Comment

Comment on Proton Mail Discloses User Data Leading to Arrest in Spain

This is why you sign and encrypt the contents of email. If the recipient doesn’t have the public key, they can’t read the content.

Allowing a service provider to “handle your keys” is tantamount to letting the fox watch the henhouse.

Proton doesn’t provide IMAP/SMTP access for free accounts, so you won’t be able to encrypt emails locally.

This ultimately is the tech version of “trust me bro”. This means you are as secure on Proton as you are on GMail, depending upon how you use the service.

source

Sort:hotnew top

baseless_discourse@mander.xyz ⁨5⁩ ⁨months⁩ ago

If the recipient doesn’t have the public key, they can’t read the content.

Sir, if your recipient don’t have a public key, you cannot encrypt the message… That is how asymmetric-key crypto works.

source
sudneo@lemm.ee ⁨5⁩ ⁨months⁩ ago
This comment is completely off the mark. The information that they disclosed is the recovery email -the same exact thing which happened previously- not any content of any email.

Also, proton does encryption with PGP, but you can’t encrypt if the other side doesn’t use PGP (which is the case for 99.98% of humans on the planet). If they do, proton supports this including with arbitrary clients using their bridge.

source
SaltySalamander@fedia.io ⁨5⁩ ⁨months⁩ ago

Proton doesn't provide IMAP/SMTP access for free accounts, so you won't be able to encrypt emails locally

Umm, you absolutely can. Use gpg, encrypt the txt, copy the encrypted text into the email. EZPZ.

source
- taanegl@lemmy.world ⁨5⁩ ⁨months⁩ ago
  …yes, that’s what I said. But sign them locally. Do not put your private key on Protons service. Sign and distribute pub keys locally.
  
  Probably should have clarified.
  
  Also, paid IMAP/SMTP makes Proton a freemium service. Thought I should just underline that.
  
  source
NeatNit@discuss.tchncs.de ⁨5⁩ ⁨months⁩ ago
FYI email contents were not decrypted or turned over to police, as far as I know Proton’s E2EE is still as good as whatever system you’re using. Proton doesn’t have the keys to decrypt your emails, it never did. What they have access to is metadata that is necessary to function when your private key is unavailable - e.g. your public encryption key used to encrypt incoming emails from non-Proton sources, or in this case, a recovery email address (I don’t know what the recovery process entails and whether it can restore encrypted emails).

source
Kanda@reddthat.com ⁨5⁩ ⁨months⁩ ago
Just encrypt with gpg and send encrypted text

source
- impure9435@kbin.run ⁨5⁩ ⁨months⁩ ago
  That's how a good portion of the Dark web works, and I find it amazing
  
  source