Talk:Proton Mail/Archive 1

Image resize
Shouldn't  be smaller? 71.34.137.244 (talk) 09:31, 27 April 2015 (UTC)

Zero Knowledge
Is protonmail really using a zero-knowledge protocol ? It is being said in the introduction, but nowhere else is anything specified (?) 95.91.240.213 (talk) 20:05, 4 November 2015 (UTC)
 * I appended clarify to the sentence. Maybe someone has a good source for this. Otherwise we should remove it as advertising.–Totie (talk) 18:38, 5 November 2015 (UTC)
 * ProtonMail is using client-side encryption. It is not using zero-knowledge proofs or zero-knowledge protocols actually fitting the cryptographic definition of zero knowledge. 85.76.73.223 (talk) 17:09, 24 July 2016 (UTC)
 * I removed the phrases entirely. I did not like the formulation to begin with and believe that it puts as into a position that we have to justify the claims made by ProtonMail.–Totie (talk) 11:28, 25 September 2016 (UTC)


 * Zero Knowledge? Nonsense! Their support could clearly read my emails to identify me when I needed recovery. I did not give any employee my password! "Can you please let us know if you recognize the following address?" - {Zendesk employee citing fragments of my previous email communications} Still, much better than GMail! :-o — Preceding unsigned comment added by 77.6.242.106 (talk) 19:07, 1 October 2019 (UTC)

Links to summary pages on email servers/services
Should the links at the bottom be retained? While they do link to nice summaries of email options, the Wikipedia pages they linked to does not include ProtonMail. I would suggest adding rows in the various tables which describe ProtonMail, or removing the links to the comparison pages. — Preceding unsigned comment added by 75.73.1.89 (talk) 00:26, 26 February 2016 (UTC)
 * I see no problem there. The page is for further reading on a directly related topic.–Totie (talk) 13:40, 26 February 2016 (UTC)

Historical vulnerability
I am moving mention of the following historical vulnerability from the article to the Talk page. It does not seem notable at all, considering especially that it did not affect the then current version. --Hyperforin (talk) 01:26, 25 September 2016 (UTC)
 * I disagree about the notability. Given the articles emphasis on security, I do believe that this kind of vulnerability should be mentioned.–Totie (talk) 11:26, 25 September 2016 (UTC)
 * I don't feel strongly about it. You're welcome to add it back if you like. Typically I would mention it too, but there is no famous large software product that exists without a history of vulnerabilities. This one in particular was not even exploited as far as we know, making it less than notable. --Hyperforin (talk) 00:05, 26 September 2016 (UTC)

{{quote|

Vulnerabilities
A video demonstrating a cross-site scripting attack was shown in July 2014. The ProtonMail developers reviewed the video and confirmed that the issue affected an early development version of ProtonMail that was released in May 2014. The attack did not affect the then-current version. }}

User number
According to this source: https://protonmail.com/blog/protonmail-tor-censorship/ there are only "over 2 million" users. While technically 5 Million is "over 2 million", I think they would have wrote 5 million if it would be that much more than 2 million.Andylee Sato (talk) 08:46, 19 January 2017 (UTC)

I just updated the user number based on a news post reflecting on 2018 on the protonmail.com website. --Andylee Sato (talk) 23:41, 25 January 2019 (UTC)

Encryption protocol needs citation
The section on encryption provides a moderately detailed description of how the crypto works, but it only sites a stack exchange article. The article has a brief description by someone claiming to be one of the developers, but even that doesn't support a number of the claims. I recommend replacing this section with something that indicates that ProtonMail has not provided an official explanation of how end-to-end encryption works. — Preceding unsigned comment added by SyntaxPolice (talk • contribs) 19:40, 1 March 2017 (UTC)

Proton VPN (proxy)
https://protonvpn.com/about it is a thing too 88.159.71.224 (talk) 00:24, 6 September 2017 (UTC)


 * Confirm -- https://protonmail.com/blog/protonvpn-launched-free-vpn/ and http://www.zdnet.com/article/protonmail-releases-protonvpn-to-the-public-for-free/ . --Nanite (talk) 00:45, 6 September 2017 (UTC)

