this post was submitted on 11 Oct 2023
148 points (94.6% liked)
Privacy
31876 readers
365 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Not at all. It woul be trivial for them to steal your private keys from their web client. And yes, we have the code. But it's impossible to verify that the code that is on Github and the one they send to your browser every time you log in is exactly the same.
Also, they make it quite hard to make an anonymous registration. And they've been cooperating with governments. Don't get me wrong, I don't support criminal activity. But I don't trust any government with citizen's data, Snowden proved that.
Edit: Oh and they have bribed various privacy related sites with their affiliate program to recommend their services, which I consider a shady tactic.
Why is it trivial for them to steal your private keys? Does your computer unable to verify public keys?
I'm a bit of a novice when it comes to HTTPS handshakes
One of the bold claims of proton is that all your data is encrypted and they can't see it (not 100% sure how they do it, probably your key is encrypted with your password as a symmetric key? Then when you log in, the client unlocks your private key and then that key unlocks the emails and stuff).
Now, it also turns out that they write the software that uses your key to decrypt the emails. It would be trivial for them to just send the keys back to themselves and decrypt all your stuff.
I don't think this is a huge point against proton, as AFAIK no one else even offers encrypted email. But nonetheless I would like to see an api and some third party clients.
I see now, so it's more on decrypting my data rather than stealing private keys in the context of httpscommunications. I thought for some reason it was about Proton VPN specifically.
Thank you for explaining!