Proton Mail, the leading privacy-focused email service, is making its first foray into blockchain technology with Key Transparency, which will allow users to verify email addresses. From a report: In an interview with Fortune, CEO and founder Andy Yen made clear that although the new feature uses blockchain, the key technology behind crypto, Key Transparency isn’t “some sketchy cryptocurrency” linked to an “exit scam.” A student of cryptography, Yen added that the new feature is “blockchain in a very pure form,” and it allows the platform to solve the thorny issue of ensuring that every email address actually belongs to the person who’s claiming it.
Proton Mail uses end-to-end encryption, a secure form of communication that ensures only the intended recipient can read the information. Senders encrypt an email using their intended recipient’s public key – a long string of letters and numbers – which the recipient can then decrypt with their own private key. The issue, Yen said, is ensuring that the public key actually belongs to the intended recipient. “Maybe it’s the NSA that has created a fake public key linked to you, and I’m somehow tricked into encrypting data with that public key,” he told Fortune. In the security space, the tactic is known as a “man-in-the-middle attack,” like a postal worker opening your bank statement to get your social security number and then resealing the envelope.
Blockchains are an immutable ledger, meaning any data initially entered onto them can’t be altered. Yen realized that putting users’ public keys on a blockchain would create a record ensuring those keys actually belonged to them – and would be cross-referenced whenever other users send emails. “In order for the verification to be trusted, it needs to be public, and it needs to be unchanging,” Yen said.
Curious if anyone here would use a feature like this? It sounds neat but I don’t think I’m going to be needing a feature like this on a day-to-day basis, though I could see use cases for folks handling sensitive information.
You must log in or register to comment.
I’d absolutely use this. I’m glad to see people using this incredibly powerful concept to solve problems that would literally be impossible to solve without it. It is especially encouraging that they used Monero since it has an extra layer of untraceability built-in. Blockchain is experiencing kind of a backlash in public perception, but like tech closely related to it like NFT’s, it is a VERY viable idea that just so happens to be tainted by greed and disinformation.
Voting is another concept that would become unhackable overnight…but would also probably:
A. enable the creation of a CBDC (which would also allow the state to REVOKE ownership of your own money)
B. force a state to pick a technology/crypto of choice (and tip the scales toward that crypto)
both of which I somehow am vehemently against yet moderate a (ghosty) community on blockchain voting. 😅
Voting is another concept that would become unhackable overnight
No. Voting on the blockchain is an even worse idea than money on the blockchain.
In many cases, there are good reasons why these things are done they way they are. I have yet to see a software system that is better at preventing voter fraud than humans looking at your government-issued ID at a poll site and humans overseeing other humans manually counting votes.
A single actor might be able to commit voter fraud in the order of dozes or hundreds of votes perhaps but with a digital voting system based on blockchain, they could do so on the order of thousands or even millions by compromising end-user devices used for voting or buy enough work/stake/whatever to perform a 51% attack.
Same goes for money btw. Our current system is by far not a perfect one but removing the ability for governments to i.e. freeze accounts of bad actors is not a boon.
I have yet to see a software system that is better at preventing voter fraud than humans looking at your government-issued ID at a poll site and humans overseeing other humans manually counting votes.
have you seen any of the research that the US government did on it? Homomorphic encryption enables votes to be both public and obfuscated at the same time. I don’t want to write an essay right now but are you truly up to date on this?
Our current system is by far not a perfect one but removing the ability for governments to i.e. freeze accounts of bad actors is not a boon.
I COMPLETELY DISAGREE. It should be exactly as hard as it is to freeze the cash of bad actors. That’s the point of it. I, of course, happen to be a libertarian socialist/anarcho syndicalist. You happen to be a capitalist. You seem to want be in the camp of “you will own nothing and you will like it” but I just so happen to not trust governments and their decisions. I believe in socialism but have seen it co-opted and destroyed by corruption. Anyway, I don’t think that those same clearly corrupted governments should have the unilateral right to prevent me from attemtpting to claw enough back from their corruption and greed to feed my family.
deleted
Homomorphic encryption enables votes to be both public and obfuscated at the same time.
