Proton Mail started relocation out of Switzerland due to changes in Swiss legislation

fmc000 said:
Whatsapp is already encrypted end to end, with no backdoors. Unless you know something that no one else does.
Click to expand...
can you provide your own private key in whatsapp ? eu and uk are requesting backdoors righr now. in a lot of hw devices you cant bring your own key either. they are random in theory but you cant verify that
 
covacat said:
can you provide your own private key in <whatever> ?
Click to expand...
The full authority over private keys is essential. Let's have a look at Proton's key management:
  • To make sure you can always receive your emails on Proton Mail using this OpenPGP key , we require that all imported keys have no expiration date set.
  • Proton requires that all imported keys contain a single user ID that uses the same email address as the Proton Account the key is being imported into.
  • Proton requires imported keys contain at least one subkey that can perform encryption (some subkeys can be only used for signatures).
  • We also require that imported keys signal support for AES-256 as a symmetric cipher, SHA-256 as a hash function, and ZLIB as a compression function.
But when you upload your key you are prompted to enter the password of that key. To me that's an absolute no-go.

If you then export your uploaded key from Proton it uses "Signature Salt Notation", preferring MDC over AEAD. <<-- Why? Hints from persons with knowledge welcome.
 
POSIX.1 said:
The full authority over private keys is essential. Let's have a look at Proton's key management:
Click to expand...
Yeah, no. They insist you store your private key on their servers?
That doesn't make a whole lot of sense to me.
The public key that matches? Sure. That's the way it should work.
My client (are you limited to using a specific ProtonMail client or website?) should be encrypting using my private key and sending through their server. Headers probably need to be in the clear or some custom logic to send and receive.
Stored on their systems the data would be encrypted with your private key (because you did that at the source).
They have the matching public key which would let receipients decrypt.

Private keys with no expiration is really not a good security stance.
 
  • Bruce Schneier doesn’t break encryption.
    Encryption breaks itself and reports the vulnerability to him.
  • When Bruce Schneier locks his door,
    the lock asks him for authentication.
  • Bruce Schneier doesn’t use two-factor authentication.
    One factor already knows it’s not good enough.
  • If Bruce Schneier writes a password on a sticky note,
    it’s still cryptographically secure.
  • Bruce Schneier once reviewed a cipher so hard
    it became open source out of fear.
  • Bruce Schneier doesn’t worry about zero-day exploits.
    They worry about him.
  • When Bruce Schneier says “trust the math,”
    the math double-checks itself.
  • Bruce Schneier’s threat model includes reality itself.
  • If Bruce Schneier forgets a password,
    it was probably insecure anyway.
  • Bruce Schneier doesn’t believe in security through obscurity.
    He believes in security through embarrassment.
 
fmc000 said:
Whatsapp is already encrypted end to end, with no backdoors. Unless you know something that no one else does.
Click to expand...
Good, but how many "ends" are encrypted for two person conversation? Perhaps 3 as in (n+1), that would still be end-to-end encrypted, just end-to-end-to-end?

Also I must reference this comment, though to be clear, It doesn't guarantee no additional encryption "ends" for incoming plain text e-mails exist.
 
graudeejs said:
Good, but how many "ends" are encrypted for two person conversation? Perhaps 3 as in (n+1), that would still be end-to-end encrypted, just end-to-end-to-end?
Click to expand...
Good point. Single sender to many receivers: is each email "session encrypted" or each connection encrypted?
Sender encrypt with their private key, each receiver has the corresponding public key vs "sender encrypts each connection with the receiver public key and encrypts and sends N messages".
You can make arguments for both.
Or is a session key (one time key) embedded in the data that the receiver will be able to extract using their private key or the senders public key; after extraction can be used to decrypt the message.

Arguments can be made for a bunch of different approaches, but solutions require understanding/definition of "what" you are trying to do.
 
graudeejs said:
Good, but how many "ends" are encrypted for two person conversation? Perhaps 3 as in (n+1), that would still be end-to-end encrypted, just end-to-end-to-end?

Also I must reference this comment, though to be clear, It doesn't guarantee no additional encryption "ends" for incoming plain text e-mails exist.
Click to expand...
I'm sorry but I don't understand your question. Every conversation is encrypted end-to-end, so there are just two "ends". Why are you talking about "3 as in (n+1)"? I don't get it.
 
fmc000 said:
I'm sorry but I don't understand your question. Every conversation is encrypted end-to-end, so there are just two "ends". Why are you talking about "3 as in (n+1)"? I don't get it.
Click to expand...
I think mer, hit the nail with a hammer with his reply to my post.

What makes you think that there are only 2x ends (person A and person B) in two person chat on Whatsapp? How can that be verified? Can you trust Meta?
My point is saying end-to-end encryption by itself only means stuff is encrypted. On services such as Whatsapp you can't be sure there are no additional/hidden recipients.
 
  • Like
Reactions: mer
fmc000 said:
I'm sorry but I don't understand your question. Every conversation is encrypted end-to-end, so there are just two "ends". Why are you talking about "3 as in (n+1)"? I don't get it.
Click to expand...
Have you ever sent an email that had more than one receiver? A To address, plus 1 or more CC? That's the question.
If I send email to you I can encrypt with my private key and you decrypt with my public key or I encrypt with your public key and you decrypt with your public key.
Now I want to send an email to fmc000 graudeejs and eternal_noob I want the email encrypted but how do I do it? Do I make 3 copies, encrypt each individually, send 3 copies? That kind of loses the "group email" idea.
If I encrypt with my private key, all receivers need to have my public key to decrypt.

