weedoge
Banned
- Jul 12, 2018
- 1,525
Edit: Hi I thought I'd add a little summary of the information in the video too for those who don't want 10 minutes of computer geekery (thanks @Chinaski lol).
Javascript is basically a programming language used on the web, these scripts do not have to be signed like software, so if you were served a different or illegit script you wouldn't know about it, unlike with software. Javascript brought from the protonmail server is used to encrypt and decrypt the emails you send.
Essentially, protonmails claim that they don't have the ability to decrypt your messages is false. If there were some groundbreaking case that allowed them to be compelled in secret, your "encryption" could be at risk. We trust protonmail not to do this, but in any scenario where protonmail servers are compromised or they "go rogue"... It's a simple claim and you can make of it what you will.
Protonmail themselves have written about this issue and conservatively admit that there is a likelihood all protonmail servers will one day be compromised.
Javascript is basically a programming language used on the web, these scripts do not have to be signed like software, so if you were served a different or illegit script you wouldn't know about it, unlike with software. Javascript brought from the protonmail server is used to encrypt and decrypt the emails you send.
Essentially, protonmails claim that they don't have the ability to decrypt your messages is false. If there were some groundbreaking case that allowed them to be compelled in secret, your "encryption" could be at risk. We trust protonmail not to do this, but in any scenario where protonmail servers are compromised or they "go rogue"... It's a simple claim and you can make of it what you will.
Protonmail themselves have written about this issue and conservatively admit that there is a likelihood all protonmail servers will one day be compromised.
I got sent this interesting video of commentary on a paper recently written regarding the end to end encryption used in protonmail. For those of you familiar with the dangers of javascript on compromised sites you might see where this is going. It seems the paper itself was written with some personal motivations but the commentary on the video is excellent so I personally suggest watching it all.
I don't know anything in detail about programming or encryption but take quite an interest anyway, it surprises me that this is something nobody has spoken about before especially considering protonmail themselves have written about this possible flaw... debatably more condemning than the videos author himself. It's extremely simple but something that we should certainly be aware of, perhaps somebody could convince the N sellers to start using manual PGP messaging.
Srsly though, not something to panic about but I'm curious to hear your thoughts.
I don't know anything in detail about programming or encryption but take quite an interest anyway, it surprises me that this is something nobody has spoken about before especially considering protonmail themselves have written about this possible flaw... debatably more condemning than the videos author himself. It's extremely simple but something that we should certainly be aware of, perhaps somebody could convince the N sellers to start using manual PGP messaging.
Srsly though, not something to panic about but I'm curious to hear your thoughts.
Last edited:
