Markus Jansson
My feedback
2 results found
-
5,078 votes
An error occurred while saving the comment An error occurred while saving the comment Markus Jansson
commented
Is this Add-On made by...Im sorry, who are you? You are not official Protonmail Dev are you?
It is really cool if it really works and doesnt contain backdoors etc. Have you offered it to Protonmail?
https://chrome.google.com/webstore/detail/protonmail-checker/cmdelhngcpofmpidijaggmejnjofnpipAn error occurred while saving the comment Markus Jansson
commented
> But doesn't such an addon need to be updated sometimes
> (for example for new versions of Firefox)? So wouldn't this
> afford Protonmail a hypothetical opportunity to change the
> code in the addon and compromise the encryption? So at
> the end of the day you're still stuck having to trust the
> Protonmail devs and administrators.1) The addon could/should be open source ofcourse.
2) If the addon is backdoored, then it would be easy to find anyway, since all users a using the same add-on. However compromising a single users inbox code (from the server) would be very hard to find out, since only the user who is being compromised might detect the code he is targetted.
3) Anytime addon would be updated, user could chooce whether to update it or not - you cannot "opt-out" from server-side updates however! Paranoid users would not allow the addon to be updated, ie. they would disable automatic update and only upgrade the addon after many people have examined the add-on to be safe to use.
> I just don't think there's a model in which you get around
> having to trust the people who wrote the code, unless you
> are reviewing all the code yourself or writing it yourself.Having an addon is not a perfect solution. However, it is very good solution, much much better than "server-side-code-only". And as pointed out, it would make it impossible for the Protonmail to target specific users for backdoors, then all backdoors would have to be pushed to all users, adding a great deal of dangers to be discovered.
An error occurred while saving the comment Markus Jansson
commented
...to say the same more exactly:
The browser add-on would have all and it would run all the code required to perform encryption/decryption actions - code would NOT be downloaded from ProtonMail servers to be executed in browser (as currently is the case). Therefore the compromise of ProtonMail servers and its code would not affect the security of the ProtonMail user mail.
Without this add-on, the ProtonMail is in practise no more secure than Gmail or any other email is. All of them can be compromised by court order and/or by adding bad code to the servers.
Markus Jansson
shared this idea
·
-
763 votes
We have the ability to create a Blackberry app, but are focused instead on iOS and Android. We may build one later this year, or explore the idea of opening our API for the community to build one instead.
An error occurred while saving the comment Markus Jansson
commented
This is similiar request that I already made at:
https://protonmail.uservoice.com/forums/284483-feedback/suggestions/7214966-chrome-firefox-add-on
The point should be to focus on the fact that users emails would remain secured even after Protonmail servers compromise.
Wau! That sound excellent Ray Ben! What have they responded to you? I would assume this kind of software would be exactly what they would want! Since its open source, they could go throught the source code, compline it and sign it with their keys so that all could rely on it.
Keep upvoting this post of mine so it get more attention! :D