Comment by stblack
3 years ago
To clarify because comments (so far) seem to ignore what Proton Bridge does.
Proton Mail is web mail, like Gmail. That part is fine.
You use Proton Bridge as a connector to mail client software.
The thing that’s perhaps unclear is, Proton Mail is end-to-end encrypted email. You use Proton Bridge to walk your secure email beyond that enclave into whatever YOU are running in your userland scenario.
Part of all this is, you’re completely unclear on the concept of secure email the moment you need to use this bridge.
Which begs the question, why would you use Proton Mail if you’re gonna negate its unique value proposition?
Proton Mail is fine. It’s this misguided extension that’s the problem here.
If you’re fine with web mail then this issue doesn’t matter. If you’re not fine with web mail, maybe Proton Mail isn’t really for you.
If I understood correctly I run this bridge on my computer which connects to the protonmail API, downloads my mail, then decrypts it and starts a local IMAP server, so I can read it with my thunderbird.
The email stays encrypted on the server, and this extension only decrypts it locally like it would happen in the web browser.
> You use Proton Bridge to walk your secure email beyond that enclave into whatever YOU are running in your userland scenario.
Look, if I won’t trust the software which is running in my userspace, I’m doing something wrong anyway. Even if I wouldn’t use this extension, a malicious userspace application would still hook itself into your webbrowser, or simply steal cookies/tokens from your browser’s profile folder and hijack the protonmail session.
> Which begs the question, why would you use Proton Mail if you’re gonna negate its unique value proposition?
If I’m not mistaken with my assumptions at the top, the email still stays encrypted everywhere except on my PC. I don’t trust the mail provider, and I don’t trust protonmail. Protonmail could just change their web app at any moment to upload your second password which is used for unlocking your keys, and you wouldn’t notice. This can’t happen with an extension which doesn’t even have an auto updater.
Anyway, it goes both ways. And some people just want to use their email client, instead of a web app.
Yes.
Some people want to subscribe to a premium encrypted email provider so they can download that email locally so it can live perpetually in ever expanding sub folders on disk, in plaintext.
These are the people who need Proton Bridge.
I mean, I have all my pcs encrypted with veracrypt and don’t have any issue with storing my emails in plain text on my disk.
> Proton Mail is end-to-end encrypted email.
Well, no, not really. That is the claim that they make but such a thing doesn't really exist, well at least not in the way they suggest. It is e2e if either both parties are using PGP or Proton mail. That is a very small percentage of global mail flow.
Thank you for that. This goes without saying.
Clearly not. I see the claim on every post that mentions ProtonMail. As far as I am concerned, ProtonMail is quite simply snakeoil at this stage.
I will agree with you if the bridge in a open source project backed by communities.
However, bridge is a paid feature used to attract more users.
Also, I don't understand your point about e2ee.
Bridge to proton server is also e2ee.
The mail interface is just a implementation of e2ee in browser, isn't it?
No.
Proton mail is a paid service. It comes with the bridge. The bridge is not extra.
Free-tier Proton Mail may charge for the bridge. I don’t know, I don’t use free-tier Proton Mail.
Bridge is part of the Proton Mail paid service. They advertise it right here: https://proton.me/mail. It's not unreasonable to say that if you are paying for Proton Mail, you would expect the bridge to work considering they advertise it as a feature
Free-tier ProtonMail does not have the privilege to use this buggy bridge.
> Which begs the question, why would you use Proton Mail if you’re gonna negate its unique value proposition?
Because most users don't care about the end to end encryption. They just want to host their email somewhere [1]. And perhaps have it available offline.
All this encryption on everything is mostly turning into security theatre. All mostly because identity theft is so easy in the US. Perhaps that's the problem that needs to be fixed.
[1] lately somewhere that is not Google.
Yep, I could see myself using PM just as a replacement for Gmail, since they have a semblance of a brand and reputation in this space—plus at least somewhat privacy-oriented attitude, which is more than many others got.
The bridge is just another client in the sense that any ProtonMail client would need to decrypt emails so you can view them. To be honest, their web client is probably less secure and trustworthy than other mail toolchains you could run locally. So if the bridge was reliable and trustworthy (which it may not be, hence this submission), using it is probably the most secure option.
“ To be honest, their web client is probably less secure and trustworthy than other mail toolchains you could run locally. ”
To be honest, you’re guessing amirite? Be honest.
Bizarre statement, it’s like in-browser security doesn’t exist? The password manager browser extension you may use, that’s Swiss cheese right?
You're not looking for a discussion, but rather a fight. I hope you find some peace. Understand that not everyone who responds with a counterpoint also downvoted you.
But I'll respond once in good faith - a browser, which is designed to load and run obfuscated remote scripts from quasi-trusted sources, and display complex untrusted HTML mail content, and which is subject to XSS vulnerabilities, will always be inherently less secure than, e.g., mutt. It exposes you to potentially malicious second parties (e.g. ProtonMail) and third parties. This is true regardless of any mitigations and security measures that are also built in to the browser. If you have enough distrust in your threat model to use ProtonMail, you also likely acknowledge the browser's weaknesses.