![]() ![]() Yen says that to date half a dozen requests have come in from agencies across the world and none resulted in any data being handed over. ProtonMail would never be able to hand over email content anyway, as only the user has access to that. ![]() That should make it hard for the NSA, or any other branch of the US government, to demand the company cough up user data, given slightly more restrictive Swiss privacy laws. Users have to figure out how to securely exchange that passphrase.Īs for protections from government orders, ProtonMail is running out of Switzerland. As a password, therefore, has to be shared to unlock communications, this is far less secure. When a user sends a message from ProtonMail to a non-ProtonMail contact encryption can be used but it's "symmetric encryption", where only one key is used and must be shared between the two. Thanks to recently-completed work, the same goes for emails between Facebook and ProtonMail users. It stores all the public keys and private keys on its systems, though the private keys themselves are encrypted with the mailbox password so cannot be accessed by the ProtonMail team. When communications are taking place between ProtonMail users, the key exchange is handled by the company. ProtonMail tries to ease that pain by creating the key pairs in the browser using the JavaScript language as a user signs up and keeping those keys in its own (hopefully) secure servers. Private keys are occasionally leaked too, whilst being open to theft where hackers can find them. Standard users of PGP ( your reporter is one) have to go through an occasionally irksome process of setting up OpenPGP, before importing and exporting those keys, and checking they came from the right person, typically checking a key's "fingerprint".
0 Comments
Leave a Reply. |