this post was submitted on 02 Oct 2023
121 points (94.8% liked)
Privacy
32191 readers
671 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This wasn't the case, at all. Proton simply handed the entire mailbox decrypted.
That seems unlikely since your data is encrypted with a password they don't have.
I'm simply reporting on what I've been told and saw. Form what I read seem to be using asymmetric encryption and generating a private key itself protected with your password when you sign up. There's no guarantee they don't have an unprotected copy of that as well.
Vast majority of Proton users signed up because Proton promises your data is safe at rest. Even from them. In fact, they specifically advertise this protects them from subpoenas because they cannot provide decrypted copy of user's data.
Of course, the only emails that are encrypted with proton are proton->proton. Mail between proton and anyone else, like say gmail, isn't encrypted unless you pgp it separately.
Guess the question is if your private key is actually only yours or do they have some copy they can use somewhere.
Not fully correct. Mails between Proton users are E2E encrypted where Proton cannot see them, and rest of the emails are encrypted at rest once Proton receives them. Based on the audits and open source code, Proton is not keeping a copy of those emails when it receives them, and once they are encrypted, nobody but you will have access to it
You were being mislead with false information. Share appropriate sources to back up whatever you are saying. Proton has regular audits for security and encryption for all their products, which makes whatever you've been told pretty much false information
What's more likely? a) I'm being mislead by someone that actually got into legal trouble that involved them and isn't profiting in any way from it or b) You / everyone else that simply is eating their marketing and PR is being mislead in some way.
Truth is, none of us can prove their claims and auditors are true.