Imagine putting a giant backdoor into your program and telling people it was secure
(this is a response to all JavaScript browser-based crypto libraries)
You're right, if ProtonMail alters javascript in the webclient, you they could intercept your password and decrypt the contents of your email. However, with that logic no service is safe. Hence, ProtonMail state that if you're the next Snowden, you shouldn't be using ProtonMail. Frankly, if you are that concerned you shoudln't use email. ProtonMail is recommened because they fit our criteria.
Disclosure: I'm also a team member.
@freddy "However, with that logic no service is safe."
Imagine being so deep in webshit that you forget that anything other than web browsers exist
Except that you do recommend legitimate mail clients, only for Protonmail you have to pay extra for the privilege of privacy and freedom
Frankly, your criteria fucking sucks
@freddy your "criteria" is designed to keep ProtonMail on the list because you buy into their marketing and aren't a good privacy roleplayer if they aren't there
> @dngray @freddy encryption at rest is no subsitute for end to end encryption and you had damn well better explain that to users
You're right and it was never advertised as such hence why it is under the "Data Security" heading and not the "Email Encryption" one.
The "Data Security" section specifically talks about *at rest*. ie. after the email has been received.
@dngray @freddy encryption at rest is no subsitute for end to end encryption and you had damn well better explain that to users