(Webmail provider releases a bespoke desktop app)
(me, old fart, bumbles out from behind the cables and servers and muck)You fools! Have any of you whippersnappers ever heard of IMAP? No? Thought so.
[I’m not that familiar with ProtonMail. Chances are they already support IMAP. In which case: … …why? Why this? Why in this day and age?]
It’s worse than you thought.
The webmail provider released a dedicated browser that can only open the webmail and called it a “desktop” app.
Additionally, they don’t support IMAP. There’s an app to run on your computer that becomes a bridge. The proprietary protocol is translated to IMAP. You can’t use your favorite client if your operating system can’t run that bridge and you’re not a premium user because for “reasons” only premium users can run that local bridge
On a lighter note, the protocol might be proprietary but the bridge still seems to be fully open source : https://github.com/ProtonMail/proton-bridge
I don’t think think Proton shows bad will on this one. The only alternative I can think of (as a non expert) would be IMAP + GPG encrypted emails but very few desktop clients support GPG, which would make them less accessible 🤷♂️ Having their own protocol also probably makes it much much easier for them to iterate on it, opening up usually makes think much robust but also slower.
The bridge Is “open” but somehow it works only for premium users.
they don’t support IMAP
They don’t support IMAP because they want emails to remain end-to-end encrypted, and IMAP doesn’t have any way of doing that. The gateway decrypts the emails locally, then serves them as plain text.
We need something better than IMAP, that’s designed for modern use cases. Something that’s not stateful… Maybe a web service or something like that. JMAP seems promising but barely any providers have implemented it.
Still, if an user prefers the convenience of using any client instead of e2e, could enable it in a setting. Maybe the user subscribed because they liked the interface and the overall features of the plan, and not because of the encrypted email solution and just wants to add the account on the mobile client instead of a dedicated app
Being closed like this IMHO is just to increase user retention
If thex subscribed because of the interface (ehich is certainly plausible), what would they need IMAP support for? Also, if you really want IMAP, xou can have it, you just need their (open source) Proton Bridge for it (thats a sofrware) so that ut retains all features. But then I would need my own email client.
On mobile you’re forced to use their “open source” app that is only available on the closed source app stores and not on fdroid because it uses Google push services
Not true, it’s been available on Fdroid for quite some time now. And it doesn’t need play services for the notifications to work either.
It’s available on an unofficial repository that can be optionally added to fdroid, it’s not available on fdroid
Cool. Now please do Proton Drive and Calendar. Please and thank you Proton.
Calender is included in the mail app
deleted by creator
They generally require to have data visible on the server and/or handle independently encryption/decryption with related tools and key management (including key discovery).
For some, it might be worth, for 99% of the population who wouldn’t be able to do this but also doesn’t want their content availablento the provider, it’s not.
Finally? Why does it need an app all of a sudden…
Making email secure and good is very hard and it involves either making it inconvenient or getting rid of interoperability with existing systems. As long as I’ve been tracking it your choices for client when using Proton were webmail or mobile apps. The news here is that a new option has opened up not that an old option is being taken away
This is just patently false. GPG is not inconvenient & there are a plethora of apps that has made it much more user friendly. The fact that Proton has decided to take away freedom & tell you it is more secure is just bologna. There is no reason to trust Proton at all.
I also prefer gpg but it is not super beginner friendly. I generally recommend people away from proton and tuta unless they really want encrypted email and gpg isn’t something they can figure out
GPG isn’t beginner friendly if you’re only using the CLI. However, even then there are tons of documentations and even Gemini/ChatGPT would prob be good at helping users create/manage their keys. However, I can provide a list of user-friendly GUI apps to create/manage/encrypt/etc. using GPG if you’d like that make it as easy. I mean, you can pay a company that says they’ll protect your privacy but history has shown paying for privacy is unreliable.
@timewarp @Quill7513 The only real alternative IMHO is hosting your own mail server and *that* is no alternative at all, because big-tech will blacklist your server immediately… so Proton/Tuta are the lesser of all evils. If you have a true alternative I am listening.
You can use PGP with just about any email service. I personally just use SimpleLogin, where you can add your public key to have all your messages encrypted. But Thunderbird, KMail, Evolution, FairMail, etc all support email encryption too with IMAP.
@timewarp ok, PGP … remember EFAIL… and all kinds of usability issues which inevitably lead to security issues by ‘wrong use’ at some point. And another *centralized* ‘web of trust’ (benign as it may be) is also not something I look forward to. O well, some genius will emerge at some point and deliver us 🥳 may he/she/it/them be FOSS-minded
GPG is a huge pain in the ass to manage. Everyone knows this, because it’s the case. The web of trust also doesn’t scale and has many problems, handling key securely is hard, making GPG work on all devices is something which is completely impossible for people without solid technical skills.