Account Types - or Price List
The last section is not appropriate to an encyclopaedia - and is already out of date. I have not edited it as I suggest it is properly replaced. For example the section could say something like "As well as paid-for accounts Proton also offers a limited free account, stating that this is because... " Armuluk (talk) 21:43, 13 January 2018 (UTC)
 * I removed it as being promotional, self-sourced, and not notable.  98.216.246.87 (talk) 23:30, 5 October 2019 (UTC)

Security
As said on the protonmail website, in the security-part Israel is involved. It takes a lot of explaining to clients, with some bitter words used, but to me its the end of the line. Not realy what i consider as secure77.174.114.47 (talk) 12:48, 3 October 2018 (UTC)

It is important. A quote, please? (Zezen (talk) 12:15, 18 June 2019 (UTC)).

Promotional tone related edits
Hi there Davey2010, I'm happy to work out the merits and demerits of the four edits under "dispute" here. But you'll need to address them each individually instead of via unexplained mass revert(s) of all four. It's not like there are 20 of them making it tricky. There are only four. Each is distinct and easily addressable. Each is even revertible individually without too much difficulty if you want to go that way (as long as you give explanations -- real ones). 98.216.246.87 (talk) 00:41, 6 October 2019 (UTC)

Truly "end to end"? Pervasive puffery and self sourcing.
There's a TON of fluffy talk (WP:PUFFERY) here straight from ProtonMail's mouth. Reliance on PM as major source (and a primary one at that) has led to loads of unnotable inclusions of what amount to mere press releases. Secondary sources are what establish notability and those are sorely lacking here.

One of the pufferies is all this about "end-to-end" which is dubious and easily breakable. For one thing, which should be obvious, "end-to-end" cannot be said about emails that come in from outside or go out from inside PM's system. Nor, for emails within PM's system that aren't encrypted (as far as I can tell). Complex encryption systems leave lots of holes, especially when companies have "ease of use" as a requirement. For "end-to-end", encryption would have to be done by JS in the browser, but a simple change in the JS can easily break it and that can be easily accomplished by a court order, a botched update, or even a deliberate decision by the company (tough times, a gun to someone's head, etc.). Same goes for any PM-supplied client "app" that's subject to automatic updates. So, all that blather about "end-to-end" must be taken with a big grain of salt, and it should be addressed. 98.216.246.87 (talk) 01:45, 6 October 2019 (UTC)
 * Apologies I should've looked at your edits a bit more closer - I certainly agree with your comments and have reinstated your edits however I've reinstated the account types which I don't see a problem with (If there's common consensus somewhere to include this I'd happily remove it). – Davey 2010 Talk 02:06, 6 October 2019 (UTC)
 * Thanks, man. I'm happy to concede to consensus on the account types.  There was some complaint about it earlier here under "Account Types - or Price List" which is what brought my attention to it in the first place.  I saw that it was sourced only with old primary sources from -- you guessed it -- PM themselves.  There was no solid secondary source lending it the notability it would need to climb out of the promotional-sounding hole it was in.  The earlier complaint of dubiosity (out of date) and unencyclopedicness, combined with my impression of no-secondary-source non-notable promotion, suggested sufficient consensus for bold removal.
 * So, you mentioned "WP:There is no time limit" -- which doesn't exist. I'd like to look it up.  Was it a typo?  I was referring to WP:burden, which is very clear about replacing "dubious" uncited passages only when/if a solid cite can also be supplied.  It might or might not apply to possibly-wrong possibly-promotional material that's self-primary-sourced (though I think it does).  If you can lead me to your intended "WP:xxxx" I'll be able to read it and see how it might apply.  98.216.246.87 (talk) 03:48, 6 October 2019 (UTC)

Please fix
The current version of this article uses the term "beta" four times, but fails to explain what "beta" means in this context, or even provides a Wikilink pointing to an article that might explain the usage of "beta" that is meant in this article's context. Please correct this situation. 173.88.246.138 (talk) 05:40, 6 June 2021 (UTC)

Not really "Open Source“
In contrary to what they say on their blog: "ProtonMail is Open Source” ProtonMail seems to only release small parts of it's code as open source, and they release it slowly after using it in production, this kind of delay could speculatively be caused by the external audits — they speak of "Security Contributors" on their blog . They have no intention of releasing their back end which — considering the audits — could be seen as some form of security through minority. "The security risks of open sourcing the back-end code is too high. It would let an attacker know how our infrastructure is set up or let spammers get insight into how to circumvent our anti-spam measures."

