You are viewing a single thread.
View all comments View context
45 points
*

Today we’re announcing a new end-to-end encrypted, collaborative document editor that puts your privacy first. Docs in Proton Drive are built on the same privacy and security principles as all our services, starting with end-to-end encryption. Docs let you collaborate in real time, leave comments, add photos, and store your files securely. Best of all, it’s all private — even keystrokes and cursor movements are encrypted.

Literally the second paragraph of the post (but I’m sure you haven’t read it, since you seem so busy replying to every comment here about how Proton is becoming Microsoft or something).

permalink
report
parent
reply
-31 points

So sending a company your private key and trusting their servers to do E2E encryption despite them being able to modify their code whenever they feel like it to capture your password without encryption and masked in obfuscated JavaScript is now considered security? Wow, people really are gullible.

permalink
report
parent
reply
17 points

I agree with your general sentiment here (that such an arrangement is not trustworthy enough for me to feel completely private) but your delivery of said sentiment is really fucking rude, dude.

Even if it’s not secure enough for you or I to feel private, it likely exceeds the security necessary to satisfy most people’s threat models so they can not only feel private but objectively be more private than if they just used Google docs.

incremental or opportunistic privacy improvements are better than none, a fact that has seemed to be lost in elitist privacy circles these days.

permalink
report
parent
reply
-20 points

Incremental in what way? There is an illusion of privacy. If that makes people feel good then sure, you increase your illusion of privacy.

permalink
report
parent
reply
16 points

He’s wrong about what he said, too. You do not send Proton your private key.

permalink
report
parent
reply
15 points
*

I’m not sure what you’re talking about ? You’re not sending your private key to their server without first encrypting it first locally. Their servers are not doing the E2EE, your client is. The website front and apps are open source.

Yes they could send you a compromised front if you use it via their website, that’s a compromise you accept, otherwhise you could only use their apps which are open source.

permalink
report
parent
reply
-10 points

Tell me… when you visit a website that gets updated daily, if not hourly. If it served you a different version of JavaScript than what it served someone else… would you know?

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 16K

    Monthly active users

  • 12K

    Posts

  • 550K

    Comments