Its just a webview app…
Yep. Installed it, started it, saw it is basically the website in an embedded browser, uninstalled it.
Like, come on, you have a web version. Why should I use an extra application to view a website. This seems like a cheap excuse for a desktop app.
To save myself the hassle of having to rebuild the electron app every once in a while? I’d rather not open my browser, go to their website and log in with 2fa every time I want to read an email.
Does it support offline access?
It does not. Which is the reason I wanted the app…
How to completely fail on a mail client. Holy hell.
Are you sure?
This was in the linked article:
- Caching for offline use
Caching is not the same as actual offline functionality.
What the hell constitutes “actual offline use” for an email client
downloading emails and storing them locally for offline reading, categorizing, searching and drafting. “Caching” usually just means if you opened the app with connection, it won’t go bonkers and will probably let you finish your immediate task + some basic functionality if you lose it. Can’t close the app though.
The only benefit i can see of web app is it is in a controlled browser environment…could be helpful with security?
(Webmail provider releases a bespoke desktop app)
(me, old fart, bumbles out from behind the cables and servers and muck)You fools! Have any of you whippersnappers ever heard of IMAP? No? Thought so.
[I’m not that familiar with ProtonMail. Chances are they already support IMAP. In which case: … …why? Why this? Why in this day and age?]
It’s worse than you thought.
The webmail provider released a dedicated browser that can only open the webmail and called it a “desktop” app.
Additionally, they don’t support IMAP. There’s an app to run on your computer that becomes a bridge. The proprietary protocol is translated to IMAP. You can’t use your favorite client if your operating system can’t run that bridge and you’re not a premium user because for “reasons” only premium users can run that local bridge
they don’t support IMAP
They don’t support IMAP because they want emails to remain end-to-end encrypted, and IMAP doesn’t have any way of doing that. The gateway decrypts the emails locally, then serves them as plain text.
We need something better than IMAP, that’s designed for modern use cases. Something that’s not stateful… Maybe a web service or something like that. JMAP seems promising but barely any providers have implemented it.
Still, if an user prefers the convenience of using any client instead of e2e, could enable it in a setting. Maybe the user subscribed because they liked the interface and the overall features of the plan, and not because of the encrypted email solution and just wants to add the account on the mobile client instead of a dedicated app
Being closed like this IMHO is just to increase user retention
If thex subscribed because of the interface (ehich is certainly plausible), what would they need IMAP support for? Also, if you really want IMAP, xou can have it, you just need their (open source) Proton Bridge for it (thats a sofrware) so that ut retains all features. But then I would need my own email client.
On mobile you’re forced to use their “open source” app that is only available on the closed source app stores and not on fdroid because it uses Google push services
Not true, it’s been available on Fdroid for quite some time now. And it doesn’t need play services for the notifications to work either.
It’s available on an unofficial repository that can be optionally added to fdroid, it’s not available on fdroid
E2E is their flagship feature and pretty much only selling point. I’m really not surprised they don’t allow to just disable it.
On a lighter note, the protocol might be proprietary but the bridge still seems to be fully open source : https://github.com/ProtonMail/proton-bridge
I don’t think think Proton shows bad will on this one. The only alternative I can think of (as a non expert) would be IMAP + GPG encrypted emails but very few desktop clients support GPG, which would make them less accessible 🤷♂️ Having their own protocol also probably makes it much much easier for them to iterate on it, opening up usually makes think much robust but also slower.
The bridge Is “open” but somehow it works only for premium users.
Yeah, Proton is awesome, that’s for sure. Now, being a “security and privacy” company, it blows my mind that they put so much effort on making apps for Windows and Mac first, leaving Linux behind, and when they finally get to it, they just dump in a glorified PWA. This world is really weird 🤣🤣
Capitalism is weird? Ok, but this is what we have.
deleted by creator
I mean, if you want secure/private communication, email should not be your go-to. It’s a horrible platform by today’s standards. It was never designed to have any serious level of security. Once they have an unencrypted email on the target with timestamps and mail headers, all they need to do is see who was communicating with Proton at that point. I don’t know if anything has changed since the PRISM days, but back in the 2000s, they definitely had that level of insight into the web.
