Comment

Comment on Proton launches privacy-focused Google Docs alternative: Docs in Proton Drive is an open-source, end-to-end encrypted collaborative document editor

<- View Parent

Gestrid@lemmy.ca ⁨6⁩ ⁨months⁩ ago

That’s where the second and third paragraphs come in. Because other companies likely test it themselves, too.

They’ll typically report security bugs privately and then, after X amount of months, publicly announce the bug. Doing it this way will, ideally, force the other company to patch the bug prior to the announcement. If not, they’ll end up with a publicly known security bug that bad actors can now exploit. The announcement will also let the public (including companies) know to update their software.

source

Sort:hotnew top

Excrubulent@slrpnk.net ⁨6⁩ ⁨months⁩ ago
Yes, and those other paragraphs are the same thing other proprietary companies do. Your opening paragraph is just absurd on the face of it because “inspected” does not mean “by themselves”.

The second paragraph is literally speculation about something that might happen.

The third paragraph is about bug bounties, which every major software company does and which does not involve code inspection.

You just smokescreened and talked around the fact that your opening statement “it probably is inspected” is entirely unverifiable and non-credible even if true. I guess since you started that sentence with “I imagine” then it is technically true. You did imagine that.

source
- Gestrid@lemmy.ca ⁨6⁩ ⁨months⁩ ago
  I admittedly should’ve done more research before my first comment, but it does actually turn out that everything I said is true. Proton’s technology was previously audited by Mozilla and is currently audited by SEC Consult regularly, and the audits are available for everyone to view. Additionally, they do have a bug bounty program. Also (and this is something I didn’t mention), the ProtonVPN and Proton Mail apps are all open source.
  
  source
  - Excrubulent@slrpnk.net ⁨6⁩ ⁨months⁩ ago
    Is that the backend code? It seems like they’re talking about the apps, not backend code. The thing being discussed here is backend code.
    
    source
    Gestrid@lemmy.ca ⁨6⁩ ⁨months⁩ ago
    The way I read it, they already (in the third paragraph of the blog post) had companies auditing their backend technology and (in the fourth paragraph) were starting to have companies audit their apps, too.
    
    source
    lastweakness@lemmy.world ⁨6⁩ ⁨months⁩ ago
    Nearly all of Proton’s stuff uses publicly verifiable client side encryption, so idk what all this is about
    
    source
    -> View More Comments