
ProtonMail iOS app goes open source - _eigenfoo
https://protonmail.com/blog/ios-open-source/
======
153791098c
The apple store always distribute apps under a proprietary license. So even if
the code is open-source, if you install it on your device through the apple
store you are still installing proprietary software.

They say on their Github page that their app is licensed under GPLv3. Yet they
can't publish it under GPLv3 license to the apple store. This means that if
you contribute to the project under the GPLv3 license, they can't redistribute
your through the apple store. So if you contribute your code it will always
have to be licensed under a permissive license.

Still can't wait for the F-Droid release though.

~~~
mimsee
How is Blink Shell: Mosh & SSH Client[1] licensed as GPLv3 on the iOS App
Store? To my knowledge that's not the only GPLv3 app on the iOS app store.
Many of the projects give a special grant for it to be published on to the app
store.[2]

[1]: [https://apps.apple.com/us/app/blink-shell-mosh-ssh-
client/id...](https://apps.apple.com/us/app/blink-shell-mosh-ssh-
client/id1156707581)

[2]:
[https://github.com/blinksh/blink/blob/raw/COPYING#L702](https://github.com/blinksh/blink/blob/raw/COPYING#L702)

Edit: formatting, more context, and sources

~~~
colejohnson66
I’m not even sure a grant is necessary. As the author, you can relicense your
work whenever you want. That includes relicensing for a certain platform. So,
release your GPLv3 source code, but release the “proprietary” version on the
App Store.

~~~
greggman2
If you're the sole author yes. If you took any contributions then no unless
you got all the contributors to accept your proprietary license for their
contribution.

------
kylehotchkiss
I’ve been so happy with ProtonMail as a strategy to store any email I receive
with dollar signs in it (to avoid google’s vacuuming it up into “purchases”
and “reservations” dashboards, which I find exceptionally creepy on a paid
gsuite account)

ProtonMail provides a lot of value for the small dollar amount per month! So
happy to see the new mail beta, and now open source for the iOS app!

Very excited for protondrive now. Google Drive is usually fine but I never
feel comfortable storing scans of IDs or tax documents there.

~~~
tyingq
Depending on your use case, Yandex is a good alternative to Gsuite. No charge
to use your own domain...it's free. No doubt Russians can scan it all, but
maybe they have little interest in a US centric small business for example.

Also, I imagine they have little interest in complying with US LEO requests.

~~~
simonh
I'd be very worried about transferring business bank account details and
commercial records to Russia. The state might not be interested in you in
particular, but scammers know no borders. Also Yandex has admitted publicly to
providing customer data to the FSB. Again you might not care about the FSB,
but any transfer of or access to data to an outside organisation inherently
increases the risk of further leaks.

~~~
tyingq
Agree, but there are many more cases where the US digging into details is more
risky than Russians doing the same. Yandex is a often a better, not perfect
alternative for US small businesses.

~~~
pvg
What are some of these many cases for US businesses?

~~~
tyingq
I run a small business myself, and prefer Yandex for my email. What use cases
DON'T apply? This keeps any of my customers free from NSA spying and US
jurisdiction for my choices.

~~~
pvg
I'm not questioning your personal preference, I'm asking about a few of the
specific (of, you say, many) cases in which using Yandex email is better for a
small US business.

The NSA has greater authority (and likely, capability) to collect every single
bit in a Yandex server than it has in a Google one. And, of course, so does
the FSB, the security service of something fairly close to an actual mafia-run
state. So that one doesn't sound super-convincing. What are some others?

~~~
tyingq
My view is pretty much any city centric mom and pop business. The Russian risk
is lower than the US Federal risk almost always. Consider the IRS and
importing products.

~~~
pvg
Right, I understood you believe this, I'm trying to understand the basis for
that belief since it seems both counter-intuitive and at odds with available
facts.

Edit: you added a bit of detail about the IRS after I replied, are you saying
a yandex email makes it easier to evade taxes? That the advantage of such an
email address is skirting or breaking laws and regulations?

~~~
tyingq
Re: The IRS. No, not pro evading laws. Like any law enforcement office, they
can overreach, overstate, misinterpret, conflate, etc. Restricting their
access has pros for innocents.

Here's a real example. Aluminum extrudes are highly import taxed UNLESS they
are are an integral product feature. Does the IRS get to see my emails on
that, pre-emptively, before any presumption of doubt? Should they be able to
poke a few search terms into an NSA database? Or is the burden on them to get
a subpoena?

I see no weirdness that they can see my books but have no business in my
conversations. Decades ago, they couldn't peer into meetings in a real-time,
prior reasonable doubt way. 1984 and all.

