> As I understand it, ProtonMail basically uses PGP. It just does it in Javascript or whatever.
This means that maybe now the private keys are on your device, at any point in time they can update their frontend javascript code to get your private key and read all your emails.
> The ability to use GnuPG serves as a filter ;)
Yes definitely, I wouldn't get any emails at all anymore. Works great for Inbox Zero I guess.
> When you’re communicating with email addresses outside of ProtonMail, their servers will see your emails. Your emails might then be encrypted “at rest”, but they’ve passed through their servers unencrypted anyway.
Decryption is done in the browsers so it's not passing through the servers unencrypted. (ProtonMail is one of the biggest contributors to Openpgpjs).
> To workaround it, for sending to email addresses without a ProtonMail account, AFAIK they also give the possibility to send a link to a ProtonMail interface for decryption.
And you can add the recipient PGP key in ProtonMail settings so it's pure PGP. (I've heard that they're working on Web Key Directory support for automatic contact key retrieval)
> And also web interfaces are inherently insecure for E2E encryption, which ProtonMail encourages.
Not strictly true. The problem is web interface hosted on a foreign host. For a secure web interface see e.g. Mailpile.
There are also other ways of minimizing risk like using Mailvelope that communicates with GnuPG through Native Messaging.
> In other words ProtonMail is anti-standards.
Not for all standards for example ProtonMail is very active in OpenPGP mailing list.
For the record I'm not using ProtonMail but I like that they're promoting PGP by showing that it can be made relatively easy. Too much people think that the UI complexity in PGP is intrinsic.
> I assume the point of Proton Mail using OpenPGP is so that mail sent by Proton Mail can actually be verified/decrypted by other systems that aren't Proton Mail?
My experience with Proton is that they really don't care anything about encryption or signatures except as they apply to emails between Proton users: http://jfloren.net/b/2023/7/7/0
> what does Protonmail offer in terms of privacy that is better than GMail or Outlook
Encryption. That was always the point. Your emails are stored encrypted, and nobody can read their content except you.
Not sure why some people expected ProtonMail to act as a magical VPN, both truly anonymous and not obeying to any court order, to an unencrypted email account like Gmail.
> anyone able to send emails to protonmail accounts outside of protonmail, encrypted and decrypt the responses yet? never looked into this
Yes. It's dead simple. Get your protonmail keys here [0], and on the contacts page, click the cog next to the user's email address to import public keys.
Well, no, not really. That is the claim that they make but such a thing doesn't really exist, well at least not in the way they suggest. It is e2e if either both parties are using PGP or Proton mail. That is a very small percentage of global mail flow.
> Okay now explain why I can't make a protonmail account without:
> - disabling javascript
ProtonMail encrypts/decrypts messages in the JavaScript client, which is how messages are encrypted without the server ever having access to the plaintext. If you must disable JavaScript, then ProtonMail isn't the mail service for you(unless you use their mobile app).
> what does Protonmail offer in terms of privacy that is better than GMail or Outlook, given that USA and Swiss are both adhere to democratic standards.
Well for a start the privacy policy of Gmail allows them to use your data for advertising purposes.
Secondly, emails encrypted at rest, are still encrypted, so at least the body is protected.
Unless you were receiving emails that were encrypted prior to being sent that wouldn't be the case with Gmail.
> In addition to this, ProtonMail has no password requirements, and the Professor has tested it with passwords like ‘1’, ‘iloveyou’, and ‘password’, which are all trivial to crack in dictionary attacks. Once these can be confirmed, an attacker has your entire email history.
Surely, they could enforce password requirements, but for me every user is responsible of having a secure password. If your account gets compromised despite the service hashing password correctly and having brute-force prevention mechanisms in place, it's on you for not having a strong enough password (or reusing it).
> And the flaw is that it is relatively simple for ProtonMail to serve you a modified version of their web application or the underlying PGP implementation. There is no way to cryptographically verify that you are getting the official version of the web client as stored in their repository.
Yes, this is true. But for anyone requiring absolute state-of-the-art privacy, you could simply use your own pair of keys without ever sending it to ProtonMail (i.e. you would use ProtonMail to send and not to encrypt, even though you would still benefit from their encryption as an additional layer). All open-source web-based services have this kind of flaw.