That’s nice but has nothing to do with voter fraud prevention.
I will not reply to the stupid ad hominem. You have made it exceptionally clear that you have no idea what my political views are.
deleted
If you dislike corruption and capitalists, then why do you like cryptocurrency?
Because properly-implemented cryptocurrencies make corruption impossible. Even the shitty, scammy FTX project had a decentralized ledger, allowing the FTC to quickly and easily forensically untangle SBF’s tangled web of lies and fraud. Even Do Kwan’s TerraLuna hack would have been possible to detect had the project been open source (like any viable crypto project) but regardless of that, it will still now be quite trivial for the regulators prosecuting him and his co-conspirators with fraud.
More learning for those listening in that haven’t already made up their mind like you have: https://youtu.be/J5xegDJphvc?si=x3tJw9s1c1WL_WNy
deleted
It’s interesting that you can identify cherry-picking on my part but fail to identify it on your own. I merely mentioned situations where fraud (which I didn’t fall for because I follow certain principles about transparency and auditability of the crypto technologies that I prefer) was easily detected because the nature of the technology puts all transactions on an immutable ledger.
What valid criticisms of THE TECH have you offered so far? You’ve simply pointed to situations where stupid people failed to protect themselves from clear frauds then went and used that brush to paint the entire crypto space. You’re not really the intellectual heavyweight you seem to think you are.
deleted
deleted
deleted
“You drink water and breathe air. Peter Thiel drinks water and breathes air too. Therefore you are just like Peter Thiel!”
You’re a troll. I literally hate Peter Thiel. He is invested in so many technologies that it’s VERY likely that we’re invested in the same tech somewhere. Pretty sure he doesn’t give a shit about Cardano which is the project I develop applications for.
Spreading your investments out is kind of how investing works when someone is a billionaire, dipshit.
Anyway, that’s enough feeding the trolls for today. Have a good night, intellectually dishonest hiveminder.
deleted
Nice. He recognized a good technology. You sound SO stupid.
deleted
deleted
deleted
deleted
Thanks for lazily puking a couple of reductive, bankster-funded, cherry-picked, neolib rage-bait videos at me. Did you want to discuss this issue or do you want to lazily let the videos do it for you while forcing me to write essays that will be brigaded by the hivemind?
deleted
deleted
deleted
deleted
Peter Thiel is a neolib? I’m pretty sure he’s more alt-right but really what’s the difference. You seem to be conflating the whole crypto space with Peter Thiel even though he’s kind of focused on shitty projects like Eth and Solana. Oh well.
deleted
I like Dan Olson’s video but I don’t think it’s truly unassailable. There is some real use cases for block chains in low trust networks. One of those being global monetary policy. Another critic is that web3 applications (like Mastadon and Lemmy …) I think is moving forward even more so as the age of easy money comes to a full close.
deleted
It’s the coordinated decentralization that really defines web from web2 and 1. Cooperative vs competitive coordination is just a sub strategy within that, but I don’t think either strategy is always best for all problems.
What is wrong with doing something like pgp key servers?
Key servers can be dishonest, so you need to have another way of verifying that the key you receive is correct.
Blockchains are an immutable ledger, meaning any data initially entered onto them can’t be altered. Yen realized that putting users’ public keys on a blockchain would create a record ensuring those keys actually belonged to them – and would be cross-referenced whenever other users send emails. “In order for the verification to be trusted, it needs to be public, and it needs to be unchanging,” Yen said.
deleted
It sounds overcomplicated, is there really a need for the blockchain aspect? Could the same security be provided by a simpler method (like how keybase has their identity proofs?) but better to have it and not need it than need it and not have it ig
PGP solved this a long time ago, but it is difficult to make it user friendly enough for non-technical people to understand and adopt it.
How many people have verified how many people’s identity with PGP signatures? Also I’m willing to bet a horribly shocking amount of people would just accept a new key from someone (not necessarily sign it) and trust them regardless.
deleted
Yeah these issues are definitely not new, but replacing “I trust the people who sign/verify my keys” versus “I trust the blockchain” is not too far off. What rules are going to be in place for peers to validate entries to the blockchain and independently reach enough concensus to achieve true decentralization?
To be clear, I’m not saying this solution is better or worse than PGP, I just don’t believe PGP works well for creating a web of trust.
Right here:
Blockchains are an immutable ledger, meaning any data initially entered onto them can’t be altered. Yen realized that putting users’ public keys on a blockchain would create a record ensuring those keys actually belonged to them – and would be cross-referenced whenever other users send emails. “In order for the verification to be trusted, it needs to be public, and it needs to be unchanging,” Yen said.
The benefit of doing this with a blockchain instead of a privately held and maintained database is that the latter can be compromised, and you just have to trust “whoever” is maintaining that private database. Blockchain means that the ledger is distributed to many nodes, and any post-entry modification to that chain would be instantly recognized, and marked invalid by the other nodes operating the chain. Besides that, when you’re looking up a public key for a recipient on such a blockchain, you would be looking it up at a number of nodes large enough that in order for a malicious entry to come through, they would all have to be modified in the same way, at the same time, and you would have to be asking before the change got flagged. Poisoning blockchain data like this is simply not possible; that’s what makes this an especially secure option.
But it’s not public. It’s a private blockchain. The immutable ledger aspect only matters if everyone can see the ledger. Otherwise we take at face value all of the things you said. Assume they run one node and that one node is compromised by a malicious actor. The system fails. Extend it to a limited number of nodes all controlled by SREs and assume an SRE is compromised (this kind of spearphishing is very common). The system fails again.
Sure, you can creatively figure out a way to manage the risks I’ve mentioned and others I haven’t thought of. The core issue, that it’s not public, still remains. If I’m supposed to trust Proton telling me the person I’m emailing is not the NSA pretending to be that person (as the Proton CEO suggested), I need to trust their verification system.
It’s. In. Beta. Of course it’s not being offered to the general public yet. It’s likely that there are very many beta nodes, in order to test scalability. When it’s out of beta, you drop the beta chain and start a new one.
Did we read the same article? Emphasis mine.
Yen said Proton might move the feature to a public blockchain
I’m not interested until it’s public. Additionally, building out the chain then dropping it to rebuild a new public one is rewriting history, which violates the whole “immutable” part of “immutable ledger.”
Context matters:
Proton rolled out the beta version of Key Transparency on their own private blockchain, meaning it’s not run by a decentralized series of validators, as with Bitcoin or Ethereum. Yen said Proton might move the feature to a public blockchain after the current version serves as a proof of concept.
It’s not rewriting history. We’re talking about validation of public keys. The exact same information can be added to a public non-beta chain, to satisfy the concerns about security that would come from maintaining a previously private beta chain into production.
… which gives a timing attack and the ability for bad actors to impersonate someone. I agree with you that, once public, this is a good idea. You cannot convince me that this is a good idea if done privately because there is no way to trust but verify, especially in the highly sensitive contexts they want trust in.
If it’s not public, I won’t trust it. You trust it blindly because it’s in beta. We’re not going to come to an agreement over these mutually exclusive positions.
I don’t “trust it blindly” because it’s in beta - I understand that it’s a work in progress because it’s in beta. Jesus christ you people and your fucking tinfoil hats.
deleted
As long as there is an appropriate method for adding a legitimate entry to the chain, incorrectly entered data can be handled by appending corrected data on to the chain, and marking the error as such. Sensitive data, in this case, would be along the lines of “I accidentally added my private key instead of my public key.” The action necessary here is the same as if I published my private key anywhere: stop using that key pair and generate a new one.
deleted
This part:
As long as there is an appropriate method for adding a legitimate entry to the chain, …
deleted
Well, if there’s not, then the whole thing would never work at all.
deleted
This is false. Protonmail has supported Web Key Discovery for external domains since 2019: https://proton.me/blog/security-updates-2019
Unfortunately pretty much no one uses openPGP.
deleted
As far as I know they use openPGP and that works automatically between proton users but can be set up to work from and to anyone. The other partner just needs to use a client that supports it (like the objectively best client, Thunderbird ;) ) unfortunately pretty much no one uses openPGP so emails will very seldom be E2E encrypted.
Apparently the Proton clients support web key exchanges so you wouldn’t have to import the key of users that use OpenPGP (if they have imported the key to the exchange) so in theory that would make it better. I have yet to use that functionality in Thunderbird though, since again, pretty much no one uses openPGP.
I have sent one legit openPGP email and that was to my country’s financial inspection asking for an internship. Unfortunately they replied unencrypted and included my email in the reply, lol. It’s fair enough though, since I used a feature that’s probably intended to report fraud and crime.
And this is not at all what’s happening here.
deleted
I’ll use it once they’ve sorted out CalDAV and CardDAV… it’s only been an open issue for eight fucking years.
Care to elaborate?
There’s no way to sync contacts and calendars between an iPhone (and other mail clients) and protonmail. The app does one way sync from the phone to protonmail, but not the other way round.
8 years ago a feature request was made to add support for CardDAV and CalDAV, but even with the release of bridge it’s not there.
So iOS users have to resort to using other calendar services, or 3rd party bridges to enable it.
fuck this and blockchain in general so very, very much. time to look for another email provider.
- java ( @java@beehaw.org ) 17•11 months ago
Do you have valid arguments against this proposal or is it just an emotional reaction caused by a single word?
FYI. Blockchain is only so very power waster because for cryptocurrency uses the users churn out new rounds continuously as if there is no tomorrow.
Here, your public key relatively rarely changes. If you had your protonmail account for years, it probably hasn’t changed ever yet.
Maybe I’m wrong in this, but this seems to be similar to what Keybase was doing, and that was a cool idea!
The best thing is reading all of this with https://github.com/samhocevar/no-fucking-thanks
You should first try reading it at all.
I dont want to, I just said it looks interesting if you use that addon.
This announcement doesn’t have anything to do with cryptocurrencies or nfts. I’m not sure if I like the idea yet either, but please don’t conflate it with all that other scammy nonsense.
While it is funny (honestly replacing any tech term with circlejerk in a tech article makes it sound so funny to me, I have the mind of a child), it’s not very relevent here.
Don’t use proton…
You can’t just give all of your data to one company and expect it to be private
So PM claims it has on the order of 10^8 users. Let’s assume each user has one email address with one public ed25519 key, both of which are likely false.
Each key is 32Byte;
32B * 10^8 = 3.2GB.Could someone do the math how much fiat it’d take to store such an enormous amount of data on the Ethereum or monero blockchains?
Why would knowing every single email be seen as something positive? Nice way to have spam-heaven. The keys also don’t need to be public. If you need something THAT secretive, there are safe ways to do a permanent key exchange.
It’s not like we’re controlling spam today by keeping email addresses hidden.
It’s not a reason to make it worse.
The public part of it would be the RSA pubkey, likely linked with an identifier such as the SHA-256 hash of the email. You could quite easily have that ledger public and it would take millennia to crack any of the emails, much easier to use fuzzing with common words and names than trying wasting computing power for a single email. The whole point of blockchain is that it’s an immutable public ledger which would actually suit this idea quite well.
It’s trying to solve a problem that we don’t have. We don’t need any of that to be immutable.
