• asudox@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    4 months ago

    This is old news. Why are you posting this just now? I mean I don’t really care much. I transitioned to Posteo as soon as I learned that they stored the private key. They don’t even let you use your own GPG key, useless honeypot. Their recent bitcoin wallet supports this. If they cared about privacy, they wouldn’t go with Bitcoin. They have been ignoring requests for monero since years.

    They also are getting into the AI hype, so I can’t trust my data with them.

    • sudneo@lemm.ee
      link
      fedilink
      English
      arrow-up
      15
      ·
      4 months ago

      You can use your own GPG key (https://proton.me/support/importing-openpgp-private-key or using the bridge), whatever tool does the signing needs the key (duh) so I am not sure what you mean by “they store your private key” (they stored it encrypted as per documentation https://proton.me/support/how-is-the-private-key-stored), their AI was specifically designed as local, exactly to be privacy friendly, plus is a feature that can be disabled (when it will reach general subscriptions).

      I don’t care about cyptocurrencies, but I suppose they started with the most popular, nothing to do with privacy as they just let you store your currencies.

      Anyway, use what you like the most, of course, but yours don’t look very solid motivations, quite a lot of incorrect information, I hope you didn’t take your decision based on it.

      • asudox@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        4 months ago

        You upload your private key to the cloud. Encrypted or not, this is a bad idea. No thanks. I can do the signing locally and then I’ll do the decryption with my own private key locally without them storing it as well.

        Edit: mixed public keys with private keys

        • sudneo@lemm.ee
          link
          fedilink
          English
          arrow-up
          8
          ·
          4 months ago

          You upload your private key to the cloud. Encrypted or not, this is a bad idea.

          An encrypted key is a useless blob. What matters is the decryption key for that key, which is your password (or a key derived from it, I assume), which is client side.

          They can do the signing and encryption with my public key

          They can’t sign with your public key. Signing is done using your private one, otherwise nobody can verify the signature.

          Either way:

          and then I’ll do the decryption with my own private key locally without them storing it.

          You can do it using the bridge, exactly like you would with any client-side tooling.

          • endofline@lemmy.ca
            link
            fedilink
            English
            arrow-up
            4
            ·
            4 months ago

            It’s still insecure. They decryption process is still in the proton company hands and they could add some client specific code to log the password on the fly. Proton is obliged to follow the swiss law and I can imagine situation that police asks proton (+ gag order ) to log certain data for specific clients like passwords and ips. Still private keys are better to be stored separately. You can sync them easily if you with with either rsync or rclone

            • asudox@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              4 months ago

              Exactly. There’s no justification for them storing the private key online for “convenience”. And key generation happens in the browser with JS. Which means it is possible to send backdoored JS to easily copy the private key.

              • sudneo@lemm.ee
                link
                fedilink
                English
                arrow-up
                3
                ·
                4 months ago

                There is a reason: simplicity. Either you do all the key management yourself, which in practice means 98% of the people won’t do it at all, or you implement a solution like they did and increase the risk of a small % (see my other comment) but you cover every customer.

                  • sudneo@lemm.ee
                    link
                    fedilink
                    English
                    arrow-up
                    4
                    ·
                    4 months ago

                    Introduces some risks in terms of security. Privacy concerns are extremely minimal, because in any case you don’t control the setup of your other interlocutor(s).

                    Considering that the realistic alternative is not using anything at all and the fact that you have both options with Proton, it’s a win-win scenario.

              • endofline@lemmy.ca
                link
                fedilink
                English
                arrow-up
                2
                ·
                4 months ago

                endof

                Especially with the fact that: 1) deminificafion of the javascript code is not simple 2) you cannot “freeze” the code version you use. Still your computer does allow it ( minus the windows which follows the Microsoft thinking way, kidding about windows updates )

            • sudneo@lemm.ee
              link
              fedilink
              English
              arrow-up
              4
              ·
              4 months ago

              It’s not “insecure”, it’s simply a supply chain risk. You have the same exact problem with any client software that you might use. There are still jurisdictions, there are still supply chain attacks. The posture is different simply by a small tradeoff: business incentive and size for proton as pluses vs quicker updates (via JS code) and slower updates vs worse security and dependency on a handful of individuals in case of other tools.

              Any software that makes the crypto operations can do stuff with the keys if compromised or coerced by law enforcement to do so.

              In any case, if this tradeoff doesn’t suit you, the bridge allows you to use your preferred tool, so this is kinda of a moot point.

              The main argument for me is that if you rely on mail and gpg not to get caught by those who can coerce proton, you are already failing.

              • endofline@lemmy.ca
                link
                fedilink
                English
                arrow-up
                1
                ·
                4 months ago

                I used bridge for many years. It was totally unusable - 1) you cannot delete emails with it ( deleted emails were coming back ), 2) synchronization issues so it made me move to another “plain and simple” email provider offering pop3 and imap and also gpg integration ( but without that e2e hype talk )

                • sudneo@lemm.ee
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  4 months ago

                  I can’t comment on this, since I don’t use the bridge for a while. But it’s just an IMAP/SMTP server, so not sure why certain features wouldn’t work. What service did you end up using which has gpg integration?

                  • endofline@lemmy.ca
                    link
                    fedilink
                    English
                    arrow-up
                    3
                    ·
                    4 months ago

                    I used protonmail for 3 years - bridge issues have been being ignored by protonmail support in my opinion. “Clean cache and try again”. I stopped using protonmail and switched to mailbox.org. So far so good.

    • Midnight Wolf@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      4 months ago

      This is old

      “I know this. Why doesn’t everyone else know this? They should be me, I’m the smartest man alive.”

      I really don’t care much

      proceeds to type an entire paragraph as to why you don’t care