Proton Mail started relocation out of Switzerland due to changes in Swiss legislation

[POSIX.1]

You could pen your letters on papyrus using the Caesar Cipher and send them in the post.

Not in Denmark anymore:

Danish postal service to stop delivering letters after 400 years

PostNord’s decision to end service on 30 December comes after fear over ‘increasing digitalisation’ of Danish society

www.theguardian.com

 

[fernandel]

Not in Denmark anymore:

Danish postal service to stop delivering letters after 400 years

PostNord’s decision to end service on 30 December comes after fear over ‘increasing digitalisation’ of Danish society

www.theguardian.com

Private post service are working still.

 

[covacat]

Whatsapp is already encrypted end to end, with no backdoors. Unless you know something that no one else does.

can you provide your own private key in whatsapp ? eu and uk are requesting backdoors righr now. in a lot of hw devices you cant bring your own key either. they are random in theory but you cant verify that

 

[POSIX.1]

can you provide your own private key in <whatever> ?

The full authority over private keys is essential. Let's have a look at Proton's key management:

• To make sure you can always receive your emails on Proton Mail using this OpenPGP key , we require that all imported keys have no expiration date set.
• Proton requires that all imported keys contain a single user ID that uses the same email address as the Proton Account the key is being imported into.
• Proton requires imported keys contain at least one subkey that can perform encryption (some subkeys can be only used for signatures).
• We also require that imported keys signal support for AES-256 as a symmetric cipher, SHA-256 as a hash function, and ZLIB as a compression function.

But when you upload your key you are prompted to enter the password of that key. To me that's an absolute no-go.

If you then export your uploaded key from Proton it uses "Signature Salt Notation", preferring MDC over AEAD. <<-- Why? Hints from persons with knowledge welcome.

 

[hruodr]

Why?

If it stores the mail encrypted, it will need the private key to show it to you in the web page, and perhaps for something more.

Interesting would be decoding at client side, but that feature is not among the features bloat.

 

[mer]

The full authority over private keys is essential. Let's have a look at Proton's key management:

Yeah, no. They insist you store your private key on their servers?
That doesn't make a whole lot of sense to me.
The public key that matches? Sure. That's the way it should work.
My client (are you limited to using a specific ProtonMail client or website?) should be encrypting using my private key and sending through their server. Headers probably need to be in the clear or some custom logic to send and receive.
Stored on their systems the data would be encrypted with your private key (because you did that at the source).
They have the matching public key which would let receipients decrypt.

Private keys with no expiration is really not a good security stance.

 

[Jose]

If it stores the mail encrypted, it will need the private key to show it to you in the web page, and perhaps for something more.

Why not encrypt your mail with your public key? Then only your private key can decrypt it.

 

[Crivens]

What provider does Bruce Schneier use? That would be a seal of approval.

 

[eternal_noob]

The provider uses Bruce Schneier.

 

[mer]

What provider does Bruce Schneier use? That would be a seal of approval.

The provider uses Bruce Schneier.

Ahh, Bruce is the Chuck Norris of the Internet.

 

[eternal_noob]

• Bruce Schneier doesn’t break encryption.
  Encryption breaks itself and reports the vulnerability to him.
• When Bruce Schneier locks his door,
  the lock asks him for authentication.
• Bruce Schneier doesn’t use two-factor authentication.
  One factor already knows it’s not good enough.
• If Bruce Schneier writes a password on a sticky note,
  it’s still cryptographically secure.
• Bruce Schneier once reviewed a cipher so hard
  it became open source out of fear.
• Bruce Schneier doesn’t worry about zero-day exploits.
  They worry about him.
• When Bruce Schneier says “trust the math,”
  the math double-checks itself.
• Bruce Schneier’s threat model includes reality itself.
• If Bruce Schneier forgets a password,
  it was probably insecure anyway.
• Bruce Schneier doesn’t believe in security through obscurity.
  He believes in security through embarrassment.

 

[graudeejs]

Whatsapp is already encrypted end to end, with no backdoors. Unless you know something that no one else does.

Good, but how many "ends" are encrypted for two person conversation? Perhaps 3 as in (n+1), that would still be end-to-end encrypted, just end-to-end-to-end?

Also I must reference this comment, though to be clear, It doesn't guarantee no additional encryption "ends" for incoming plain text e-mails exist.

