This is Bart, Proton CTO here. For clarity, the issue mentioned here only impacts Proton Mail Bridge, our desktop IMAP/SMTP gateway to Proton Mail encrypted email.
The fact that Bridge and its client can become desynchronized sporadically for some users is a high priority issue we have been working on. Bridge is open source, and as a result relies upon open-source components, and the root cause is an architectural issue in a library that Bridge uses to implement IMAP. When there are network issues, this library returns errors to email clients.
Unfortunately, there are hundreds of email clients, and some email clients don’t handle errors properly, and this leads to desynchronization.
Our error tracking shows this does not happen often (1-2% of Bridge users) and the symptom is usually incorrect display of messages or read/unread status which is fixed with an inbox resynchronization. There are cases where a combination of a desynchronized mailbox and a specific series of user actions can lead to accidental email deletion, but this is far rarer than desynchronization. Our implementation tries as hard as possible to avoid this. If you find you are missing an email, our implementation works around the issue by placing it in a users’ All Mail folder.
As Bridge is open source, updates on this issue have always been publicly posted on GitHub. Addressing this issue at the source requires replacing the core IMAP library. Unfortunately, there are no FOSS IMAP libraries that are sufficiently well maintained. Therefore, the solution is to build our own IMAP library called Gluon, which we have been focusing on since this issue was reported to us. You can follow the progress of this open-source project here: https://github.com/ProtonMail/gluon
We are not refusing to fix the problem. The only possible solution is writing a new open-source IMAP library which we can maintain ourselves to ensure this class of errors cannot occur again. We have doubled the size of the team working on this this year so it is a priority for us.
We’re confident that this addresses the main sources of desynchronization and will be available in the beta version of Bridge by the end of the year.
The fundamental problem is that `UID`s in IMAP kinda suck because assigning persistent, unique IDs to emails in a store is a hard problem because doing that for mbox- or maildir-like stores is hard because those predated any notion of remote email access protocols.
Thus in practice IMAP servers generally assign `UID`s ephemerally per-session, which means that clients can't rely on the stability of `UID`s, which means that clients have to re-obtain `UID`s before operating on emails via IMAP even if they have cached those emails locally. `UIDVALIDITY` exists to help clients cache and invalidate `UID`s. The RFC has text about this.
A bridge from IMAP to something else (which is basically what every IMAP server ever is) needs to deal with this. To make `UID`s stable requires keeping state.
Clients should really not assume stable `UID`s. Instead clients should `SEARCH` or list to get [temporarily] valid `UID`s then use those to delete etc.
> Bridge is open source, and as a result relies upon open-source components
I don't get it. Bridge is open source does not imply it should relies upon open-source components.
> Addressing this issue at the source requires replacing the core IMAP library.
Why building an IMAP library from scratch instead of fixing/forking go-imap?
Even a temporary fix to go-imap when you are developing gluon?
Another repetitive work which does not guarantee the mentioned issues will be resolved completely.
What I don’t understand is why there’s no effort from Proton to expose the underlying protocol between Protonmail.com and the Bridge.
This protocol should be an open source effort, allowing mail clients to implement it and other provider to implement it on their own server.
This could clearly be a major move, making unencrypted IMAP a thing of the past, allowing direct competitors (tutanota? Mailfence?) to collaborate on the bridge and on the ecosystem and targeting directly the only competitor worth talking about : Gmail.
I think this happens to far more than just 1-2% of users, and re-synching the inbox every few weeks is nothing a paying customer should have to do.
These issues have been around since I started using bridge 3 yrs ago. So im sorry but my patience is running out soon.
I just renewed my yearly membership, but if these bugs concerning the MAIN FEATURE of proton arent taken care of in the next few months than i will be looking for alternatives.
I think you would experience the same problems as any IMAP client would. And seeing how this bug is being handled, it doesn't look like paying for bridge access is a good bet to make, IMO. You'll never be confident that the bridge is not going to have a problem. How many emails would you be willing to lose or have trouble with?
In short: The idea was to move from a custom mail server to a paid, hosted solution. ProtonMail was chosen, with the bridge being used to get mails into a local mail client. Issues with the bridge eventually cropped up.
I didn't know what exactly is proton mail bridge. This is what I've found:
> Proton Mail Bridge is a desktop application that runs in the background, encrypting and decrypting messages as they enter and leave your computer. It lets you add your Proton Mail account to your favorite email client via IMAP/SMTP by creating a local email server on your computer.
Protonmail doesn't support email clients with POP/IMAP like most hosting companies do. They only let you use their proprietary apps on mobile. Desktop users can log in to the website or use Bridge which is just a hacky way of creating a local Protonmail server that your email client thinks is a hosting provider. I could never get it set up on my machine so I just used the browser implementation. sigh.
I've suffered from exactly the same issues with Protonmail Bridge, and just this last weekend I decided (reluctantly) to move to a more standard mail provider (I chose Mailbox.org).
Aside from the UID issue discussed I also had problems with Bridge not supporting my particular use-cases. I created my own fork (see https://github.com/polaris64/proton-bridge) to work around some limitations and to add features, but maintaining this was too much work, especially as paying for a mail provider was supposed to reduce maintenance burden. I have had a pull request open since the 23rd of June to merge these to the upstream version, but so far I haven't received any comments from the Proton team.
I like ProtonMail, I just wish Bridge was more standards-compliant.
Could the title be update to contain the word bridge as the issue is in the Protonmail bridge application and not on Protonmail itself. The entire title is clickbaity, but adding the birdge moves it away from being misleading.
The problem is they've been aware of this very serious bug for more than a year, and haven't tried informing their users. So "Protonmail" in this context refers to the business, and the issues surrounding their responsibility, competence and ethics.
"Nobody cares" and "this is a complicated thing that we've spent a year+ building a replacement for" don't seem very congruent to me. That said, it's a rather awful issue for a service like this to have for that long.
I don't think that was the intention of the submitter, but IMO it's significant enough that you providing a link to such an issue would be welcome and appreciated.
Happens occasionally on the mobile app on iOS for me.
I am slowly migrating everything away from my paid ProtonMail account, and I intend to just go back to using a megacorp email... despite absolutely loathing and detesting megacorps. At this point in life, email is simply too important. Notices from government agencies, my accountant, my lawyers, my various banks... I quit self hosting for these reasons (no matter how good I am, I am not full time keeping my self-hosting pristine), and now I apparently cannot fully trust Proton.
Yea the bridge is quite a hot mess, really.
I use it with Outlook on Mac and there are always syncing issues, passwords missing and i have to re-sync the whole inbox every 2 months or so.
I didnt realise some mail got deleted though, i need to investigate that.
I am a proton customer since 3 years and they seemed like a good bunch but now with all the stuff they are offering it seems like they have lost their way.
There is also no way of integrating the proton calendar into a 3rd party app like Outlook. This feature has been promised forever…
They don't have anything to replace it with yet. They appear happy to leave it in place being buggy instead of removing it and really upset a lot of people.
I think it's sadly a bit of a chicken and egg problem, unless someone sets out to write support for servers (mostly dovecot I assume) and clients (web and desktop).
It would be worthwhile for many reasons not just the immutable IDs. I'd certainly donate to someone showing initiative working on this.
Emails should really be identified by Message-Id (which isn't guaranteed unique, but is very selective) and a hash of the body and a subset of the headers (e.g., excluding Received headers, and maybe using only Message-Id, Date, and From, maybe not even Subject).
A good email store is very searchable, and a good MUA searches email, and a good MAP gives the client temporary (ephemeral) handles for "open" emails.
I've been a paid Protonmail user for a while now, but it seems like if you don't use their webmail site or their mobile app, you don't get a very good experience.
The Protonmail Bridge with Thunderbird (the only somewhat supported desktop mail client on Linux) has always been buggy at times, such as archiving not working as expected, or creating a new mail subfolder in Thunderbird creates a parent folder with a "/" in front of it in web mail.
I understand there's probably some difficulty keeping everything E2E encrypted on the desktop side of things, but Thunderbird feels crippled if you want to use it with Protonmail/Bridge. For example, calendar doesn't work at all.
I love what Protonmail has been trying to do and have done, but all I really want is to be able to use a desktop mail client with calendar, and the Protonmail Bridge is not there yet. My subscription is up in January, so I may switch to something like Fastmail for the time being.
This sort of reaffirms my belief that UIDs are not sufficient for syncing mail. Emails should be hashed and synced by the hash which would solve other issues, like being able to redownload specific messages that may have got corrupted locally.
Even so, isn't this a violation of the IMAP standard, which says that UIDs are, by design, not permanent identifiers, but UID + UIDVALIDITY is? (I don't know much about IMAP.)