------
teekert
I love Protonmail, me and my entire family would have already been on it with
a nice custom domain if that wouldn't cost me 32 euro's a month (4 mailboxes:
me, wife and 2 kids, per year payment reduces it to 25/month). I now pay 6.05
euro's for that at Transip (can go up to 5 addresses + hosting space, 3
addresses is 3 euro's). I like Protonmail more, better, cleaner webUI, focus
on privacy, nice app... but it's really really expensive.

~~~
mikece
Think of it the other way around: how much per month is Google making by
reading your email (with bots) to generate a marketing profile so companies
can buy targeted ads to sell you stuff? Besides, feature-wise, you get a LOT
more from ProtonMail than, say, Fastmail, which is the low-feature, no-frills,
non-encrypted alternative.

If you aren’t paying for the product then you _ARE_ the product.

~~~
sourcesmith
Google have not scanned emails for the purposes of targeting advertising for a
couple of years now.

~~~
newscracker
I would actually like to see a source for this claim. Google did state that it
would stop scanning emails for targeting ads "later this year" at some point
in time. But I haven't seen a document after that reaffirming that this has
been done.

~~~
sourcesmith
I suspect GDPR would have been sufficient threat since not all people involved
in a scanned email were guaranteed to be Gmail users, so gaining consent would
have been problematic.

------
sschueller
What about Android? The one I can actually compile myself and install myself.

~~~
windthrown
Protonmail mentioned in the comments that the Android app is currently
undergoing a similar third-party audit and the source code will be released
once that is complete.

------
newscracker
Does this mean that the app could be forked to support multiple accounts
(which is currently not possible for the free tier users with the official
app)?

~~~
tinus_hn
Sure, but you need a paid Apple account to put it on the App Store. Chances
are none of the cheapskates who ‘believe strongly in freedom’ are going to put
their money where their mouth is and spend the $100 so everyone can enjoy that
freedom.

~~~
nexuist
Why would you pay $100 to a dictatorial software distribution platform when
your whole thing is, well, free software distribution?

~~~
tinus_hn
Do you want freedom? Freedom does not come for free.

------
_bxg1
Beyond all the other benefits of this, hopefully it means more general feature
updates/bug fixes. There are several (minor) bugs in the app that have existed
for some time now, and it doesn't yet support iOS dark mode, for example. I
know they don't have a huge team and are focused on the web app and security,
but it would be exciting if the iOS app started getting a bit more love.

------
Bantros
All the app needs is the option to arrange emails into a thread similar to
desktop

------
jimnotgym
Well done Protonmail. I hope this is only the beginning for them and we will
see more of their estate open-sourced

~~~
yhoiseth
They have open-sourced other things, like their web app, already.

------
stockkid
I wonder if the ProtonMail server will ever be open source. It'd be pretty
cool to see the code and possibly self host, although having source code
available might allow spammers to abuse the system.

------
neskiredk
Does that mean we can get rid of the “Sent with ProtonMail Secure Email.”

Also, Can someone with more experience than me in licensing explain why we
couldn't bundle up a fork of the app and release in on ios App store?

~~~
vinay427
You could get rid of that signature before, at least on the Android and Linux
desktop apps.

~~~
neskiredk
Without paying? I'll have to check it out on iOS, perhaps they changed it.

~~~
shin_lao
I'm a little bit bothered by your comment that seems to be complaining about a
service you use for free.

~~~
wgjordan
If the software is indeed open source, it's entirely reasonable to expect to
be able to use it unencumbered- I would be a bit bothered and would also
complain if that were not true.

~~~
fnordsensei
ProtonMail, the iOS app, is now open source, but ProtonMail, the service, is
still proprietary and (mostly) paid.

It's somewhat comparable to using Thunderbird (open source) to connect to
GMail (proprietary). GMail might impose some restrictions regardless of the
open source status of the client.

------
hacknat
This is awesome! I think they'll actually get a lot of help with this client.
I for one am going to change a few things that I'll be they'll mainline.

------
gopaz
Can someone break down what makes up the 91MB this app weights in at? Since
its 94% swift I'm a bit surprised

------
RocketSyntax
How do I view the read receipts? It was either not apparent or not working.

------
RocketSyntax
I LOVE IT! And the VPN! Is there a desktop client for mail coming?

------
jammygit
One day they will release calendars

------
aphextron
Kind of pointless because you're still installing a compiled binary from the
app store with zero guarantees that it's even the same source.

~~~
javagram
Couldn’t you compile the code yourself and use your own version of the binary?
Then you just have to trust XCode isn’t backdoored :-)

Edit: [https://developer.apple.com/support/compare-
memberships/](https://developer.apple.com/support/compare-memberships/) “ With
just an Apple ID, you can access Xcode [. . .] and you can test your apps on
devices”

~~~
otachack
I think you can only provision a compiled app to run on a phone for 7 days
before needing to reinstall IF you aren't paying the $99/yr Apple dev account
fee. Running on simulators is free, though.

