For the record, if your security is based on “trust”, you’re going to have a bad time. The whole point of a cryptographically secure line of communication is that you don’t need to trust anyone except the recipient. Protonmail users choose it specifically because they don’t trust anyone, including Protonmail.
Except you’re still trusting a lot of people and systems there. Those that programmed, compiled and/or packaged your software in use (be it e.g. the cryptographic libraries themselves, the OS, random user space applications you are running that might be able to access your mail some way or another…), the hardware you use, the software, hardware and OpSec of the recipient…
The amount of people who have actually the resources, time and knowledge to eliminate all these points (i.e. reviewing the entire source code of all the software you use, and all the diffs of every new release you use, somehow check all the firmware blobs for your hardware or manage to get a fully de-blobbed system running and connected to the internet, and otherwise making sure your keyboard doesn’t sent a copy of every keystroke to “the enemy”, …) is very low.
And the amount of people who actually do it might be zero? Not even a person in the NSA will have done all of this themself. They’re trusting some coworkers for some of these parts…
Unfortunately, you still need a level of trust with Proton. Even aside from trusting that they will not bend to pressure to terminate your service, you’re also trusting them with your network of contacts, because metadata (including the sender, recipient, and subject line) are not end-to-end encrypted in Proton.
I DoNT SEe AnY eViDeNcE tHaT tHiS TrUmPER rUN coMpAnY cAnT bE TrUsTEd
For the record, if your security is based on “trust”, you’re going to have a bad time. The whole point of a cryptographically secure line of communication is that you don’t need to trust anyone except the recipient. Protonmail users choose it specifically because they don’t trust anyone, including Protonmail.
Except you’re still trusting a lot of people and systems there. Those that programmed, compiled and/or packaged your software in use (be it e.g. the cryptographic libraries themselves, the OS, random user space applications you are running that might be able to access your mail some way or another…), the hardware you use, the software, hardware and OpSec of the recipient…
The amount of people who have actually the resources, time and knowledge to eliminate all these points (i.e. reviewing the entire source code of all the software you use, and all the diffs of every new release you use, somehow check all the firmware blobs for your hardware or manage to get a fully de-blobbed system running and connected to the internet, and otherwise making sure your keyboard doesn’t sent a copy of every keystroke to “the enemy”, …) is very low. And the amount of people who actually do it might be zero? Not even a person in the NSA will have done all of this themself. They’re trusting some coworkers for some of these parts…
Unfortunately, you still need a level of trust with Proton. Even aside from trusting that they will not bend to pressure to terminate your service, you’re also trusting them with your network of contacts, because metadata (including the sender, recipient, and subject line) are not end-to-end encrypted in Proton.
That’s fair, though that’s more of a flaw with the email protocol. There’s no way around leaking that to the receiver’s email provider as well.
LMAO
Good point, I hadn’t considered that.
It is quite clear you haven’t put a lot of thought into it, but that’s okay
I sincerely apologize for taking you seriously. You tried to warn me with your alternating caps, so it’s my fault. Cheers.
I know you are but what am I indeed!