- cross-posted to:
- privacyguides@lemmy.one
- cross-posted to:
- privacyguides@lemmy.one
Proton: “We’re consolidating our social media presence due to limited resources and no longer posting on Mastodon. Follow us on Reddit for the latest updates”
Proton: “We’re consolidating our social media presence due to limited resources and no longer posting on Mastodon. Follow us on Reddit for the latest updates”
I can see a threat model already from 2014.
Anyway, I think it’s a tradeoff that it’s hard to assess quantitatively, as risk is always subjective. From where I stand, the average person using native clients and managing their own keys has a much higher chance to be compromised (by far simpler vectors), for example. On the other hand, someone using a clean OS, storing the key on a yubikey and manually vetting the client tool can resist to sophisticated attacks better compared to using web clients.
I just don’t see this as hill to die on either way. In fact, I also argue in my blog post that for the most part, this technical difference doesn’t impact the security sufficiently to make a difference for the average user.
I guess you disagree and that’s fine.
I think it is borderline. I am not advocating for PGP, I like the Signal model where you trust signal for introductions but have the ability to verify, even in retrospect. Trust but verify. Even a few advanced users verifying Signal keys forces Signal to remain honest or risk getting caught.
I think the lack of meaningful verification for proton is a significant security weakness, though average user probably has bigger things to worry about.
I think I can agree with that. Unfortunately PGP is the only alternative we have for emails (i.e., the client-side tools would still be doing PGP encryption), which is also the reason why it shouldn’t be used for really delicate communication. The fact that - whatever setup you use - there will always be metadata showing that person X communicated with person Y alone is a nonstarter for certain types of communication.
Signal would be my recommendation.
Yeah, we should just ditch email for sensitive communications.
Anyway, my point was that I lost trust in Proton back then over this and went to Tuta that has native clients. It makes no difference to my security since I don’t think I ever sent or received a single mail that was actually e2e encrypted. But Tuta’s more serious approach to e2ee made me slightly more confident in it as a company.
Now it kinda looks like it was the right choice.