
ProtonMail v3.16 - stockkid
https://protonmail.com/blog/protonmail-v3-16-release-notes/
======
leetbulb
I'm a happy ProtonMail user. I've never had an issue with the system and the
web app is very pleasant to use.

However, I wonder when (if at all) they plan on encrypting more metadata...?
Any of you users actually look at the network log of ProtonMail web app?
Almost all effort goes in to encrypting just the body of the emails, while
just about everything else is seemingly stored in plaintext (headers,
subjects, senders, recipients, etc etc)

~~~
supakeen
This is mostly because email servers need to look at email headers to route
mail to the correct person.

The headers might be encrypted in transit by TLS between email servers but
this is not guaranteed.

------
techntoke
What is this? Since when did cloud hosted solutions announce version number
changes? Is ProtonMail suddenly available as an open source self-hosted
platform?

~~~
amelius
> Since when did cloud hosted solutions announce version number changes?

It would be great if cloud solutions actually allowed customers to upgrade to
new versions when it suits them, not when it suits the provider. And with
security fixes properly backported.

~~~
giancarlostoro
Some providers do this for specific APIs though I may be thinking of SaaS and
not the general cloud. I agree though. Although I think Azure Functions lets
you pick the version as well iirc.

------
jhabdas
So wait, are they reintroducing ECC?

> This announcement is an example of why I am not using ProtonMail anymore.
> There are a lot of things they do that sound very good on marketing
> materials, but upon examination are security theater.

Quote:
[https://news.ycombinator.com/item?id=19747493](https://news.ycombinator.com/item?id=19747493)

As a user for more than a year I've suffered data loss using the Bridge Client
on macOS, seen (and have copies of) encrypted phishing emails originating from
trusted TLDs and PM themselves, and well, if they fixed something in the new
release I'd really hope it would be the Phishing report button - which doesn't
seem to work on Android.

I looked at Tutanota as an alternative, but in the end all I really wanted was
something that integrates with my operating environments and just works. There
are plenty of ways to communicate securely. Email doesn't have to be best one.

~~~
292355744930110
That blog post was linked from this one in the quote:

> To switch to ECC and to learn more about how it works, check out our recent
> article.