- ProtonMail Blog Admin

As of 22 february the only thing released as open source is the previous version (2.0) of the webmail front-end which can still be accessed through v2.protonmail.com. Their server, iOS and Android code are closed. Though founder Andy Yen promised to the backers of the crowdfunding campaign to open source the native apps: "Hi Eric, this is why we are trying to hit our reach goal of $500,000 so we can also build native applications for ProtonMail which will be installed/loaded once, and also be open source."

- Andy Yen

So I would simplify the introduction by saying
 * ProtonMail is a free and open-source web-based encrypted email service ...

And in the infobox, the license could be:
 * Freeware; some components MIT License

--Duvrai (talk) 12:24, 22 February 2016 (UTC)
 * I agree somewhat. They do seem to have a commitment to open source and said repeatedly that this happens once the product leaves beta. Nevertheless, Wikipedia is an encyclopedia and it would be wrong to suggest that ProtonMail is open source already. I am in favour of your suggestions and would be open to mentioning their open-source intentions elsewhere in the article.–Totie (talk) 17:03, 22 February 2016 (UTC)

Location and security
The "Location and security" section states that Switzerland was selected in part to avoid Fourteen Eyes. Switzerland is part of Club de Berne, which is an intelligence sharing organization involving some of the same nations comprising Fourteen Eyes. Any ideas how a protonmail user should interpret Club de Berne? Does any of this matter for normal law abiding users who just want to not feel like scammers, spammers and marketers are monitoring every detail of their private lives? For example, are these intelligence sharing activities ultimately a source of personal data for scammers, spammers and marketers? Does Club de Berne represent risk for criminal hacking of accounts?

Encryption
Be very sceptical when companies advertise end-to-end encryption. They allow either content to leak online or to be shared amongst a group of people. Protonmail is not an exception. 2A02:587:C82E:15AA:E9C4:763:C9C:489 (talk) 07:42, 9 March 2022 (UTC)

Requested move 27 May 2022

 * The following is a closed discussion of a requested move. Please do not modify it. Subsequent comments should be made in a new section on the talk page. Editors desiring to contest the closing decision should consider a move review after discussing it on the closer's talk page. No further edits should be made to this discussion. 

The result of the move request was: not moved. Too soon to tell if reliable sources have made the switch yet. (non-admin closure) — Ceso femmuin mbolgaig mbung, mellohi! (投稿) 05:22, 21 June 2022 (UTC)

ProtonMail → Proton Mail – They rebranded and added a space.&#32;Evrifaessa (talk) 14:16, 27 May 2022 (UTC) — Relisting. — Ceso femmuin mbolgaig mbung, mellohi! (投稿) 23:56, 6 June 2022 (UTC) — Relisting. >>>  Extorc . talk  16:43, 13 June 2022 (UTC)
 * This is a contested technical request (permalink). ASUKITE  14:28, 27 May 2022 (UTC)


 * Note - There does appear to be some coverage of the rebranding:, and as at least two editors thought to bring this up, it seems worth discussing. ASUKITE  14:28, 27 May 2022 (UTC)
 * Note: WikiProject Websites has been notified of this discussion. ASUKITE  14:30, 27 May 2022 (UTC)
 * Note: WikiProject Cryptography has been notified of this discussion. ASUKITE  14:30, 27 May 2022 (UTC)


 * from revision 1089929631:
 * Is this the new WP:COMMONNAME yet? Is it referred to by the new name in independant sources? -Kj cheetham (talk) 09:17, 26 May 2022 (UTC)
 * Is this the new WP:COMMONNAME yet? Is it referred to by the new name in independant sources? -Kj cheetham (talk) 09:17, 26 May 2022 (UTC)

