Yeah and that's great but my point is that I don't see an obvious way to use it for that in its current implementation. I'm sure you could build it but it's simply not built yet.
Well that depends on how you define malware ;)
WARNING: CLOCK GAINED 3 DAYS
Haha, these little details are so great :)
Then let's ship your PC, that's how containers work, right?
The reason given is also great.
I wouldn't really call the BE service "core" to what they provide. All the truly interesting code is in the clients. The server just an email service that stores the email in an encrypted format and talks their custom API.
An open source ProtonMail back-end won't help you in any way unless you're trying to host PM yourself I guess?
Oh? When did that happen?
I checked a few other repos and it appears the android app is the only repo where this was done.
Hey @protonprivacy@mastodon.social, why were issues disabled on https://github.com/ProtonMail/proton-mail-android?
Doesn’t Proton specifically provide instructions for how to use proton mail via proton vpn (and/or tor, discussed in the article) to provide extra privacy against IP-demanding court orders?
That would be rather short-sighted or disingenuous as they would then simply be forced to log their proxy too.
At that point, might as well send E2E encrypted mail via GMail.
From a security stand-point: Yes. From a privacy standpoint: Absolutely not.
They do have an API, but I haven’t found anything written on top of that.
Not 3rd party of course but most of their official clients are FOSS.
How do they ensure zero knowledge if you send them the username and password?
Because you don't. I haven't looked into how it works exactly but all your browsers sends is your username and a proof of you having access to the password
This wouldn't really solve the issue as the user could rather simply create as many accounts as they like to circumvent per-account limits.
There's a large difference between surrendering massive amounts of highly critical metadata aswell as some data* to a known abuser vs. an entity that prides itself in not abusing your data and which even takes specific technological measures to make it as hard for them as possible (zero access encryption at rest, automatic key discovery).
(* Partial social graph, interaction timestamps, political interests, health, hobby interests and much of that usually even in plain text data form when receiving email; stored in in plain text forever.)