Not much has changed. It’s really only secure if you are sending emails between addresses within the same local network like gmail to gmail. Thankfull with end to end encryption it can be pretty safe just good luck finding someone that knows how to use it. but thankfully proton makes that pretty seamless.
Companies have to comply with law enforcement. If anything, the little amount of data they were able to give after being forced is a good proof of their overall claim. If there is someone to blame here are courts using antiterrorism laws to catch environmental activists.
exactly if it’s a company they have to comply with laws. This is not a service to rely on if you doing espionage or something. It’s for people who want more privacy and choice.
It’s a native app on Windows and Mac?
I don’t use either OS, but the apps are .DMG (Mac) and .exe (Windows), so I believe they are, yes.
PWAs can be packed in .dmg and .exe.
And that they decided to go with RPM and DEB instead of just doing a Flatpak
Are you kidding me? Doesn’t bother me that much, as I use Thunderbird with Protonmail bridge. I’m still waiting on Proton Drive for linux. Well, I’m gonna end up self hosting at this point. :(
I prefer rpm over flatpak. at least I know any os dependency updates are happening regularly, flatpak may not get weekly dependency updates from proton
Idk, got thunderbird set up and feeling pretty happy with it.
The proton desktop app was pretty slow when i checked it. I might give thunderbird a go.
Aaaand it’s electron garbage.
I went here for this info. Thanks.
Ugh, I was looking forward to replacing Thunderbird/Bridge, but never mind.
Bridge
I am actually sort of worried that now that they put this out they will retire bridge. We will have to wait and see. Is having a browser tab open really that bad… ?? I suppose but I still like programs over web pages.
Out of the loop, what’s wrong with electron?
It’s basically Chrome. It’s not a real application, it’s a website pretending to be one. It uses a metric fuckton of RAM and eats your battery faster than Prince Andrew a minor.
I bought 32gb of RAM cause I was tired and gave up to eléctron apps
I bought 64 gigs of ram and still refuse to use it.
If Firefox could allow their engine to be packaged like this I’d use it. The problem I see here is chromium. Everything is a trade off and we need more ways to build maintainable cross platform applications.
Slack, for example, is Electron and it runs great. One of the best apps I’ve used. And it works better than the browser version…
The hate on Lemmy of electron is a bit of an overreaction if you ask me. Yeah it uses more ram than is necessary but again everything is a trade off. Not everything can be a hard to maintain rust app. Let’s try to embrace cross platform solutions, though yes fuck chrome/google, so sure criticize that part of it.
Rust is infinitely easier to maintain than mountains of untyped js garbage libraries built upon left pad
🙄
The hate on Lemmy of electron is a bit of an overreaction if you ask me
The issue is mainly developers using Electron when things like React Native and Flutter exist. I don’t know a lot about Flutter, but React Native uses native UI widgets and feels a lot nicer than Electron.
There is Tauri which packages it with WebKit and uses Rust as backend.
Let’s try to embrace cross platform solutions,
[JavaFX has entered the chat.]
I don’t know what javafx is, but java is hell. For me. I’m glad it works for others
I don’t know what javafx is
Let me get this right… you’re complaining about Chromium, but you use Slack? You do realize Chromium had better Linux support for things like HW-accelerated decoding than Firefox? Also, the Chromium sandbox is superior to Firefox.
Chromium had better Linux support for things like HW-accelerated decoding than Firefox?
Source? Experienced the exact opposite, especially on Wayland.
You can track the bug history here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1751363
You can see here Chromium had support for this for several years prior:
https://aur.archlinux.org/cgit/aur.git/log/PKGBUILD?h=chromium-vaapi
Android being based on Linux prob has something to do with Chromium’s strong Linux support, but Mozilla has consistently prioritized Windows/Mac. Despite it still be challenging, building Chromium from source has always been a lot easier IMO than trying to create a custom build of Firefox.
