Andy Yen, the CEO of Proton (Mail, Drive, VPN, Pass...) answered a lot of the questions you, the community, asked, in an interview that covers basically everything!
He discusses security, privacy, the origins of Proton, how they operate, Linux support, future projects, products and features, quantum computing, passkeys, and more!
Proton Mail: https://proton.me/mail/TheLinuxEXP Proton VPN: https://protonvpn.com/TheLinuxEXP
๐ SUPPORT THE CHANNEL: Get access to a weekly podcast, vote on the next topics I cover, and get your name in the credits:
YouTube: https://www.youtube.com/@thelinuxexp/join Patreon: https://www.patreon.com/thelinuxexperiment Liberapay: https://liberapay.com/TheLinuxExperiment/
Or, you can donate whatever you want: https://paypal.me/thelinuxexp
๐ GET TLE MERCH Support the channel AND get cool new gear: https://the-linux-experiment.creator-spring.com/
๐๏ธ LINUX AND OPEN SOURCE NEWS PODCAST: Listen to the latest Linux and open source news, with more in depth coverage, and ad-free! https://podcast.thelinuxexp.com
๐ FOLLOW ME ELSEWHERE: Website: https://thelinuxexp.com Mastodon: https://mastodon.social/web/@thelinuxEXP Pixelfed: https://pixelfed.social/TLENick PeerTube: https://tilvids.com/c/thelinuxexperiment_channel/videos Discord: https://discord.gg/mdnHftjkja
#vpn #privacy #proton #onlinesecurity #protonmail
Timecodes:
00:00 Intro 01:16 How did Proton start? 03:24 Why start with email? 06:03 What is Proton's business model? 08:34 Why set up in Switzerland? 11:33 What data do you have on customers? 14:39 How is encryption important? 18:20 Do you always need to use a VPN? 20:47 Why focus on building an ecosystem? 24:55 Is an Office Suite planned? 26:29 What differentiates Proton from competitors? 30:26 Is Proton a viable alternative to big tech services? 33:31 Why expand to more products instead of finishing existing ones? 37:19 Does the general public care about privacy? 38:45 What's next for Proton services? 40:08 What are the plans for native Linux clients? 46:03 Will ProtonVPN offer dedicated IPs to everyone? 47:46 What's the environmental impact of Proton? 49:27 Proton on F-Droid, without Google Play notifications? 52:03 Why are code repos all separated and hard to find? 53:12 Why are addresses ending in ".me" ? 54:57 When will all apps reach feature parity? 56:24 Will SMTP relay be supported? 57:47 Will Proton focus more on businesses in the future? 59:50 Why put all your eggs in one basket with just Proton services? 01:01:00 Will Proton support passkeys? 01:03:21 Does E2E matter is the recipient isn't using it? 01:04:49 Will Proton disable port forwarding in VPN? 01:06:41 Is encryption enough to make email private? 01:09:06 What protects users from a change in Proton's code licensing? 01:11:14 How does Proton protect its infrastructure? 01:13:14 Impacts of Quantum Computing on privacy and security? 01:14:24 What's the future of Proton Bridge? 01:16:25 When will Proton photos be a thing? 01:17:17 Plans for Proton Notes? 01:18:20 Will VPN support the Apple TV? 01:21:12 Support the channel
I have a question for ProtonMail:
What is the purpose of your end-to-end encryption?
It seems like its only conceivable purpose is to protect against the server being malicious, since the HTTPS encryption between client and server is already protecting against all adversaries who don't control the server. But, if the server is malicious then it can target an individual user and serve them different javascript when they login. (This special javascript for the targeted user can exfiltrate their passphrase and then the adversary can decrypt everything...)
So, is it correct to say that the only scenarios where ProtonMail e2ee is actually useful in any way (eg, it could prevent an adversary from seeing plaintext) are these two?
Also, separately from potential special behavior for targeted users, is there any way to verify the integrity of the javascript being served to everyone currently (or at any point in time)? (Just having it be open source and audited isn't sufficient, since the javascript that people actually run while using the site is minified...)