------
ben509
The iCalendar spec[1] already features "encryption by committee" by being
thoroughly obfuscated through its innate unreadability and undocumented vendor
extensions.

On a more serious note, a sibling comment asked if there's an API. And,
really, for an API to work, we'd need to agree on some kind of data
structures. Reading that spec, and having mucked with LDAP, IMAP and related
specs, it really feels like we're still banging rocks together in how we
define the semantics of data exchange.

[1]:
[https://tools.ietf.org/html/rfc5545](https://tools.ietf.org/html/rfc5545)

~~~
josephg
The Fastmail devs have been working on getting JMAP for calendars standardised
through the IETF. It’s intended as a mature, modern replacement for all the
iCal / CalDAV junk. The biggest bottleneck at the moment is getting past the
chicken and egg problem - we really need Apple and Google and others to adopt
the new protocols for them to start to be useful. JMAP for email is currently
struggling against the same adoption issue.

[https://jmap.io/spec-calendars.html](https://jmap.io/spec-calendars.html)

------
sverige
This is a welcome development. ProtonMail has worked well for me. Now if I
could only find a way to make a Pixel phone accept that email address instead
of one of my several one-off fake name gmail addresses that I use for such
things.

~~~
sandworm101
Don't integrate privacy-focused email service (hushmail/proton etc) into a
non-private phone. Access it via the webmail interface.

I've been asked several times to decrypt my phone at international boarders.
If you leave things to webmail, unlocking your phone doesn't give them access
to your email account, or even tell them where it is. All the TSA/Cops get is
my "gmail-for-phone-2018@gmail.com" address that I haven't checked since day
one with the phone. My access to my real email is covered by a web browser
that doesn't keep records.

~~~
tubbs
My ProtonMail installation on Android supports PIN/fingerprint locking

~~~
derimagia
They could definitely ask you to unlock it. It's why apps like 1password added
a "Travel Mode" [https://blog.1password.com/introducing-travel-mode-
protect-y...](https://blog.1password.com/introducing-travel-mode-protect-your-
data-when-crossing-borders/)

~~~
tubbs
That's pretty cool! Similarly, couldn't you just uninstall the ProtonMail
native app when traveling?

------
bfrog
I switched to tutanota for the price and features already provided, protonmail
is really quite nice though. I'd love to better understand the legal
implications of the hosting countries laws better.

~~~
nennes
Same here, using tutanota for the last year. They also offer a calendar, which
I haven't tried but assume is encrypted.

~~~
slhck
It says "Free Encrypted Calendar" on their website.

------
stabbles
I'm a bit confused it took Protonmail more than a year yo develop
ProtonCalendar. Is it really that difficult to develop?

~~~
Topgamer7
Calendars are software so directly related to time, I'm not surprised. There
are so many edge cases. Timezones, daylight savings time. The fact that so
many regions don't use the same standards. We alter year length with leap
years and doing things like adding leap seconds. Time is a nightmare to
program around.

~~~
fbnlsr
I somewhat believe our society would be easier if we had a better, simpler
standard for time.

~~~
K0SM0S
I've spent much more time than I care to admit researching calendars, the
general counting of time from seconds to centuries — actually, ahem, from the
Planck time unit to the age of the universe. I find that there would be
elegance in having a metric system aligned with "natural" dimensionless units,
orders of magnitudes.

Suffice it to say, not only are you 100% right, but there are _many_ easier
and better systems we could use; and a software-defined world makes that
actually easier than ever to implement in real life.

But people don't like change, and the biggest obstacle historically has been
religion — depending which culture/country, pick one or two who oppose any
change whatsoever.

Governments just don't see much incentive in doing anything either, because
it's a losing proposition — you'd spend a lot of "political capital" and
probably earn a lot of resentment in return, except for a few nerds who'd love
it.

I've thought long and hard about how to overcome all these historical
roadblocks, but I honestly have no idea in this case. Calendars are... loaded
topics for way too many people, and useless concerns for most everyone else.

It's like the dozenal society. They're right, about everything, but it just
won't happen.

~~~
yrro
I have similar thoughts thinking about currency. It seems incredible to me
that we (in the UK) ever managed to pull off decimalization!

------
Guest42
Is there an API for this calendar? I looked, but didn't notice anything.
That's one of the G features that I like.

------
asdf21
Did anyone else notice ProtonMail being used in the movie "Knives Out" to send
the ransom note? Cracked me up..