Regardless, when it comes to privacy, Chromium itself is pretty stripped down and has policy-based integrations that put it on par with Firefox in terms of security. Even with Firefox, you’d have to modify quite a few policies to improve security. Tor/Mullvad Browser though do a better job in many ways and there is no equal to those privacy enhancements on Chromium that I know of, unless you’re using something like GrapheneOS.
Point being, people like to complain about Chromium a lot & act like Apple fan bois for Firefox, when in reality privacy is nearly the same with both with some minor configurations.
Chromium is not stripped down at all, just use googerteller and see. It contacts Google everywhere, on the password list, on the account list, in some settings pages, and just randomly sometimes.
It is very crazy. And also it is not fingerprint resistant at all.
I am using all flag settings, policies and GUI settings possibly existing and it still is like that. So no, it is not the same privacy-wise.
What the heck are you talking about? Chromium is one of the hardest packages to build and it takes forever. Firefox has FAR fewer dependencies. Chromium’s privacy enhancements are a joke.
I realize Firefox business practices aren’t total garbage for humanity and that they are constantly working to improve it on like .1% budget of Google. And that they are the only real competition which keeps us in a situation where we actually have a choice in browsers. So yeah let’s only care about the technical aspects, or something
And that they are the only real competition which keeps us in a situation where we actually have a choice in browsers.
That isn’t true. You’ve got WebKit-based browsers, LadyBird/LibWeb/LibJs, Goanna, and others. Why choose Mozilla to lead the efforts, when another open source community/foundation may be better? You can also participate in the various new web specifications yourself too if you’re not happy with the direction they’re headed.
They said competition, not alternatives. As things are right now, and knowing people, not just trying to make a technical point, Firefox is the only competition.
It’s what you deploy to your users if you want to work around ad blockers and browser extensions. It’s a great tool to get operating system level access to exfiltrate information about your users and identify them uniquely, even if they would prefer that not to happen.
All that with the help of Google’s telemetry engine aka Chrome, which further helps Alphabet to manifest their interpretation of web standards in the world.
We worked to move things onto the web. Now people bring the web back to your desktop with every application bringing it’s own browser shell. We have come full circle and we’re now using 10x the resources.
Electron is the prime example of everything that is wrong in IT.
Wow. That sounds horrible. Do you have a source about the system level access statement? I would like to see people’s thoughts on it, if it’s as bad as it sounds, I’m surprised I haven’t heard about it before
What source do you need? It’s almost literally the mission statement of Electron.
I’ve never gone to the webpage of electron
Do you have a source about the system level access statement?
Electron apps are native apps with the Chromium browser embedded in their windows, so they can do anything a native app can. It supports Node.js modules for things like filesystem access, and can interop with C++ code by writing an add on (https://nodejs.org/api/addons.html)
Ah ok gotcha. Thanks.
Each electron App is actually a full independent chromium browser install running a website. It’s easy to code for and works cross platform as a result, but it’s essentially just a website, although they can run offline depending on what’s been built in to the local app.
Each electron app running on your system is a separate full chromium app running, with no sharing of resources between each instance. So they take up a lot of space each and duplicate all the resource usage, and potentially the security flaws.
It’s just the webapp. If we want the webapp we use a browser.
Slack desktop app is built with electron and works much better than the web app in my experience. So no it’s not actually always that simple.
It could be that simple. They just hinder their own website to get you to download the app.
You really believe that? It would be easier for them to maintain only the website, so this really doesn’t make sense to me.
Dev here.
Yeah that’s how it works.
I’m a web developer. I think there’s a misunderstanding here. The person I responded to said that slack purposely made the web version worse than the desktop app, which I’m doubting.
Now that Chromium has persistent File System Access permission support, what benefit does Electron have over a PWA other than “Native-looking” menu bars?
