 Guys it's over, I've been exposed, I'mma sell out. Because last week I made a video talking about my favorite email providers, and I gave ProtonMail a favorable review. And almost immediately I started getting comments like ProtonMail is terrible, ProtonMail is a honeypot, you sold out. How much money did ProtonMail give you? And to be honest I knew I would get these kinds of comments because ProtonMail is one of the most polarizing services out there. Any time you mention ProtonMail online people either absolutely love it or hate it. Pretty much no in between. And there's a good chance that you might even have heard some of these reasons why a lot of people don't like ProtonMail. You've probably heard of this huge drama that happened a few years ago where ProtonMail logged the IP address of an activist after the government told them to and basically got somebody arrested. And I thought ProtonMail was supposed to care about your privacy but they're just going to give all of your info away to the government. Of course ProtonMail brands themselves as these champions of your privacy, they're not going to read through your emails, but if they just give away all your info then what's the point? And even before all of this drama a lot of people were thinking that maybe ProtonMail was a honeypot or basically a trap set by the government. Like they look like they're going to be all privacy respecting but oops surprise it's actually run by the government and now they have all your emails. You've probably seen some of the mental outlaw videos talking about this subject and of course I think mental outlaw is a great channel but at least on YouTube he is probably one of the biggest names that is responsible for why people don't trust ProtonMail these days. But in this video I'm not just going to defend ProtonMail but really in this video I want to go deeper into the topic and talk about why you really can't 100% trust any email provider out there, not just ProtonMail. And finally at the end of this video I basically want to answer the question if you can trust ProtonMail or not and should you trust ProtonMail? Because the answer is not actually the same for everybody. Now of course before we actually get into this video I have to say that I am not sponsored by Proton at all. I don't even have an affiliate link so I really have nothing to gain by trying to make ProtonMail look better than it actually is. So yes I'm literally out here doing it for free. And Proton if you're watching this at least hook your boy up with an affiliate link. I can't just be out here simping for your company without getting any kind of benefit that just looks kind of pathetic. So Proton, hit me up sometime we can go on a date. I promise I'm a nice and well adjusted person. But let's just get into the video so before I can actually answer if you should trust ProtonMail or not. I have to give you a short history of email. I promise you this is going to be more interesting than it sounds. Just sit down relax a little bit and let me tell you a story. So of course email today is this giant communications platform that billions of people across the world use every single day. But the thing is email was never meant to be this giant communications platform. And the people who created these early versions of email they never knew what it would become. I mean email in its very early form was really just created because the creator thought it would be cool to be able to send messages to different computers. Because the first emails were just sent within a local network with trusted users. And if you were building this system that was basically used to exchange messages around the office just for fun. You wouldn't be thinking about any sort of security or privacy or encryption or any of that. Look if you're just exchanging memes to people around the office you don't really care if there's some evil hacker that can intercept your memes. The people who created email obviously weren't thinking about that. They just did this because it sounded cool. And only later on did email start to actually become so widely used that these kinds of things became an issue. And so the early form of email with no security it worked inside a small network. But what happens when it starts to be used by millions of people, millions of interconnected computers around the world? Well now it's starting to be a security issue. And by default all of these email standards that were originally created like SMTP, they had basically no security and messages were just sent in plain text across the internet. So that means that anybody in the middle could just intercept these emails. And back in the day there was no way to actually verify if the emails are actually coming from who they say they are. Like if you wanted to scam somebody and pretend to be Elon Musk and send somebody an email from elonmusk at tesla.com or something like that. I mean you could just do that back then. So only later on were these security layers actually added. But they were basically all patches to an already insecure protocol. So only later on did they add something like DKIM as an example, which basically verifies that it's actually coming from who it says is coming from. And only later on did we get things like TLS, basically HTTPS for email. So while your email is being transferred to another server, it can't be intercepted in plain text along the way. But even with all these layers of security that have been added to email over the years, there is still one big problem with email. And that is whenever it reaches its destination, it is still in plain text. So when you send an email to a Gmail account, while it's being sent over the wire, it is encrypted. But as soon as it arrives, it is unencrypted and just sits there in plain text. That means that Google can read through your emails whenever they want to. And you might not think that's a big deal, but what if you want to send something really sensitive or something really confidential over email? Maybe you want to send something really secretive over email. Maybe you're even a government whistleblower that is exposing some wrongdoing of your government. Well, if your government asked Gmail to hand over all of the emails, they will just do that and they're just sitting there in plain text so there's nothing you can really do about it. But this all changed in 1991 when Philip Zimmerman invented something called PGP, which stands for Pretty Good Privacy. Now, the details are a little bit technical, but basically what PGP allows you to do is encrypt the