Questions tagged [protonmail]

ProtonMail is a free and web-based encrypted email service using client-side encryption.

40 questions
41
votes
4 answers

What's the point in hashing phone numbers?

Some services (for instance ProtonMail) claim to store hashes of phone numbers, instead of phone numbers themselves (while they don't say how they hash it). Now, given that the number of potentially valid phone numbers is very small (about 26 bits…
BlenderBender
  • 539
  • 1
  • 4
  • 7
30
votes
6 answers

How are ProtonMail keys distributed?

There is a service called ProtonMail. It encrypts email on the client side, stores encrypted message on their servers, and then the recipient decrypts it, also on the client side and the system "doesn't store keys". My question is this: How does the…
Protty
  • 301
  • 1
  • 3
  • 3
25
votes
4 answers

Is email encryption, as claimed by ProtonMail, possible?

Is it possible to create a Web service that encrypts all messages, such that only the writer, and the person to whom the mail is sent, can read it? In other words, is the theory behind ProtonMail valid?
novice
  • 251
  • 1
  • 3
  • 3
22
votes
4 answers

Solution to the ‘Browser Crypto Chicken-and-Egg Problem’?

From time to time, questions come up in this board concerning web applications that utilize client-side cryptography (or ‘in-browser’ cryptography), where these applications claim to be designed in such a way that the operators of these applications…
mti2935
  • 19,868
  • 2
  • 45
  • 64
16
votes
2 answers

Why is some meta data not encrypted in Proton Mail?

In a different Question, in the first answer is written that some meta data doesn't get encrypted. What you shouldn't forget about encrypted e-mail, is that while the message body is properly encrypted, some meta data like the subject, sender or…
Nightscape
  • 329
  • 4
  • 12
12
votes
3 answers

ProtonMail security concerns

This TED talk brought me here. First of all, to those who created ProtonMail: Nice job!!. Regardless of what people say, it's definitely a big step forward from tradition options like Hotmail, Gmail or Yahoo mail for the vast majority of internet…
icehenge
  • 430
  • 4
  • 8
12
votes
2 answers

Cannot understand supposed ProtonMail vulnerability from wired.com article

Currently I'm reading an article about ProtonMail here and I don't understand it. Now let’s address ProtonMail’s weaknesses. One of the big issues is that it isn’t easy to know whether a message sent to another ProtonMail user is being…
Yurii
  • 463
  • 3
  • 11
12
votes
3 answers

How does ProtonMail manage search?

There is a service called ProtonMail that encrypts email on the client, stores encrypted messages on their server and sends it encrypted in some fashion (depending on what email service the recipient uses). My question here is how do they manage to…
Minlingo
  • 123
  • 5
7
votes
5 answers

How to export my Protonmail private key?

From: https://github.com/scastiel/protonmail-export 1) Open the ProtonMail app and log out completely. You should now see the login screen. 2) Open the dev tools of your browser, and the Network tab to see all network calls. 3) Enter your…
PeterHarant
  • 71
  • 1
  • 3
7
votes
3 answers

Is my IP address leaked when I send messages on Protonmail?

When I send a message on protonmail, does my IP address show up in the header or any other place? Will I need a VPN to be completely anonymous?
nichole
  • 81
  • 1
  • 1
  • 2
6
votes
1 answer

Protonmail cannot read my mail — but can detect if it is spam?

All is in the title really. How can protonmail detect spam if if cannot read mail content? It could be based on metadata. But then spam detection would probably not be very good. And what metadata does Protonmail has access to in that case? Sender,…
P-Gn
  • 205
  • 1
  • 4
5
votes
1 answer

Wrapping my head around Protonmail

I've been trying to grasp how Protonmail could work. From what it gather, it works like this: When you signup, you create an account password and a mailbox password. A PGP private/public key pair is made using the mailbox password. When you log in,…
anonkun
  • 51
  • 2
5
votes
1 answer

What can stop a browser to cache data from ProtonMail conversations?

I think this question arises primarily from my insufficient understanding of browser caching. Let's log in to ProtonMail, and read a message. My understanding is that an encrypted 'blob' of data gets downloaded by my browser, and it gets decrypted…
5
votes
2 answers

ProtonMail: Wouldn't it be better if each user had their own private key?

ProtonMail keeps the encrypted private keys of all their users on their servers. The mailbox password, which is known only to the user, decrypts the private key of that user. Would it not actually be better if each user had control of their own…
5
votes
1 answer

Does the use of JavaScript make ProtonMail insecure?

I like the look of ProtonMail. However, what has stopped me from signing up is that JavaScript seems to be used at various points in the site, and for someone to read your email they must click on a link to what I believe is a JavaScript page? For…
k1308517
  • 1,272
  • 14
  • 27
1
2 3