Slack is one of those apps which lags in a week on any hardware, it might be better than web version but it still sucks ass compared to fucking ICQ clients. Source: using it in the company I work for, for about 7 years already.
I don’t often have trouble with slack being slow, or buggy. Been using it like 9 years myself. Interesting you’re comparing slack to icq. Are you referring to a current version of icq, or the one that existed in the early 2000s?
I am not sure I understand comparing an app designed to do video/audio chat seamlessly, threaded conversations, channels, filesharing, plus has dozens of subtle nice features that make for a rich experience and a… Chat app, that worked fine for sending plaintext messages but didn’t really do anything else.
I compare it to qip or similar with voice calling support about 10 years ago. But still, Slack loses to pretty much anything on the market regarding performance, be that Element, Telegram, Skype or even Discord. It literally battles with biggest IDEs lol
Not my experience. Not sure what qip is either
Proton Drive though 😭. The Windows app is so nice, wish we could get that for Linux.
I’ve set up an Rclone for the time being, not great but it works well enough for basic bisynchronisation.
Oh… I thought they meant Drive is finally out. That sucks. :(
On a related note? When my friend on proton send me (regular imap, openpgp) and several others (gmail, outlook) an email with all of us as recipients, it seems that proton cheats? I get to decrypt the message, where’s the others just read plain ø, unincrypted text.
At first i thought this smart. But now i kind of realize how much of a nightmare this seems to be.
On the other hand, i am not really sure how they do it? Is it to different mails, with fake headers? Or is it more like: if no encryption is available, show thisb (dentical) text instead?
no AppImage, no Flatpak, no PPA, and no COPR
AUR FTW!
“After years of pushing their proprietary and closed solutions to privacy minded people Proton decided that it was in their best interest to further bury said users into their service as a form of vendor lock-in. To achieve this they made more non-standard desktop clients for their groupware features (contacts and calendars) and the bridge will be discontinued soon.”
Only if there wasn’t CardDAV, CalDAV, IMAP, SMTP and dozens of other highly standardized protocols to handle e-mailing and groupware.
Is the bridge actually being discontinued? People have been saying that a lot recently but I’ve not seen any evidence for it, and not in the linked article.
I’m annoyed that they don’t support SMTP, but realistically they actually can’t unless they have the ability to read your email, which they don’t.
Is the bridge actually being discontinued?
No, but what from their moves it is very clear it won’t live long.
they don’t support SMTP, but realistically they actually can’t unless they have the ability to read your emai
Technically they do use SMTP… and it’s possible for a provider and provide submission and generic SMTP do clients without having to read the email content.
There are lots of ways to do e2e encryption on e-mail (no server access to the contents) over SMTP (OpenPGP, S/MIME etc.). There are also header minimization options to prevent metadata leakage. And Proton decided NOT to use any of those proven solutions (in a standard and open way at least) and go for some obscure implementation instead because it fits their business better and makes development faster.
Because with proven concepts the swiss intelligence services would be locked out. And now people have to trust their claims of “swiss privacy laws” (who are shit - the worst in Central Europe. Switzerland had multiple scandals, from a system that had intelligence files on a large percentage of their “unreliable” citizens as part of the “Fichenskandal” to them recently admitting that most internet traffic within and all traffic leaving and entering Switzerland is monitored by the swiss intelligence services - without so much as a judges permit). Yeah, I know, they are audited…But since Snowden we all know how much that is worth.
Proton seems on the wrong side of the usability - privacy spectrum. Every last feature I’d want from an online provider is impossible or massively neutered by the overly strict security.
I wish there was a similar service in a trustworthy country with a more sane level of safety, like opt-in encryption for example.
no proton drive??
This came way sooner than expected, be grateful. It’ll arrive soon enough. Patience, young padawan
So, what is general concesus about Proton, is it safe or not? I dont use it because you need to pay for Bridge to use it in Thunderbird. Maybe I would use if it has a dedicated app.