> The unique identifier of a message MUST NOT change during the
> session, and SHOULD NOT change between sessions. Any change of
> unique identifiers between sessions MUST be detectable using the
> UIDVALIDITY mechanism discussed below. Persistent unique identifiers
> are required for a client to resynchronize its state from a previous
> session with the server (e.g., disconnected or offline access
> clients); this is discussed further in [[IMAP-DISC](https://www.rfc-editor.org/rfc/rfc3501#ref-IMAP-DISC)].
so, "SHOULD NOT", but in practice it's really hard to make {UID, UIDVALIDITY} assignments persistent and unique, so IMAP servers don't, and as you can see, they are allowed to not.
I.e., it's perfectly compliant to generate a new UIDVALIDITY for each session and then assign UIDs to emails in folders when you open them
It is definitely a recommendation, but UIDVALIDITY just checks the folder from what I understand. Hashing the entire message would be the best way from my understanding to sync messages.
In practice the odds can be astronomically low, as in lower than the odds that an asteroid collides with Earth right now and the entire humanity becomes extinct. But only for hashes without known vulnerabilities.
For a vulnerable hash like md5, an attacker can find a collision in a few seconds.
Yeah, Protonmail Bridge is my main source of buyer’s remorse wrt. Protonmail. I moved my family e-mail set-up to Protonmail, so I can’t just move away without having to migrate everyone else too. So now I’m just stuck with it. Weird sync issues, random CPU spikes, having to use the web-UI for anything important, etc.
Not sure why they can’t make it work, but I guess trying to make their custom encrypted mail set-up simply doesn’t translate well to IMAP’s weird idiosyncrasies.
You can "easily" switch to fastmail from Protonmail. First set your domain on fastmail with the accounts, once you're done with the new setup, the last step is to import from Protonmail. Using the Proton Mail Exporter app, you can generate a .mbox file, using fastmail importer, you can send the .mbox file. It's been working great, with over 10k emails.
Yeah, doing it for myself is no problem. It’s more that I’d have to do it for my parents and siblings as well simultaneously, since we share a domain name for e-mail. It’s not impossible, it’s just a huge hassle to move everyone over to using new apps and updating settings on their laptops. Not impossible, just impractical.
I’ve never been one to use email from a non-web application. So when I moved to Proton Mail the bridge setup seemed like a dramatically over complicated alternative to the web UI. The mobile app seems to work fine, too. I’m glad I avoided this whole mess.
I'm not surprised. In my experience mail synchronisation with IMAP is fraught with edge cases that cause weird issues (I definitely had weird states happening with offlineimap and Co). I really wish JMAP will take off and give us a much better mail protocol.
I switched to Proton a few months ago, I quite like it. The outage a while back and this do worry me a little bit, but for me it's not enough to switch as I don't use the bridge, it has worked really well for me, and don't really like the alternatives for various reasons.
I do think it's relatively early stage. Yes, the email product has been around, but the more business orientated suite of products seems very early.
The email app misses some functionality, but what's there works and looks great. Calendar is progressing nicely. Drive is kinda useless beyond file sharing atm, it really needs a sync app to be useful.
Another qualm I have is that you can't buy extra storage, custom domains, etc. It makes little sense to me, for now it's fine, but at some point it might force me to find a different solution.
They certainly have a lot of work to do, and they need to get a grip on issues like this asap, but I'm willing to wait it out for a bit as I do like the direction, I think there is a lot of potential.
That said I am not sure I would move the company over to Proton like the issue raised, idk if it's ready for that.
If you’ve been using your mailbox (and deleting mail) for a while, have over 50K mails in it now, and see (what you think is) a UID of 51950 on the most recent email, the chances that it’s “U” are extremely low, meaning there’s a gap in understanding or in implementation.
I'm pretty sure Proton didn't invent IMAP, and from the protocol log it seems like IMAP insists on the incrementing ids. Probably thanks to it having been designed in the late eighties and early nineties.
Someone can come up with a reason to not use any of these.
And yeah, this UID situation with Protonmail is not good. As a long-time Protonmail customer, I've been concerned that they seem to have gotten bored with keeping a stable product.
Back to the point... I still will be using Protonmail because no product is perfect. For example, Fastmail I believe is in Australia which is one of the last western nations where I would want my data to be stored. I wouldn't use them, but does that mean someone else shouldn't use them? Not really. All of these products have tradeoffs. Since Protonmail's delete function is likely to still work most of the time, I won't yet be abandoning them. Fact is that I find all of the alternatives preferable to relying upon The Google.
mxroute is another pretty good one, though, I will admit that the various admin interfaces necessary are a pain in the ass. One for billing, another for admin of the mailboxes.
But, it just works once its setup, and if all you want is IMAP support it's all good there. They usually do a Black Friday sale that's pretty decent. Last year they had a 25gb storage option for $25/year. I have like 5 domains on it, and about as many mailboxes. Smooth sailing since.
It seems most of the email services that give even basic protection of one's privacy are NOT in the United States.
If anyone here is looking for a business idea, I would absolutely sign up for an email service that is based in U.S. and provides a guarantee (in writing) that it 1) doesn't track the user across the web after they sign in to email 2) doesn't scan or parse data from emails in any way 3) doesn't sell any information it obtains from me or about me to any third party 4) doesn't make any of its money at all from advertising 5) maintains high operational security standards.
Notice that I'm not even asking for end-to-end encryption like Protonmail provides. I just want something that is in my home country's legal jurisdiction (for business reasons), doesn't track me invasively nor sell my data, and is well-run.
I believe a company could make a lot of money if they communicated this offering to the public and maintained a decent brand reputation.
Mailbox.org is a great service, good support for custom domains. Also can use Exchange protocol so push notifications for emails (on iPhones at least) are possible
Since I've used this for years, way before this ticket, the bridge has always been problematic (periodic full mailbox downloads even with the QT version for example), but since the version with the new ui it got even worse, emails coming and going.
A good workaround for email hosting is to run an IMAP server somewhere you control, and add it to your mail client. The server doesn’t need 24/7 five-nines or anything. It’s not for receiving mail. It could even be on your local laptop if that is the only place you need old mail, though I keep mine on a dedicated hosting machine in a colo so I can use/search it from my iPhones and iPads and other workstations.
You use an IMAP compatible email service like Proton or whatever to receive and check mail like normal. A couple times per month, move all the messages from the service to your own IMAP server’s folders, instead of the “archive” command that moves them to a different folder on the same server that received them. This is pretty straightforward in Apple’s Mail.app on macOS, and I imagine similarly so in most GUI IMAP clients.
This gives you the best of both worlds: a single set of maildir folders on your own server you can zip or back up with normal tools like rsync or whatever, as well as 24/7 HA reliable provider servers to receive incoming mail at all times in case your long term mail storage machine is temporarily down. You also won’t bump up against provider storage limits.
Self-hosting inbound and outbound email is a drag (though I do it for many of my less critical domains), but a 90% availability selfhosted message storage IMAP service is fairly easy to run. This has the added benefit of a provider hack or legal process presumably affecting only a subset of your most recent messages due to those being the only ones stored there.
I am a Proton and FastMail user (and use the affected software) but I regularly move all the messages from these providers to my IMAP storage server (in different folders) so if their systems fail the blast radius is not “all of my emails going back to whenever I started using the provider”.
I am a long time paid user of Protonmail. This isn't the first issue I've seen. It's is really annoying I have to use a bridge at all to be honest.
That being said, I've evaluated other providers like Fastmail. While their service is good I am not a fan of reducing my privacy. So people like me are stuck between a rock and a hard place.
> It's is really annoying I have to use a bridge at all to be honest.
That is literally the selling point of ProtonMail: the email is encrypted in storage on their servers (they don't have access to it), and thus you have to decrypt it locally on your machine, and the Bridge does that for you, because your email client does not know how to handle the encrypted content otherwise.
I would probably use Fastmail if they weren't based in Australia if I am being honest. ProtonMail makes it very hard to communicate with mailing lists.
No support for format=flowed or restricting the number of columns from what I can tell.
I stopped using it anyway since "ProtonMail logged IP address of French activist after order by Swiss authorities" (Which thing was against the promise they made to users publicly on their website by that time)
With Gmail & Co. I accept that for free.
With Protonmail, I have to pay for that (for my privacy to be disclosed), after a certain small space quota
That's what I mean
Well looks like Proton invested too much in advertisment.
They also run VPNs and, although they offer setup via confi-files, frustrate their customers by telling them the problem is on their side and demand they install that piece of software of theirs. Switching VPN providers without changing my setup and it was clear as day, the problem does not reside with me but them.
Instable connection, bullshit support telling you it is your fault and you do not know what you are doing...
Immediately quit their service.
i do not know how you would want to pay a service from such a company.
