renamed posts
This commit is contained in:
flupe
parent
23e8f6e525
commit
6e1302fb3c
1
content/posts/2020-04-13-a-first-entry.rst → content/posts/first-entry.rst
Normal file → Executable file
1
content/posts/2020-04-13-a-first-entry.rst → content/posts/first-entry.rst
Normal file → Executable file
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
title: A first entry
|
||||
date: 2020-04-13
|
||||
---
|
||||
|
||||
This is the first entry of this blog.
|
||||
|
|
@ -0,0 +1,200 @@
|
|||
---
|
||||
title: Switching from Proton Mail to Migadu
|
||||
date: 2022-11-02
|
||||
---
|
||||
|
||||
Today I took the decision to switch mail providers, moving from [Proton Mail] to
|
||||
[Migadu].
|
||||
|
||||
[Proton Mail]: https://https://proton.me/mail
|
||||
[Migadu]: https://www.migadu.com
|
||||
|
||||
I've been a loyal paying user of Proton Mail for about 5 years now, and during
|
||||
those years I've been fairly happy with the service they provide. However,
|
||||
looking back on it, I don't think I'm their target audience, and I've come
|
||||
to realize my mailing life would be much better without them.
|
||||
|
||||
I first heard of Migadu when reading Drew Devault's [Email provider
|
||||
recommandations][providers]. If I were to only trust one person about best mail
|
||||
practices, that would probably be him.
|
||||
|
||||
[providers]: https://drewdevault.com/2020/06/19/Mail-service-provider-recommendations.html
|
||||
|
||||
In this post I write down some thoughts about the change.
|
||||
|
||||
## Pricing
|
||||
|
||||
What I like most about Migadu is that they charge **by usage** rather than by
|
||||
some artificial metric like the amount of custom domain names or mailboxes you
|
||||
have.
|
||||
|
||||
I own --- rather, rent --- several domain names for which I need mail adresses
|
||||
available, even though I rarely use them. *With Migadu, I can create as much as I
|
||||
need*, even at the lower tier. In contrast, to use several custom domains with
|
||||
Proton Mail you need to have at least an Unlimited subscription (12€/month), and for more
|
||||
than 3 it's only possible with the Business tier (11€/user/month), even
|
||||
if the total space used by mailboxes amounts to less than 15GB, the space
|
||||
allowed in the Plus tier (4€/month).
|
||||
|
||||
Additionally, one of my domain name looks like `[familyname].me`, which I've
|
||||
been using for years to have a short mail address `[firstname]@[familyname].me`.
|
||||
My relatives have grown quite envious (not really) and I've offered to create mail
|
||||
adresses for them too. But with Proton Mail, every new user and its associated
|
||||
mailbox under the same custom domain incurs additional cost, unrelated to
|
||||
the *real* cost of memory space and bandwidth usage.
|
||||
|
||||
With Migadu, adding as many users as you want is free, so long as the total
|
||||
storage space remains under the limit granted by the subscription tier you pay for.
|
||||
This is how it should be measured. I. like. this.
|
||||
|
||||
## Encryption
|
||||
|
||||
The main feature put forward by Proton is the pervasive use of public-key
|
||||
cryptography to store your data. When mails are sent to your address, Proton
|
||||
will use your public key to encrypt them on their servers. The associated
|
||||
private key is derived from your password, and in principle Proton never has
|
||||
access to it. All the decryption happens *on the client side*.
|
||||
|
||||
While the idea is appealling, it does require quite a bit of trust in the
|
||||
provider, trust I'm not sure I'm willing to grant. Fastmail has [a great write-up
|
||||
about this][privacy]. If you --- as a user --- truly required so high privacy
|
||||
standards, you'd either control the entire infrastructure yourself, or use
|
||||
something other than mail.