If you think otherwise, you are just in a bubble.
You’re a serial killer. Everyone knows this, because it’s the case.
Do you see how that works? You can say whatever you want, but unless you can provide some proof then you’re just parroting whatever you’ve heard. If you want to learn how to use GPG then let me know and I’d be happy to show you several open source tools that make it very easy so you can stop parroting BS. Otherwise, you’re entitled to your opinion and I’ll continue to believe you’re a serial killer.
The bubble you’re referring to is your own ignorance.
There are certain things that are known facts, there is no need to prove them every time.
The simple fact that:
- There is not a standard tool that is common
- The amount of people who use PGP is ridiculously low, including within tech circles. Just to make one example, even a famous cryptographer such as Filippo Sottile mentions to receive maybe a couple of PGP encrypted emails a year. I work in security and I have never received one, nobody among my colleagues has a public key to use, and I have never seen anybody who was not a tech professional use PGP.
You can also see:
We can’t say this any better than Ted Unangst: “There was a PGP usability study conducted a few years ago where a group of technical people were placed in a room with a computer and asked to set up PGP. Two hours later, they were never seen or heard from again.” If you’d like empirical data of your own to back this up, here’s an experiment you can run: find an immigration lawyer and talk them through the process of getting Signal working on their phone. You probably don’t suddenly smell burning toast. Now try doing that with PGP.
A recent talk, I will quote the preamble:
Although OpenPGP is widely considered hard to use, overcomplicated, and the stuff of nerds, our prior experience working on another OpenPGP implementation suggested that the OpenPGP standard is actually pretty good, but the tooling needs improvement.
And you can find as many opinion pieces as you want, by just searching (for example: https://nullprogram.com/blog/2017/03/12/).
However, if you really believe I am wrong, and you disagree that PGP tooling is widely considered bad, complex and almost a meme in the security community, you are welcome to show where I am wrong. Show me a simple PGP setup that non-technical people use.
P.s.
I also found https://arxiv.org/pdf/1510.08555.pdf, an interesting paper which is a followup of another paper 10 years older about usability of PGP tools.
Aaaand it’s electron garbage.
How do you know it’s not Tauri?
It says so in the repo
The GitHub repository for the project is here, and the tagline of the repository is:
Desktop application for Mail and Calendar, made with Electron
Ugh, I was looking forward to replacing Thunderbird/Bridge, but never mind.
No way.
I went here for this info. Thanks.
Out of the loop, what’s wrong with electron?
Electron runs a core Chromium Browser + NodeJS + a bit more.
Unlike Chromium itself it is not backwards compatible and removes a ton of things like its sandboxing capabilities.
I am not sure how it is less secure, but it may use more RAM (also not always but generally yes of course), doesnt allow hardening (unlike android WebView apps) and breaks LD_PRELOAD-ing another memory allocator.
This is only a big problem in special cases, in general it makes apps strictly dependend on GNU glibc and others, no idea how it works on Alpine or others (that actually try to make a secure system).
If somebody knows more about security concerns about Electron, please add.
There are other options like Tauri that do the same thing as electron, but instead of bundling chromium with the app, it relies on the OS provided web view. It’s also built with Rust, which tends to be faster.
As an example, Mac would use Safari, Windows would use Edge (chromium), and Linux would likely use WebKitGTK, which is what safari uses.
By using the default browser, developers save a ton of space—at the risk of compatibility issues, which are very very rare nowadays.
WebKitGTK is only native for GTK desktops. On Qt desktops, you’d want QtWebEngine instead.
interesting!
It’s just the webapp. If we want the webapp we use a browser.
Slack desktop app is built with electron and works much better than the web app in my experience. So no it’s not actually always that simple.
Slack is one of those apps which lags in a week on any hardware, it might be better than web version but it still sucks ass compared to fucking ICQ clients. Source: using it in the company I work for, for about 7 years already.
I don’t often have trouble with slack being slow, or buggy. Been using it like 9 years myself. Interesting you’re comparing slack to icq. Are you referring to a current version of icq, or the one that existed in the early 2000s?
I am not sure I understand comparing an app designed to do video/audio chat seamlessly, threaded conversations, channels, filesharing, plus has dozens of subtle nice features that make for a rich experience and a… Chat app, that worked fine for sending plaintext messages but didn’t really do anything else.
