[PLUG] Proton Pass
Tomas Kuchta
tomas.kuchta.lists at gmail.com
Fri Mar 21 14:39:47 UTC 2025
I think that the elephant in the room may be UK legislation - which
explicitly forces anyone's provider using encryption to hand over
decryption keys to UK government - that in turn has treaties to share them
with other 5 nations security agencies.
I am not a user and, I hardly encrypt anything other than TLS to save me
from marketing research/analysis.
For me, the issue would be that once bunch of agencies + the king and his
sidekick(s) can see my stuff without warrant - then there is no privacy
left. They will of course pay some "super secure/trusted" partner to store
and analyse the data for them .... At the very least they will use it to
train models which of course are free to be monetised . .... I have no
control to what end and to what conclusion they arrive. And no recourse, if
they/AI just makes stuff up about me.
See: Why apple doesn't encrypt UK user's data.
-T
On Fri, Mar 21, 2025, 00:25 Russell Senior <russell at personaltelco.net>
wrote:
> One question I've had for a while is: how does key management work at
> Proton. Public key encryption rests on a foundation where your private
> key is exclusively known to you, and that all reasoning about what is
> private is directly tied to "who has access to your private key". One
> thing I have been unable to discover, which doesn't seem to be well or
> transparently documented, is "where is my private key and how is
> access to it managed?" Does anyone know?
>
> My vague understanding is that, supposedly, proton stores an encrypted
> version of your private key and supposedly when you type in your
> password to the random javascript they send you, you get a copy of the
> encrypted key and unlock the key in your browser, but ... and stick
> with me here, what if they send you javascript that leaks your
> password to them. In that case, they have the encrypted key and the
> unlocking password and therefore, they have possession of your private
> key and all privacy guarantees provided by the math of PK encryption
> are lost. Can someone please help me understand why or how that isn't
> possible?
>
> Thanks!
>
> --
> Russell Senior
> russell at personaltelco.net
>
> On Thu, Mar 20, 2025 at 8:23 PM King Beowulf
> <kingbeowulf at linuxgalaxy.org> wrote:
> >
> > On 3/20/25 17:41, Michael Ewan wrote:
> > > I saw that Proton Pass sponsored a YouTube channel I enjoy (All The
> > > Gear is in the UK). It looked good on the surface. I know some of you
> > > use Proton Mail, any experience with Proton Pass?
> >
> > I've been using proton pass on my main linux box for a 2+ years with 90+
> > password stored (mmm....I should check on some of those sites!). Works
> > well, easy and transparent, with goo feature set. Only sloth has
> > prevented me from migrating it to other devices.
> >
> > Highly Recommended.
> >
> > Diclaimer: I am a paying proton mail customer
> >
> > -Ed
> >
> >
>
More information about the PLUG
mailing list