Announcement

Collapse
No announcement yet.

Introducing a new secure e-mail service

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Introducing a new secure e-mail service

    ProtonMail
    End-to-end encrypted email, based in Switzerland.

    ProtonMail was founded in summer 2013 at CERN by scientists who were drawn together by a shared vision of a more secure and private Internet. Early ProtonMail hackathons were held at the famous CERN Restaurant One. ProtonMail is developed both at CERN and MIT and is headquartered in Geneva, Switzerland. We were semifinalists in 2014 MIT 100K startup launch competition and are advised by the MIT Venture Mentoring Service.

    https://protonmail.ch/

    #2
    Great! I nabbed "GreyGeek" as a user name!
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    Comment


      #3
      LOL.

      https://protonmail.ch/blog/protonmail-threat-model/
      NOT RECOMMENDED:
      Edward Snowden – If you are Edward Snowden, or the next Edward Snowden, we would not recommend that you use ProtonMail. And in case Mr. Snowden was foolish enough to try, we have already blocked the username snowden@protonmail.ch

      Seriously? SMFH.

      Comment


        #4
        Originally posted by SteveRiley View Post
        LOL.

        https://protonmail.ch/blog/protonmail-threat-model/
        NOT RECOMMENDED:
        Edward Snowden – If you are Edward Snowden, or the next Edward Snowden, we would not recommend that you use ProtonMail. And in case Mr. Snowden was foolish enough to try, we have already blocked the username snowden@protonmail.ch

        Seriously? SMFH.
        yeah.
        Plus: this

        Found here

        Comment


          #5
          Aaron Siego is 100% correct. When I read through their Protonmail's "technical" description of their service, I was ready to write one of my epic rants about just how stupid is their approach. But it was already after midnight. Then when I saw that they thought blocking "snowden@protonmail.ch" was enough to dissuade and prohibit Snowden from thinking that he could use, oh, some other name I just thought, what a bunch of wankers. Browsers are the absolute worst thing to use for secure email. There are just too many ways to get access to the data from outside the browser and too many ways to force the browser to do something nefarious.

          Look. Security is hard. Public-private crypto is cannot be simplified precisely because any simplification introduces weaknesses. There simply is no other way to establish a secure session (whether it's SSL or PGP) over a non-secure transport (whether it's HTTP or email) than to go through the multiple steps of exchanging keys out-of-band. Period.

          Ignore Protonmail. They cannot fundamentally make email more secure.

          Comment


            #6

            Comment


              #7
              SR gives it the kiss of death!
              "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
              – John F. Kennedy, February 26, 1962.

              Comment


                #8
                Steve, could you please try to be more clear and precise in your posts.
                :-)
                An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

                Comment


                  #9
                  Originally posted by SteveRiley View Post
                  Ignore Protonmail. They cannot fundamentally make email more secure.
                  But I'm sure it's a lot more secure than the more common webmail services (Hotmail, Yahoo Mail, GMail etc.)

                  Comment


                    #10
                    Thank for the Info guys
                    Dave Kubuntu 20.04 Registered Linux User #462608

                    Wireless Script: http://ubuntuforums.org/showthread.p...5#post12350385

                    Comment


                      #11
                      Originally posted by NickStone View Post
                      But I'm sure it's a lot more secure than the more common webmail services (Hotmail, Yahoo Mail, GMail etc.)
                      That depends on how you define "secure."

                      On its own, Internet email was never intended to protect messages from eavesdropping or tampering. Over time, PKI has emerged as the best (read: most resilient against attack) method for adding such characteristics to messages delivered over a public and untrusted network.

                      Protonmail is trying to simplify the complicated task of encrypting email before it's sent. But their simplification opens up a number of attack vectors. I argue that these vectors are of a nature that renders Protonmail's service a failure. People using Protonmail will be lulled into a false sense of security. Protonmail messages will be intercepted at the origin and the destination by browser trickery. This makes Protonmail no more secure than any other web-based email service.

                      The only way to do this right is with PGP and S/MIME using traditional email clients that perform all encryption strictly on the local device, with a program (like KMail) that cannot be forced to run arbirary code, and using private keys generated by the device itself.

                      Comment


                        #12
                        Originally posted by SteveRiley View Post
                        .... The only way to do this right is with PGP and S/MIME using traditional email clients that perform all encryption strictly on the local device, with a program (like KMail) that cannot be forced to run arbirary code, and using private keys generated by the device itself.
                        That's the way I decided to do it -- manually encrypt the private stuff with my private 2048 bit key and send it as an attachment using KMail, which I have set to digital sign my email using the same key.
                        "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                        – John F. Kennedy, February 26, 1962.

                        Comment


                          #13
                          Well, it's a few more steps than that. When Alice wants to send a private message to Bob, she encrypts the message with Bob's public key. When Bob receives it, he decrypts it with his private key. Presumably, only Bob has access to that private key, and thus confidentiality is assured.

                          If Alice wants to sign her message, the mail program creates a hash of the message content and encrypts that with Alice's private key to create the signature. Then the mail program sends the message and the signature to Bob. When Bob receives these, his mail program uses Alice's public key to decrypt the hash. Then his mail program computes its own copy of the message hash. If this copy of the hash matches the decrypted hash, then we know that the message wasn't tampered with and that it actually came from Alice.

                          Comment


                            #14
                            Further news about ProtonMail Update about reported XSS issue

                            Comment


                              #15
                              Originally posted by SteveRiley View Post
                              Well, it's a few more steps than that. When Alice wants to send a private message to Bob, she encrypts the message with Bob's public key. When Bob receives it, he decrypts it with his private key. Presumably, only Bob has access to that private key, and thus confidentiality is assured.

                              If Alice wants to sign her message, the mail program creates a hash of the message content and encrypts that with Alice's private key to create the signature. Then the mail program sends the message and the signature to Bob. When Bob receives these, his mail program uses Alice's public key to decrypt the hash. Then his mail program computes its own copy of the message hash. If this copy of the hash matches the decrypted hash, then we know that the message wasn't tampered with and that it actually came from Alice.
                              Who the f@*% is Alice? And why is she sending encrypted email to Bob? What has she got to hide?
                              Last edited by Guest; Jul 30, 2014, 01:30 AM. Reason: added video

                              Comment

                              Working...
                              X