andy1011000 Proton CEO posted:
“People honestly seem to forget that I live in Switzerland, where Republican/Democrat doesn’t mean anything, and Trump isn’t even on our ballot to be voted for…”
Onyx376. replied:
“The point is that fighting for a more just and equal society is not just about fighting for the fundamental right to privacy but also for all other fundamental rights, including individual rights and life. When you, as the CEO of a company that starts from these principles, nod positively to whatever action a political figure like Trump, who is known for always flagrantly putting his private interests ahead of those of his own nation, makes speeches about eliminating minorities, hurting their rights as citizens and flirting with Nazi movements, it is understandable that members of the privacy community are disappointed as this reveals a little about who is being the face of a company that should follow contrary principles. But now we really know what “freedom” means to you.”
If you complie your clients, Proton cannot decrypt your data.
But there’s a lot more than Proton can do.
They could log your IP, the exact time you log in or use Proton services
They could keep a copy of every email you receive, most of them are probably unencrypted.
If you use VPN, they could log everything you do, they wont be able to decrypt the HTTPS data, but if they log all your traffic, it defeats the purpose of using a VPN.
They could potentially swap the web javascript, if you ever log in via browser.
When you send emails to another Protonmail user, Proton could potentially do a mitm and swap Proton’s public key and make the other user’s client think its your public key, and also give Proton’s public key, and make your client think its that user’s public key. Proton essentially act as a keyserver, so they could maliciously replace keys.
And most people don’t compile their user clients, so if you just download the clients they compile, they could just not use the source code to compile it, sending you a malicious client.
There’s just a lot of attack vectors if the company itself becomes hostile.