LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 04-19-2019, 08:56 PM   #31
young_jedi
Member
 
Registered: Mar 2019
Posts: 37

Rep: Reputation: Disabled

Quote:
Originally Posted by hazel View Post
I wouldn't be using it via an app, as I don't have a smartphone, but they do have a browser interface too.
Their web mail service performs decryption of messages on the client via Javascript, and with Javascript the clients computer is the compiler, but by definition the client is untrustworthy.. E.g. JS sends the client source code and expects the client to translate this code into "client computer behavior", but a hacker can inject malitious code into the environment, dynamically, which can alter the JS code thats running on the client.. This is possible cause JS code cant be digitally signed cause all its code is dynamic and not static.. This makes is possible for Proton mail (or a hacker) to give you Bob's public key along with their own public key, thus allowing them to eavesdrop on your encrypted messages.. That's not something you can do with a native app cause the code is digitally signed by the developer (protonmail) and the platform (e.g. Apple), and thus it cant be altered.. Protonmail can put a backdoor into their app, but their not likley do that since everyone would get the backdoor (rather than before with JS they can target specicically based on IP).. So using JS is not a proper use of GPG-based end-to-end encryption between the client and the Protom mail servers.. With that said this problem is not specific to Protonmail, as all "privacy focused" email services offer a web-based email service that does this... The web-mail service is convientent, but not secure... Some "privacy focused" email providers like mailbox.org get around this by storing your private key on their servers (instead of on your client), thus not needing to use JS.. But then do you trust them with your private key?

Source: https://www.youtube.com/watch?v=AhdJzjC7Leo
Source: https://www.wired.com/2015/10/mr-rob...-fully-secure/

Last edited by young_jedi; 04-19-2019 at 09:03 PM.
 
Old 04-20-2019, 02:20 AM   #32
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 11,450
Blog Entries: 8

Rep: Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989
Quote:
Originally Posted by hazel View Post
Sure, if you have Deutschmarks available! I don't.
hazel!
it's been euros for almost 20 years now.
but yeah, you probably don't have euros immediately available either.
 
Old 04-20-2019, 07:21 AM   #33
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 2,873

Original Poster
Blog Entries: 7

Rep: Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501
Thank you, Young Jedi. That's a brilliant explanation. But I'm not as hooked on total security as some folks around here. After all, my ISP doesn't encrypt my email (though Google does) and, as I explained above, none of the people I exchange emails with using my private address would know what to do if I sent them a pgp public key. Well, Cousin Lucky perhaps but no one else.

What I like about protonmail so far is that it doesn't do any obvious snooping to sell you ads and isn't susceptible to US government intervention. In other words, it's probably as secure as I need it to be.
 
Old 04-22-2019, 02:24 PM   #34
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,667
Blog Entries: 15

Rep: Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578
Quote:
Originally Posted by sgrlscz View Post
Citibank has the same thing available with some of their cards - they call it a Virtual Account Number. I use it all of the time for online purchases. It's one of the big reasons I've kept my Citibank card.
Thanks. I've often wondered if other big banks had similar. For CitiBank, is it Visa or MasterCard or both?

At one point Discover Card had a similar thing to generate temporary numbers but they discontinued it for some reason a couple of years ago.
 
Old 04-22-2019, 02:40 PM   #35
sgrlscz
Member
 
Registered: Aug 2008
Posts: 106

Rep: Reputation: 78
Quote:
Originally Posted by MensaWater View Post
Thanks. I've often wondered if other big banks had similar. For CitiBank, is it Visa or MasterCard or both?

At one point Discover Card had a similar thing to generate temporary numbers but they discontinued it for some reason a couple of years ago.
I have a MasterCard, but I'm pretty sure it's available for both. It seems to be pretty standard, and I read some place that only 3 or 4 Citi cards didn't offer it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Bang for the Buck: Entry Linux Servers Keep Windows and Unix ... LXer Syndicated Linux News 0 11-07-2006 12:21 PM
LXer: Bang for the Buck: Entry Unix Servers Compete with Linux and Windows LXer Syndicated Linux News 0 10-06-2006 07:03 PM
Apache + SSL + Firefox = goes crash boom bang zooper Linux - Software 0 04-28-2006 05:52 PM
LXer: ODF: A Bang from Quinn and a Whimper from Corel LXer Syndicated Linux News 0 01-24-2006 05:01 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 06:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration