• 1 Post
  • 13 Comments
Joined 1 year ago
cake
Cake day: June 15th, 2023

help-circle
rss



  • I think we mostly agree, and I appreciate you advocating for secure alternatives and privacy in general!

    How can proton protect your unencrypted emails? Unless you are writing someone that also uses protonmail or pgp, the emails wont be encrypted.

    That’s true. Proton can only encrypt your inbox in that case.

    This is barely an advantage at all over the existing system.

    I disagree. Having my inbox encrypted and using an email provider that doesn’t mine my data is certainly worthwhile for me.

    You are just telling people to depend on this single point of failure, which is proton. You cant expect everyone to use protonmail, that would be unwise from a decentralization standpoint.

    I’m not advocating Proton over other, more secure and private communication methods. My point is that, if you’re choosing an email provider, Proton is a good choice. They’re a nonprofit whose mission is privacy, and they spend considerable technical effort to ensure it.

    I would hate to see someone switch from Proton to Gmail or some other provider that doesn’t offer any privacy because they mistakenly think all providers are the same.

    The real solution is only using email for people that are unwilling or unable to use something other than email. For everyone else you should simply switch to different communications protocols that were made with e2ee in mind.

    To the extent that’s practical, I strongly agree. As you correctly point out, email is a plaintext protocol, and there’s nothing Proton can do about that.

    But if you do use email and not all your contacts have exchanged PGP keys with you, which I’m sure is true for many people, then I think there’s a lot of value in using a provider that offers an encrypted inbox and doesn’t mine your data.











  • I think both passkeys and security keys rely on the hardware being one of your multiple factors. This is what keeps a remote hacker who stole some website’s password database from using the stolen passwords to log in–they don’t have your physical hardware.

    You can’t store the passkey in your password manager because your password manager isn’t hardware.

    You could store the passkeys in your laptop’s (or phone’s, etc.) hardware, and in fact that’s how passkeys are intended to work.

    Disclaimer: I barely understand this stuff and welcome corrections/elaborations.