I had an email account suspended by Protonmail for using single-digit aliases for testing, took me a week to get it back, and that was only after signing up for LinkedIn premium to be able to message a non-robot.
It was terrifying enough that it has made me rethink how I manage all of my online accounts. Incidentally, I never had that issue with Gmail in 10+ years.
I had a bad experience with ProtonMail support either. When it works it's great, but they suddenly changed my password somehow, and I lost all of the emails as they get hashed. Then they didn't want to help resolving that. I was hoping this was one-off issue but it seems to me that ProtonMail has problems to validate as trustworthy business.
Not specific to this bug, but I recently setup a hosted Protonmail account with a custom domain and got myself and my wife on it because we do not trust G suite and don’t want all our eggs in one basket.
We both use the native mobile app and web based mail client.
In general it’s useable but the search functionality is useless. I’m hoping they’ll improve it.
- a hosted service because host one myself is too much work CAUSED by anti-spam measure by some "self-appointed sheriffs" of the net;
- mail fetched from remote via fetchmail, no messages left on the server, filtered on my homeserver via maildrop, indexed via notmuch, muchsync-ed over SSH to desktop(s)/laptop.
Simple meaning: I'm not tied to anyone specifically (personal domain name) and I own my data. They are also on someone else iron, but also on mine and I use them locally. Composing a new mail is just hitting a key on my keyboard, searching my messages like GMail is another key for search&narrow results a modifier+the same key for notmuch-emacs UI. All mails can be linked on all my org-mode/org-roam managed docs equally.
It's FAR simpler and FAR more powerful than any modern crapware UI, BUT is hard to setup due to the little development compared to the mainstream UI.
Who have a little fetchmail part. I've nerve used getmail, before I've used OfflineIMAP (buggy but support IMAP IDLE) and mbsync. The only issue is fetching from multiple accounts that demand firing up multiple instances, but that's not much of an issue. You just set FETCHMAILHOME before any invocation pointing to the right config dir and set a different --pidfile for concurrent* fetching if you wish so. MailDrop is a (very) little (very) big setup since you need filters for anything if you are not a piler and that take MUCH time. Normally here my suggestion is fetch anything on a zfs volume, clone it, test on the cloned maildir or snapshot and revert after any test until you get nothing in the INBOXes. A slow step at a time you'll add the rest.
Yeah I migrated less than a year ago to proton but it is bug over bug (gpg not handled properly), this UID bug, nagging to pay for a larger plan. I'll probably migrate to fastmail (or if you have other recommended alternatives) at the end of this billing cycle.
I would disagree. Sure protomail may be used by nefarious actors but there are also plenty of security minded people that use it too. A majority of those users are not doing anything nefarious at all. They simply don't want anyone snooping on their emails.
Around 2003 Hotmail deleted half of my emails. I was able to reach an actual Microsoft employee, who apologized a lot (this happened to a lot of users nationally that day), and told me they were gone permanently. They weren't even backing up these emails. Glad that you have had no problem with them. I haven't either since leaving them behind.
IMAP UIDs aren't unique IDs per message, they are an incrementing number assigned to a message that's unique per mailbox ("folder"). Their incrementing nature is part of the standard, a random number would likely break mail clients. They should be stable between sessions but when you move a message back and forth between folders, the UID changes every time.
There are events where the UIDs change, for example when a server needs to rebuild its indices after corruption, but those should be extremely rare. Your server should also show this change when asked for UIDVALIDITY.
A message is defined by (UID, UIDVALIDITY, folder name). If this tuple changes, the message needs to be refetched. It's not the best mechanism for supporting multiple mail clients at once but it's easy to implement at least.
BTW, "unique per-mailbox" utterly fails to be sufficient in a post-gmail labels-as-folders world. That's because folders are lame. But doing better than folders really makes you want a relational database for email.
I've been a paying Protonmail customer for years and recently started worrying about having put my eggs into the Protonmail basket.
/rant
Recent outage issues surfaced some major flaws with the mobile clients, on top of shaking my faith in the infrastructure (though no one can easily stand up to nation state actors so I do not blame PM).
And yesterday I was shown ads inside the web portal, along with a big call-to-action button that wasn't there before to go buy a new tier. Have I mentioned that I have been a customer already for years?
Never used the bridge, but honestly I am not surprised that it may be broken and not receiving the attention it deserves.
It feels like Proton (with its vpn, email and the whole 'suite' they are promoting under the brand) is simply another growth company, focused on adding more and more features rather than on good old fashioned stable products.
I also got this ad yesterday when I opened PM. It's the kind of ad you'd expect from a free tier but not as a paying customer. At first it made me wonder if my subscription had expired.
I had recent concerns too; between the mobile app not really working well anymore, and their confusing rebrand where I now have to go to a different URL, and these popups, and now this.
Issues with the app:
- notifications sometimes don’t pop up on iPhone. Yes, I have the enabled.
- app can take a minute to load
- when you click on a notification, it opens the app on the previous email you read, while taking a very long time to load the one you clicked on
I seriously hope they refocus on their core product. These issues are new.
Do you mean the ad about the Visionary subscription? I'm also a paying customer but I'm OK with these one-time notification kind of ads about the product I'm using. Just don't shove it in my face every time I open it.
Some years ago, I evaluated Protonmail as a replacement for my personal gmail account.
When came the steps "can I easily move from this service?", I realized you have to _pay_ to export all your emails from the service. They make it super easy for you to open an account and receive emails, and then makes you pay if you want to get a copy of your own data.
I contacted the support to tell them it is likely illegal under European Data Privacy laws. They replied I can still export email for free one by one if I wanted to... (which is obviously not a valid answer when you have 5000 emails)
Then I looked in Swiss laws for a similar clause, and found that Swiss laws doesn't give users of online services the right to easily and freely get a copy of their data. It was a law proposal at the time of my research.
So yeah... Your data is so secure in Switzerland that you don't even own your data !
Try harder. You can run their bridge to expose imap and use any client to export your emails. Also, your info from "years" ago is out of date as they are a small company that has been working on product/features all those years.
Their point was about having to pay to export your data. Afaik Bridge is still to this day only available to paying users. Still, their statement is no longer true since exporting in bulk is permitted for free with the Import-Export app.
that's obviously a strawman. What's being critized is the heroin-dealer model of doing business, i.e. "the first dose is free" but you'll be locked in, which seems increasingly popular among a lot of services that try to compete with the big players.
They also don’t care about locking you permanently out of your own e-Mail with no warning, for no reason, with no recourse.
Honestly - there are far better options out there. They’re not in anyway a responsible enough business to manage an e-mail service. It’s run more like a hobby project than critical infrastructure.
I think it's worse than that - they are well into the stage of growth where privacy and reliability are just marketing deceptions. Some other recent data points:
That changed setting should have been a huge story. I've paid for ProtonMail for like 6 years now, and this was the most disappointing thing I've dealt with.
What are those better options that HN likes? I just switched all my accounts to protonmail, but stories like this make me want to reconsider. The fact that they won't allow me to set up a forwarding rule in case I want to switch again doesn't help.
First of all, bring your own domain. That way you can just point the same address elsewhere if you need to switch again without having to deal with forwarding.
edit: As mentioned by a sibling comment, my email is currently on Fastmail, zero problems.
HN is hooked on fastmail which is a great provider to be honest. Have a look at mailbox.org which is in business since the 90s too. Avoid the privacy trending providers promising you to encrypt your emails.
FWIW, I went from gmail -> protonmail -> fastmail, and have been very happy with fastmail.
protonmail is great as a secure disposable email, but as a go-to daily email service I found it too difficult to manage. Hard to use other email clients due to requiring this bridge, and their mobile apps and web guis are just not up-to-par with other offerings. Being able to use any frontend on mobile (and not deal with complicated proxy setups) was my biggest issue.
Using a custom domain has made the switches easier, as I don't have to tell anyone to update their contacts or worry about forwarding. Just exporting/importing, change some MX records, and I can switch providers any time.
I uses FastMail after I discover this serious issue about Proton.
I would say it work flawlessly and their web mail client is super fast; even faster than Gmail.
Besides, FastMail exists before Gmail and the people in FastMail are active standard protocol developers like IMAP and recently JMAP (a modern mail protocol will replace SMTP/IMAP, FastMail as a reference implementation), which is good because at least I know they understand the protocol and implement it by themselves.
I’ve been a Fastmail user for about a decade (I just checked; wow!) and am very, very happy with them. I wish more companies were like them. The service is very reliable, the product is great, their support is amazing and very kind. A lot of companies get distracted by big pivots and hyper-growth ideas, while companies like Fastmail focus on doing their main job very well.
I personally use mailbox.org for years now. Granted, I don't have remotely the usage mentioned in the linked issue and I know users that aren't very satisfied with features like the integrated office webapp, but it does everything I need (emails & calendar sync) and I haven't found a reason not to trust them.
