Comment on Email Security for Every Taste
cygnus@lemmy.ca 2 months agoI suppose, but is there any documented occurrence of that? It seems like a whole stack of what-if scenarios required for that to happen. At that point you should be more concerned with someone beating your password out of you.
loudwhisper@infosec.pub 2 months ago
Not that I know, which is the reason why I essentially didn’t consider those threats relevant for my personal threat model. However, it’s also possible it happened and it was never discovered. The point is that there are risks associated with having the same provider having access to both the emails (and the operations around them) and the keys/crypto operations.
If I were a Snowden-level person, I would probably consider that though, as it’s possible that the US government would try to coerce -say- Proton in serving bad JS code to user X. For most people I argue these are theoretical attacks that do not pose concrete risk.