This kind of misses the entire value of Protonmail - that they encrypt all of your data at rest using your key, not theirs.
> Fastmail’s email search features also allows you to search for emails based on their content or attachments; ProtonMail’s search function doesn’t let you search through email contents unless you ask it to download all your email to your browser’s cache.
That's inconvenient, but entirely the evidence that they're storing your data correctly. If they could build indexes of your email contents, that would defeat the purpose of private email.
At the end of the day, if Fastmail gets breached they take everything. If Protonmail gets breached they take email datetimes and subject lines.
It is really unfortunate that they have written such a biased article, because it's completely unnecessary. I think the article is correct that fastmail has a much better usability story due to it just being a regular email service. However, Protonmails whole raison d'etre is that they do on server encryption which they can't even decrypt themselves. It gets swept completely under the rug.
They could have just come to the conclusion that if you want ultimate "privacy" and be sure that no one can read your emails "at rest" take Protonmail if you want features take fastmail. That would have been a fair assessment, the way it's written now just makes it come across as a advertisement piece. Maybe they feel customer's moving to Protonmail.
As a huge Fastmail fan and user: This was a bad post, and if the CEO is rolling around the comments today: Just delete it.
ProtonMail and Fastmail serve very different threat models, and glossing over the differences between end-to-end encryption and not is disappointing. I choose Fastmail because my threat model isn't particularly concerned about the company's servers or government intrusion, but for the folks who do need to worry about that, Fastmail isn't a good option, and even a Fastmail blog should be willing to plainly and openly admit that.
If anything, Fastmail should even encourage people living under oppressive regimes or involved in sensitive whistleblowing activities to consider ProtonMail... even if they then use Fastmail for everything else.
I'm a longtime fastmail customer, and I like the service, but they still have no answer for Australia's Access and Assistance Bill, aside from all the other privacy disadvantages they have against Protonmail.
The Access and Assistance Bill doesn't meaningfully impact Fastmail: They do not need to implement a backdoor because they do not provide an end-to-end encrypted service.
They obviously chose not to offer end-to-end before, but now they can't even if they wanted to. So it's a distinction without a difference. It's open by default.
The Access and Assistance Bill doesn't prevent anybody from offering end to end encryption.
The media coverage was very "sky is falling" but the reality is that it only requires you decrypt content to which you already hold the keys or to which you can obtain the keys without compromising the security of untargeted users.
This isn't something they would or could implement after the fact regardless of the law in
question. It'd be impossible to provide Fastmail's product as end-to-end. And that's okay!
Please drop the FUD. It's not helping the discussion.
Fastmail’s email search features also allows you to search for emails based on their content or attachments; ProtonMail’s search function doesn’t let you search through email contents unless you ask it to download all your email to your browser’s cache.
Doesn't this imply that Fastmail has access to the decrypted contents of messages?
Yes. According to their blog [0], they “don’t do full message encryption (e.g. PGP) in the browser” because they “don’t believe this offers a meaningful increase in security”.
Judging by the content of the article, the title should have been: Why Fastmail Is Better Than ProtonMail.
Not necessarily a bad thing. I genuinely don't know which is better. But under each heading there are three paragraphs talking about Fastmail and one for ProtonMail, so I wouldn't exactly call it balanced.
A nice comparison. The tipping point for my choosing fastmail over protonmail was that protonmail limits custom domains to a single domain. I have multiple domains and want(ed) the ability to setup email for all the different domains in a single place.
Either way, I'm very confident if you ask them they'd be glad to see if they have something that would meet your needs: https://www.fastmail.com/support/
for clarity, I don't work for them or get a cut, I just like their product bunches
> Fastmail’s email search features also allows you to search for emails based on their content or attachments; ProtonMail’s search function doesn’t let you search through email contents unless you ask it to download all your email to your browser’s cache.
That's inconvenient, but entirely the evidence that they're storing your data correctly. If they could build indexes of your email contents, that would defeat the purpose of private email.
At the end of the day, if Fastmail gets breached they take everything. If Protonmail gets breached they take email datetimes and subject lines.