Originally my reason to choose them instead of Protonmail was that Protonmail only works with their official client, which is a far too limiting dependency in my eyes.
Randomly, I get locked out of my Protonmail webmail interface by an hCaptcha.
This in itself isn't a problem. The problem starts because I can't actually see the captcha images. So in order to get at my email, I have to provide hCaptcha with a third party email which isn't protonmail, and enable third party cookies and/or install a browser extension for them to set an "accessibility cookie" to get past the captcha.
And, well, nobody wants to do anything about that either. I'm sorry, but that doesn't seem reasonable to me.
I switched a few weeks ago. The process was fine. They have a tool to help you port your mailbox, calendar, contacts. The web client is great. The mobile/android app sucks. The search doesn't work. If you archive an email on web, it wont always apply to the app. The sync between clients is screwy. Gmail is no doubt a better email product but given I paid a year, I'm going to suck it up and deal with it.
I switched from Gmail to Proton Mail earlier this year in an attempt to de-Google. The Proton Mail website and Android app is just about on par with Gmail's. My only complaint is Proton Mail will refuse to load images if something about the host domain isn't configured 100% to spec which is common for non-tech companies such as home utilities. You can only reply from "+tag" addresses, not send outright from them which is a feature of Gmail. Though Proton Mail's email aliases alleviates my need for that.
To clarify because comments (so far) seem to ignore what Proton Bridge does.
Proton Mail is web mail, like Gmail. That part is fine.
You use Proton Bridge as a connector to mail client software.
The thing that’s perhaps unclear is, Proton Mail is end-to-end encrypted email. You use Proton Bridge to walk your secure email beyond that enclave into whatever YOU are running in your userland scenario.
Part of all this is, you’re completely unclear on the concept of secure email the moment you need to use this bridge.
Which begs the question, why would you use Proton Mail if you’re gonna negate its unique value proposition?
Proton Mail is fine. It’s this misguided extension that’s the problem here.
If you’re fine with web mail then this issue doesn’t matter. If you’re not fine with web mail, maybe Proton Mail isn’t really for you.
If I understood correctly I run this bridge on my computer which connects to the protonmail API, downloads my mail, then decrypts it and starts a local IMAP server, so I can read it with my thunderbird.
The email stays encrypted on the server, and this extension only decrypts it locally like it would happen in the web browser.
> You use Proton Bridge to walk your secure email beyond that enclave into whatever YOU are running in your userland scenario.
Look, if I won’t trust the software which is running in my userspace, I’m doing something wrong anyway. Even if I wouldn’t use this extension, a malicious userspace application would still hook itself into your webbrowser, or simply steal cookies/tokens from your browser’s profile folder and hijack the protonmail session.
> Which begs the question, why would you use Proton Mail if you’re gonna negate its unique value proposition?
If I’m not mistaken with my assumptions at the top, the email still stays encrypted everywhere except on my PC. I don’t trust the mail provider, and I don’t trust protonmail. Protonmail could just change their web app at any moment to upload your second password which is used for unlocking your keys, and you wouldn’t notice. This can’t happen with an extension which doesn’t even have an auto updater.
Anyway, it goes both ways. And some people just want to use their email client, instead of a web app.
Some people want to subscribe to a premium encrypted email provider so they can download that email locally so it can live perpetually in ever expanding sub folders on disk, in plaintext.
Well, no, not really. That is the claim that they make but such a thing doesn't really exist, well at least not in the way they suggest. It is e2e if either both parties are using PGP or Proton mail. That is a very small percentage of global mail flow.
> Which begs the question, why would you use Proton Mail if you’re gonna negate its unique value proposition?
Because most users don't care about the end to end encryption. They just want to host their email somewhere [1]. And perhaps have it available offline.
All this encryption on everything is mostly turning into security theatre. All mostly because identity theft is so easy in the US. Perhaps that's the problem that needs to be fixed.
Yep, I could see myself using PM just as a replacement for Gmail, since they have a semblance of a brand and reputation in this space—plus at least somewhat privacy-oriented attitude, which is more than many others got.
The bridge is just another client in the sense that any ProtonMail client would need to decrypt emails so you can view them. To be honest, their web client is probably less secure and trustworthy than other mail toolchains you could run locally. So if the bridge was reliable and trustworthy (which it may not be, hence this submission), using it is probably the most secure option.
This is Bart, Proton CTO here. For clarity, the issue mentioned here only impacts Proton Mail Bridge, our desktop IMAP/SMTP gateway to Proton Mail encrypted email.
The fact that Bridge and its client can become desynchronized sporadically for some users is a high priority issue we have been working on. Bridge is open source, and as a result relies upon open-source components, and the root cause is an architectural issue in a library that Bridge uses to implement IMAP. When there are network issues, this library returns errors to email clients.
Unfortunately, there are hundreds of email clients, and some email clients don’t handle errors properly, and this leads to desynchronization.
Our error tracking shows this does not happen often (1-2% of Bridge users) and the symptom is usually incorrect display of messages or read/unread status which is fixed with an inbox resynchronization. There are cases where a combination of a desynchronized mailbox and a specific series of user actions can lead to accidental email deletion, but this is far rarer than desynchronization. Our implementation tries as hard as possible to avoid this. If you find you are missing an email, our implementation works around the issue by placing it in a users’ All Mail folder.
As Bridge is open source, updates on this issue have always been publicly posted on GitHub. Addressing this issue at the source requires replacing the core IMAP library. Unfortunately, there are no FOSS IMAP libraries that are sufficiently well maintained. Therefore, the solution is to build our own IMAP library called Gluon, which we have been focusing on since this issue was reported to us. You can follow the progress of this open-source project here: https://github.com/ProtonMail/gluon
We are not refusing to fix the problem. The only possible solution is writing a new open-source IMAP library which we can maintain ourselves to ensure this class of errors cannot occur again. We have doubled the size of the team working on this this year so it is a priority for us.
We’re confident that this addresses the main sources of desynchronization and will be available in the beta version of Bridge by the end of the year.
The fundamental problem is that `UID`s in IMAP kinda suck because assigning persistent, unique IDs to emails in a store is a hard problem because doing that for mbox- or maildir-like stores is hard because those predated any notion of remote email access protocols.
Thus in practice IMAP servers generally assign `UID`s ephemerally per-session, which means that clients can't rely on the stability of `UID`s, which means that clients have to re-obtain `UID`s before operating on emails via IMAP even if they have cached those emails locally. `UIDVALIDITY` exists to help clients cache and invalidate `UID`s. The RFC has text about this.
A bridge from IMAP to something else (which is basically what every IMAP server ever is) needs to deal with this. To make `UID`s stable requires keeping state.
Clients should really not assume stable `UID`s. Instead clients should `SEARCH` or list to get [temporarily] valid `UID`s then use those to delete etc.
Why is this complex…just take a sha3 hash of the email body + timestamp, then b58 it or format any way you want. Instant uuid per email.
1 reply →
> Bridge is open source, and as a result relies upon open-source components
I don't get it. Bridge is open source does not imply it should relies upon open-source components.
> Addressing this issue at the source requires replacing the core IMAP library.
Why building an IMAP library from scratch instead of fixing/forking go-imap? Even a temporary fix to go-imap when you are developing gluon? Another repetitive work which does not guarantee the mentioned issues will be resolved completely.
> I don't get it. Bridge is open source does not imply it should relies upon open-source components.
It could be open source and depend on proprietary components, but then the public wouldn't be able to build and use it from source.
3 replies →
What I don’t understand is why there’s no effort from Proton to expose the underlying protocol between Protonmail.com and the Bridge.
This protocol should be an open source effort, allowing mail clients to implement it and other provider to implement it on their own server.
This could clearly be a major move, making unencrypted IMAP a thing of the past, allowing direct competitors (tutanota? Mailfence?) to collaborate on the bridge and on the ecosystem and targeting directly the only competitor worth talking about : Gmail.
I think this happens to far more than just 1-2% of users, and re-synching the inbox every few weeks is nothing a paying customer should have to do.
These issues have been around since I started using bridge 3 yrs ago. So im sorry but my patience is running out soon.
I just renewed my yearly membership, but if these bugs concerning the MAIN FEATURE of proton arent taken care of in the next few months than i will be looking for alternatives.
Thank you for the prompt and clear explanation.
Please add API support to Proton Drive, or any way to upload files automatically so I can back up my data on Proton Drive.
Nobody else has asked it, so I will: DOES Proton Bridge work OK with mutt ?
(If so, I will make the jump from the free plan.)