content of the email. So if you send an email to somebody else and you only want you and that other person to be able to read it, then you can use PGP to encrypt your email and then only you and your friend are able to read these emails. Now, these days, this doesn't sound too crazy. I mean, we have a whole bunch of end-to-end encrypted apps, even things like WhatsApp are end-to-end encrypted these days. But at the time, this sort of technology was basically unheard of to the public. The public before had never had access to this kind of encryption and cryptography. And of course, the government absolutely hated it. Of course, the government wants to read every single message you ever write. How else are they supposed to protect you from the bad guys? You can always trust the government to keep you safe, right? And the US government was so threatened by this that they actually started a criminal investigation against him. And they were about to hit him with the same kind of punishment that they give to international arms dealers. That's how dangerous they thought this guy was. Oh, and by the way, in an absolutely gigachat move, this guy Zimmerman, he actually published all of the source code as a book. He basically open sourced his software before it was cool to and put it all in a book as a sort of loophole to get around the government trying to ban his software. And that's a whole other story. I'm not going to get too off topic, but I just have to mention that as that is pretty based. And so you might think that with the invention of PGP, all emails going forward were going to be encrypted. And people could now talk about whatever they want over email without having to worry about government surveillance. Well, that was the dream. But eventually the government dropped the charges against Zimmerman. And that's just because PGP never caught on. So PGP works great, but it's pretty confusing to set up the first time you do it. It's pretty technical. Like PGP gives you two keys, a public and a private key. And you have to send your public key to your friend in order to encrypt your messages. And then you have to keep the private key safe on your computer and also keep it backed up on a USB because you don't want anybody else to have access to it. And it's just kind of a confusing process. And most people really didn't care to do it. The only people who really ever cared about it were privacy activists, you know, weird people like the type of people that watch my channel. And I'll be honest, even today, even for tech savvy people, PGP is just pretty confusing. So you can't really expect normies to use this or even care. Now maybe in some alternate universe, a big company like Google or Microsoft could have perfected this technology. Maybe they could have created some easy user-friendly way for every normie to be able to use this and then email would be private for everybody. But really, what incentive do they have to do that? I mean, Google built their entire business up by reading through your Gmail messages in order to collect personal data about you. So really, what reason do they have to make your email encrypted? It just wasn't worth it for them. But wouldn't it be nice if there was a company out there that just made something like PGP encryption easy and available to everyone? Well, that kind of brings us to Protonmail because essentially, that is what Protonmail is trying to do with their service. So Protonmail will encrypt all of your emails with PGP by default. So they encrypt every single email that goes into your inbox with PGP so not even they can read through it. And if you send an email to somebody else who uses PGP, then it will automatically end-to-end encrypt that so only you and the recipient can actually read through the message. Nobody else can. And the best part is they make this all really easy so you don't have to do all this complicated setup and worry about public and private keys. All you really need to do is just sign up for a Protonmail account. But unfortunately, in order for them to make it easy to use PGP, they also require some level of trust because most email that you receive in a Protonmail account is going to be coming from something like Gmail or Outlook. It's not going to be end-to-end encrypted. And so whenever it arrives to Protonmail, it is completely in plain text. They can read through the entire message. And only after they receive it and check it to make sure that it's not spam, do they actually PGP encrypt it inside your inbox. But the thing is, do they actually encrypt it? So of course they say they do and their code is open source so you can actually verify that. But is the code that's running in your browser really the same as the open source code that's available? I mean, if they really wanted to, it is technically possible for them to no longer encrypt emails that go into your inbox. And they say they also encrypt your private PGP key, which is what you use to unlock the emails. So really only you can unlock the emails. But what if they don't encrypt your private key? Because you didn't set it up yourself and instead you entrusted Protonmail to do it, you can't be 100% sure that they're doing what they're saying they're doing. Oh no, what if they're lying? But this isn't just a problem with Protonmail. This is a problem with every single email provider out there. Every single email out there, you have to have some level of trust because no matter how much they claim to care about your privacy, there's always the chance that they could be lying. I'm talking about every private email out there, something like Tudonota or maybe Skiffmail. You can't really 100% trust any of them just because of the nature of email. Like I said, email was never meant to be private or even secure. And if we can't trust any of these companies, then why would you use any of them? And I would say the biggest reason is because of convenience. So like I said, if you wanna do encryption yourself, it is very technical. You have to download this weird command line program, create your PGP key pair and do all of the work yourself. It's very confusing and most people don't wanna do it. Most people just want an email that just works. And I'm really just a normal person. I want an email that works. I have business to do over email and I don't really care to be managing my email so much. But there must be some way to verify if these companies are actually being honest, right? If they really could decrypt your email, then they could just hand it over to the government every time they