FYI. Blockchain is only so very power waster because for cryptocurrency uses the users churn out new rounds continuously as if there is no tomorrow.
Here, your public key relatively rarely changes. If you had your protonmail account for years, it probably hasn’t changed ever yet.
Maybe I’m wrong in this, but this seems to be similar to what Keybase was doing, and that was a cool idea!
on the proton encryption, i did know about this but does that apply to proton-to-proton, proton-to-NonProton, or both? if you have details on this let me know.
As I know it applies to both. Formerly they were asking (among other things) about the titles of your latest emails for account recovery. (after I have put all the links here I realized that these don’t give a details on whether this also applies to inter-proton messages…)
either way the fact that they dont makes me feel that proton is a similar honeypot to signal and telegram, where they make a compromise with the five eyes, to give them metadata even if actual contents are safe. metadata can be much more powerful than contents often times
Yeah, might as well be. But if it is, I’m afraid we won’t get to know for a few decades, if ever. And I think it’s still better than the alternatives… the alternative email providers, that is.
If it comforts you, in their reddit comment I linked they mention (in 2019…) that there’s a proposal they support for openpgp to be able to have an encrypted subject line.
Proton can be legally ordered to start recording the IP address of a specific user. That’s why they recommend that you always connect through their Onion site.
Other than that and if that’s possible, I think it may also be possible to legally order Proton to keep the unencrypted form of incoming emails for a specific user, but Proton did not said it in the article, and Swiss laws might protect them against that. It’s certainly possible technically, and good to be aware of it, I think.
Sorry but I can’t open the second link, as it actively resists it. I suspect though that the problem with Tutanota was not their encryption, but their legal system, which required them to keep a copy of the incoming emails.
Also, don’t mistake me, I’m all for protonmail, and I mean this. But did you know they only encrypt the email contents? Metadata like title, sender recipient and other things in the mail header don’t get encrypted.
Why, what else could have they done with laws? Protonmail and literally every other provider on the clearnet is also susceptible to this. The only thing they can do is have lawyers to find what the absolute most minimum they are required to do and only do that, but that’s all.
The plan was to have criminals use the storefront — an online end-to-end encryption service called Tutanota — to allow authorities to collect intelligence about them.
A better solution would be to have both at the same time.
Browser says: x number of CAs say that this site is authentic (click here for a list). Do you trust this site? Certificate fingerprint: … Certificate randomart: …
And then there would be options to trust it once, trust it temporarily, trust it and save the cert. The first 2 could also block JS if wanted.
I can see this would annoy the mainstream users, so probably this should be opt-in, asked at browser installation or something like that.
If you have any expectation of privacy, you shouldn’t use chromium based browsers. Their purpose is not privacy, and google actively makes sure it will never be.