Time and time again. You can’t deploy crypto in the browser. Being from Switzerland certainly helps, because the US government can’t just come with a gag order forcing them to decrypt users' emails, but you still have to put your full trust into the provider to live up to their promise.
Their setup is less insane than most (at least they don’t have all the plaintext data on their server locally, and use unique per-user keys). Many issues remain, like the fact that most SMTP traffic is not end-to-end encrypted, so mail comes in and often goes out in plain text. So even if the transport protocol is probably encrypted (TLS), every mail server in the delivery chain can intercept or modify the data.
Their client-side crypto is an additional layer on top of HTTPS, which provides something HTTPS does not: the fact that the server side must not know the plaintext of the payload data.
To me it sounds like adding a false sense of security when there’s effectively nothing stopping a sophisticated attacker or a government entity to completely reverse all efforts.
We have seen this exact case with Lavabit before. It doesn’t help to have additional layers, if they can’t all be scraped off. It’s making money off of people’s fears without actually addressing them.
Yes, but Lavabit did have the single encryption/decryption key for all his data. In the case of Photonmail, they don’t.
I agree that this approach is not 100% fool proof, but it’s much harder to pull off unnoticed.
That is an interesting point, indeed. In the day and age of gag orders being auditability by the users could become an interesting feature.
Just because you’re European doesn’t mean the men in black suits won’t get you. If they want to get you, they will get you. I remember Lavabit.
I’ve had an account for a bit. It’s neat, but not something I feel I’d use regularly. You have a login password, which they’re aware of, and a second encryption password to decrypt your mail after logging in. Your private key for the encryption is stored on their servers. Prontonmail -> Protonmail emails are encrypted “end to end”, but it’s not clear to me what happens with your mail when a non-protonmail account sends you something… I think it just sits unencrypted until the next time you log in.
When you want to encrypt something for non-protonmail users, they get an (styled, with HTML/JS I think) email, asking them to click a link and enter a password that you gave them out of band to decrypt the message (all done in a browser).
Overall, it’s nice if you’re only emailing other people with protonmail accounts, but clunky if not. I’m not even sure that it provides a better UI than Enigmail/GPG + Thunderbird.
I really like it. It’s still in beta and there’s room for improvement but I see it becoming a really solid tool.