I don’t normally write about the services I use because it makes it one step easier for someone to phish me. But in some cases, it’s trivially easy to discover some of my tools and this is one of those. I use Proton Mail, which anyone can see by looking at my MX records, and while Proton has always delivered a good, solid, secure email experience, it has been branching out into contacts and calendar recently.
Encrypting email is a no-brainer, but contacts and calendar are interesting choices for different reasons.
I consider email encryption to be table stakes - I won’t use unencrypted email and out of the players I’ve tried, Proton Mail has done it the best.
While email bodies are end-to-end encrypted and also encrypted at rest, Proton Mail subject lines and senders are not encrypted. This is a problem because lots of information can be leaked from a subject line and sender - remember the infamous But we’re only collecting meta data! defence from the NSA? However, the search cannot work on encrypted blobs, so the trade-off here is to allow some basic searching while encrypting the actual message body. It’s not great, but I don’t have a better solution right now.
Regarding contacts, I don’t think anyone other than Proton has even considered this aspect. A person’s contact list can deeply inform an observer of many aspects of a person’s life. Much like email subjects, there are some trade-offs between security and functionality. One of those trade-offs is that contact names and primary email addresses are not encrypted at rest.. That seems like a pretty big trade-off to me. Arguably, the most valauble part of a contact is its name so it’s weird to me that is not encrypted. I assume that decision was made for the same reason as not encrypting the subject of emails at rest: to support searching and auto-complete in other Proton apps.
Encrypted contacts has a “neat” feel to it, but it’s not something I deeply care about. My reasons are two-fold. The first is that contact information is generally public anyhow; most people have posted their contact info on the net somewhere already - LinkedIn, personal sites, email signatures, etc. I understand that the main purposes of encrypted contacts are to prevent association of contacts and also to digitally sign contact records to prevent undetected modification. Those are great features, but they just don’t interest me. The second is that the contact integration doesn’t, and probably never will due to encryption, function with the apps on my phone. I want to see names beside my phone’s recent call list, I want auto-complete in various apps that use my contacts. None of that is possible right now with encrypted contacts. Only the Proton app can see those contact records.
Calendar encryption is more interesting to me. The idea of someone compromising my calendar has become a bit of a mind exercise for me. I don’t particularily want my doctor appointments, my financial meetings, etc, to be viewed by other people any more than I want emails pertaining to those topics read by other people. If I were an activist (I am not) then there would also be added value in hiding attendees and events. I feel there is a lot more personal data caught up in calendar entries than there is with contacts, so I would have preferred to have the calendar function built first.
An encrypted calendar is a tough nut to crack because one of the most useful things about digital calendars is the ability to share them and invite people to events. It’s pretty hard to encrypt your calendar and also allow people to see it, the latter being the absolute antithesis of encryption’s purpose in life. Unlike mail or contacts, it seems that the primary calendar event attributes - title and description - are encrypted along with other data. I consider a calendar title to be analogous to an email subject or a contact name. Given that those fields are not encrypted in email or contacts, I did not expect that data to be encrypted in the calendar. The current calendar has no search option so I can’t investigate further, but it is in beta as I write this so perhaps that is coming. Although, it is not clear to me how no-knowledge encrypted events could be searched, so even if a search function does appear, it would probably be virtually useless on fully encrypted records.
The current beta version of the calendar is only technically functional (AKA - barely functional). Yes, you can add and edit events and get notifications, but there’s no way to sanely migrate to the Proton calendar yet because there is no import functionality. Even the most boring of us probably has hundreds of arbitrary calendar items. Further, the recurring options are too basic to be of much use. Much more work is need there to enhance the current “week, month year” options.
I started using Proton around the timeframe of the PRISM revelations. Prior to that, I did not realize the the US had the ability to hoover up the entire Internet and I started taking a few more precautions online at that time. Not because I’m particularly worried about the US government having my emails, but because if a contractor can walk out of the puzzle palace with the keys to the kingdom undetected, that is a sign of a serious technical debt that demonstrates to me that the US government is not competent to safeguard the data it collects.
I did not know that more was coming in terms of a VPN, contacts, and calendar, but I have watched Proton grow over the years and my trust in it remains stable. I wish Proton would develop features faster, but I understand that building a Google takes time and I am quite sure the Proton budget and team of engineers is miniscule in comparison to Google, so I accept that it will be slow but steady progress over time.