undefined | Better HN

0 pointsdannyw7y ago0 comments

It's weird that you take this stance. It almost feels like you're implying that ProtonMail is a bad actor, and end to end encryption is bad because 'civic duty'. That's like "but terrorism".

I understand that you're not a privacy-first company, but still, your communications haven't been reassuring me. There is extensive documentation (e.g. Yahoo FISA) that ALL content not end-to-end-encrypted is ingested for bulk surveillance and decades-long (if not infinite) retention.

The only solution is 100% end to end encryption, with NO mechanism for unauthorised access (including law enforcement). Like iMessage and Signal. Anything partial of that, while saying you are pro-privacy, is IMHO harmful to privacy.

0 comments

grincho7y ago

iMessages are encrypted, but it's Apple who hands the client one or more public keys with which to encrypt them—and that's each time; there is no key pinning. They could easily hand you a public key whose private key they or another malicious party knows. See https://support.apple.com/en-us/HT202303 and especially page 58 of the linked https://www.apple.com/business/docs/iOS_Security_Guide.pdf.

bad_user7y ago

Most email being transmitted on the Internet is in unencrypted form.

Most people are not on ProtonMail and do not have a PGP key published.

If I were to guess, I’d say that 99%+ emails sent or received by ProtonMail customers are seen by ProtonMail’s servers in unencrypted form.

kwhitefoot7y ago

> Most email being transmitted on the Internet is in unencrypted form.

Really? I use Hotmail, GMail, and Yahoo, and all of these use TLS so it is encrypted in transit.

j / k navigate · click thread line to collapse