You want to apply for a job or just curious?
I was thinking about incentives and motivations. Are they motivated by profits?
I was also thinking about how sometimes listening to everyone in a team can save them from failure. Do Proton and Tutanota listen to everyone?
I’m pretty sure tutanota is just another company with employees doing their boring 9 to 5 job. They have an admirable goal, but I’m not too fond of how they go about it (the whole “use our app, the browser or bust” is, all things considered, a pretty big mistake IMHO), and the people from tutanota I have interacted with didn’t strike me as specifically “driven”.
I can’t speak for proton, however. I have used it, it also doesn’t let people use email clients. So, maybe it’s better than tutanota, probably, I guess. On the other hand, tutanota has their app on f-droid, and proton doesn’t.
Either way, if they really cared about E2EE and email, they would have extended the existing, instead of reinventing the wheel. Yes, it’s harder. But it would actually foster natural transitioning of users over time, and it would make a deep, lasting impact, instead of essentially being a “proprietary platform” with apps (open source or not).
Interesting. Thanks for the reply!
I have also chatted with Tutanota workers and I didn’t have the impression that they were not driven. In fact, I think about myself: if I was a good enough developer, experienced with their stack, I’d love to work with them just for what they stand up for regarding privacy and openness. It seems like a very gratifying way of spending my time.
As to the closed platforms, I totally agree with your criticism in purely abstract terms; I don’t like that I need to rely on Tutanota for encrypted email instead of a federated system like XMPP or Matrix. However, Matrix has been an aspirational platform in which only my closest friends, and the wokest or tech-savvy acquaintances join. For a good chunk of my daily life, if I want libre, metadata-reduced, and encrypted communication, I have to rely on Tutanota’s closed email system.
Do you think there’s a way of extending email (rather than “reinventing the wheel”) that’s also as simple as “give me your email and let’s agree on a password”?
I have also chatted with Tutanota workers and I didn’t have the impression that they were not driven.
Full disclosure, I have no idea about the position of the person I talked to. They sounded quite superior, so I am guessing they were talking about a subject that is their daily work (so I’m assuming dev). But it is far from mine (even though I would like to know as much as humanely possible, I have unfortunately no time to learn app development, browser development, and the related ins and outs), so I can’t judge how knowledgeable they were.
It seems like a very gratifying way of spending my time.
Definitely better than most jobs, yes. No questions there.
However, Matrix has been an aspirational platform in which only my closest friends, and the wokest or tech-savvy acquaintances join.
That is, IMHO, more related to politics and release timing than anything else. I have taken forever (only deployed a server 2 weeks ago) to try matrix because of all the associated complexity and inherent “nerd factor” (RTFM and all that, again, I have a pretty demanding job and a private life too - so I really appreciate a solution like signal, briar, simpleX, etc, that can stay out of the way while allowing me to use it until I have time to eventually review bits and pieces and then more). It’s a sad thing, but they missed a key wisdom from Linus Torvalds himself: make it as painless as possible for the user (after all, all salespeople know that a good sales opportunity is characterized by a “pain point” for the user).
Do you think there’s a way of extending email (rather than “reinventing the wheel”) that’s also as simple as “give me your email and let’s agree on a password”?
Great question, thank you for asking. And yes, absolutely. I believe MUAs have done a terrible job presenting the users with clear UI for PGP. The PEP project has gone farther than most, and contributed quite a bit, but in fine, I would posit that they all missed the mark in associating PGP encryption with an opt-in, additional feature, while, correctly implemented in the UI, it would actually be a very viable solution to combat spam, by defaulting to EE2E+signature for all emails. And thus, it could be a very good way to sell it to “normies”.
This could still be done with a “normal” email interface, but enabling the whole automatic encryption+signature via a procedure similar to signal’s cryptographic verification.
Also, the MUA should clearly manage the pgp keys by default, allowing their management via the OS as an opt-out, so to enforce sensible defaults, allow expiration extension, etc etc.
Not OP. But I’m personally curious about the question regarding how decisions are made, but with more focus from the perspective of user experience. As in, how do they decide which features to focus on?
While I’m a fan of Proton, sometimes they seem to be doing too many things simultaneously, which is good but I worry them spreading themselves thin.
How do they do user experience research, especially with many people in the privacy community usually turning telemetry off? What do they rely on to make decisions about features and user experience? Do surveys work for them? Who make the decisions afterwards?
Ok, so I just read upon Proton AG, the company behind Proton, and they don’t seem to owe investors money, because it was originally crowdfunded and now it finances itself with subscriptions. That sounds great! It is quite different to surveillance capitalism and enshittification (given that enshittification requires advertisers).
I am not advertising for Proton, by the way. To make that clear, I still wouldn’t use them because they seem to have very limited VPN functionality in their Linux clients. As a Linux user, I wouldn’t want that. However, if they fix that in the future, I could consider switching.
Edit: Similarly, I found this website https://www.ethicalconsumer.org/company-profile/tutao-gmbh summarizing its evaluation of Tutanota as ethical. It takes into consideration its ownership structure. Unfortunately, I cannot find details because there is a paywall for the information, but it could be the case that Tutanota does not owe money to investors and therefore is not seeking to maximize profits but rather provide a good service while compensating fairly its workers. I wish I could have more evidence.
I like that, if I only need mail with 20gb of storage, Tutanota is cheaper.
I don’t know what to do. I’ll have to think a bit longer.
can’t it be democratic and hierarchical?
does one exclude the other?
That’s not what OP said, they’re asking for two different metrics without any implication about dependency.
Not necessarily :)
Proton is no hero.
Edit: Because of their aggressive monetization, not a bad product I just susoect it will keep getting more expensive.
an activist who is considered an eco-terrorist by the french state uses protonmail without any precautions and it’s proton’s fault that he left traces?
Wooooah. No I just meant Proton charges a lot and offers sales and coupons that in fine print are not really great deals. I think Proton is a secure service, it’s just little annoyances I have with their aggressive af monetization.
Why?
I think prolly because of this https://www.swissinfo.ch/eng/business/protonmail-scandal-tarnishes-swiss-privacy-reputation-/46952640
ProtonMail also guaranteed that “by default” it would not store any IP addresses that could be linked to users’ email accounts.
They don’t store IP addresses by default but when required to by law, they don’t have a choice just like any other company would.
Bad OPSEC by the activist, Protons hands were tied
They actually also have an onion service: https://proton.me/tor
They should probably use the
Onion-Locationextension http header though, imo.When I accessed their front page through tor,it did not auto-redirect to onion >.<, even though I have that setting enabled.
This has been argued over for a long time now. They routinely fight against orders from foreign governments (foreign to Switzerland). When one case comes along and the Swiss government actually says they need the information, and the courts say Proton has to abide, they finally do. This somehow negates every other time the government has come knocking and been told to fuck off? They tried, the courts said they had to do it, so they did. If they didn’t, the service would be gone now.
Hence my question :) If there are investors waiting for returns, you bet (and, like, actually, you do in fact bet) they will get more expensive. If it’s a social enterprise, I wouldn’t worry as much.
