| ▲ | robcohen a day ago |
| > Proton only has access to your IP and device ID, not your data. I like Proton. I use Proton. However, the problem with proton is that if you access your email via a web browser, there's nothing stopping protonmail (to my knowledge) from reading your email from within their webapp via JS. This type of attack could be targeted at the behest of authorities. So, actually, Proton COULD read your email (IFF you use webmail). |
|
| ▲ | gruez a day ago | parent | next [-] |
| >So, actually, Proton COULD read your email (IFF you use webmail). The authorities can also read your self-hosted email if they had a warrant to search your house. Even if you enable FDE they can do a cold boot attack. |
| |
| ▲ | golem14 a day ago | parent | next [-] | | I believe that you would not expect that level of interaction with LEAs for a "stop cop city" dude that hasn't even been charged with a crime. I'd count that up as a hypothetical win of the self-hosted main in your own location. If you are Dr. Evil, OTOH, other calculi apply. | |
| ▲ | encrypted_bird a day ago | parent | prev | next [-] | | Just out of curiosity, what is a cold boot attack? | | |
| ▲ | gruez a day ago | parent [-] | | https://en.wikipedia.org/wiki/Cold_boot_attack tl;dr they pull the decryption keys from your computer while it's still running, which of course it is because your mail server has to be up 24/7. | | |
| ▲ | wildzzz a day ago | parent | next [-] | | Simple solution: put your server inside of a cabinet or enclosure that immediately powers it off if opened with a hidden micro switch. Additionally, write a little udev rule to immediately power off if any new USB device is connected or Ethernet is unplugged. | | |
| ▲ | encrypted_bird 21 hours ago | parent [-] | | So a trip-switch for the server? How would one access it if one needed to do config changes or, really, anything the server for legitimate purposes? | | |
| ▲ | quesera 20 hours ago | parent [-] | | ssh in and shut down first (and/or just use a properly reliable filesystem). Mail transfer can tolerate multi-hour interruptions. Imagine the drama if it couldn't! |
|
| |
| ▲ | encrypted_bird 21 hours ago | parent | prev [-] | | That is fascinating! Thanks for sharing! |
|
| |
| ▲ | Tepix a day ago | parent | prev [-] | | What if you use encryption? | | |
|
|
| ▲ | johanyc 16 hours ago | parent | prev | next [-] |
| You always put trust in the vendor even if they use e2ee because the end clients are made by them. They can just send things without e2ee from any of their clients (not just web). > This type of attack could be targeted at the behest of authorities. No? How can authorities tell them how to do their business? |
|
| ▲ | perching_aix a day ago | parent | prev [-] |
| Is even that needed? Nothing e2ee about the emails you receive normally, they could just read them right away if they really wanted to. And that is to say nothing about the metadata. |
