ProtonMail and Anonymity
Wiktor Kwapisiewicz
wiktor at metacode.biz
Sun Jun 9 11:09:28 CEST 2019
Hi Kirill,
On 09.06.2019 08:57, Kirill Peskov wrote:
> It uses OpenPGP protocol, but quite a twisted way. And they're not
> OpenPGP-compliant, because they're not able to encrypt mails leaving
> their domain.
What do you mean by that? There is an option to add OpenPGP key of a
"foreign" contact and send to other e-mail providers just like any oter
OpenPGP mail.
From what I've seen on OpenPGP mailing list they're also planning to
have Web Key Directory key discovery so that I'll be easier to encrypt
to people outside ProtonMail
> Any webmail by itself cannot be secure, because provider
> can always send you 'modified' browser applet and steal your private key
> and some day — the passphrase.
Yes, that's a problem. Still, who would discover a compromised Enigmail
plugin (that autoupdates too), or even GnuPG? As the code is quite
complex and in some cases there are many intermediaries (distro
maintainers) it's not quite obvious what code are you running exactly.
As for webpages there is also this interesting plugin:
https://stosb.com/blog/signed-web-pages/
Kind regards,
Wiktor
--
https://metacode.biz/@wiktor
More information about the Gnupg-users
mailing list