TS is a lot easier to set up than WG and does not require a publicly accessible IP address nor any public whatsoever. It’s not really comparable to setting WG up yourself; especially w.r.t. security.
Interested in Linux, FOSS, data storage systems, unfucking our society and a bit of gaming.
I help maintain Nixpkgs.
https://github.com/Atemu
https://reddit.com/u/Atemu12 (Probably won’t be active much anymore.)
TS is a lot easier to set up than WG and does not require a publicly accessible IP address nor any public whatsoever. It’s not really comparable to setting WG up yourself; especially w.r.t. security.
It’s a central server (that you could actually self-host publicly if you wanted to) whose purpose it is to facilitate P2P connections between your devices.
If you were outside your home network and wanted to connect to your server from your laptop, both devices would be connected to the TS server independently. When attempting to send IP packets between the devices, the initiating device (i.e. your laptop) would establish a direct wireguard tunnel to the receiving device. This process is managed by the individual devices while the central TS service merely facilitates communication between the devices for the purpose of establishing this connection.
If you’re worried about that, I can recommend a service like Tailscale which does not require permanently open ports to the outside world, offering quite a bit more security than an exposed traditional VPN server.
Yes, yes they will. If you’re the sole user, they’d identify you from your behaviour anyways.
I don’t think internet proxy won’t help very much w.r.t. privacy but it will make you a lot more susceptible to being blocked.
Oh, indeed! They’re under different orgs; that confused me.
They should register a trade mark.
Note that the web clients are all GPLv3: https://github.com/ProtonMail/WebClients
It’s only the mobile apps of the auxillary services (drive, pass etc.) that are proprietary. And I don’t get why either because it wouldn’t hurt them one bit.
Thanks for the answer :)
Google play appears to be delivering the 4.0.6 (8308) update to me already, is that intended?
I do like the idea of using USB drives for storage, though…
I wholeheartedly don’t.
They are quite solid but be aware that the web UI is dog slow and the menus weirdly designed.
There’s a large difference between surrendering massive amounts of highly critical metadata aswell as some data* to a known abuser vs. an entity that prides itself in not abusing your data and which even takes specific technological measures to make it as hard for them as possible (zero access encryption at rest, automatic key discovery).
(* Partial social graph, interaction timestamps, political interests, health, hobby interests and much of that usually even in plain text data form when receiving email; stored in in plain text forever.)
Well that depends on how you define malware ;)
I wouldn’t really call the BE service “core” to what they provide. All the truly interesting code is in the clients. The server just an email service that stores the email in an encrypted format and talks their custom API.
An open source ProtonMail back-end won’t help you in any way unless you’re trying to host PM yourself I guess?
Oh? When did that happen?
I checked a few other repos and it appears the android app is the only repo where this was done.
Hey @protonprivacy@mastodon.social, why were issues disabled on https://github.com/ProtonMail/proton-mail-android?
Doesn’t Proton specifically provide instructions for how to use proton mail via proton vpn (and/or tor, discussed in the article) to provide extra privacy against IP-demanding court orders?
That would be rather short-sighted or disingenuous as they would then simply be forced to log their proxy too.
At that point, might as well send E2E encrypted mail via GMail.
From a security stand-point: Yes. From a privacy standpoint: Absolutely not.
They do have an API, but I haven’t found anything written on top of that.
Not 3rd party of course but most of their official clients are FOSS.
How do they ensure zero knowledge if you send them the username and password?
Because you don’t. I haven’t looked into how it works exactly but all your browsers sends is your username and a proof of you having access to the password
This wouldn’t really solve the issue as the user could rather simply create as many accounts as they like to circumvent per-account limits.
I’ll take “didn’t get the point of FOSS” for $3.14.
What the heck.
;)