Chrome / Firefox add-on
Even the mailbox encrypted, it is possible to subvert the code in your servers - or force ProtonMail to subvert it by court order - to capture users mailbox password and therefore gain access to emails. This is exactly how the HushMail got "busted" some time ago, feeding a specified user a subverted code, that captured the users password to them!
Systems like BlockChain Wallet use browser add-ons to prevent this from happening. Ever. Since the add-on is used to handle ALL communications from and to the servers, and it decrypts the content from the servers, it does not matter whether the server is backdoored (from one reason or another)! It would not matter how you would subvert the code in ProtonMail servers, since add-on would handle all these things inside users computer - and no critical information would ever, never, be sent to ProtonMail servers no matter how bad code would be installed in ProtonMail servers.
Since anyone can download and verify the add-on, there is hardly possibility to install any kind of backdoor there - and absolutely no way to install backdoor there for a specific user.
-
Thiago da Silva Moraes commented
Why is this maked as planned for almost 10 years?
-
Robin commented
Security issues aside, I am sorely missing a way to receive notifications WITHOUT needing to have Proton open in a tab. I don't have my inbox open all the time and the desktop app is next to useless, it can't even run in the background or in the system tray.
The primary way I check my e-mail is with an add-on in my browser. Being able to do this with Proton is absolutely critical if I want to keep using Proton Mail long term.
-
lagrave commented
What happened to the Proton Mail Checker--thing? The Github page is gone and googling doesn't return anything useful.
-
Eric commented
Also make extension for ProtonVPN too...
-
Lloyd Ewing commented
I would like to suggest and ask if such an add-on could also be provided for Mozilla Thunderbird. I have to admit that I don't know enough about the operation of the proposed addon to know if that would be feasible.
-
Daiski commented
@Markus Jansson
Do you have a technical article that articulates what happened in the case of HushMail and how code was compromised to capture users' credentials and how a browser plug-in prevents this?
I know that browser plug-ins are a big major problems in many security incidents because they have too much power, too much visibility and, as with anything else, compromising a vulnerability or logic flaw in the plugin compromises mailboxes as well. It's a double-edge sword.
-
VSx86 commented
Yes, such approach to enchance the security will be useful,
this is the same way as MEGA.NZ doing (extensions for browsers,
dedicated standalone applications). -
Anonymous commented
Make sure to not distribute it like mega did - via the chrome/chromium's app store!
-
Michael commented
I'm interested in the description of this secure add-on process... particularly for its potential correlation to other integration possibilities (namely & such as Zapier, Calendly, etc).
As other features come online in the proton suite - Calendar, Doc Drive, etc. The ability to translate content across other platforms will be essentially important for business users.
-
Antigonus commented
Please have your add-on turn off WebRTC IP leaking.
-
Anonymous commented
Would this feature be available for Safari too? Not everyone wants to use an unsecure Browser like Firefox or get spied on by Google via Chrome.
-
Spencer commented
I second and third all of the above comments. I truly, truly believe the ProtonMail team is committed to our security and keeping our data encrypted and only view-able to us. However, this add on needs to be implemented to bring ProtonMail's actual security in line with their promised security. Does this update have an expected release date?
-
Verito commented
Well at the moment it's marked as planned meaning that they will at some point make an official addon/extension for browsers. At the moment they're working on other things but they will get around to this eventually. Just remember ProtonMail is being developed by a small team so progress may not be a quick as other providers.
I do believe however this deserves extra priority and should also be compatible with browsers such as Opera as well as Firefox and Chrome.
-
Sam commented
What is the current status of this?
I would love to see such an add-on available from the linux/firefox users, like me.
-
George commented
Is it possible to implement the same kind of security in the iOS version ? This is a question to the specialists, not a feature request.
-
Markus Jansson commented
Wau! That sound excellent Ray Ben! What have they responded to you? I would assume this kind of software would be exactly what they would want! Since its open source, they could go throught the source code, compline it and sign it with their keys so that all could rely on it.
Keep upvoting this post of mine so it get more attention! :D
-
Ray Ben commented
In opposition to other extensions it's also completly encrypted, private, including cloud synchronization etc. Theres nothing better right now if you want to keep your privacy to yourself.
-
Ray Ben commented
@Markus Jansson:
It's been developed in contact with ProtonMail officials and it's been offered, yes.
Regarding backdoors, it's open source and doesn't even require your mailbox password.
You can see the source here: https://github.com/JamesCullum/ProtonMail-Checker/tree/master -
Markus Jansson commented
Is this Add-On made by...Im sorry, who are you? You are not official Protonmail Dev are you?
It is really cool if it really works and doesnt contain backdoors etc. Have you offered it to Protonmail?
https://chrome.google.com/webstore/detail/protonmail-checker/cmdelhngcpofmpidijaggmejnjofnpip -
Ray Ben commented