I think you would experience the same problems as any IMAP client would. And seeing how this bug is being handled, it doesn't look like paying for bridge access is a good bet to make, IMO. You'll never be confident that the bridge is not going to have a problem. How many emails would you be willing to lose or have trouble with?
2 replies →
For a bit of context/back-story, Richard, who opened this issue, later also wrote a blog post about the whole ordeal:
https://blog.sigma-star.at/post/2022/07/protonmail-adventure...
In short: The idea was to move from a custom mail server to a paid, hosted solution. ProtonMail was chosen, with the bridge being used to get mails into a local mail client. Issues with the bridge eventually cropped up.
I didn't know what exactly is proton mail bridge. This is what I've found:
> Proton Mail Bridge is a desktop application that runs in the background, encrypting and decrypting messages as they enter and leave your computer. It lets you add your Proton Mail account to your favorite email client via IMAP/SMTP by creating a local email server on your computer.
Source: https://proton.me/mail/bridge
Protonmail doesn't support email clients with POP/IMAP like most hosting companies do. They only let you use their proprietary apps on mobile. Desktop users can log in to the website or use Bridge which is just a hacky way of creating a local Protonmail server that your email client thinks is a hosting provider. I could never get it set up on my machine so I just used the browser implementation. sigh.
They aren't offering IMAP as an email provider? What's up with that?
2 replies →
I've suffered from exactly the same issues with Protonmail Bridge, and just this last weekend I decided (reluctantly) to move to a more standard mail provider (I chose Mailbox.org).
Aside from the UID issue discussed I also had problems with Bridge not supporting my particular use-cases. I created my own fork (see https://github.com/polaris64/proton-bridge) to work around some limitations and to add features, but maintaining this was too much work, especially as paying for a mail provider was supposed to reduce maintenance burden. I have had a pull request open since the 23rd of June to merge these to the upstream version, but so far I haven't received any comments from the Proton team.
I like ProtonMail, I just wish Bridge was more standards-compliant.
+1 for mailbox.org
I've been using them since around 2015 and they have been excellent.
Could the title be update to contain the word bridge as the issue is in the Protonmail bridge application and not on Protonmail itself. The entire title is clickbaity, but adding the birdge moves it away from being misleading.
The problem is they've been aware of this very serious bug for more than a year, and haven't tried informing their users. So "Protonmail" in this context refers to the business, and the issues surrounding their responsibility, competence and ethics.
The business is just 'Proton' though, ProtonMail is one of their offerings.
1 reply →
If there is a critical issue with an open source software any user can fix it.
If no user steps up then it might not be that important issue in the first place.
4 replies →
How is it a click bait? Don't forget bridge is a paid feature of Protonmail.
Current title is "Protonmail can delete the wrong email and nobody cares".
It makes it seem as if using just protonmail could result in deleting a wrong email. This is not the case, you have to be using proton bridge.
People who care about protonmail but don't care about proton bridge have to click the link to learn that.
3 replies →
"Nobody cares" and "this is a complicated thing that we've spent a year+ building a replacement for" don't seem very congruent to me. That said, it's a rather awful issue for a service like this to have for that long.
Read the issues, it’s happening to people using the web ui too.
I don't think that was the intention of the submitter, but IMO it's significant enough that you providing a link to such an issue would be welcome and appreciated.
Happens occasionally on the mobile app on iOS for me.
I am slowly migrating everything away from my paid ProtonMail account, and I intend to just go back to using a megacorp email... despite absolutely loathing and detesting megacorps. At this point in life, email is simply too important. Notices from government agencies, my accountant, my lawyers, my various banks... I quit self hosting for these reasons (no matter how good I am, I am not full time keeping my self-hosting pristine), and now I apparently cannot fully trust Proton.
8 replies →
Yea the bridge is quite a hot mess, really. I use it with Outlook on Mac and there are always syncing issues, passwords missing and i have to re-sync the whole inbox every 2 months or so.
I didnt realise some mail got deleted though, i need to investigate that.
I am a proton customer since 3 years and they seemed like a good bunch but now with all the stuff they are offering it seems like they have lost their way.
There is also no way of integrating the proton calendar into a 3rd party app like Outlook. This feature has been promised forever…
This is such a serious bug in the context of email that the surely must take this out of stable status?
They don't have anything to replace it with yet. They appear happy to leave it in place being buggy instead of removing it and really upset a lot of people.
JMAP is a replacement for IMAP. Unlike IMAP it has immutable IDs[0] but not much support[1].
[0] https://jmap.io/#faq
[1] https://jmap.io/software.html
I think it's sadly a bit of a chicken and egg problem, unless someone sets out to write support for servers (mostly dovecot I assume) and clients (web and desktop).
It would be worthwhile for many reasons not just the immutable IDs. I'd certainly donate to someone showing initiative working on this.
Emails should really be identified by Message-Id (which isn't guaranteed unique, but is very selective) and a hash of the body and a subset of the headers (e.g., excluding Received headers, and maybe using only Message-Id, Date, and From, maybe not even Subject).
A good email store is very searchable, and a good MUA searches email, and a good MAP gives the client temporary (ephemeral) handles for "open" emails.
I've been a paid Protonmail user for a while now, but it seems like if you don't use their webmail site or their mobile app, you don't get a very good experience.
The Protonmail Bridge with Thunderbird (the only somewhat supported desktop mail client on Linux) has always been buggy at times, such as archiving not working as expected, or creating a new mail subfolder in Thunderbird creates a parent folder with a "/" in front of it in web mail.
I understand there's probably some difficulty keeping everything E2E encrypted on the desktop side of things, but Thunderbird feels crippled if you want to use it with Protonmail/Bridge. For example, calendar doesn't work at all.
I love what Protonmail has been trying to do and have done, but all I really want is to be able to use a desktop mail client with calendar, and the Protonmail Bridge is not there yet. My subscription is up in January, so I may switch to something like Fastmail for the time being.
This sort of reaffirms my belief that UIDs are not sufficient for syncing mail. Emails should be hashed and synced by the hash which would solve other issues, like being able to redownload specific messages that may have got corrupted locally.
Even so, isn't this a violation of the IMAP standard, which says that UIDs are, by design, not permanent identifiers, but UID + UIDVALIDITY is? (I don't know much about IMAP.)
No, RFC 3501 says
> The unique identifier of a message MUST NOT change during the > session, and SHOULD NOT change between sessions. Any change of > unique identifiers between sessions MUST be detectable using the > UIDVALIDITY mechanism discussed below. Persistent unique identifiers > are required for a client to resynchronize its state from a previous > session with the server (e.g., disconnected or offline access > clients); this is discussed further in [[IMAP-DISC](https://www.rfc-editor.org/rfc/rfc3501#ref-IMAP-DISC)].
so, "SHOULD NOT", but in practice it's really hard to make {UID, UIDVALIDITY} assignments persistent and unique, so IMAP servers don't, and as you can see, they are allowed to not.
I.e., it's perfectly compliant to generate a new UIDVALIDITY for each session and then assign UIDs to emails in folders when you open them
It is definitely a recommendation, but UIDVALIDITY just checks the folder from what I understand. Hashing the entire message would be the best way from my understanding to sync messages.
Can hashes not collide? Would that not cause problems?
In practice the odds can be astronomically low, as in lower than the odds that an asteroid collides with Earth right now and the entire humanity becomes extinct. But only for hashes without known vulnerabilities.
For a vulnerable hash like md5, an attacker can find a collision in a few seconds.
1 reply →
You only need the lookup key to be very selective, then you can use cached metadata to pick from among conflicts.
Proton mail has a great mission and I generally enjoy their solution.
But it is one of the worst UXs I have ever paid for.
The app rarely works and is slow. Clicking notifications results in an infinite loading screen resulting in you needing to find that email manually.
I am sure this is blamed on the encrypted backend, but to me it just seems lazy regarding UX.
Yeah, Protonmail Bridge is my main source of buyer’s remorse wrt. Protonmail. I moved my family e-mail set-up to Protonmail, so I can’t just move away without having to migrate everyone else too. So now I’m just stuck with it. Weird sync issues, random CPU spikes, having to use the web-UI for anything important, etc.
Not sure why they can’t make it work, but I guess trying to make their custom encrypted mail set-up simply doesn’t translate well to IMAP’s weird idiosyncrasies.
You can "easily" switch to fastmail from Protonmail. First set your domain on fastmail with the accounts, once you're done with the new setup, the last step is to import from Protonmail. Using the Proton Mail Exporter app, you can generate a .mbox file, using fastmail importer, you can send the .mbox file. It's been working great, with over 10k emails.
Yeah, doing it for myself is no problem. It’s more that I’d have to do it for my parents and siblings as well simultaneously, since we share a domain name for e-mail. It’s not impossible, it’s just a huge hassle to move everyone over to using new apps and updating settings on their laptops. Not impossible, just impractical.
