Comment by jrootabega
3 years ago
The bridge is just another client in the sense that any ProtonMail client would need to decrypt emails so you can view them. To be honest, their web client is probably less secure and trustworthy than other mail toolchains you could run locally. So if the bridge was reliable and trustworthy (which it may not be, hence this submission), using it is probably the most secure option.
“ To be honest, their web client is probably less secure and trustworthy than other mail toolchains you could run locally. ”
To be honest, you’re guessing amirite? Be honest.
Bizarre statement, it’s like in-browser security doesn’t exist? The password manager browser extension you may use, that’s Swiss cheese right?
You're not looking for a discussion, but rather a fight. I hope you find some peace. Understand that not everyone who responds with a counterpoint also downvoted you.
But I'll respond once in good faith - a browser, which is designed to load and run obfuscated remote scripts from quasi-trusted sources, and display complex untrusted HTML mail content, and which is subject to XSS vulnerabilities, will always be inherently less secure than, e.g., mutt. It exposes you to potentially malicious second parties (e.g. ProtonMail) and third parties. This is true regardless of any mitigations and security measures that are also built in to the browser. If you have enough distrust in your threat model to use ProtonMail, you also likely acknowledge the browser's weaknesses.