New to Crypto? Make sure you read the things you need to know about the Crypto Market in Canada for 2019. We've put all you need in this updated post!

ProtonMail. End-to-end encrypted email

2»

Comments

  • SCRYPTmailSCRYPTmail Member
    edited May 2015
    @BruceWayne I'm not sure this statement hold true nowadays http://www.forbes.com/sites/robertwood/2014/10/13/100-swiss-banks-get-ultimatum-hand-over-americans-or-face-u-s-prosecution/ - I'm not sure about 1940, but those time gone long time ago
  • BruceWayneBruceWayne Member Plus
    @SCRYPTmail Good job. You have engaged me. What's your next engagement point?
  • SCRYPTmailSCRYPTmail Member
    edited May 2015
    @BruceWayne I would rather engage you to talk about other services out there :) But in this topic is just to point out some facts, that biggest selling point for protonmail is actually chimera. When in reality, company doing business from San-Francisco, got money from US VC funds, and host their service in questionable location.
  • In my view, there are two drawbacks to using ProtonMail:

    1) It is NOT anonymous. Because it requires Javascript, this can easily be used to deanonymize a user, particularly if the ProtonMail operators are present with some type of court order.

    2) Perhaps even more importantly, the user does NOT control the PGP keys used by the service. These keys are purportedly generated in the user's browser session, and both the public and private halves are stored by ProtonMail. This opens one up to the same type of attack as was carried out on Hushmail in 2007. For those not familiar with this, the DEA used the Mutual Legal Assistance Treaty between the U.S. and Canada to force Hushmail to serve the users named in the court order with a poisoned Java applet, designed to capture their passphrase. Because Hush had the private half of the users' PGP key, once they obtained the users' passphrases, decryption became trivial. This is how Hush ended up turning over in excess of 100,000 decrypted emails over to the DEA.

    The moral of the story is: don't depend on someone else to do the encryption for you. If you want to use ProtonMail, encrypt the email(s) yourself BEFORE they ever hit ProtonMail's server.
Sign In or Register to comment.