Comment by mccorrinall
3 years ago
If I understood correctly I run this bridge on my computer which connects to the protonmail API, downloads my mail, then decrypts it and starts a local IMAP server, so I can read it with my thunderbird.
The email stays encrypted on the server, and this extension only decrypts it locally like it would happen in the web browser.
> You use Proton Bridge to walk your secure email beyond that enclave into whatever YOU are running in your userland scenario.
Look, if I won’t trust the software which is running in my userspace, I’m doing something wrong anyway. Even if I wouldn’t use this extension, a malicious userspace application would still hook itself into your webbrowser, or simply steal cookies/tokens from your browser’s profile folder and hijack the protonmail session.
> Which begs the question, why would you use Proton Mail if you’re gonna negate its unique value proposition?
If I’m not mistaken with my assumptions at the top, the email still stays encrypted everywhere except on my PC. I don’t trust the mail provider, and I don’t trust protonmail. Protonmail could just change their web app at any moment to upload your second password which is used for unlocking your keys, and you wouldn’t notice. This can’t happen with an extension which doesn’t even have an auto updater.
Anyway, it goes both ways. And some people just want to use their email client, instead of a web app.
Yes.
Some people want to subscribe to a premium encrypted email provider so they can download that email locally so it can live perpetually in ever expanding sub folders on disk, in plaintext.
These are the people who need Proton Bridge.
I mean, I have all my pcs encrypted with veracrypt and don’t have any issue with storing my emails in plain text on my disk.