this post was submitted on 07 May 2024
520 points (94.5% liked)
Technology
59405 readers
2561 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is why you sign and encrypt the contents of email. If the recipient doesn't have the public key, they can't read the content.
Allowing a service provider to "handle your keys" is tantamount to letting the fox watch the henhouse.
Proton doesn't provide IMAP/SMTP access for free accounts, so you won't be able to encrypt emails locally.
This ultimately is the tech version of "trust me bro". This means you are as secure on Proton as you are on GMail, depending upon how you use the service.
Sir, if your recipients don't have a public key, you cannot even encrypt the message... That is how asymmetric-key crypto works.
FYI email contents were not decrypted or turned over to police, as far as I know Proton's E2EE is still as good as whatever system you're using. Proton doesn't have the keys to decrypt your emails, it never did. What they have access to is metadata that is necessary to function when your private key is unavailable - e.g. your public encryption key used to encrypt incoming emails from non-Proton sources, or in this case, a recovery email address (I don't know what the recovery process entails and whether it can restore encrypted emails).
Umm, you absolutely can. Use gpg, encrypt the txt, copy the encrypted text into the email. EZPZ.
...yes, that's what I said. But sign them locally. Do not put your private key on Protons service. Sign and distribute pub keys locally.
Probably should have clarified.
Also, paid IMAP/SMTP makes Proton a freemium service. Thought I should just underline that.
Just encrypt with pgp and send encrypted text
That's how a good portion of the Dark web works, and I find it amazing
This comment is completely off the mark. The information that they disclosed is the recovery email -the same exact thing which happened previously- not any content of any email.
Also, proton does encryption with PGP, but you can't encrypt if the other side doesn't use PGP (which is the case for 99.98% of humans on the planet). If they do, proton supports this including with arbitrary clients using their bridge.