andy1011000 Proton CEO posted:

ā€œPeople honestly seem to forget that I live in Switzerland, where Republican/Democrat doesnā€™t mean anything, and Trump isnā€™t even on our ballot to be voted forā€¦ā€

Onyx376. replied:

ā€œThe point is that fighting for a more just and equal society is not just about fighting for the fundamental right to privacy but also for all other fundamental rights, including individual rights and life. When you, as the CEO of a company that starts from these principles, nod positively to whatever action a political figure like Trump, who is known for always flagrantly putting his private interests ahead of those of his own nation, makes speeches about eliminating minorities, hurting their rights as citizens and flirting with Nazi movements, it is understandable that members of the privacy community are disappointed as this reveals a little about who is being the face of a company that should follow contrary principles. But now we really know what ā€œfreedomā€ means to you.ā€

You are viewing a single thread.
View all comments View context

If you complie your clients, Proton cannot decrypt your data.

But thereā€™s a lot more than Proton can do.

They could log your IP, the exact time you log in or use Proton services

They could keep a copy of every email you receive, most of them are probably unencrypted.

If you use VPN, they could log everything you do, they wont be able to decrypt the HTTPS data, but if they log all your traffic, it defeats the purpose of using a VPN.

They could potentially swap the web javascript, if you ever log in via browser.

When you send emails to another Protonmail user, Proton could potentially do a mitm and swap Protonā€™s public key and make the other userā€™s client think its your public key, and also give Protonā€™s public key, and make your client think its that userā€™s public key. Proton essentially act as a keyserver, so they could maliciously replace keys.

And most people donā€™t compile their user clients, so if you just download the clients they compile, they could just not use the source code to compile it, sending you a malicious client.

Thereā€™s just a lot of attack vectors if the company itself becomes hostile.

permalink
report
parent
reply

Privacy

!privacy@lemmy.dbzer0.com

Create post

Protect your privacy in the digital world

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

~PS: Donā€™t be a smartass and try to game the system, weā€™ll know if youā€™re breaking the rules when we see it!~

  1. Be nice and no bigotry/prejudice
  2. No tankies/alt-right fascists. The former can be tolerated but the latter are banned
  3. Stay on topic
  4. Donā€™t promote proprietary software
  5. No crypto
  6. No Xitter links (only allowed when canā€™t fact check any other way, use xcancel)
  7. If you post news exclusive to a country please name it. ~(This isnā€™t a bannable rule, just a recommendation!)~

Related communities

Community stats

  • 1.8K

    Monthly active users

  • 71

    Posts

  • 575

    Comments