Proton Mail started relocation out of Switzerland due to changes in Swiss legislation

[POSIX.1]

You could pen your letters on papyrus using the Caesar Cipher and send them in the post.

Not in Denmark anymore:

Danish postal service to stop delivering letters after 400 years

PostNord’s decision to end service on 30 December comes after fear over ‘increasing digitalisation’ of Danish society

www.theguardian.com

 

[fernandel]

Not in Denmark anymore:

Danish postal service to stop delivering letters after 400 years

PostNord’s decision to end service on 30 December comes after fear over ‘increasing digitalisation’ of Danish society

www.theguardian.com

Private post service are working still.

 

[covacat]

Whatsapp is already encrypted end to end, with no backdoors. Unless you know something that no one else does.

can you provide your own private key in whatsapp ? eu and uk are requesting backdoors righr now. in a lot of hw devices you cant bring your own key either. they are random in theory but you cant verify that

 

[POSIX.1]

can you provide your own private key in <whatever> ?

The full authority over private keys is essential. Let's have a look at Proton's key management:

• To make sure you can always receive your emails on Proton Mail using this OpenPGP key , we require that all imported keys have no expiration date set.
• Proton requires that all imported keys contain a single user ID that uses the same email address as the Proton Account the key is being imported into.
• Proton requires imported keys contain at least one subkey that can perform encryption (some subkeys can be only used for signatures).
• We also require that imported keys signal support for AES-256 as a symmetric cipher, SHA-256 as a hash function, and ZLIB as a compression function.

But when you upload your key you are prompted to enter the password of that key. To me that's an absolute no-go.

If you then export your uploaded key from Proton it uses "Signature Salt Notation", preferring MDC over AEAD. <<-- Why? Hints from persons with knowledge welcome.

 

[hruodr]

Why?

If it stores the mail encrypted, it will need the private key to show it to you in the web page, and perhaps for something more.

Interesting would be decoding at client side, but that feature is not among the features bloat.

 

[mer]

The full authority over private keys is essential. Let's have a look at Proton's key management:

Yeah, no. They insist you store your private key on their servers?
That doesn't make a whole lot of sense to me.
The public key that matches? Sure. That's the way it should work.
My client (are you limited to using a specific ProtonMail client or website?) should be encrypting using my private key and sending through their server. Headers probably need to be in the clear or some custom logic to send and receive.
Stored on their systems the data would be encrypted with your private key (because you did that at the source).
They have the matching public key which would let receipients decrypt.

Private keys with no expiration is really not a good security stance.

 

[Jose]

If it stores the mail encrypted, it will need the private key to show it to you in the web page, and perhaps for something more.

Why not encrypt your mail with your public key? Then only your private key can decrypt it.

 

[Crivens]

What provider does Bruce Schneier use? That would be a seal of approval.