|
||||
|
||||
[privacy]: https://fastmail.blog/advanced/why-we-dont-offer-pgp/
|
||||
|
||||
Indeed, it feels like it would *technically* be very easy for Proton Mail to
|
||||
update the web client to retrieve private keys. Unless you are willing to
|
||||
thoroughly audit the client you use and stick with it, you just have to believe
|
||||
that Proton has no incentive (or external pressure) to do so.
|
||||
|
||||
Considering this, I somewhat feel like pushing encryption so much to the front has
|
||||
mostly become a marketing argument. Not so different from how some VPNs claim
|
||||
to do [encryption over encryption][double-vpn] for *twice* as much security.
|
||||
|
||||
[double-vpn]: https://nordvpn.com/features/double-vpn/
|
||||
|
||||
My main motivation for going to Proton Mail in the first place was moving away
|
||||
from big corps whose business model relies solely on advertising and data
|
||||
harvest rather than being paid by users for the *good* service they provide. Not so
|
||||
much out of concern about encrypted storage.
|
||||
|
||||
If that's what rocks their boat, and attracts new customers, frankly let them have it.
|
||||
However I simply can't help but notice that this obstinate push for encryption
|
||||
is the source of many complications.
|
||||
|
||||
### No IMAP and SMTP support
|
||||
|
||||
Because of how they store encrypted mails, they are not able to provide an IMAP
|
||||
and SMTP server for your favourite mail clients to connect to directly[^1]. To
|
||||
remedy this, they released [Proton Mail Bride](https://proton.me/mail/bridge),
|
||||
an app that will run on your computer, decrypt mail locally in the background
|
||||
and act as a private IMAP and SMTP server. I've personally had many issues with
|
||||
Bridge on Linux, I am [not the only one][deletion], and it really does feel like an
|
||||
annoyance that is hard to justify, especially to less tech-savy relatives.
|
||||
|
||||
[^1]: At least that's how they justify it. Considering they don't encrypt mail
|
||||
subjects, and I assume sender information, I'm not sure I understand why they
|
||||
cannot just provide an IMAP server that would deliver OpenPGP encrypted mails,
|
||||
that could then be read by any mail client that supports it (many of them do).
|
||||
But I don't know much about how they store things, so I'll give them the
|
||||
benefit of the doubt. It's also possible that they purposely want to avoid
|
||||
customers having to deal with OpenPGP, hence the bridge. If that were the
|
||||
case, it's inexcusable that they don't let people that *choose* to be able to
|
||||
access a regular SMTP server directly.
|
||||
|
||||
[deletion]: https://github.com/ProtonMail/proton-bridge/issues/220
|
||||
|
||||
On mobile though, no such thing as Proton Bridge, you're stuck with the clunky,
|
||||
slow, half-assed official client from Proton Mail.
|
||||
|
||||
### Webmail search
|
||||
|
||||
For a very long time, it was *impossible* to search your mail by content on the
|
||||
webmail, because of encryption and all. They recently released a new feature
|
||||
whereby you can choose to pre-process every single mail in a specific browser so
|
||||
that search becomes possible. That's a very impressive improvement. But
|
||||
considering I don't care much about encryption, that also was a considerable time
|
||||
waiting for a quite basic feature.
|
||||
|
||||
## Mail provider vs Software suite
|
||||
|
||||
(Not so) recently, ProtonMail has been renamed to Proton, an entity providing
|
||||
many different services, from the original mail provider to a VPN
|
||||
service, an encrypted cloud, an encrypted calendar, and likely more to come.
|
||||
|
||||
This may be appealing to many, especially as a replacement to big corp do-it-all
|
||||
solutions like Google services. To me however, it's not a good sign: it
|
||||
*feels like* by trying to do *everything*, the development of any of those
|
||||
services gets slowed down, and we end up with half-assed solutions.
|
||||
|
||||
I don't care about VPNs (and most people probably don't need one). I don't care
|
||||
about having an encrypted calendar. I manage my own cloud at home. What I want
|
||||
is a proper mail service, and if you're gonna force me to use a shitty SMTP
|
||||
proxy and your official mobile app, you better make sure they are *really* good.
