Technology

59374 readers

7416 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

519

Proton Mail Discloses User Data Leading to Arrest in Spain (restoreprivacy.com)

submitted 6 months ago by [email protected] to c/[email protected]

106 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[+] [email protected] -7 points 6 months ago (5 children)

This is why you sign and encrypt the contents of email. If the recipient doesn't have the public key, they can't read the content.

Allowing a service provider to "handle your keys" is tantamount to letting the fox watch the henhouse.

Proton doesn't provide IMAP/SMTP access for free accounts, so you won't be able to encrypt emails locally.

This ultimately is the tech version of "trust me bro". This means you are as secure on Proton as you are on GMail, depending upon how you use the service.

[–] [email protected] 8 points 6 months ago

This comment is completely off the mark. The information that they disclosed is the recovery email -the same exact thing which happened previously- not any content of any email.

Also, proton does encryption with PGP, but you can't encrypt if the other side doesn't use PGP (which is the case for 99.98% of humans on the planet). If they do, proton supports this including with arbitrary clients using their bridge.

[–] [email protected] 8 points 6 months ago* (last edited 6 months ago)

If the recipient doesn't have the public key, they can't read the content.

Sir, if your recipients don't have a public key, you cannot even encrypt the message... That is how asymmetric-key crypto works.

[–] [email protected] 5 points 6 months ago (1 children)

Proton doesn't provide IMAP/SMTP access for free accounts, so you won't be able to encrypt emails locally

Umm, you absolutely can. Use gpg, encrypt the txt, copy the encrypted text into the email. EZPZ.

[–] [email protected] -3 points 6 months ago

...yes, that's what I said. But sign them locally. Do not put your private key on Protons service. Sign and distribute pub keys locally.

Probably should have clarified.

Also, paid IMAP/SMTP makes Proton a freemium service. Thought I should just underline that.

[–] [email protected] 3 points 6 months ago* (last edited 6 months ago) (1 children)

Just encrypt with pgp and send encrypted text

[–] [email protected] 1 points 6 months ago

That's how a good portion of the Dark web works, and I find it amazing

[–] [email protected] 2 points 6 months ago

FYI email contents were not decrypted or turned over to police, as far as I know Proton's E2EE is still as good as whatever system you're using. Proton doesn't have the keys to decrypt your emails, it never did. What they have access to is metadata that is necessary to function when your private key is unavailable - e.g. your public encryption key used to encrypt incoming emails from non-Proton sources, or in this case, a recovery email address (I don't know what the recovery process entails and whether it can restore encrypted emails).