this post was submitted on 19 Dec 2023
1 points (100.0% liked)

The Linux Experiment

0 readers
1 users here now

I'm Nick, and I like to tinker with Linux stuff. I'll bumble through distro reviews, tutorials, and general helpful tidbits and impressions on Linux desktop environments, applications, and news. You might see a bit of Linux gaming here and there, and some more personal opinion pieces, but in the end, it's more or less all about Linux and FOSS ! If you want to stay up to snuff, follow me on Mastodon: https://mastodon.social/@thelinuxEXP If you can, consider supporting the channel here: https://www.patreon.com/thelinuxexperiment

founded 4 years ago
 

Andy Yen, the CEO of Proton (Mail, Drive, VPN, Pass...) answered a lot of the questions you, the community, asked, in an interview that covers basically everything!

He discusses security, privacy, the origins of Proton, how they operate, Linux support, future projects, products and features, quantum computing, passkeys, and more!

Proton Mail: https://proton.me/mail/TheLinuxEXP Proton VPN: https://protonvpn.com/TheLinuxEXP

๐Ÿ‘ SUPPORT THE CHANNEL: Get access to a weekly podcast, vote on the next topics I cover, and get your name in the credits:

YouTube: https://www.youtube.com/@thelinuxexp/join Patreon: https://www.patreon.com/thelinuxexperiment Liberapay: https://liberapay.com/TheLinuxExperiment/

Or, you can donate whatever you want: https://paypal.me/thelinuxexp

๐Ÿ‘• GET TLE MERCH Support the channel AND get cool new gear: https://the-linux-experiment.creator-spring.com/

๐ŸŽ™๏ธ LINUX AND OPEN SOURCE NEWS PODCAST: Listen to the latest Linux and open source news, with more in depth coverage, and ad-free! https://podcast.thelinuxexp.com

๐Ÿ† FOLLOW ME ELSEWHERE: Website: https://thelinuxexp.com Mastodon: https://mastodon.social/web/@thelinuxEXP Pixelfed: https://pixelfed.social/TLENick PeerTube: https://tilvids.com/c/thelinuxexperiment_channel/videos Discord: https://discord.gg/mdnHftjkja

#vpn #privacy #proton #onlinesecurity #protonmail

Timecodes:

00:00 Intro 01:16 How did Proton start? 03:24 Why start with email? 06:03 What is Proton's business model? 08:34 Why set up in Switzerland? 11:33 What data do you have on customers? 14:39 How is encryption important? 18:20 Do you always need to use a VPN? 20:47 Why focus on building an ecosystem? 24:55 Is an Office Suite planned? 26:29 What differentiates Proton from competitors? 30:26 Is Proton a viable alternative to big tech services? 33:31 Why expand to more products instead of finishing existing ones? 37:19 Does the general public care about privacy? 38:45 What's next for Proton services? 40:08 What are the plans for native Linux clients? 46:03 Will ProtonVPN offer dedicated IPs to everyone? 47:46 What's the environmental impact of Proton? 49:27 Proton on F-Droid, without Google Play notifications? 52:03 Why are code repos all separated and hard to find? 53:12 Why are addresses ending in ".me" ? 54:57 When will all apps reach feature parity? 56:24 Will SMTP relay be supported? 57:47 Will Proton focus more on businesses in the future? 59:50 Why put all your eggs in one basket with just Proton services? 01:01:00 Will Proton support passkeys? 01:03:21 Does E2E matter is the recipient isn't using it? 01:04:49 Will Proton disable port forwarding in VPN? 01:06:41 Is encryption enough to make email private? 01:09:06 What protects users from a change in Proton's code licensing? 01:11:14 How does Proton protect its infrastructure? 01:13:14 Impacts of Quantum Computing on privacy and security? 01:14:24 What's the future of Proton Bridge? 01:16:25 When will Proton photos be a thing? 01:17:17 Plans for Proton Notes? 01:18:20 Will VPN support the Apple TV? 01:21:12 Support the channel

top 1 comments
sorted by: hot top controversial new old
[โ€“] [email protected] 0 points 10 months ago* (last edited 10 months ago)

I have a question for ProtonMail:

What is the purpose of your end-to-end encryption?

It seems like its only conceivable purpose is to protect against the server being malicious, since the HTTPS encryption between client and server is already protecting against all adversaries who don't control the server. But, if the server is malicious then it can target an individual user and serve them different javascript when they login. (This special javascript for the targeted user can exfiltrate their passphrase and then the adversary can decrypt everything...)

So, is it correct to say that the only scenarios where ProtonMail e2ee is actually useful in any way (eg, it could prevent an adversary from seeing plaintext) are these two?

  1. When an adversary obtains data from the server, but does not have operational control over it
  2. When an adversary compromises the server and decides to target a user, but after that users final ever login (eg, they never log in again after the time when the adversary began to target them)

Also, separately from potential special behavior for targeted users, is there any way to verify the integrity of the javascript being served to everyone currently (or at any point in time)? (Just having it be open source and audited isn't sufficient, since the javascript that people actually run while using the site is minified...)