On Tue, Jul 1, 2014 at 2:15 PM, Gregory Foster <gfoster@entersection.org> wrote:
protonmail.ch
From what I can tell, you are loading the code they provide on the fly into your browser to execute crypto ops on your behalf. That is just
This appears to be just one of many startups offering non-solutions. plain bad. Remember hushmail? When you give up your environment to the same parties providing your service, you give up the game. And it's centralized, few will choose different passphrases, etc. https://protonmail.ch/blog/protonmail-threat-model/ "There are more difficult to use, but more secure solutions out there, which are more appropriate for Snowden’s use case." For one, you're better off learning and using some underlying tools like these instead... https://www.gnupg.org/ https://www.enigmail.net/ https://protonmail.ch/sign_up.php -> https://protonmail.ch/invite "Notification Email (Required) - Used only to contact you about our public beta. This should be your current email (Gmail, Hotmail, Yahoo!, etc) - not your new protonmail email. ... Your notification email will not be linked to your ProtonMail account - it is only used for communicating with you during our beta and will be removed from our system after the beta." This is a failure of implied and stated privacy ethics. Invites are linked. And it should not be asked for in the first place. Thus never on the system and no trust needed. "response to our open beta has maxed our server capacity. We're working hard to add more servers While open and honest if true, this does not inspire systems confidence. "I think it is safe to say if we were NSA funded, we wouldn’t need to be going around competing for 100k startup awards" Actually, that is precisely what you'd want to do. There's no architecture whitepaper. And so on, etc... It's a useful service and a step in the game. Just be exactly sure of what it is and what it is not. And you should not rely on service providers to be the sole source of your answer to that question either.
ProtonMail's public Bitcoin address: https://blockchain.info/address/1Q1nhq1NbxPYAbw1BppwKbCqg58ZqMb9A8?filter=2
I'd rather fund something like... "The next gen P2P secure email solution"