Proton: “We’re consolidating our social media presence due to limited resources and no longer posting on Mastodon. Follow us on Reddit for the latest updates: Reddit - Dive into anything”. This is unexpected, as they had around 50k subscribers on Mastodon, and mirroring posts is super easy. I find that concerning that they stopped posting on open and decentralized platform, but keep posting on Meta and X.
As for it being sophisticated attack, I think it is relative.
Regardless, if Proton said it did not matter to most people, I would respectfully disagree and move on. They did not. They claimed it is not at all less secure than a native app, which is BS.
Anyway, I think it’s a tradeoff that it’s hard to assess quantitatively, as risk is always subjective.
From where I stand, the average person using native clients and managing their own keys has a much higher chance to be compromised (by far simpler vectors), for example.
On the other hand, someone using a clean OS, storing the key on a yubikey and manually vetting the client tool can resist to sophisticated attacks better compared to using web clients.
I just don’t see this as hill to die on either way. In fact, I also argue in my blog post that for the most part, this technical difference doesn’t impact the security sufficiently to make a difference for the average user.
doesn’t impact the security sufficiently to make a difference for the average user.
I think it is borderline. I am not advocating for PGP, I like the Signal model where you trust signal for introductions but have the ability to verify, even in retrospect. Trust but verify. Even a few advanced users verifying Signal keys forces Signal to remain honest or risk getting caught.
I think the lack of meaningful verification for proton is a significant security weakness, though average user probably has bigger things to worry about.
I think I can agree with that. Unfortunately PGP is the only alternative we have for emails (i.e., the client-side tools would still be doing PGP encryption), which is also the reason why it shouldn’t be used for really delicate communication. The fact that - whatever setup you use - there will always be metadata showing that person X communicated with person Y alone is a nonstarter for certain types of communication.
Yeah, we should just ditch email for sensitive communications.
Anyway, my point was that I lost trust in Proton back then over this and went to Tuta that has native clients. It makes no difference to my security since I don’t think I ever sent or received a single mail that was actually e2e encrypted. But Tuta’s more serious approach to e2ee made me slightly more confident in it as a company.
Bridge did not exist back then.
As for it being sophisticated attack, I think it is relative.
Regardless, if Proton said it did not matter to most people, I would respectfully disagree and move on. They did not. They claimed it is not at all less secure than a native app, which is BS.
I can see a threat model already from 2014.
Anyway, I think it’s a tradeoff that it’s hard to assess quantitatively, as risk is always subjective. From where I stand, the average person using native clients and managing their own keys has a much higher chance to be compromised (by far simpler vectors), for example. On the other hand, someone using a clean OS, storing the key on a yubikey and manually vetting the client tool can resist to sophisticated attacks better compared to using web clients.
I just don’t see this as hill to die on either way. In fact, I also argue in my blog post that for the most part, this technical difference doesn’t impact the security sufficiently to make a difference for the average user.
I guess you disagree and that’s fine.
I think it is borderline. I am not advocating for PGP, I like the Signal model where you trust signal for introductions but have the ability to verify, even in retrospect. Trust but verify. Even a few advanced users verifying Signal keys forces Signal to remain honest or risk getting caught.
I think the lack of meaningful verification for proton is a significant security weakness, though average user probably has bigger things to worry about.
I think I can agree with that. Unfortunately PGP is the only alternative we have for emails (i.e., the client-side tools would still be doing PGP encryption), which is also the reason why it shouldn’t be used for really delicate communication. The fact that - whatever setup you use - there will always be metadata showing that person X communicated with person Y alone is a nonstarter for certain types of communication.
Signal would be my recommendation.
Yeah, we should just ditch email for sensitive communications.
Anyway, my point was that I lost trust in Proton back then over this and went to Tuta that has native clients. It makes no difference to my security since I don’t think I ever sent or received a single mail that was actually e2e encrypted. But Tuta’s more serious approach to e2ee made me slightly more confident in it as a company.
Now it kinda looks like it was the right choice.