Well this is fully right. I have many contacts with just a phone number. There is no need for it to be none e2ee and I take issue with the data being visible to Proton. It can largely identify your social graph and perhaps sensitive contacts. This may be different in one other’ thread model.
But generally the lacking ability to view the contacts via an app on the phone makes it to be nothing usable to me.
Which can also be gathered from monitoring any email provider’s SMTP relay. I think the reason Proton doesn’t bother encrypting this is because there isn’t a lot of point, email providers must be able to determine where an email comes from, and where it should be sent to.
Protonmail’s app also won’t show show those in the dialer either. It’s been a requested feature to add an adapter https://github.com/ProtonMail/proton-mail-android/issues/10 for that. Maybe they could have an option to expose some contacts to the phone.
Once again it’s looking like hosting your own small Radicale service and using DAVx⁵ to connect to it is probably the least painful experience. Maybe we could even do a little blog tutorial on that. Radicale is super easy to set up, because essentially it’s a single python script with minimal dependencies.
You could probably do this on your home LAN/PC if you don’t want to pay for hosting. Of course it would only be synchronized when connected to your server.
That would be fantastic. I haven’t self-hosted anything before so a step-by-step guide for non-programmers would be appreciated. If my calendar and contacts were hosted on my own hardware then I wouldn’t be as concerned with them being E2EE.
Arent they currently focusing on their Etebase backend?
I used to subscribe to them but then the recession hit and cost cutting came and had to let them go.
The project seems to offer a simple and basic functionality. Does anyone else think they are approaching a feature complete state and that they are focusing on other things (like the aforementioned EteBase)?
I don’t think that would be a good idea. If you don’t know how it works you won’t be able to secure it well (sorry).
Damn, you’re right. In that case I’ll either have to wait for Proton Calendar to mature a bit or make peace with a CalDAV provider that is privacy-respecting but not E2EE (Mailbox.org?). As much as I want me calendar data locked away, it doesn’t do me much good if it doesn’t work.
The project seems to offer a simple and basic functionality. Does anyone else think they are approaching a feature complete state and that they are focusing on other things (like the aforementioned EteBase)?
I wouldn’t consider it feature complete when improvements promised years ago haven’t been implemented (Notes) and the dev is saying he doesn’t have time to fix major bugs and usability issues.
“Feature complete,” to me, implies that bug fixes and reliability improvements are still happening, just no big new features (like FairEmail). EteSync only works as advertised and expected on Android, while every other platform has serious issues and no development.
Just before I wrote this post I had the desktop bridge eat another one of my events. Issues like this are happening all the time, and there is generally no dev response and no updates.
It’s just not fully functional, unfortunately. I really really really really really want EteSync (or something like EteSync) to succeed, but PrivacyGuides probably shouldn’t recommend tools / services that aren’t reliable. Hence my suggestion for only recommending on Android or adding a disclaimer.
Fortunately it’s not a particularly complicated setup.
What we could look at doing is adding to a guide, the ability to start the service on boot, and a systemd unit which starts Radicale on boot (if you’re on Linux). Instructions for automatically starting on a Mac would be rather trivial too.
Once set up users would just need to “have their PC on” and connect to the same LAN to “synchronize”, obviously if you want it available everywhere, you’d need a server or something connectable from the Internet.
I dunno about you guys, but i rarely add new contacts to my phone, and if i do I’m happy for them to be synchronized next time i sit down at my computer. It’s not like adding those things without access to Radicale will mean that they aren’t added, just simply that your other devices won’t see the new contacts, calendar items until they are connected.
I don’t think it’s dead-dead, judging by the dev occasionally popping in and the one recent Android update. But on non-Android platforms it’s at the very least inactive - it doesn’t work reliably and there is no development happening.
Although it may be simple, I wouldn’t want to advice people to manage their own opsec if they are inexperienced. Depends on the value of the data. In my case I have sensitive data on contacts which would be very problematic if exposed. It may be different for someone else.
If you like to learn to do some Unix get a raspberry pi and play with it to get yourself comfortable. I could recommend the videos of Network Chuck and David Bombal if you want to learn some awesome stuff @mika