this post was submitted on 04 Sep 2023
41 points (91.8% liked)
Privacy
32173 readers
510 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You want to apply for a job or just curious?
I was thinking about incentives and motivations. Are they motivated by profits?
I was also thinking about how sometimes listening to everyone in a team can save them from failure. Do Proton and Tutanota listen to everyone?
I'm pretty sure tutanota is just another company with employees doing their boring 9 to 5 job. They have an admirable goal, but I'm not too fond of how they go about it (the whole "use our app, the browser or bust" is, all things considered, a pretty big mistake IMHO), and the people from tutanota I have interacted with didn't strike me as specifically "driven".
I can't speak for proton, however. I have used it, it also doesn't let people use email clients. So, maybe it's better than tutanota, probably, I guess. On the other hand, tutanota has their app on f-droid, and proton doesn't.
Either way, if they really cared about E2EE and email, they would have extended the existing, instead of reinventing the wheel. Yes, it's harder. But it would actually foster natural transitioning of users over time, and it would make a deep, lasting impact, instead of essentially being a "proprietary platform" with apps (open source or not).
Interesting. Thanks for the reply!
I have also chatted with Tutanota workers and I didn't have the impression that they were not driven. In fact, I think about myself: if I was a good enough developer, experienced with their stack, I'd love to work with them just for what they stand up for regarding privacy and openness. It seems like a very gratifying way of spending my time.
As to the closed platforms, I totally agree with your criticism in purely abstract terms; I don't like that I need to rely on Tutanota for encrypted email instead of a federated system like XMPP or Matrix. However, Matrix has been an aspirational platform in which only my closest friends, and the wokest or tech-savvy acquaintances join. For a good chunk of my daily life, if I want libre, metadata-reduced, and encrypted communication, I have to rely on Tutanota's closed email system.
Do you think there's a way of extending email (rather than "reinventing the wheel") that's also as simple as "give me your email and let's agree on a password"?
Full disclosure, I have no idea about the position of the person I talked to. They sounded quite superior, so I am guessing they were talking about a subject that is their daily work (so I'm assuming dev). But it is far from mine (even though I would like to know as much as humanely possible, I have unfortunately no time to learn app development, browser development, and the related ins and outs), so I can't judge how knowledgeable they were.
Definitely better than most jobs, yes. No questions there.
That is, IMHO, more related to politics and release timing than anything else. I have taken forever (only deployed a server 2 weeks ago) to try matrix because of all the associated complexity and inherent "nerd factor" (RTFM and all that, again, I have a pretty demanding job and a private life too - so I really appreciate a solution like signal, briar, simpleX, etc, that can stay out of the way while allowing me to use it until I have time to eventually review bits and pieces and then more). It's a sad thing, but they missed a key wisdom from Linus Torvalds himself: make it as painless as possible for the user (after all, all salespeople know that a good sales opportunity is characterized by a "pain point" for the user).
Great question, thank you for asking. And yes, absolutely. I believe MUAs have done a terrible job presenting the users with clear UI for PGP. The PEP project has gone farther than most, and contributed quite a bit, but in fine, I would posit that they all missed the mark in associating PGP encryption with an opt-in, additional feature, while, correctly implemented in the UI, it would actually be a very viable solution to combat spam, by defaulting to EE2E+signature for all emails. And thus, it could be a very good way to sell it to "normies".
This could still be done with a "normal" email interface, but enabling the whole automatic encryption+signature via a procedure similar to signal's cryptographic verification.
Also, the MUA should clearly manage the pgp keys by default, allowing their management via the OS as an opt-out, so to enforce sensible defaults, allow expiration extension, etc etc.
Not OP. But I’m personally curious about the question regarding how decisions are made, but with more focus from the perspective of user experience. As in, how do they decide which features to focus on?
While I’m a fan of Proton, sometimes they seem to be doing too many things simultaneously, which is good but I worry them spreading themselves thin.
How do they do user experience research, especially with many people in the privacy community usually turning telemetry off? What do they rely on to make decisions about features and user experience? Do surveys work for them? Who make the decisions afterwards?