Think of conference calls (google meet, teams, zoom, etc):
We have 5 people in the call, we can have unicast connections which means one from every person back to the server, the server mixes redistributes or we use multicast so 5 people are listening on one address.
 
They tried to pull that on us, secure end-to-end encryption, which they meant was from you to the server and server to target. Only this tiiiny place in the middle was unencrypted, but otherwise... If I remember correctly, they got a lot of lawyers swarming them, that thing is pushing up the daisys now.
 
mer said:
Have you ever sent an email that had more than one receiver? A To address, plus 1 or more CC? That's the question.
If I send email to you I can encrypt with my private key and you decrypt with my public key or I encrypt with your public key and you decrypt with your public key.
Now I want to send an email to fmc000 graudeejs and eternal_noob I want the email encrypted but how do I do it? Do I make 3 copies, encrypt each individually, send 3 copies? That kind of loses the "group email" idea.
If I encrypt with my private key, all receivers need to have my public key to decrypt.

Think of conference calls (google meet, teams, zoom, etc):
We have 5 people in the call, we can have unicast connections which means one from every person back to the server, the server mixes redistributes or we use multicast so 5 people are listening on one address.
Click to expand...
in case of email, BCC would be even better example (don't even need to encrypt it to illustrate the point). Send TO to one recipient while also having BCCs that you want. Primary recipient (TO) will never know that others are parties are reading mails sent to him/her.
 
  • Like
Reactions: mer
graudeejs said:
I think mer, hit the nail with a hammer with his reply to my post.

What makes you think that there are only 2x ends (person A and person B) in two person chat on Whatsapp? How can that be verified? Can you trust Meta?
My point is saying end-to-end encryption by itself only means stuff is encrypted. On services such as Whatsapp you can't be sure there are no additional/hidden recipients.
Click to expand...
I trust Meta in this case because of this. Do you think that they will threaten to leave the most populous country in the world if end-to-end encryption could be circumvented?

And BTW, it's up to you to prove that what they say isn't true, not otherwise. Unless you're a conspiracy theorist, in this case everything is acceptable of course.
 
fmc000 said:
I trust Meta in this case because of this. Do you think that they will threaten to leave the most populous country in the world if end-to-end encryption could be circumvented?

And BTW, it's up to you to prove that what they say isn't true, not otherwise. Unless you're a conspiracy theorist, in this case everything is acceptable of course.
Click to expand...
At best, it proves only that they are selective on who are allowed on BCC list, it doesn't prove that BCC list is empty.
 
Jose said:
Why not encrypt your mail with your public key? Then only your private key can decrypt it.
Click to expand...
Protonmail is mainly Webmail. You would have to download and decrypt, it would be impossible to read on the browser.
Perhaps a web app with access to the private key would be the solution.
 
This thread is starting to overlap with the firefox/AI one.
Microsoft has invested heavily and include "AI" into Windows 11. screenscraping to learn your habits, like "oh when you open quickbooks you usually start Chrome on a website playing soothing music, so I will do that for you automatically". "They" say you can turn off some features so your banking details aren't included in the screen scrape but why should you have to opt-out of the feature instead of opt-in?
All of these companies are doing similar things, Meta Alphabet Adobe Google. They want all your data to flow through them so they can "optimize your life".
By doing so, it raises the concern (at least for me) of where is my data?
Google Docs to create a document, it's stored on their servers you need to download it and delete it from the servers but they have backups.
Photoshop, you are creating images, your images are local but the program is in the cloud so your data must pass through their servers. What are the licensing terms for that intermediate data?
Office 365 is the same model.
Do you want that for your financial data? Sure QuickBooks lets you store your data in the cloud so you can "access it from anywhere". But that means you are counting on Intuit to keep up to date on all infrastructure to avoid zero days and loss of your data. They get hit by ransomware and you "can't access your data from anywhere".

So trust but verify and read the fine print in the ELUA that everyone just clicks through.
 
fmc000 said:
I trust Meta in this case because of this. Do you think that they will threaten to leave the most populous country in the world if end-to-end encryption could be circumvented?

And BTW, it's up to you to prove that what they say isn't true, not otherwise. Unless you're a conspiracy theorist, in this case everything is acceptable of course.
Click to expand...
as graudeejs said it means that the key meta has given to you, they won't give it to the indian govt. but it doesn't mean that the five eyes tla's don't have it
or the algo to get it from your phone number with another say 30 bits of randomness they will brute force. you can't verify the key is secure. see debian ssh private key problem and there are other cases with crypto wallets where insufficient randomness caused big problems
so unless they publish the source code and you can self build your app with the compiler of your own choice they are not to be believed. also as long as you can't bring your own key pair suspicion stays
 
I've just had another brilliant idea. You can run a spool of RJ11 cable betwixt your computer and your recipients computer. Then install a 56K modem on each system and host a dial-up server on the recipient machine. You then could simply dial in to your recipients computer and transfer your encrypted mail from your computer to their computer. Brilliant, yes? Boom, problem solved.
 
LibreQuest said:
I've just had another brilliant idea. You can run a spool of RJ11 cable betwixt your computer and your recipients computer. Then install a 56K modem on each system and host a dial-up server on the recipient machine. You then could simply dial in to your recipients computer and transfer your encrypted mail from your computer to their computer. Brilliant, yes? Boom, problem solved.
Click to expand...
Yes you can. But what if the email is going to more than one recipient? :)
 
You must log in or register to reply here.
Back
Top