> PM can once again replace the web application or PGP software to recover the original message and passcode.
(This is in reference to the "Encrypt-To-Outside feature".) Yes, this is true as well, but look at the alternative: I send an email to your Gmail account. Google can read it. Then, you reply to my email, and ProtonMail could catch it in transit while it's not encrypted. I mean, they don't need you to use that feature to be able to catch your communications. So, we're back to the fact that they could serve a different version of the source code than they advertise.
I really fail to see the point of this article. I'm sure most of the users use it to stay away from Google tracking, and even the author agrees that if you need total privacy you should use your own keys.
The article appears to be an obvious attack on ProtonMail.
It’s clear that private keys are held client-side-encrypted on servers. You need that to read your emails in new devices. It’s standard and doesn’t lower security.
It’s also obvious that any website could serve you with bad Java script code.
> Do you have evidence that Proton does not actually encrypt their emails?
It doesn't matter. Proton supplies the client software, so if they want (or are forced to by law enforcement), they can easily push an update that exfiltrates decrypted data back to their server.
>I referred to this in my comment. It's proprietary, communicates with ProtonMail over their proprietary API, and is only supported for paid users. These are fundamental features of an MTA, not a paid addon, this is absolutely disgusting.
This goes back to the my original point that protonmail is pgp for most people. You sound like the sort of person who'd use a self hosted email server + some IMAP/POP3 client + some PGP client with self managed keys. Maybe having an open stack is important to you, but people like you are definitely in the minority. Most people don't know and/or care what PGP, IMAP, or MTA is, but they want something more secure than gmail/outlook.
To be fair, what you said is only tangentially related to the posted article anyway. It is about a security audit of the OpenPGPjs library (what bastawhiz commented about), not how ProtonMail implements it (what you commented about).
> There are people who think that Protonmail is a government front. I don't think so, but who am I?
It seems that many people have a wrong (read: unrealistically high) expectation of security on Protonmail to begin with. If you are just using Protonmail as a plain mail service, it's nearly as vulnerable as any other emails providers: all incoming mails can be monitored at the originator's mail provider, or at Protonmail, all outgoing mails can be monitored at Protonmail or at the receiver's mail provider. These security properties are natural conclusions from the architecture of SMTP. No backdoor is needed. If the government wants to subpoena your mail, they can simply require Protonmail to intercept all incoming traffic at the SMTP server before it's encrypted locally. Also, the fact that Protonmail is subjected to subpoenas is publicly announced on their website, and they state that they'll cooperate as far as the degree allowed by cryptography.
No backdoor conspiracy is even needed to begin with. End-of-end encryption is only used in-browser when you're sending mails to another Protonmail user.
Don't get me wrong. I use Protonmail and I'm a paying user. The only major advantage of Protonmail is data-at-rest encryption, once the plainmail arrives to your inbox, it's not possible to be leaked retroactively without your passphrase. And this advantage alone is enough for me to use it, since it's as insecure as any other mails at worst, and a bit more secure at best, I have nothing to lose. If a higher degree of security is desirable, it's still your own responsibility to use end-to-end encryption, preferable, one should also use Protonmail's official client (with source code) to access Protonmail locally, which ensures that malicious JavaScript can't be injected from the server side to reveal the passphrase to your inbox.
Finally, if you must find a credible conspiracy from it (I'm not a fan of doing it, 90% of the time the arguments are all vague "backdoor" or geopolitics rather than a technical security analysis), Protonmail can be considered a PR hack supported by the NSA that misleads non-technical users to think it as a silver bullet, thus actually impeding the progress of developing better end-to-end encryption for email communication.
> Protonmail chose to be incompatible with this established standard.
They've supported receiving PGP-encrypted emails[1] and are working on IMAP support currently[2]. Would be nice for you to cite sources before making strong claims like "chose to be incompatible". Everything is a feature and needs time to implement.
This means that maybe now the private keys are on your device, at any point in time they can update their frontend javascript code to get your private key and read all your emails.
> The ability to use GnuPG serves as a filter ;)
Yes definitely, I wouldn't get any emails at all anymore. Works great for Inbox Zero I guess.
reply