GeoffreyT2000 (talk) 14:44, 27 May 2022 (UTC)
 * My personal take is that WP:COMMONNAME is aimed at when there is big differences between the different names (eg. "Bill Clinton" vs. "William Jefferson Clinton", or "Birdman" vs. "Birdman or (The Unexpected Virtue of Ignorance)"). When there's such a small difference, I say we just go with the official name, whether or not it is or isn't the common name yet. - Samuel Wiki (talk) 06:15, 28 May 2022 (UTC)
 * move to Proton Mail. like Samuel Wiki says, it's acceptable to just follow the official name since the difference is so small. RZuo (talk) 21:37, 1 June 2022 (UTC)
 * Agree with Samuel Wiki, move article to Proton Mail. DavzTheEditGuy (talk) 18:19, 2 June 2022 (UTC)

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.
 * Oppose. No evidence that this recent rebranding (announced May 25, 2022, is that correct?) is already generally reflected in sources. We do not follow corporate brand engineering (as many assume we should, particularly those with connections to the affected organisations), we follow its uptake if and when that happens. Andrewa (talk) 18:12, 20 June 2022 (UTC)

Move to Proton Mail
The actual name of the product is Proton Mail, with a space, this page should be moved. All the new product names can be found in the official blog: https://proton.me/blog/updated-proton Supertonyred (talk) 10:39, 22 August 2022 (UTC)
 * Support Recent rebrands and has small differences between the former. Also, for name consistency across Proton-related articles. — Labdajiwa (talk) 03:10, 26 September 2022 (UTC)

Nadim Kobeissi's paper
Hi, all. I'm adding back Kobeissi's paper. Perhaps I didn't do a particularly good job of explaining why I thought it justified at the time to cite this paper with the view he is a subject matter expert, so I have explained in the edit summary and I though I would provide a longer explanation here.

Firstly, academic papers analysing encrypted applications are in direly short supply. This appears to be one of two papers which focus on ProtonMail. As a natural result of this, the article is heavily reliant on ProtonMail's own publications for details of its internal workings, 35 of the article's 65 sources (i.e. a little over half) are direct citations to ProtonMail as a WP:SELFSOURCE.

Secondly, I would regard Nadim Kobeissi as a Subject Matter Expert. He has previously written the much lauded CryptoCat messenger, but in more relevance to him being an SME, he was a professor of cybersecurity at the time[1], had previously written peer reviewed publications (e.g. [2]) and a number of much cited conference papers (e.g. [3]).

Thirdly, I would regard this paper itself this paper is itself seems fairly reliable, and the claims at least to me make sense. More resoundingly it is cited itself by a peer reviewed paper. [4]

Finally, I think that the wording of my contribution does not place to much weight on Kobeissi. He receives WP:INTEXT attribution and he is described as arguing the position, no statement is made on the actual integrity of the cryptography, just what Kobeissi's paper says.

I think that Kobeissi more than meets the conditions for being a Wikipedia SME, indeed that he is one of the best SMEs that this article could hope to have. Furthermore, if editors are to take the position that an independent researcher who is a professor and coder in the relevant field with publications and whose words are cited by a peer reviewed paper should not be used as a source because he is self published, then why should the article rely so heavily on the company itself, which may create bias or lead to inaccuracies.

[1] https://computerscience.paris/security/ [2] https://www.cairn.info/revue-archives-de-philosophie-du-droit-2015-1-page-297.htm [3] https://dl.acm.org/doi/10.1145/2993600.2993611 [4] https://aip.vse.cz/pdfs/aip/2021/03/09.pdf

Best wishes all, ~ El D. (talk to me) 20:49, 17 November 2022 (UTC)

Why hasn't this article been moved already?
It's been Proton Mail, with a space, for a while now. FunLater (talk) 15:51, 7 February 2023 (UTC)

Human rights abuse
Protonmail is not following international SOS standards. They are facilitating certain corruption on the platform in favor of those who do not do well in life and hold titles they do not deserve by talent exploited from others more capable. 91.66.104.223 (talk) 11:40, 21 March 2023 (UTC)

Add Proton Pass
Today, april 20th 2023, Proton Pass was announced, it is a password manager made by Proton AG.

The service is currently only available to Lifetime users, and sooner this week Visionnary users should get beta access. It is unknown when the rest of the people will get access to the service.

