ProtonMail and Anonymity
Maksim Fomin
maxim at fomin.one
Sun Sep 1 20:59:06 CEST 2019
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Sunday, September 1, 2019 12:14 PM, Stefan Claas via Gnupg-users <gnupg-users at gnupg.org> wrote:
> Stefan Claas wrote:
>
> > Am Mon, 6 May 2019 08:53:14 -0400
> > schrieb Jeff Allen jrallen at runbox.com:
> >
> > > People who don't trust ProtonMail shouldn't use it.
> >
> > Absolutely! But I think it does not hurt to post
> > such things to educate PGP users how different
> > services or software applications etc. handle such
> > privacy related things, especially when using the
> > word anonymous.
>
> Also interesting.
>
> https://eprint.iacr.org/2018/1121.pdf
>
> Regards
> Stefan
>
> ---------------------------------------------------------------------------
>
> box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
> certified OpenPGP key blocks available on keybase.io/stefan_claas
>
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
The paper overstated protonmail security weaknesses. The paper does not point to possible or actual attacks, nor reviews code. It merely boils down to two analytical (hypothetical thinking) conclusions: 1) protonmail server can be compromised, verified smartphone app is more reliable in this aspect 2) for outside encryption protonmail allows to use weak passwords.
More information about the Gnupg-users
mailing list