FYI. Blockchain is only so very power waster because for cryptocurrency uses the users churn out new rounds continuously as if there is no tomorrow.
Here, your public key relatively rarely changes. If you had your protonmail account for years, it probably hasn’t changed ever yet.
Maybe I’m wrong in this, but this seems to be similar to what Keybase was doing, and that was a cool idea!
on the proton encryption, i did know about this but does that apply to proton-to-proton, proton-to-NonProton, or both? if you have details on this let me know.
As I know it applies to both. Formerly they were asking (among other things) about the titles of your latest emails for account recovery. (after I have put all the links here I realized that these don’t give a details on whether this also applies to inter-proton messages…)
either way the fact that they dont makes me feel that proton is a similar honeypot to signal and telegram, where they make a compromise with the five eyes, to give them metadata even if actual contents are safe. metadata can be much more powerful than contents often times
Yeah, might as well be. But if it is, I’m afraid we won’t get to know for a few decades, if ever. And I think it’s still better than the alternatives… the alternative email providers, that is.
If it comforts you, in their reddit comment I linked they mention (in 2019…) that there’s a proposal they support for openpgp to be able to have an encrypted subject line.
The plan was to have criminals use the storefront — an online end-to-end encryption service called Tutanota — to allow authorities to collect intelligence about them.
Hmm, not sure about that, it seems to me it just stores the audio in one series of small fragments, which are just split up somehow by time.
Did you think about recording the audio with something?
Like OBS or Audacity (versions before 3). I think that may be a semi-good solution. Or, for somewhat better quality you could download the whole track (yt-dlp can handle it), and then cut it for the pieces you want to keep, in Audacity (before version 3) or something else
Proton can be legally ordered to start recording the IP address of a specific user. That’s why they recommend that you always connect through their Onion site.
Other than that and if that’s possible, I think it may also be possible to legally order Proton to keep the unencrypted form of incoming emails for a specific user, but Proton did not said it in the article, and Swiss laws might protect them against that. It’s certainly possible technically, and good to be aware of it, I think.
Sorry but I can’t open the second link, as it actively resists it. I suspect though that the problem with Tutanota was not their encryption, but their legal system, which required them to keep a copy of the incoming emails.
Also, don’t mistake me, I’m all for protonmail, and I mean this. But did you know they only encrypt the email contents? Metadata like title, sender recipient and other things in the mail header don’t get encrypted.
Why, what else could have they done with laws? Protonmail and literally every other provider on the clearnet is also susceptible to this. The only thing they can do is have lawyers to find what the absolute most minimum they are required to do and only do that, but that’s all.
A better solution would be to have both at the same time.
Browser says: x number of CAs say that this site is authentic (click here for a list). Do you trust this site? Certificate fingerprint: … Certificate randomart: …
And then there would be options to trust it once, trust it temporarily, trust it and save the cert. The first 2 could also block JS if wanted.
I can see this would annoy the mainstream users, so probably this should be opt-in, asked at browser installation or something like that.