~~~
gruez
Not that surprising. It was also shown on mr. robot a few years ago.

~~~
groovybits
I would say its more suprising that ProtonMail shows up in a movie like Knives
Out (which has no technical content), than it is for it to appear in Mr. Robot
(a purposefully technical series, and being underwritten by Michael Bazzel,
who is an advocate of ProtonMail).

------
lvh
Duplicate of
[https://news.ycombinator.com/item?id=21913989](https://news.ycombinator.com/item?id=21913989)
\-- I started reading the actual spec here:
[https://protonmail.com/blog/protoncalendar-security-
model/](https://protonmail.com/blog/protoncalendar-security-model/)

------
vabmit
Here is their write up of the security model:
[https://protonmail.com/blog/protoncalendar-security-
model/](https://protonmail.com/blog/protoncalendar-security-model/)

------
jxramos
If one doesn't care about web access to their calendar is there any
recommended encrypted calendar apps to use on an android device as the default
calendar app? Does setting a default calendar app to something other than the
calendar on ROM actually prevent calendar data from leaking to third parties?

~~~
tasn
EteSync[1] has been around for a few years now. It's fully open source and
offers secure, end-to-end encrypted, and privacy respecting sync for your
contacts, calendars and tasks. Sounds like what you're looking for...

[1]: [https://www.etesync.com/](https://www.etesync.com/)

Disclaimer: I created it.

~~~
dddw
it's based on davdroid / davx5 ?

~~~
tasn
Years ago, when it was first created, the code was forked from davdroid,
though it diverged quite a bit because the other than the part that interacts
with the Android system, they are quite different.

------
infide1castr0
Glad to see any encrypted mail grow their services, this is a bit of a
sidebar, but what are some of the updated thoughts about the return of Lavabit
and the Dark Mail Alliance group?

------
mmd
Still requires google play store to install and google services to run - not
really "polar opposite to google" after all.

------
dddw
I'd like to see how this compares to fruux, which hosts a privacy concious
calendar for years.

------
SlowRobotAhead
I lost a lot of faith in Proton when I learned how much funding they took from
the EU. It just runs entirely counter to evidence we’ve seen of Snowden,
5eyes/14eyes, and other programs that the EU truly wants end to end encrypted
comms for people.

Am I wrong to be skeptical?

Edit: oh apparently I’m wrong to even suggest something we have other examples
of

~~~
Youden
I disagree with much of your comment:

> I lost a lot of faith in Proton when I learned how much funding they took
> from the EU.

Unless the origins of the money are unethical (e.g. blood money), it's not
where it comes from that matters, it's what's done with it. I haven't seen any
misconduct from ProtonMail and the EU's motivations for giving the money seem
to be economic, which makes a lot of sense. They want competitive EU tech
companies.

> It just runs entirely counter to evidence we’ve seen of Snowden,
> 5eyes/14eyes, and other programs that the EU truly wants end to end
> encrypted comms for people.

The EU is not a member of the 5 eyes nor 14 eyes, some of its member states
are. The EU is composed of 28 member states, so not even half are participants
in those groups.

Even if the EU were a member of the 5 eyes, the EU is not a monolithic entity.
The SIGINT arm of the EU (if such a thing exists) may very well oppose end to
end encryption while the economic arm promotes it. The same is true in the US,
where the NSA attempts to break encryption while the Department of State funds
Tor development.

------
terrycody
I am satisfied with the Protonmail, easy to use, secure, good.

------
dddw
nice, but don't put all your eggs in one basket

------
lwhalen
Correct me if I'm wrong, but this doesn't appear to be CalDAV-compatible. If
so, xkcd-927 strikes again :-(

~~~
artursapek
If you want to build something which can't be compatible with popular
standards, what is the better choice? Build it anyway, or let those standards
stop you? It's the same reason I can't read my PGP-encrypted email on my
phone.

~~~
lwhalen
Do what Fastmail did, and work with the community (generally via the IETF) to
make your new standard open and compatible:

[https://fastmail.blog/2019/08/16/jmap-new-email-open-
standar...](https://fastmail.blog/2019/08/16/jmap-new-email-open-standard/)

~~~
artursapek
Good point, perhaps Proton will do so.

