Yes its a good thing the result is what it is, but you watch, theyll try to use it as justification. And as a small(ish) fyi, try running a tracert on whatever site youre looking at. Unless you are directly connected to that site, there are likely multiple hops -domains- that your connection passes through to get from your machine to the target. Each one of those has the potential to read what youre doing and reporting on it.
Well not exactly. They might be reading the metadata of your lower level packages.
Unless you’re not using encryption, then wth are you even doing?
You forget the nsa, interpol. I remember back in the 90s there was a blurb about hackers sniffing packets and using that data to hack those systems. Gotta remember back then everyone had more open ports than shanghai
I mean yeah, maybe? Are you one of the people that believes aes or ecc has a backdoor? I think we’d know by now, and I’m certain they don’t have the compute to break aes256.
proton is untrustable
As much as some of us may dislike it when a company does these kinds of things. You can’t really blame them for following the laws of the country that they are headquartered in.
You can blame them for operating there to begin with in cases like Apple in China, but you could hardly blame them for following the laws of the US where they are headquartered for example.
If the law of the land where the headquarters is requires them to give up the data they do have to partner nations then they don’t really have much choice in the long run if they want to continue to exist.
If you use ANYTHING other than face to face meetings when discussing something illegal, you get what you deserve.
This is why you sign and encrypt the contents of email. If the recipient doesn’t have the public key, they can’t read the content.
Allowing a service provider to “handle your keys” is tantamount to letting the fox watch the henhouse.
Proton doesn’t provide IMAP/SMTP access for free accounts, so you won’t be able to encrypt emails locally.
This ultimately is the tech version of “trust me bro”. This means you are as secure on Proton as you are on GMail, depending upon how you use the service.
FYI email contents were not decrypted or turned over to police, as far as I know Proton’s E2EE is still as good as whatever system you’re using. Proton doesn’t have the keys to decrypt your emails, it never did. What they have access to is metadata that is necessary to function when your private key is unavailable - e.g. your public encryption key used to encrypt incoming emails from non-Proton sources, or in this case, a recovery email address (I don’t know what the recovery process entails and whether it can restore encrypted emails).
Proton doesn’t provide IMAP/SMTP access for free accounts, so you won’t be able to encrypt emails locally
Umm, you absolutely can. Use gpg, encrypt the txt, copy the encrypted text into the email. EZPZ.
This comment is completely off the mark. The information that they disclosed is the recovery email -the same exact thing which happened previously- not any content of any email.
Also, proton does encryption with PGP, but you can’t encrypt if the other side doesn’t use PGP (which is the case for 99.98% of humans on the planet). If they do, proton supports this including with arbitrary clients using their bridge.