Announcement blog post: https://proton.me/blog/proton-pass-beta

Security model blog post: https://proton.me/blog/proton-pass-security-model Adaoh (talk) 01:12, 21 April 2023 (UTC)

Adding a "Features" section to Proton Mail entry
Add a "features" section:
 * What I think should be changed (include citations):

Updating Proton Mail page to reflect that it is a product page, not a company page
What I think should be changed (include citations): The existing page reads more like a company page than a product page. I suggest the following fixes to make it a product page and prevent cannibalization of the Proton AG company page:
 * 1) “Location and security” section should be removed
 * 2) “Proton Calendar”, “Proton Drive” and “Proton VPN” sections should be removed as this page is about Proton Mail

Why it should be changed: At the moment, the Proton Mail page repeats a lot of information from the Proton AG page. This is confusing for users as it is not clear which page is the company entry and which is the Proton Mail product entry. Proton Mail should retain its own page because it is a well known service with a lot of press mentions, but the page should talk solely about Proton Mail. Currently, the Proton Mail page has a section called “Products”, where it lists all the other Proton products such as Proton VPN and Proton Drive.

References supporting the possible change: ProtonMail rebrands and unifies its products into three subscription tiers, Tech Spot

Octazooka (talk) 19:14, 9 May 2023 (UTC)


 * The products information has been removed. In terms of the "location and security" section, there is information here that is not on the other page. Do you think it should be moved over to there?  Spencer T• C 03:16, 12 May 2023 (UTC)
 * Yes, I agree the information should be preserved and it should be moved over to Proton_AG. I was going to make that suggestion in the discussion for that page next. Octazooka (talk) 14:30, 12 May 2023 (UTC)

Storage
Proton’s default free account comes with 500 MB of storage that can be shared among Mail, Calendar, and Drive. From December 2021, users can upgrade their accounts to 1 GB of storage for free by performing four actions : Proton’s premium plans Mail Plus and Proton Unlimited allow users to pay for additional storage up to 500 GB. Storage capacity above 500 GB is only available to Proton users with a legacy Visionary plan (Proton’s highest-tier premium plan which was available until 25 May 2022), or the winners of Proton’s annual Lifetime Account Charity Fundraiser.
 * Importing emails or contacts from Gmail or Yahoo
 * Sending a message
 * Setting up a recovery method
 * Using the Proton Mail app for Android or iOS

Addresses
All Proton Mail users have at least one free email address. Proton Mail email addresses can use one of the following domains:
 * @proton.me
 * @protonmail.com
 * @pm.me
 * @protonmail.ch (only available before 2016)

Proton Calendar
Released for public beta on 30 December 2019, Proton Calendar is a fully encrypted calendar app. As of 14 April 2021, it is available to all users of Proton Mail.

Contacts
On November 21, 2017, Proton Mail introduced Proton Mail Contacts, a zero-access encryption contacts manager. Proton Mail Contacts also utilizes digital signatures to verify the integrity of contacts data.

Easy Switch
Easy Switch is a tool that securely imports emails and events from several popular email providers into a user’s Proton Mail inbox and calendar. Easy Switch works with Gmail, Outlook, and Yahoo, and can also be configured for IMAP access for other providers.

Proton Mail Bridge
Launched in 2017, Proton Mail Bridge is a desktop application that gives users the ability to use end-to-end encryption with their usual email client. Proton Mail bridge links a user’s email account with popular email clients including Microsoft Outlook, Apple Mail, or Mozilla Thunderbird. Proton Mail Bridge is only available to users with a paid Proton Mail account.

Simplelogin
Proton Mail acquired email alias service SimpleLogin in 2022. SimpleLogin is an open source service that allows users to use email aliases to protect their privacy online and protect their main inbox from spam and phishing attacks. SimpleLogin functionality is integrated into Proton Mail, allowing the Proton community to hide their email addresses with SimpleLogin. SimpleLogin continues to function as a standalone service and the SimpleLogin team will continue to add new features and functionality.

Search
In August 2021, Proton Mail launched encrypted search, allowing users to search the contents of the messages in their inbox. Previously, users had only been able to search for emails’ subject line, sender or recipient, date range, or other metadata. Proton’s encrypted search creates a local index of a user’s emails, preventing anyone from accessing the messages unless they have physical access to the user’s device.


 * Why it should be changed:

The above changes explain the various features of Proton Mail, which were previously missing from this entry. See Gmail and GMX Mail entries, which both have "Features" sections in them.