I’ve never been one to use email from a non-web application. So when I moved to Proton Mail the bridge setup seemed like a dramatically over complicated alternative to the web UI. The mobile app seems to work fine, too. I’m glad I avoided this whole mess.
I'm not surprised. In my experience mail synchronisation with IMAP is fraught with edge cases that cause weird issues (I definitely had weird states happening with offlineimap and Co). I really wish JMAP will take off and give us a much better mail protocol.
I switched to Proton a few months ago, I quite like it. The outage a while back and this do worry me a little bit, but for me it's not enough to switch as I don't use the bridge, it has worked really well for me, and don't really like the alternatives for various reasons.
I do think it's relatively early stage. Yes, the email product has been around, but the more business orientated suite of products seems very early.
The email app misses some functionality, but what's there works and looks great. Calendar is progressing nicely. Drive is kinda useless beyond file sharing atm, it really needs a sync app to be useful.
Another qualm I have is that you can't buy extra storage, custom domains, etc. It makes little sense to me, for now it's fine, but at some point it might force me to find a different solution.
They certainly have a lot of work to do, and they need to get a grip on issues like this asap, but I'm willing to wait it out for a bit as I do like the direction, I think there is a lot of potential.
That said I am not sure I would move the company over to Proton like the issue raised, idk if it's ready for that.
The first clue might have been the UID for an in-use mailbox with over 50K messages being 51950.
Can you elaborate on your thinking?
If you’ve been using your mailbox (and deleting mail) for a while, have over 50K mails in it now, and see (what you think is) a UID of 51950 on the most recent email, the chances that it’s “U” are extremely low, meaning there’s a gap in understanding or in implementation.
8 replies →
I know right? I mean naive question, but why wouldn't they simply use actual UUIDs/GUIDs?
I'm pretty sure Proton didn't invent IMAP, and from the protocol log it seems like IMAP insists on the incrementing ids. Probably thanks to it having been designed in the late eighties and early nineties.
Okay, rather than just complaining, I suppose we should gather alternatives, right?
mailbox.org
hey
fastmail
tutanota
mailfence
disroot
posteo
barracuda (for businesses)
vivaldi mail
mailpile
countermail
hushmail
I haven't used any of these, so if anyone has others or has experience with any of these, please share your experience.
Someone can come up with a reason to not use any of these.
And yeah, this UID situation with Protonmail is not good. As a long-time Protonmail customer, I've been concerned that they seem to have gotten bored with keeping a stable product.
Back to the point... I still will be using Protonmail because no product is perfect. For example, Fastmail I believe is in Australia which is one of the last western nations where I would want my data to be stored. I wouldn't use them, but does that mean someone else shouldn't use them? Not really. All of these products have tradeoffs. Since Protonmail's delete function is likely to still work most of the time, I won't yet be abandoning them. Fact is that I find all of the alternatives preferable to relying upon The Google.
mxroute is another pretty good one, though, I will admit that the various admin interfaces necessary are a pain in the ass. One for billing, another for admin of the mailboxes.
But, it just works once its setup, and if all you want is IMAP support it's all good there. They usually do a Black Friday sale that's pretty decent. Last year they had a 25gb storage option for $25/year. I have like 5 domains on it, and about as many mailboxes. Smooth sailing since.
Skiff
http://skiff.com/
It seems most of the email services that give even basic protection of one's privacy are NOT in the United States.
If anyone here is looking for a business idea, I would absolutely sign up for an email service that is based in U.S. and provides a guarantee (in writing) that it 1) doesn't track the user across the web after they sign in to email 2) doesn't scan or parse data from emails in any way 3) doesn't sell any information it obtains from me or about me to any third party 4) doesn't make any of its money at all from advertising 5) maintains high operational security standards.
Notice that I'm not even asking for end-to-end encryption like Protonmail provides. I just want something that is in my home country's legal jurisdiction (for business reasons), doesn't track me invasively nor sell my data, and is well-run.
I believe a company could make a lot of money if they communicated this offering to the public and maintained a decent brand reputation.
Mailbox.org is a great service, good support for custom domains. Also can use Exchange protocol so push notifications for emails (on iPhones at least) are possible
Since I've used this for years, way before this ticket, the bridge has always been problematic (periodic full mailbox downloads even with the QT version for example), but since the version with the new ui it got even worse, emails coming and going.
List of providers that don’t have issues is shrinking rapidly
I just started the switch when I found this thread. Back to megacorp mail I guess?
A good workaround for email hosting is to run an IMAP server somewhere you control, and add it to your mail client. The server doesn’t need 24/7 five-nines or anything. It’s not for receiving mail. It could even be on your local laptop if that is the only place you need old mail, though I keep mine on a dedicated hosting machine in a colo so I can use/search it from my iPhones and iPads and other workstations.
You use an IMAP compatible email service like Proton or whatever to receive and check mail like normal. A couple times per month, move all the messages from the service to your own IMAP server’s folders, instead of the “archive” command that moves them to a different folder on the same server that received them. This is pretty straightforward in Apple’s Mail.app on macOS, and I imagine similarly so in most GUI IMAP clients.
This gives you the best of both worlds: a single set of maildir folders on your own server you can zip or back up with normal tools like rsync or whatever, as well as 24/7 HA reliable provider servers to receive incoming mail at all times in case your long term mail storage machine is temporarily down. You also won’t bump up against provider storage limits.
Self-hosting inbound and outbound email is a drag (though I do it for many of my less critical domains), but a 90% availability selfhosted message storage IMAP service is fairly easy to run. This has the added benefit of a provider hack or legal process presumably affecting only a subset of your most recent messages due to those being the only ones stored there.
I am a Proton and FastMail user (and use the affected software) but I regularly move all the messages from these providers to my IMAP storage server (in different folders) so if their systems fail the blast radius is not “all of my emails going back to whenever I started using the provider”.
> The server doesn’t need 24/7 five-nines or anything. It’s not for receiving mail.
You don't need 24/7 server for receiving email. You can have it offline for a day or two a week and you'd only lose maybe some spam.
I'd call that involuntary graylisting. :D
Many services use email-based login links or other second-factor codes. Email being offline means you can’t log in to or use these services.
2 replies →
I am a long time paid user of Protonmail. This isn't the first issue I've seen. It's is really annoying I have to use a bridge at all to be honest.
That being said, I've evaluated other providers like Fastmail. While their service is good I am not a fan of reducing my privacy. So people like me are stuck between a rock and a hard place.
> It's is really annoying I have to use a bridge at all to be honest.
That is literally the selling point of ProtonMail: the email is encrypted in storage on their servers (they don't have access to it), and thus you have to decrypt it locally on your machine, and the Bridge does that for you, because your email client does not know how to handle the encrypted content otherwise.
I would probably use Fastmail if they weren't based in Australia if I am being honest. ProtonMail makes it very hard to communicate with mailing lists.
No support for format=flowed or restricting the number of columns from what I can tell.
Super annoying.
If anyone is interested in rolling their own, I have used this since early 2012: https://github.com/jakeogh/gpgmda
I stopped using it anyway since "ProtonMail logged IP address of French activist after order by Swiss authorities" (Which thing was against the promise they made to users publicly on their website by that time)
So, you don't use email at all now? Is it possible?
Once a day you can export your emails to a web server, where you can curl them at your leisure.
With Gmail & Co. I accept that for free. With Protonmail, I have to pay for that (for my privacy to be disclosed), after a certain small space quota That's what I mean
Well looks like Proton invested too much in advertisment. They also run VPNs and, although they offer setup via confi-files, frustrate their customers by telling them the problem is on their side and demand they install that piece of software of theirs. Switching VPN providers without changing my setup and it was clear as day, the problem does not reside with me but them. Instable connection, bullshit support telling you it is your fault and you do not know what you are doing... Immediately quit their service.
i do not know how you would want to pay a service from such a company.
>We had to accept that it is not a perfect fit for our use-cases.
Rarely have I seen such mastery of the art of understatement.
I hope they check out Migadu, which has been excellent for me — and would seem to be a much better fit for them, too.
I had an email account suspended by Protonmail for using single-digit aliases for testing, took me a week to get it back, and that was only after signing up for LinkedIn premium to be able to message a non-robot.
It was terrifying enough that it has made me rethink how I manage all of my online accounts. Incidentally, I never had that issue with Gmail in 10+ years.
Not a Protonmail fan.
I had a bad experience with ProtonMail support either. When it works it's great, but they suddenly changed my password somehow, and I lost all of the emails as they get hashed. Then they didn't want to help resolving that. I was hoping this was one-off issue but it seems to me that ProtonMail has problems to validate as trustworthy business.
