Skip to content

Markus Jansson

My feedback

2 results found

  1. 5,090 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Markus Jansson commented  · 

    Wau! That sound excellent Ray Ben! What have they responded to you? I would assume this kind of software would be exactly what they would want! Since its open source, they could go throught the source code, compline it and sign it with their keys so that all could rely on it.

    Keep upvoting this post of mine so it get more attention! :D

    An error occurred while saving the comment
    Markus Jansson commented  · 

    Is this Add-On made by...Im sorry, who are you? You are not official Protonmail Dev are you?
    It is really cool if it really works and doesnt contain backdoors etc. Have you offered it to Protonmail?
    https://chrome.google.com/webstore/detail/protonmail-checker/cmdelhngcpofmpidijaggmejnjofnpip

    An error occurred while saving the comment
    Markus Jansson commented  · 

    > But doesn't such an addon need to be updated sometimes
    > (for example for new versions of Firefox)? So wouldn't this
    > afford Protonmail a hypothetical opportunity to change the
    > code in the addon and compromise the encryption? So at
    > the end of the day you're still stuck having to trust the
    > Protonmail devs and administrators.

    1) The addon could/should be open source ofcourse.

    2) If the addon is backdoored, then it would be easy to find anyway, since all users a using the same add-on. However compromising a single users inbox code (from the server) would be very hard to find out, since only the user who is being compromised might detect the code he is targetted.

    3) Anytime addon would be updated, user could chooce whether to update it or not - you cannot "opt-out" from server-side updates however! Paranoid users would not allow the addon to be updated, ie. they would disable automatic update and only upgrade the addon after many people have examined the add-on to be safe to use.

    > I just don't think there's a model in which you get around
    > having to trust the people who wrote the code, unless you
    > are reviewing all the code yourself or writing it yourself.

    Having an addon is not a perfect solution. However, it is very good solution, much much better than "server-side-code-only". And as pointed out, it would make it impossible for the Protonmail to target specific users for backdoors, then all backdoors would have to be pushed to all users, adding a great deal of dangers to be discovered.

    An error occurred while saving the comment
    Markus Jansson commented  · 

    ...to say the same more exactly:

    The browser add-on would have all and it would run all the code required to perform encryption/decryption actions - code would NOT be downloaded from ProtonMail servers to be executed in browser (as currently is the case). Therefore the compromise of ProtonMail servers and its code would not affect the security of the ProtonMail user mail.

    Without this add-on, the ProtonMail is in practise no more secure than Gmail or any other email is. All of them can be compromised by court order and/or by adding bad code to the servers.

    Markus Jansson shared this idea  · 
  2. 763 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We have the ability to create a Blackberry app, but are focused instead on iOS and Android. We may build one later this year, or explore the idea of opening our API for the community to build one instead.

    An error occurred while saving the comment
    Markus Jansson commented  · 

    This is similiar request that I already made at:

    https://protonmail.uservoice.com/forums/284483-feedback/suggestions/7214966-chrome-firefox-add-on

    The point should be to focus on the fact that users emails would remain secured even after Protonmail servers compromise.

Feedback and Knowledge Base