 * References supporting the possible change (format using the "cite" button):

Octazooka (talk) 12:19, 15 May 2023 (UTC)

Reply 1-JUL-2023
Regards, Spintendo  20:08, 1 July 2023 (UTC)
 * No less than 60% of the suggested references are from the company itself. Please provide reliable, third party sources for the information you wish to add to the article.

Requested move 25 July 2023

 * The following is a closed discussion of a requested move. Please do not modify it. Subsequent comments should be made in a new section on the talk page. Editors desiring to contest the closing decision should consider a move review after discussing it on the closer's talk page. No further edits should be made to this section. 

ProtonMail → Proton Mail – That's the new name. See how it is referred to on its Wikipedia article and on https://proton.me/mail;FunLater (talk) 23:18, 24 July 2023 (UTC) This is a contested technical request (permalink). FunLater (talk) 17:21, 25 July 2023 (UTC)


 * I'd like to add that the name is generally used with a space now. See:
 * I did find a recent 'ProtonMail', but I think that, generally, the spaced name is the common name. It's even how this article refers to the subject on the whole page. FunLater (talk) 17:29, 25 July 2023 (UTC)


 * Comment Though my nostalgia meter holds preference for the old name, I do see clearly that many reliable sources are using the new name. However, in a quick Google search, I did see this PCMag article from less than 30 days ago which uses the old name solely and frequently: -- can we get some clarity from the requester on when the name change was made, and perhaps noting any press releases or even a meta-analysis of the coverage since and which names have been used? Open to support such a name change if evidenced, but just think it should be a bit more solidly documented. Criticalus (talk) 15:42, 26 July 2023 (UTC)
 * It was announced on May 25, 2022: "Historically, we have written ProtonMail, but with the expansion of the Proton ecosystem to more and more services, it will now be written as Proton Mail."
 * In the same blog, Proton announced that Proton VPN will have a space, and its Wikipedia article has reflected that.
 * PS: I also found this PCMag article/review which uses Proton Mail, with a space, this The Verge article, this article, and this Washington Post article FunLater (talk) 16:23, 26 July 2023 (UTC)
 * So I clicked through the PCMag review of Proton VPN, and then to their review of ProtonMail which was updated in December 2022, and it does not include the space and still refers to ProtonMail in all capacities. I also found this Forbes ProtonVPN review dated to July 21st, 2023, which calls ProtonVPN and ProtonMail both without the space. I retract my above comment that many reliable sources are using the new name, as I based that comment on the cherrypicked examples listed above. I also think to link to the PCMag review of Proton VPN, which uses both with a space, but not to the review of ProtonMail, which uses both without a space, to be a curious omission. Regardless, it does seem there is significant question as to whether the new name is being widely used nowadays. Criticalus (talk) 20:18, 26 July 2023 (UTC)
 * The review you mentioned shows screenshots of Proton Mail's old interface, before the rebranding, and was written in Sep 19, 2019. (see on archive.org)
 * I didn't see the second review, which was published July 29, 2021, but again, Proton Mail is what is the commonly used name among news sites, at least through my method, which is: "Search for Proton Pass – a recent Proton product that has only ever had one name — and find mentions of Proton Mail and ProtonMail on reliable sources covering either product." This method, which is not "cherry-picking", has shown an overwhelming use of Proton Mail, with a space.
 * PS: Android Police, which I used to show that some still use spaceless ProtonMail, has also used Proton Mail with a space (different writers). FunLater (talk) 22:01, 26 July 2023 (UTC)
 * I also just noticed that the first review you mentioned uses spaceless Proton Drive and Proton Calender, which have always (at least as I inferred from Proton's blog) been two words. FunLater (talk) 22:16, 26 July 2023 (UTC)
 * It's clear the usage is shifting to spaced versus spaceless over time, and I expect as their PR team continues to push the spaced usage, it will become even more engrained, and at some point this article's name should change. It would probably help them do that if this article is renamed, but the question I have is, has the usage changed so much that now is the time to change the article name if sources are still using both names interchangeably? I don't know the answer, I'm just asking. Criticalus (talk) 11:36, 27 July 2023 (UTC)


 * Support. There's no reason to use a grammatically incorrect title when it's not the actual name anymore. Rreagan007 (talk) 15:47, 26 July 2023 (UTC)

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.