|
||||
|
||||
In contrast, Migadu only does mail hosting. Nothing more. It provides IMAP, SMTP
|
||||
and POP3 servers accessible over authenticated TLS, that just work. The
|
||||
administration interface is feature-full but straight to the point. They simply
|
||||
go out of your way.
|
||||
|
||||
## Agressive marketing
|
||||
|
||||
After the official launch of their suite, Proton unveiled a complete rebranding,
|
||||
with a shiny new visual identiy. They really strengthened their storytelling,
|
||||
and started agressively advertising their brand. Maybe that's the only way to keep
|
||||
growing and acquire new customers. But I find it very tiring. Even as a paying
|
||||
user, you are often bombarded with calls to upgrade your plan, benefit from an
|
||||
AMAZING discount for the new VPN tier, black friday yada yada.
|
||||
|
||||
I like the simple presentation of Migadu. Nothing much to add to this.
|
||||
|
||||
## Location
|
||||
|
||||
Proton argues that because they are based in
|
||||
Switzerland, the stricter local privacy laws should protect *you* from abusive law
|
||||
enforcement claims. Migadu is also registered in Switzerland but hosted in
|
||||
France (therefore having to abide by European data protection laws). I don't
|
||||
think there is any substantial difference between the two situations, even though
|
||||
you probably shouldn't count on your mail provider defending you either way if
|
||||
authorities are onto you.
|
||||
|
||||
## Unfair criticism
|
||||
|
||||
Although I've been critical of Proton Mail in the past paragraphs, I do think it
|
||||
is the target of many disingenuous attacks. A recurring complaint has been the
|
||||
fact they do not make their products open-source from the get go. This happened
|
||||
when Bridge was released, when the Android app was released, and so on.
|
||||
|
||||
I think Proton Mail has dramatically improved over the years. Making things from
|
||||
scratch under public scrutiny is hard, and it somehow feels normal to me to take
|
||||
time to refine something in private and audit it before making it available.
|
||||
Especially is there are security concerns.
|
||||
|
||||
If I write code in private, I am able to take many shortcuts and produce quick
|
||||
ugly code that works. Cleaning it out for public appreciation and release comes
|
||||
later.
|
||||
|
||||
## About the actual move
|
||||
|
||||
Not much to say here, nowadays it's fairly easy to export all your Proton Mail
|
||||
mailboxes using their own [Import-Export app][export]. Importing this into any
|
||||
IMAP server isn't too hard either.
|
||||
|
||||
What I do want to note is how surprisingly quick it was to setup Migadu.
|
||||
The administration panel is very clear and the instructions for updating DNS
|
||||
records incredibly informative. It even talks about *autoconfig* and
|
||||
*autodiscovery* records, which I had no idea was a thing! This lets Thunderbird
|
||||
fill out proper server information automatically, even for custom domains. Neat.
|
||||
|
||||
[export]: https://proton.me/support/export-emails-import-export-app
|
||||
|
||||
----
|
||||
|
||||
## Bye
|
||||
|
||||
I wrote down this post mostly for myself, and to slowly get into the habit of
|
||||
throwing words at my computer and publishing without overthinking it.
|
||||
Feel free to comment on this by sending me a mail --- hosted on Migadu --- at
|
||||
[flupe@acatalepsie.fr](mailto:flupe@acatalepsie.fr)!
|
||||
|
||||
1
content/posts/2020-09-26-syndication.rst → content/posts/syndication.rst
Normal file → Executable file
1
content/posts/2020-09-26-syndication.rst → content/posts/syndication.rst
Normal file → Executable file
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
title: Syndication for the greater good
|
||||
description: Where I setup an Atom feed
|
||||
date: 2020-09-26
|
||||
---
|
||||
|
||||
I stumbled upon Matt Webb's `About Feeds <https://aboutfeeds.com/>`_ and
|
||||
Loading…
Reference in New Issue