ProtonMail is a scam, much like Lavabit (although the nature of the scam differs). Lavabit at least had the decency to shut down once they realized their claims were fraudulent, once the government told them how they lied and that they would like to take advantage of those lies please.
They deliver JavaScript to the browser to decrypt messages. While it's true that they don't have access to user messages for as long as they remain honest, that's a profoundly useless property to have. You can just be honest and not try to access messages, which is what Fastmail does. There's no point in handcuffing yourself and holding on to the key.
As soon as a system administrator feels like accessing the messages (either out of curiosity / government order or because an unauthorized user gained administrative control), they can deliver modified JavaScript to the browser that sniffs the password and decrypted content and sends a copy somewhere. This is, very literally, "being able to decrypt data."
The encrypted messages that are sent to non-ProtonMail users require visiting a ProtonMail website to decrypt the message, which has all of the security concerns as above. Furthermore, it's pushing the line of what counts as "email". Fastmail is clearly advertising themselves as an actual email service, where you send content over SMTP and it shows up in the recipient's email client. You can't do that with ProtonMail encrypted messages; the recipient gets a link to the content.
You can build a new protocol that has the properties we'd all want out of a modern messaging system. You might be able to replace email. But it won't _be_ email, and Fastmail is email. If you want Pond, you know where to find it.
And snake oil with a well-designed website, $500,000 of crowdfunding, and a team of PhDs is still snake oil.
Thanks for making a really interesting point that I didn't have space for in the Confidentiality post, but did touch on in the Integrity post.
The whole thing with email is that it's your own immutable copy. If you can't even read it without going to some website that may or may not exist at a later date, then you don't really have a copy. So you wind up having to extract the plaintext and then keep a copy of that somehow to ensure you never lose access. Sounds like normal email, the hard way.
They deliver JavaScript to the browser to decrypt messages. While it's true that they don't have access to user messages for as long as they remain honest, that's a profoundly useless property to have. You can just be honest and not try to access messages, which is what Fastmail does. There's no point in handcuffing yourself and holding on to the key.
As soon as a system administrator feels like accessing the messages (either out of curiosity / government order or because an unauthorized user gained administrative control), they can deliver modified JavaScript to the browser that sniffs the password and decrypted content and sends a copy somewhere. This is, very literally, "being able to decrypt data."
The encrypted messages that are sent to non-ProtonMail users require visiting a ProtonMail website to decrypt the message, which has all of the security concerns as above. Furthermore, it's pushing the line of what counts as "email". Fastmail is clearly advertising themselves as an actual email service, where you send content over SMTP and it shows up in the recipient's email client. You can't do that with ProtonMail encrypted messages; the recipient gets a link to the content.
You can build a new protocol that has the properties we'd all want out of a modern messaging system. You might be able to replace email. But it won't _be_ email, and Fastmail is email. If you want Pond, you know where to find it.
And snake oil with a well-designed website, $500,000 of crowdfunding, and a team of PhDs is still snake oil.