Nicholas Ngai

My feedback

  1. 60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Feedback » New Features  ·  Flag idea as inappropriate…  ·  Admin →
    Nicholas Ngai supported this idea  · 
  2. 5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Feedback  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Nicholas Ngai commented  · 

    Resetting your password won’t actually delete all the email data off their server. It will simply mark your key as inactive because you don’t have the password to the private key and generate a new keypair. However, if you then go into the settings and re-upload that key, it will then notice that the fingerprints match and re-encrypt your uploaded key, which is the old key, with your new passwords, allowing access once again to your old emails.

  3. 18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Feedback » Existing features (improved)  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Nicholas Ngai commented  · 

    How would this work? In theory, this would mean that anyone with the link could access the “secure” email, and those recipients would already have an unencrypted inbox that Google or anyone else could read, and they could follow the link themselves.

    The reason the password is needed is because the password is the decryption key for the email. If there were no password, there would be no key to encrypt/decrypt with.

  4. 2,472 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    34 comments  ·  Feedback  ·  Flag idea as inappropriate…  ·  Admin →
    Nicholas Ngai supported this idea  · 
  5. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Feedback » Existing features (improved)  ·  Flag idea as inappropriate…  ·  Admin →
    Nicholas Ngai shared this idea  · 
  6. 20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Feedback » New Features  ·  Flag idea as inappropriate…  ·  Admin →
    Nicholas Ngai supported this idea  · 
    An error occurred while saving the comment
    Nicholas Ngai commented  · 

    Looking at the way they appear to store encrypted emails right now, it looks like they are simply replacing the body of the message (keeping the original Content-Type) instead of wrapping it in PGP/MIME, which would cause issues with almost every PGP mail client.

    I’d still love to see this happen, though, and it would shift the burden of decrypting and displaying PGP-encrypted emails to other software, like GnuPG. And it could even open the possibility of removing your private keys from ProtonMail’s servers completely and leaving them only with the public key, with the private key stored locally only on your devices.

Feedback and Knowledge Base