ask. Because of course the government wants to read their emails. If you did something illegal or if you're even suspected of doing something illegal, then the government very often knocks on the doors of these email providers and asked to read all of the emails inside somebody's account. And like it or not, Protonmail has to comply with these requests. I mean, they try to fight them as much as they can, but sometimes they just have to give some information up because if you don't, then the government will literally shut you down. That is what famously happened with Lava Bit, which is famously Edward Snowden's email. The government came knocking one day and asked for all the keys to decrypt the email. And since the founder didn't want to hand it over to the government, he just closed down the entire service. So like it or not, any business has to comply with the government. Even if they live in a country that has very good privacy laws like Protonmail does, if the government comes knocking, they still have to give them what they have. But there is one way to actually tell if Protonmail is telling the truth or not. And that is, what information do they give up to the government? So remember that time when Proton logged the IP address of an activist? That is literally all the government got. So the government didn't get any decrypted emails because with how Protonmail's encryption is, they can't get access to them, even if they really want to. And the IP address was literally the only info they handed out. And that's a good thing. And the thing is, this is not exclusive to Protonmail. Every private email company also has to give out information to the government if they want to survive. So famously, Tudonota also had to follow government orders and remove incoming message encryption for a user that the police were after. So Tudonota's encryption made it impossible to decrypt any of their old messages in the inbox, but any new emails that came into their inbox were not encrypted. Again, they had to follow the law and they did their best to fight it, but there's only so much they can do. And when you have somebody else manage your email, you are going to have to give them some level of trust. Unfortunately, a lot of things in privacy are about trust. And that's why I say if you're doing something illegal, not that I condone that, but if you're maybe an activist and you have to hide something from the government, do not use email. Even if you host your own email server and do all of your own PGP encryption, it is still not 100% foolproof. If something absolutely must stay secret, don't use email because inherently, it is insecure and not private. It is literally the wrong tool for the job because it was never meant to be either of those. Instead, use something like Signal, which was literally built from the ground up to be encrypted. But if you're somebody that just wants to keep your emails private from corporations, maybe you don't want Google reading your emails, like I don't want Google reading my emails so they can give me targeted advertisements or train their AI or something like that. Of course, I think Proton is a much more trustworthy company than something like Google. And so I also don't agree with these people who just throw their hands up in the air and say, oh, who cares about this whole privacy stuff because anybody can just read my emails. So I'll just give them all to Google. I don't believe in making perfect the enemy of the good. And I would say using a service like Proton Mail or Tutinota is going to be much, much better for your privacy than something like Google. You can read through Proton Mail's privacy policy and see all the information they collect. They really don't collect that much. But if your threat model or your privacy level is somewhere where you need to worry about the government, do not use email. Not just Proton Mail, but don't use any email service out there. They're not going to save you. And so the only real complaints that I can see somebody making about Proton Mail is that they hype themselves up a little bit too much in their marketing. So in their marketing, they say, of course, they're very secure and private. Of course, Proton Mail is not going to say something like, oh, email is just inherently insecure and not private. So you can't really trust anyone with your emails. Of course, if they said that, nobody would use Proton Mail. So of course, they're going to hype themselves up a little bit and say that they're going to be very private and keep all your emails safe and secure. And I can't really fault them for that because I do think that they're a very good service and they absolutely care about what they're talking about. And I think Proton Mail has made some mistakes before, like previously their onion side used to redirect to the clear net, which is a bad thing if you're really trying to stay absolutely anonymous. But since that whole drama, they have completely redid their onion side so you can now sign up for an account completely anonymously. I mean, I did it just the other day. They didn't ask for an additional verification with a phone number or an email or anything like that. And if you even want to pay anonymously, you can even send them cash by mail. And so that's why I still think that Proton Mail is one of the best email services out there because most people who use email, they don't want to set up their own email server and do all of their PGP encryption themselves or they don't want to completely abandon email and only use signal to communicate. I think most people who use Proton Mail want an email that just works and respects their privacy, which Proton Mail absolutely does. And if you are very paranoid and still don't trust Proton Mail, I mean, that's totally fine. I can understand why you might not trust Proton Mail. But if that's you, then don't just go around trashing Proton Mail and saying that is terrible for everyone. Maybe it's terrible if you're a political activist, but if you're just a normal person who runs a business, like I don't even care about being anonymous online. I have my full government name in my email address. So for the level of privacy that I care about, I think that Proton Mail is a very good product. So hopefully we can put this whole debate to rest about if Proton Mail is good or bad and just use the option that works best for you in your particular situation. But of course, if you don't agree with me, you're still welcome to call me a Proton shill in the comments. And Proton, I'm still waiting for my money. Hit me up.