I compare it to qip or similar with voice calling support about 10 years ago. But still, Slack loses to pretty much anything on the market regarding performance, be that Element, Telegram, Skype or even Discord. It literally battles with biggest IDEs lol
Not my experience. Not sure what qip is either
Now that Chromium has persistent File System Access permission support, what benefit does Electron have over a PWA other than “Native-looking” menu bars?
It could be that simple. They just hinder their own website to get you to download the app.
You really believe that? It would be easier for them to maintain only the website, so this really doesn’t make sense to me.
Both are Chromium apps.
First running on Chromium, second running on modified Chromium.Dev here.
Yeah that’s how it works.
I’m a web developer. I think there’s a misunderstanding here. The person I responded to said that slack purposely made the web version worse than the desktop app, which I’m doubting.
Everything
It’s basically Chrome. It’s not a real application, it’s a website pretending to be one. It uses a metric fuckton of RAM and eats your battery faster than Prince Andrew a minor.
No, one Chrome tab does not eat that much RAM. Yes it is not as good as native, but it is more platform agnostic, and an Electron app does not really go above 300 MB RAM.
I bought 32gb of RAM cause I was tired and gave up to eléctron apps
I bought 64 gigs of ram and still refuse to use it.
If Firefox could allow their engine to be packaged like this I’d use it. The problem I see here is chromium. Everything is a trade off and we need more ways to build maintainable cross platform applications.
Slack, for example, is Electron and it runs great. One of the best apps I’ve used. And it works better than the browser version…
The hate on Lemmy of electron is a bit of an overreaction if you ask me. Yeah it uses more ram than is necessary but again everything is a trade off. Not everything can be a hard to maintain rust app. Let’s try to embrace cross platform solutions, though yes fuck chrome/google, so sure criticize that part of it.
Let’s try to embrace cross platform solutions,
[JavaFX has entered the chat.]
I don’t know what javafx is, but java is hell. For me. I’m glad it works for others
I don’t know what javafx is
Rust is infinitely easier to maintain than mountains of untyped js garbage libraries built upon left pad
🙄
There is Tauri which packages it with WebKit and uses Rust as backend.
I think tauri uses the OS web view, so it depends
Let me get this right… you’re complaining about Chromium, but you use Slack? You do realize Chromium had better Linux support for things like HW-accelerated decoding than Firefox? Also, the Chromium sandbox is superior to Firefox.
Chromium had better Linux support for things like HW-accelerated decoding than Firefox?
Source? Experienced the exact opposite, especially on Wayland.
You can track the bug history here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1751363
You can see here Chromium had support for this for several years prior:
https://aur.archlinux.org/cgit/aur.git/log/PKGBUILD?h=chromium-vaapi
Android being based on Linux prob has something to do with Chromium’s strong Linux support, but Mozilla has consistently prioritized Windows/Mac. Despite it still be challenging, building Chromium from source has always been a lot easier IMO than trying to create a custom build of Firefox.
Regardless, when it comes to privacy, Chromium itself is pretty stripped down and has policy-based integrations that put it on par with Firefox in terms of security. Even with Firefox, you’d have to modify quite a few policies to improve security. Tor/Mullvad Browser though do a better job in many ways and there is no equal to those privacy enhancements on Chromium that I know of, unless you’re using something like GrapheneOS.
Point being, people like to complain about Chromium a lot & act like Apple fan bois for Firefox, when in reality privacy is nearly the same with both with some minor configurations.
What the heck are you talking about? Chromium is one of the hardest packages to build and it takes forever. Firefox has FAR fewer dependencies. Chromium’s privacy enhancements are a joke.
Chromium is not stripped down at all, just use googerteller and see. It contacts Google everywhere, on the password list, on the account list, in some settings pages, and just randomly sometimes.
It is very crazy. And also it is not fingerprint resistant at all.
I am using all flag settings, policies and GUI settings possibly existing and it still is like that. So no, it is not the same privacy-wise.
I realize Firefox business practices aren’t total garbage for humanity and that they are constantly working to improve it on like .1% budget of Google. And that they are the only real competition which keeps us in a situation where we actually have a choice in browsers. So yeah let’s only care about the technical aspects, or something
And that they are the only real competition which keeps us in a situation where we actually have a choice in browsers.
That isn’t true. You’ve got WebKit-based browsers, LadyBird/LibWeb/LibJs, Goanna, and others. Why choose Mozilla to lead the efforts, when another open source community/foundation may be better? You can also participate in the various new web specifications yourself too if you’re not happy with the direction they’re headed.
They said competition, not alternatives. As things are right now, and knowing people, not just trying to make a technical point, Firefox is the only competition.