 

[mer]

Good, but how many "ends" are encrypted for two person conversation? Perhaps 3 as in (n+1), that would still be end-to-end encrypted, just end-to-end-to-end?

Good point. Single sender to many receivers: is each email "session encrypted" or each connection encrypted?
Sender encrypt with their private key, each receiver has the corresponding public key vs "sender encrypts each connection with the receiver public key and encrypts and sends N messages".
You can make arguments for both.
Or is a session key (one time key) embedded in the data that the receiver will be able to extract using their private key or the senders public key; after extraction can be used to decrypt the message.

Arguments can be made for a bunch of different approaches, but solutions require understanding/definition of "what" you are trying to do.

 

[fmc000]

Good, but how many "ends" are encrypted for two person conversation? Perhaps 3 as in (n+1), that would still be end-to-end encrypted, just end-to-end-to-end?

Also I must reference this comment, though to be clear, It doesn't guarantee no additional encryption "ends" for incoming plain text e-mails exist.

I'm sorry but I don't understand your question. Every conversation is encrypted end-to-end, so there are just two "ends". Why are you talking about "3 as in (n+1)"? I don't get it.

 

[graudeejs]

I'm sorry but I don't understand your question. Every conversation is encrypted end-to-end, so there are just two "ends". Why are you talking about "3 as in (n+1)"? I don't get it.

I think mer, hit the nail with a hammer with his reply to my post.

What makes you think that there are only 2x ends (person A and person B) in two person chat on Whatsapp? How can that be verified? Can you trust Meta?
My point is saying end-to-end encryption by itself only means stuff is encrypted. On services such as Whatsapp you can't be sure there are no additional/hidden recipients.

 

[mer]

I'm sorry but I don't understand your question. Every conversation is encrypted end-to-end, so there are just two "ends". Why are you talking about "3 as in (n+1)"? I don't get it.

Have you ever sent an email that had more than one receiver? A To address, plus 1 or more CC? That's the question.
If I send email to you I can encrypt with my private key and you decrypt with my public key or I encrypt with your public key and you decrypt with your public key.
Now I want to send an email to fmc000 graudeejs and eternal_noob I want the email encrypted but how do I do it? Do I make 3 copies, encrypt each individually, send 3 copies? That kind of loses the "group email" idea.
If I encrypt with my private key, all receivers need to have my public key to decrypt.

Think of conference calls (google meet, teams, zoom, etc):
We have 5 people in the call, we can have unicast connections which means one from every person back to the server, the server mixes redistributes or we use multicast so 5 people are listening on one address.

 

[Crivens]

They tried to pull that on us, secure end-to-end encryption, which they meant was from you to the server and server to target. Only this tiiiny place in the middle was unencrypted, but otherwise... If I remember correctly, they got a lot of lawyers swarming them, that thing is pushing up the daisys now.

 

[graudeejs]

Have you ever sent an email that had more than one receiver? A To address, plus 1 or more CC? That's the question.
If I send email to you I can encrypt with my private key and you decrypt with my public key or I encrypt with your public key and you decrypt with your public key.
Now I want to send an email to fmc000 graudeejs and eternal_noob I want the email encrypted but how do I do it? Do I make 3 copies, encrypt each individually, send 3 copies? That kind of loses the "group email" idea.
If I encrypt with my private key, all receivers need to have my public key to decrypt.

Think of conference calls (google meet, teams, zoom, etc):
We have 5 people in the call, we can have unicast connections which means one from every person back to the server, the server mixes redistributes or we use multicast so 5 people are listening on one address.

in case of email, BCC would be even better example (don't even need to encrypt it to illustrate the point). Send TO to one recipient while also having BCCs that you want. Primary recipient (TO) will never know that others are parties are reading mails sent to him/her.

 

[fmc000]

I think mer, hit the nail with a hammer with his reply to my post.

What makes you think that there are only 2x ends (person A and person B) in two person chat on Whatsapp? How can that be verified? Can you trust Meta?
My point is saying end-to-end encryption by itself only means stuff is encrypted. On services such as Whatsapp you can't be sure there are no additional/hidden recipients.

I trust Meta in this case because of this. Do you think that they will threaten to leave the most populous country in the world if end-to-end encryption could be circumvented?

And BTW, it's up to you to prove that what they say isn't true, not otherwise. Unless you're a conspiracy theorist, in this case everything is acceptable of course.