It depends on what you want. If you want a solution that makes sure your provider won’t be able to read your data? It is sure safe for that.
Generally I would distrust any company claiming that our swiss privacy laws are worth a dime - in fact they are shit and among the worst in Europe. Swiss intelligence laws actually force companies to cooperate in a much broader sense than even the national security laws in the US do. And of course there is no judge involved and they can basically share the collected data with whoever they want.
It is about as safe as trusting Apple at their word to protect your privacy.
It’s pretty great. Especially considering that you get a full ecosystem with Mail, Calendar, Drive, VPN and Pass.
I would also like to take this opportunity to shout out murena.io. They host open source cloud solutions. You get a Nextcloud with OnlyOffice and lots of other goodies and their pricing is pretty good
So how would you sync your Proton Passwords with NextCloud, or with VaultWarden? Or actively sync them locally to be used with an open source app?
Oh, that’s right… you can’t. Proton will say… “Just trust our payloads bro! There is no way we’d ever deliver a modified payload to get your password. Sorry you can’t sync your calendar & contacts, just use our Windows apps.”
I wouldn’t? I suggested Murena as a Proton alternative. I don’t know if they have a password manager right know but you can always throw a KeePass database into your Nextcloud.
My sincerest apologies. I misread the thread and thought you were advocating for Proton, which IMO is a questionable company. Thanks for the clarification.
I use both. Proton fits most of my needs, Murena does the rest. I’m not attached to any of them though, if I’m given good enough a reason, I’ll drop Proton immediately
At least you’re open to moving on. I think keeping an open attitude in any scenario is prob the best option. For most people, I’d recommend they keep using whatever works for them. If you’re happy with Proton then switching may just cause frustration. However, if you’re very much security focused and also care about things like being able to access your calendars/contacts in the apps you want, then I’d prob suggest just using SimpleLogin for email with their GPG feature, vaultwarden for passwords (you can still use the BitWarden phone apps), and Nextcloud for Calendar/Contacts which also supports DAVx for mobile.
What is the point of email clients? Why not just use the web browser?
More reliable notifications? That’s my reason, at least.
Speaking of mail apps, has anyone used Thunderbird recently? I had used it for a year or two up until . . . a year or two ago (probably two or three, actually) and then switched to kmail to satisfy my masochism. Thunderbird just hadn’t been doing it for me with meh functionality and slightly more meh looks.
Fast forward to yesterday when I’m updating my steamdeck desktop to use nix stuff instead of rwfus+pacman and I couldn’t get kmail from nix to behave right so I thought I’d give thunderbird another look. I’m several hours into tinkering with it and holy hell has it changed pretty much completely from a few years ago. Looks fantastic and works pretty much exactly how I want/expect it to. Good job mozilla!
Good job mozilla!
Mozilla don’t work on Thunderbird any more. It’s an independent project now. https://support.mozilla.org/en-US/kb/thunderbird-faq#w_who-makes-thunderbird
Just started using Thunderbird again a couple of months ago. Like it! I never really stopped liking it, just stopped using it because all the webmail interfaces and “appification”.
Was just trying to get K-9 Mail working on my phone again (after years of using umpteen different apps) and it’s not as smooth as I remember.
So whats more privacy friendly, using a browser to check email, og using the official Proton app?
Neither. The single app that Proton has done somewhat right with is their VPN and only because they haven’t eliminated port forwarding. Everything else they’ve utilized non-standard protocols and failed to provide source code or API docs. They basically said that users are too stupid to protect themselves, and that you should just trust them to do it for you.
They failed to provide CalDav & CardDav syncing for things like calendars & contacts, IMAPS for mail, and prioritized things like their cloud-only password store. They had no valid reason not to use standardized protocols other than to prevent their users from actively syncing local copies of their data to integrate with privacy-friendly open source software. They act like Apple & a lot of their users prob. are Apple fan bois who will trust a company no questions asked. I have no reason to trust them whatsoever.
