yes, non-PGP encrypted mails send and received from outside can be intercepted and read, like any mail provider
PGP encrypted mails (such as those sent between protonmail users) can't be, although the web-client could ostensibly be backdoored to either reveal your private key or certain mails. This happened with hushmail in the past, for example. It's unlikely you'd detect if you got a slightly different version than everyone else.
Using an open source bridge, along with your own mail client could avoid this particular scenario, but not many do this.
It's an improvement in security to say, Google which just stores all your mail in plaintext and can query it at will, but mail (even encrypted mail) will always suck for privacy.
laanwj
npub1p2…crnl6
2024-09-20 07:58:58
in reply to nevent1q…aww8
Author Public Key
npub1p23eukh0nxsqpfaakz6fj9vvj27y4gs0kevnrffdq4d4adkl7uuq7crnl6Published at
2024-09-20 07:58:58Event JSON
{
"id": "231f4bf53b7dcc6fa250e711c5dc581ddc8ce7690a9e6a9ba2c1ca532eebbb41",
"pubkey": "0aa39e5aef99a000a7bdb0b499158c92bc4aa20fb65931a52d055b5eb6dff738",
"created_at": 1726819138,
"kind": 1,
"tags": [
[
"e",
"75bde28bd963b9a2a65942e1ba5121810bf08d6c211273a91c5fd36bd213a205",
"",
"root"
],
[
"e",
"46d002ec64eb60ac72240772d38419d7519b724e3637bad9a7bb344d3e28cb9a",
"",
"reply"
],
[
"p",
"2641c5060e4eec82089fdb2c9eb84714660fddf7c23a01d731311481983f0175",
"",
"mention"
],
[
"p",
"d7094945513d0072aa9e2d300c65fba336be751ef60eecbbf0d7a4871561d41a",
"",
"mention"
],
[
"client",
"noStrudel",
"31990:266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5:1686066542546"
]
],
"content": "yes, non-PGP encrypted mails send and received from outside can be intercepted and read, like any mail provider\n\nPGP encrypted mails (such as those sent between protonmail users) can't be, although the web-client could ostensibly be backdoored to either reveal your private key or certain mails. This happened with hushmail in the past, for example. It's unlikely you'd detect if you got a slightly different version than everyone else.\n\nUsing an open source bridge, along with your own mail client could avoid this particular scenario, but not many do this.\n\nIt's an improvement in security to say, Google which just stores all your mail in plaintext and can query it at will, but mail (even encrypted mail) will always suck for privacy.",
"sig": "c65cf7a064b2d32a04fc2af22c3b060b2cbbac987f6bfa7239d4688b042df9240198aae697a5db97c54c3207f7a9dc844c6bcfc458e2eeba2a02d2bb72a49b76"
}