The hate on Lemmy of electron is a bit of an overreaction if you ask me
The issue is mainly developers using Electron when things like React Native and Flutter exist. I don’t know a lot about Flutter, but React Native uses native UI widgets and feels a lot nicer than Electron.
It’s what you deploy to your users if you want to work around ad blockers and browser extensions. It’s a great tool to get operating system level access to exfiltrate information about your users and identify them uniquely, even if they would prefer that not to happen.
All that with the help of Google’s telemetry engine aka Chrome, which further helps Alphabet to manifest their interpretation of web standards in the world.
We worked to move things onto the web. Now people bring the web back to your desktop with every application bringing it’s own browser shell. We have come full circle and we’re now using 10x the resources.
Electron is the prime example of everything that is wrong in IT.
Wow. That sounds horrible. Do you have a source about the system level access statement? I would like to see people’s thoughts on it, if it’s as bad as it sounds, I’m surprised I haven’t heard about it before
Do you have a source about the system level access statement?
Electron apps are native apps with the Chromium browser embedded in their windows, so they can do anything a native app can. It supports Node.js modules for things like filesystem access, and can interop with C++ code by writing an add on (https://nodejs.org/api/addons.html)
What source do you need? It’s almost literally the mission statement of Electron.
Do you have a source about the system level access statement?
It’s literally what it is… a native app bundling chromium. As a native app obviously it can do anything.
Each electron App is actually a full independent chromium browser install running a website. It’s easy to code for and works cross platform as a result, but it’s essentially just a website, although they can run offline depending on what’s been built in to the local app.
Each electron app running on your system is a separate full chromium app running, with no sharing of resources between each instance. So they take up a lot of space each and duplicate all the resource usage, and potentially the security flaws.
oh yikes. that sucks.
“Finally” really is the key word, waiting for Proton to add features or apps is painful at times.
Glad they’ve finally made progress with this.
Waiting for Proton to acknowledge and fix critical bugs that can cause data loss was way more painful… took them years with the solution being “just wait for the bridge rewrite it will be (most likely) fixed there”.
Is this where the source code is supposed to be ? https://github.com/ProtonMail/inbox-desktop
Looks like it, it’s available as a zip in the releases along with the compiled app, but isn’t yet uploaded fully on GitHub.
On a related note? When my friend on proton send me (regular imap, openpgp) and several others (gmail, outlook) an email with all of us as recipients, it seems that proton cheats? I get to decrypt the message, where’s the others just read plain ø, unincrypted text.
At first i thought this smart. But now i kind of realize how much of a nightmare this seems to be.
On the other hand, i am not really sure how they do it? Is it to different mails, with fake headers? Or is it more like: if no encryption is available, show thisb (dentical) text instead?
no AppImage, no Flatpak, no PPA, and no COPR
AUR FTW!
Is the search functionality improved in the desktop app?
It just opens the web app
Protonmail still does not have an official app in F-Droid. Just because of this reason I ended my paid subscription and moved to Tutanota.
Not going away from Proton myself, but yes this is damned infuriating. Although I’d deal with a reliable Android app. The Beta Android looks good, but why Proton has struggled so much with Android is beyond my current digging.
Tutanota doesn’t have a good way to export emails in bulk. Their feature set is getting richer, but once invested, the exit cost is quite high, speaking from experience.
Speaking of mail apps, has anyone used Thunderbird recently? I had used it for a year or two up until . . . a year or two ago (probably two or three, actually) and then switched to kmail to satisfy my masochism. Thunderbird just hadn’t been doing it for me with meh functionality and slightly more meh looks.
Fast forward to yesterday when I’m updating my steamdeck desktop to use nix stuff instead of rwfus+pacman and I couldn’t get kmail from nix to behave right so I thought I’d give thunderbird another look. I’m several hours into tinkering with it and holy hell has it changed pretty much completely from a few years ago. Looks fantastic and works pretty much exactly how I want/expect it to. Good job mozilla!
If you like Thunderbird, I recommend checking out Betterbird fork as well that adds more features.
Yes Thunderbird is getting really nice nowadays.
It’s not developed by mozilla anymore. they stopped updating it a couple years ago.
That’s not true, the latest release was two weeks ago.
Not from mozilla, they spun it off a couple years ago
“Thunderbird is completely independent of the Mozilla Corporation, the makers of Firefox.”
Edit: from 2012 apparently. time flies https://blog.thunderbird.net/2023/02/the-future-of-thunderbird-why-were-rebuilding-from-the-ground-up/
It’s still under the Mozilla foundation though, which is what people who are talking about Mozilla usually mean (they’re the ones collecting donations and the parent organization).
Thunderbird is fine.