Not specific to this bug, but I recently setup a hosted Protonmail account with a custom domain and got myself and my wife on it because we do not trust G suite and don’t want all our eggs in one basket.
We both use the native mobile app and web based mail client.
In general it’s useable but the search functionality is useless. I’m hoping they’ll improve it.
My own mail policy is simple:
- a hosted service because host one myself is too much work CAUSED by anti-spam measure by some "self-appointed sheriffs" of the net;
- mail fetched from remote via fetchmail, no messages left on the server, filtered on my homeserver via maildrop, indexed via notmuch, muchsync-ed over SSH to desktop(s)/laptop.
That's is.
I think we have very different understandings of the word "simple".
Simple meaning: I'm not tied to anyone specifically (personal domain name) and I own my data. They are also on someone else iron, but also on mine and I use them locally. Composing a new mail is just hitting a key on my keyboard, searching my messages like GMail is another key for search&narrow results a modifier+the same key for notmuch-emacs UI. All mails can be linked on all my org-mode/org-roam managed docs equally.
It's FAR simpler and FAR more powerful than any modern crapware UI, BUT is hard to setup due to the little development compared to the mainstream UI.
I like that, any pointers for a Linux-based fetchmail/getmail setup?
So far I've not documented much my setup (but feel free to ask specific questions) I found nice to bookmark:
- https://www.howtoforge.com/procmail_tips_recipes
- https://dnns.no/switching-from-procmail-to-maildrop.html
Who have a little fetchmail part. I've nerve used getmail, before I've used OfflineIMAP (buggy but support IMAP IDLE) and mbsync. The only issue is fetching from multiple accounts that demand firing up multiple instances, but that's not much of an issue. You just set FETCHMAILHOME before any invocation pointing to the right config dir and set a different --pidfile for concurrent* fetching if you wish so. MailDrop is a (very) little (very) big setup since you need filters for anything if you are not a piler and that take MUCH time. Normally here my suggestion is fetch anything on a zfs volume, clone it, test on the cloned maildir or snapshot and revert after any test until you get nothing in the INBOXes. A slow step at a time you'll add the rest.
Yeah I migrated less than a year ago to proton but it is bug over bug (gpg not handled properly), this UID bug, nagging to pay for a larger plan. I'll probably migrate to fastmail (or if you have other recommended alternatives) at the end of this billing cycle.
> Finally I found the proof that UIDs as presented by ProtonMail Bridge are not stable:
Yeah well that's IMAP-compliant. IDs can change between sessions, that's always been part of that terrible standard.
The majority of Protonmail accounts are used for dealing drugs on the darknet and similar things, nobody really cares much about bugs.
I would disagree. Sure protomail may be used by nefarious actors but there are also plenty of security minded people that use it too. A majority of those users are not doing anything nefarious at all. They simply don't want anyone snooping on their emails.
Oh man, I was just about to start looking into this service. Not necessarily for mail, but for WG VPN. This is not a good look for Proton.
What is shocking is the lack of communication from their side.
Been using Outlook for 15 years (remember Hotmail lol) and never had a problem with them. Paying for email seems so weird.
Paying for email with money seems so weird. FTFY.
> Paying for email seems so weird.
If you are not paying, you are what is being sold.
Around 2003 Hotmail deleted half of my emails. I was able to reach an actual Microsoft employee, who apologized a lot (this happened to a lot of users nationally that day), and told me they were gone permanently. They weren't even backing up these emails. Glad that you have had no problem with them. I haven't either since leaving them behind.
Proton Bridge has a local cache, which can be disabled. I do wonder if doing so would fix this problem.
Company whose flagship product is fear has mediocre software. Shocking.
Can’t you just run something yourself like www.the helm.com
why would you rely on a 5 digit number for unique identification rather than something like a g/uuid?
IMAP UIDs aren't unique IDs per message, they are an incrementing number assigned to a message that's unique per mailbox ("folder"). Their incrementing nature is part of the standard, a random number would likely break mail clients. They should be stable between sessions but when you move a message back and forth between folders, the UID changes every time.
There are events where the UIDs change, for example when a server needs to rebuild its indices after corruption, but those should be extremely rare. Your server should also show this change when asked for UIDVALIDITY.
A message is defined by (UID, UIDVALIDITY, folder name). If this tuple changes, the message needs to be refetched. It's not the best mechanism for supporting multiple mail clients at once but it's easy to implement at least.
BTW, "unique per-mailbox" utterly fails to be sufficient in a post-gmail labels-as-folders world. That's because folders are lame. But doing better than folders really makes you want a relational database for email.
I've been a paying Protonmail customer for years and recently started worrying about having put my eggs into the Protonmail basket.
/rant
Recent outage issues surfaced some major flaws with the mobile clients, on top of shaking my faith in the infrastructure (though no one can easily stand up to nation state actors so I do not blame PM).
And yesterday I was shown ads inside the web portal, along with a big call-to-action button that wasn't there before to go buy a new tier. Have I mentioned that I have been a customer already for years?
Never used the bridge, but honestly I am not surprised that it may be broken and not receiving the attention it deserves.
It feels like Proton (with its vpn, email and the whole 'suite' they are promoting under the brand) is simply another growth company, focused on adding more and more features rather than on good old fashioned stable products.
I also got this ad yesterday when I opened PM. It's the kind of ad you'd expect from a free tier but not as a paying customer. At first it made me wonder if my subscription had expired.
I think we're at a pretty clear turning point in the "scorpion and frog" fable. Continue into the river at your own peril.
I had recent concerns too; between the mobile app not really working well anymore, and their confusing rebrand where I now have to go to a different URL, and these popups, and now this.
Issues with the app:
- notifications sometimes don’t pop up on iPhone. Yes, I have the enabled.
- app can take a minute to load
- when you click on a notification, it opens the app on the previous email you read, while taking a very long time to load the one you clicked on
I seriously hope they refocus on their core product. These issues are new.
> Never used the bridge, but honestly I am not surprised that it may be broken and not receiving the attention it deserves.
The bridge was broken in the past, but since around maybe 2-3 years it seems to be working fine.
According to the linked GitHub issue, bridge is not fine and is deleting messages.
Do you mean the ad about the Visionary subscription? I'm also a paying customer but I'm OK with these one-time notification kind of ads about the product I'm using. Just don't shove it in my face every time I open it.
Some years ago, I evaluated Protonmail as a replacement for my personal gmail account.
When came the steps "can I easily move from this service?", I realized you have to _pay_ to export all your emails from the service. They make it super easy for you to open an account and receive emails, and then makes you pay if you want to get a copy of your own data.
I contacted the support to tell them it is likely illegal under European Data Privacy laws. They replied I can still export email for free one by one if I wanted to... (which is obviously not a valid answer when you have 5000 emails)
Then I looked in Swiss laws for a similar clause, and found that Swiss laws doesn't give users of online services the right to easily and freely get a copy of their data. It was a law proposal at the time of my research.
So yeah... Your data is so secure in Switzerland that you don't even own your data !
Nowadays they do provide an app (Import-Export) to export all your mail, even for free tier accounts, so it's quite easy to move away.
See: https://proton.me/support/export-emails-import-export-app
Hmm.
When I was using Protonmail in free tier, the Import-Export feature was only for the paid tier.
Seems strange that they only opened it for free tier now. This should be a feature available to any tier in the first place.
5 replies →
Which is close-source (or I didn't find it in their github repo).
5 replies →
Try harder. You can run their bridge to expose imap and use any client to export your emails. Also, your info from "years" ago is out of date as they are a small company that has been working on product/features all those years.
Their point was about having to pay to export your data. Afaik Bridge is still to this day only available to paying users. Still, their statement is no longer true since exporting in bulk is permitted for free with the Import-Export app.
You have to pay to receive a service? Good heavens!
Exporting an XML file from a database of already existing emails is very likely a query that takes milliseconds to run automatically.
If it's true they require you pay to export emails it sounds like borderline extortion.
3 replies →
that's obviously a strawman. What's being critized is the heroin-dealer model of doing business, i.e. "the first dose is free" but you'll be locked in, which seems increasingly popular among a lot of services that try to compete with the big players.
2 replies →
to be fair, any half-decent email client already has this functionality built in for free.
They also don’t care about locking you permanently out of your own e-Mail with no warning, for no reason, with no recourse.
Honestly - there are far better options out there. They’re not in anyway a responsible enough business to manage an e-mail service. It’s run more like a hobby project than critical infrastructure.
I think it's worse than that - they are well into the stage of growth where privacy and reliability are just marketing deceptions. Some other recent data points:
- They suddenly weakened a privacy setting, and even exposed some client IPs for good measure. - https://old.reddit.com/r/ProtonMail/comments/yj5m59/pm_visio...
That changed setting should have been a huge story. I've paid for ProtonMail for like 6 years now, and this was the most disappointing thing I've dealt with.
