Comment by stblack
3 years ago
“ To be honest, their web client is probably less secure and trustworthy than other mail toolchains you could run locally. ”
To be honest, you’re guessing amirite? Be honest.
Bizarre statement, it’s like in-browser security doesn’t exist? The password manager browser extension you may use, that’s Swiss cheese right?
You're not looking for a discussion, but rather a fight. I hope you find some peace. Understand that not everyone who responds with a counterpoint also downvoted you.
But I'll respond once in good faith - a browser, which is designed to load and run obfuscated remote scripts from quasi-trusted sources, and display complex untrusted HTML mail content, and which is subject to XSS vulnerabilities, will always be inherently less secure than, e.g., mutt. It exposes you to potentially malicious second parties (e.g. ProtonMail) and third parties. This is true regardless of any mitigations and security measures that are also built in to the browser. If you have enough distrust in your threat model to use ProtonMail, you also likely acknowledge the browser's weaknesses.