My point was I think they have already the ability to do this (cited sources) but they don't.
Apple's private relay feature is good but they also suffer from recent trust issues.
Regarding the last point, yes if you send PM-Non-PM there will be plaintext email sitting in the Non-PM's inbox/sent items. But you do have the ability to send non-PM recipients password protected email where they have to read the email over at PM in their browser. Only a link to it sent by email and they need to know the password to access it.
Obviously it depends on your threat model, but if you're doing anything that sensitive you should probably not be using email as there's no way of truly making it secure to use.
Some people will be using protonmail just because they don't want their provider scanning their emails or targeting them with ads. PM do offer a free tier so they're not a bad choice for that use case.
> That’s because, PM servers receive plaintext data. Then, they encrypt it. But there is no proof that plaintext is not logged.
Ah yes this is a good point. The only way to be sure is to client side end-to-end encrypt your data before you send it to any upstream mail service. E.g. using S/MIME or PGP. At this point you can then use any free mail service as you now “only” need to worry about leaked mail header meta-data.
We must be fair. Citing that plain text is readable before proton mail encryption is.... unfair.
A bad actor could place a proxy upstream, the problem has nothing to do with protonmail.
What protonmail tries to solve is your mail being encrypted at rest. It succeeds there.
Statements about "but they can read it" or "they can capture everything before..." is a separate issue, one of trust and different methods of state interference.
> Citing that plain text is readable before proton mail encryption is.... unfair.
Firstly it wasn’t me that made that observation but..
I don’t think fairness comes into it. If you’re concerned with that risk, use something else. All security comes with a set of trade offs and knowing which risks you’re protected from and which you are not, helps you make that choice.
ProtonMail are also very good at publishing their threat model, architecture and technical implementation as well as large parts being open-source.
> What protonmail tries to solve is your mail being encrypted at rest.
Actually it does better than that. It uses message-level encryption using PGP keys to provide that encryption at rest. Which in theory gives them zero access. Lots of services which tout encryption at rest are actually encrypting the block storage which mitigates against fewer and less likely threats.
Apple's private relay feature is good but they also suffer from recent trust issues.
Regarding the last point, yes if you send PM-Non-PM there will be plaintext email sitting in the Non-PM's inbox/sent items. But you do have the ability to send non-PM recipients password protected email where they have to read the email over at PM in their browser. Only a link to it sent by email and they need to know the password to access it.
Obviously it depends on your threat model, but if you're doing anything that sensitive you should probably not be using email as there's no way of truly making it secure to use.
Some people will be using protonmail just because they don't want their provider scanning their emails or targeting them with ads. PM do offer a free tier so they're not a bad choice for that use case.