ProtonMail shoves its iOS app's source code on GitHub for world+dog to rummage around in

Thursday 31st October 2019 17:10 GMT Tigra 07

"alleging it was being used by "terrorists" whose main aim was to send each other disparaging messages about a Russian university sports competition"

Since when did saying you fucked someone's mum make you a "terrorist"?

5 0 Reply
1. Friday 1st November 2019 08:21 GMT Warm Braw
  
  Since when did saying you fucked someone's mum make you a "terrorist"?
  
  I can imagine if you'd said it of, say, King Edward VI, you might have got into a bit of trouble. And the parentage of certain Russian heads of state you wouldn't want to mess with is not without controversy.
  
  1 0 Reply
2. Friday 1st November 2019 11:16 GMT Danny 2
  
  Since when did saying you mucked someone's mum make you a "terrorist"?
  
  A younger posh peace protester invited me to an upper class dinner party, and then mocked me by saying the obvious in front of her young posh pals, that I was old enough to be her father.
  
  "That is very true. Where exactly was your mother living in 1986?"
  
  I honestly said that in cadence, she threw a punch at me but I was expecting it and she missed.
  
  She had punched me earlier after she'd boasted her mum was in Wickerman. She said her mum was one of the nude young girls dancing, and I admitted I'd wanked over her mother on TV when I was a teen. That was a solid punch to my jaw that I should have anticipated in retrospect, but I quickly learned my lesson.
  
  Posh girls. Can't live with them, never really wanted to live with them.
  
  8 0 Reply
Thursday 31st October 2019 18:22 GMT Artem S Tashkinov

The client app source code can barely prove anything. It's the server code and infrastructure which could really mean something and I bet those things will remain closed for the foreseeable future.

2 0 Reply
1. Thursday 31st October 2019 21:29 GMT Anonymous Coward
  
  It proves nothing
  
  Unless you compile it from that source yourself and run that on your phone.
  
  1 0 Reply
  1. Friday 1st November 2019 09:59 GMT john.jones.name
    
    its a service...
    
    they publish a lot of source https://github.com/ProtonMail
    
    it's a service so in the end you have to trust them to do the right thing...
    
    I was impressed that they actually updated to include DANE records not so long ago so at least you can tell when they are MITM
    
    2 0 Reply
Thursday 31st October 2019 18:36 GMT slartybartfast

I use Protonmail. I switched so I could ditch Gmail and finally go Google-less. Of course Protonmail's security falls flat the moment you send an email without end-to-end encryption, which is pretty much most, if not all of the time. I'm not convinced any web based email service is foolproof and we're in danger of getting into tin foil hat territory. Using your phone/tablet/computer's default mail app/program is merely convenience rather than offering any security.

3 0 Reply
1. Friday 1st November 2019 11:21 GMT Danny 2
  
  Alternative way of thinking about it is the more we promote and recommend encrypted email then the more secure our email becomes.
  
  Don't rule out a tin foil hat, tin foil does. https://emfacademy.com/aluminum-foil-emf-radiation/
  
  1 0 Reply
Friday 1st November 2019 11:56 GMT Anonymous Coward

Why rely on SOMEONE ELSE'S encryption?

@slartybartfast

Quote: "...Protonmail's security falls flat the moment you send an email without end-to-end encryption..."

*

So.....not true is you do some encryption yourself BEFORE your email enters the channel. Why rely on someone else...when you can do it yourself?

*

Example below is an example using an (unpublished) process using linux.words as the basis of a book cipher, plus a little randomisation.

*

01U10sk60PMw0T3X1a$K1NfC1MKA0JXi1ASB1N3q

0asW0a$60Unn1MeR0tMh1IcH1ovk0a9u0kL40Lv8

15Bu0DRD1PWo05il1aAG19en0WJt17440eJa10cG

1Jh508Y91RUF0e4v0Qcq0xjU0yDq0gsM1DLy1e2m

102G0Fkd0Dhn0MQ20D7X0En3066T0fXB1mpo1fbH

1Rcg0X1T08yj18yc0j1G0r$D

*

0 0 Reply