This is solving a problem we DO have, albeit in a different way. Email is ancient, the protocol allows you to self identify as whoever you want. Let’s say I send an email from the underworld (server ip address) claiming I’m Napoleon@france (user@domain), the only reason my email is rejected is because the recipient knows Napoleon resides on the server France, not underworld. This validation is mostly done via tricky DNS hacks and a huge part of it is built on top of Google’s infrastructure. If for some reason Google decides I’m not trustworthy, then it doesn’t matter if I’m actually sending Napoleon’s mail from France, it’s gonna be recognized as spam on most servers regardless.
A decentralized chain of trust could potentially replace Google + all these DNS hacks we have in place. No central authority gets to control who is legitimate or not. Of all the bs use cases of block chain I think this one doesn’t seem that bad. It’s building a decentralized chain of trust for an existing decentralized system (email), which is exactly what “block chain” was originally designed for.
I’m glad there are authorities out there (like Google) that act as gatekeepers and track the worthiness of senders. Without that, there would just be no way to close the floodgates. Is Google the best company for that? It’s definitely one of the good ones for that.
No, you can’t forge emails easily as you say. Maybe DMARC isn’t perfect, but it works just fine. Attacks that bypass that are done on misconfigured systems, so human error, which can happen with any tech, the one from this post included.
Yes email is an old tech, but let’s not pretend like it hasn’t evolved. It’s not perfect, but it generally works. I don’t think you need to go fully decentralized, but some steps to have more than a single authority could be positive.
I think the main pro of this system would be that it requires no trust. The immutability would be actually a con for privacy: if you’re burned or doxxed later, there would be hard evidence of your identity in the blockchain.
Except the trust of the source of the blockchain, or some certificate authority somewhere at some point, but ya, that’s kinda assumed as there is no way of making a “first handshake” that’s secure.
For me, it all looks like someone is trying to make a product rather than solve an actual issue.
What do you think the problem even is? It sounds like you just don’t understand why someone would want to use public key cryptography to begin with.
I understand how public-private keys work, and I understand why you’d want one. I just think this implementation of a register is bad. Not from a security risk, from a use case point of view; it’s for all intent and purposes an email which if ever compromised is forever compromised and non reusable. It’s an email that’s unrecoverable so not usable in many companies.
I’m sure there are other reasons to not like the idea, but that’s what I can think off the top of my head.
I understand why you’d want one
It’s an email that’s unrecoverable so not usable in many companies.
It doesn’t sound like you understand why someone would want to do email with public key cryptography, it sounds like rather you do not like the idea of doing email with public key cryptography. Being unrecoverable is just the tradeoff there. Again, what do you think the problem described even is? For reference,
The issue, Yen said, is ensuring that the public key actually belongs to the intended recipient. “Maybe it’s the NSA that has created a fake public key linked to you, and I’m somehow tricked into encrypting data with that public key,” he told Fortune. In the security space, the tactic is known as a “man-in-the-middle attack,” like a postal worker opening your bank statement to get your social security number and then resealing the envelope.
I think if you actually acknowledge the problem of trust for propagating public keys as a real one that is worth being solved, it would be hard to argue that blockchain is a bad fit for that problem, because it is not. Trustless, verifiable propagation of data is one of the things it actually offers unique benefits for.
I’m sure there are other reasons to not like the idea, but that’s what I can think off the top of my head.
It might be useful to start by considering the idea itself and what it is saying, instead of looking for arguments to make against it.
You’re not adding anything that wasn’t argued towards before. Soon or later, you have to trust something. There are ways to transfer keys by other means which you can use to corroborate.
The tradeoffs of this idea are just not worth it for 99% of the people.
What are the tradeoffs, assuming an email encryption scheme based on self custodied private keys and publicly published public keys? I don’t see any major disadvantages to using blockchain for this, and significant advantages. It’s a big deal if no one can selectively remove/conceal previously published info. If associating a key with an email, and someone is trying to impersonate you, you’ll know it, it’s not going to be hidden from you and specifically shown to someone else. It just makes sense to do it that way. Yes, you have to trust something at some point, but this is a way to minimize how much trust you have to give.
Who cares about their honeypot
What should I use for my throw away emails now?