1 reply →
What are those better options that HN likes? I just switched all my accounts to protonmail, but stories like this make me want to reconsider. The fact that they won't allow me to set up a forwarding rule in case I want to switch again doesn't help.
First of all, bring your own domain. That way you can just point the same address elsewhere if you need to switch again without having to deal with forwarding.
edit: As mentioned by a sibling comment, my email is currently on Fastmail, zero problems.
20 replies →
HN is hooked on fastmail which is a great provider to be honest. Have a look at mailbox.org which is in business since the 90s too. Avoid the privacy trending providers promising you to encrypt your emails.
2 replies →
FWIW, I went from gmail -> protonmail -> fastmail, and have been very happy with fastmail.
protonmail is great as a secure disposable email, but as a go-to daily email service I found it too difficult to manage. Hard to use other email clients due to requiring this bridge, and their mobile apps and web guis are just not up-to-par with other offerings. Being able to use any frontend on mobile (and not deal with complicated proxy setups) was my biggest issue.
Using a custom domain has made the switches easier, as I don't have to tell anyone to update their contacts or worry about forwarding. Just exporting/importing, change some MX records, and I can switch providers any time.
1 reply →
I uses FastMail after I discover this serious issue about Proton. I would say it work flawlessly and their web mail client is super fast; even faster than Gmail.
Besides, FastMail exists before Gmail and the people in FastMail are active standard protocol developers like IMAP and recently JMAP (a modern mail protocol will replace SMTP/IMAP, FastMail as a reference implementation), which is good because at least I know they understand the protocol and implement it by themselves.
1 reply →
I’ve been a Fastmail user for about a decade (I just checked; wow!) and am very, very happy with them. I wish more companies were like them. The service is very reliable, the product is great, their support is amazing and very kind. A lot of companies get distracted by big pivots and hyper-growth ideas, while companies like Fastmail focus on doing their main job very well.
1 reply →
I personally use mailbox.org for years now. Granted, I don't have remotely the usage mentioned in the linked issue and I know users that aren't very satisfied with features like the integrated office webapp, but it does everything I need (emails & calendar sync) and I haven't found a reason not to trust them.
Originally my reason to choose them instead of Protonmail was that Protonmail only works with their official client, which is a far too limiting dependency in my eyes.
I've switched to mailbox.org. They allow boring old IMAP/SMTP (that's good) and are EU-based.
1 reply →
Happy user of Migadu here, mostly because they let you bring as many domain names as you want and just charge usage.
I've been using Purelymail for quite a while now and I've been happy with it.
I'm a happy customer of Zoho Mail
Anyone has experience with hey.com?
1 reply →
Randomly, I get locked out of my Protonmail webmail interface by an hCaptcha. This in itself isn't a problem. The problem starts because I can't actually see the captcha images. So in order to get at my email, I have to provide hCaptcha with a third party email which isn't protonmail, and enable third party cookies and/or install a browser extension for them to set an "accessibility cookie" to get past the captcha. And, well, nobody wants to do anything about that either. I'm sorry, but that doesn't seem reasonable to me.
You should investigate what's blocking the images, as that is the true source of the issue.
What would you recommend? I'd recommend fastmail or mailbox.org
Yep, I encountered this and will not renew the service next year as a result.
The comments in the linked thread are shocking. One person says they lost a job because of email lost by ProtonMail.
I like Tutanota better anyway as it has better value and is truly FOSS (app without Google push is a must for me).
I had to move off tutanota when I discovered they don't offer offline access to email.
Protonmail claims to support offline access, but in every rare occasion I needed it, it wasnt working for me.
1 reply →
Their approach is "we know it's an issue, we are _rewriting everything_ to a new version, in the meantime suck it up lol"
> the reason why we're not putting top prio on this at the moment is that we're doing a significant rewrite
The amount of bad, long-lived bugs that aren't addressed because "we'll rewrite it any day now!" in many software organizations is very upsetting
> I wish that I had discovered these comments before because this issue with bridge cost me a job back in April.
How does Protonmail compare to Gmail? Has anyone switched to Protonmail from Gmail?
I switched a few weeks ago. The process was fine. They have a tool to help you port your mailbox, calendar, contacts. The web client is great. The mobile/android app sucks. The search doesn't work. If you archive an email on web, it wont always apply to the app. The sync between clients is screwy. Gmail is no doubt a better email product but given I paid a year, I'm going to suck it up and deal with it.
I switched from Gmail to Proton Mail earlier this year in an attempt to de-Google. The Proton Mail website and Android app is just about on par with Gmail's. My only complaint is Proton Mail will refuse to load images if something about the host domain isn't configured 100% to spec which is common for non-tech companies such as home utilities. You can only reply from "+tag" addresses, not send outright from them which is a feature of Gmail. Though Proton Mail's email aliases alleviates my need for that.
To clarify because comments (so far) seem to ignore what Proton Bridge does.
Proton Mail is web mail, like Gmail. That part is fine.
You use Proton Bridge as a connector to mail client software.
The thing that’s perhaps unclear is, Proton Mail is end-to-end encrypted email. You use Proton Bridge to walk your secure email beyond that enclave into whatever YOU are running in your userland scenario.
Part of all this is, you’re completely unclear on the concept of secure email the moment you need to use this bridge.
Which begs the question, why would you use Proton Mail if you’re gonna negate its unique value proposition?
Proton Mail is fine. It’s this misguided extension that’s the problem here.
If you’re fine with web mail then this issue doesn’t matter. If you’re not fine with web mail, maybe Proton Mail isn’t really for you.
If I understood correctly I run this bridge on my computer which connects to the protonmail API, downloads my mail, then decrypts it and starts a local IMAP server, so I can read it with my thunderbird.
The email stays encrypted on the server, and this extension only decrypts it locally like it would happen in the web browser.
> You use Proton Bridge to walk your secure email beyond that enclave into whatever YOU are running in your userland scenario.
Look, if I won’t trust the software which is running in my userspace, I’m doing something wrong anyway. Even if I wouldn’t use this extension, a malicious userspace application would still hook itself into your webbrowser, or simply steal cookies/tokens from your browser’s profile folder and hijack the protonmail session.
> Which begs the question, why would you use Proton Mail if you’re gonna negate its unique value proposition?
If I’m not mistaken with my assumptions at the top, the email still stays encrypted everywhere except on my PC. I don’t trust the mail provider, and I don’t trust protonmail. Protonmail could just change their web app at any moment to upload your second password which is used for unlocking your keys, and you wouldn’t notice. This can’t happen with an extension which doesn’t even have an auto updater.
Anyway, it goes both ways. And some people just want to use their email client, instead of a web app.
Yes.
Some people want to subscribe to a premium encrypted email provider so they can download that email locally so it can live perpetually in ever expanding sub folders on disk, in plaintext.
These are the people who need Proton Bridge.
1 reply →
> Proton Mail is end-to-end encrypted email.
Well, no, not really. That is the claim that they make but such a thing doesn't really exist, well at least not in the way they suggest. It is e2e if either both parties are using PGP or Proton mail. That is a very small percentage of global mail flow.
Thank you for that. This goes without saying.
1 reply →
I will agree with you if the bridge in a open source project backed by communities.
However, bridge is a paid feature used to attract more users.
Also, I don't understand your point about e2ee.
Bridge to proton server is also e2ee.
The mail interface is just a implementation of e2ee in browser, isn't it?
No.
Proton mail is a paid service. It comes with the bridge. The bridge is not extra.
Free-tier Proton Mail may charge for the bridge. I don’t know, I don’t use free-tier Proton Mail.
2 replies →
> Which begs the question, why would you use Proton Mail if you’re gonna negate its unique value proposition?
Because most users don't care about the end to end encryption. They just want to host their email somewhere [1]. And perhaps have it available offline.
All this encryption on everything is mostly turning into security theatre. All mostly because identity theft is so easy in the US. Perhaps that's the problem that needs to be fixed.
[1] lately somewhere that is not Google.
Yep, I could see myself using PM just as a replacement for Gmail, since they have a semblance of a brand and reputation in this space—plus at least somewhat privacy-oriented attitude, which is more than many others got.
The bridge is just another client in the sense that any ProtonMail client would need to decrypt emails so you can view them. To be honest, their web client is probably less secure and trustworthy than other mail toolchains you could run locally. So if the bridge was reliable and trustworthy (which it may not be, hence this submission), using it is probably the most secure option.
“ To be honest, their web client is probably less secure and trustworthy than other mail toolchains you could run locally. ”
To be honest, you’re guessing amirite? Be honest.
Bizarre statement, it’s like in-browser security doesn’t exist? The password manager browser extension you may use, that’s Swiss cheese right?
1 reply →