Tbh I have no idea what they are doing though, they have more funding than GNOME but after Supernova I didnt see any updates.
See my list of flatpak repositories
There is an unofficial Thunderbird nightly Flatpak, that will likely reveal what the hell they are doing.
So Supernova is kinda nice, mainly a big overhaul of the underlying stuff, making it easier to maintain.
It lacks a ton of things like Threads (the addon TB Conversation works though). Also their “spaces” bar is useless, as it just opens tabs, so it is redundant. Good idea, but only if it could replace tabs.
Their search and filter stuff is still the same, really bad. Either displaced in the message list column, as the global search still opens a new tab which is kinda bad UI.
Some addons broke too, not a big deal though.
I have the feeling they removed nested filters, which is extremely bad, but filters still work.
Thunderbird works well.
I’ve never found Thunderbird search bad compared to alternatives, as long as I’m not looking to find content inside attachments. Really fast and responsive and being a desktop client without paginated results makes moving and deleting in bulk so much easier. Would love it to be as powerful as Voidtools Everything to get a bit more granular sometimes but otherwise pretty happy with it.
I mean, I think their global search is not that useful, while their inline mail list search is. So I have a cluttered UI with 2 search bars, to supplement the incomplete inline search.
I believe I read somewhere they’re focusing heavily on the mobile app at the moment (or rather turning K-9 into their mobile app). Once they get that out, we’ll see where the desktop goes.
That too but afaik thats a separate Android dev
Yeah I’ve started using it again the past year. I use Proton Bridge with Thunderbird, and it works well. Much prefer it to webmail interfaces.
Just started using Thunderbird again a couple of months ago. Like it! I never really stopped liking it, just stopped using it because all the webmail interfaces and “appification”.
Was just trying to get K-9 Mail working on my phone again (after years of using umpteen different apps) and it’s not as smooth as I remember.
I think they’re talking Kmail from the KDE app suite. I thought they meant K-9 mail.
Btw If I remember correctly K-9 mail is or is becoming Thunderbird.It’s taking them quite a while, but that usually means that the end result will be worth it.
Yeah I installed it recently on my widows and it is super sleek.
Good job mozilla!
Mozilla don’t work on Thunderbird any more. It’s an independent project now. https://support.mozilla.org/en-US/kb/thunderbird-faq#w_who-makes-thunderbird
no proton drive??
This came way sooner than expected, be grateful. It’ll arrive soon enough. Patience, young padawan
“After years of pushing their proprietary and closed solutions to privacy minded people Proton decided that it was in their best interest to further bury said users into their service as a form of vendor lock-in. To achieve this they made more non-standard desktop clients for their groupware features (contacts and calendars) and the bridge will be discontinued soon.”
Only if there wasn’t CardDAV, CalDAV, IMAP, SMTP and dozens of other highly standardized protocols to handle e-mailing and groupware.
Is the bridge actually being discontinued? People have been saying that a lot recently but I’ve not seen any evidence for it, and not in the linked article.
I’m annoyed that they don’t support SMTP, but realistically they actually can’t unless they have the ability to read your email, which they don’t.
Is the bridge actually being discontinued?
No, but what from their moves it is very clear it won’t live long.
they don’t support SMTP, but realistically they actually can’t unless they have the ability to read your emai
Technically they do use SMTP… and it’s possible for a provider and provide submission and generic SMTP do clients without having to read the email content.
There are lots of ways to do e2e encryption on e-mail (no server access to the contents) over SMTP (OpenPGP, S/MIME etc.). There are also header minimization options to prevent metadata leakage. And Proton decided NOT to use any of those proven solutions (in a standard and open way at least) and go for some obscure implementation instead because it fits their business better and makes development faster.
Because with proven concepts the swiss intelligence services would be locked out. And now people have to trust their claims of “swiss privacy laws” (who are shit - the worst in Central Europe. Switzerland had multiple scandals, from a system that had intelligence files on a large percentage of their “unreliable” citizens as part of the “Fichenskandal” to them recently admitting that most internet traffic within and all traffic leaving and entering Switzerland is monitored by the swiss intelligence services - without so much as a judges permit). Yeah, I know, they are audited…But since Snowden we all know how much that is worth.
"Anyone can download the app, but free users will be given a 14-day trial to test drive it.’
So it’s only for premium users ?
Hey it takes effort to make a WebView for mail.proton.com
They need to see how to package the dedicated browser for all the different distros and operating systems, make a nice icon and so ok. It takes hours
They should sell this masterpiece for much more
Baby steps that take Proton from a great service to a toy for the masses in the effort to increase revenue. AI features are next
Sooo… What exactly changed about the service?
Yup
