Bang goes my email and website!

Quote:

Originally Posted by hazel I wouldn't be using it via an app, as I don't have a smartphone, but they do have a browser interface too.

Their web mail service performs decryption of messages on the client via Javascript, and with Javascript the clients computer is the compiler, but by definition the client is untrustworthy.. E.g. JS sends the client source code and expects the client to translate this code into "client computer behavior", but a hacker can inject malitious code into the environment, dynamically, which can alter the JS code thats running on the client.. This is possible cause JS code cant be digitally signed cause all its code is dynamic and not static.. This makes is possible for Proton mail (or a hacker) to give you Bob's public key along with their own public key, thus allowing them to eavesdrop on your encrypted messages.. That's not something you can do with a native app cause the code is digitally signed by the developer (protonmail) and the platform (e.g. Apple), and thus it cant be altered.. Protonmail can put a backdoor into their app, but their not likley do that since everyone would get the backdoor (rather than before with JS they can target specicically based on IP).. So using JS is not a proper use of GPG-based end-to-end encryption between the client and the Protom mail servers.. With that said this problem is not specific to Protonmail, as all "privacy focused" email services offer a web-based email service that does this... The web-mail service is convientent, but not secure... Some "privacy focused" email providers like mailbox.org get around this by storing your private key on their servers (instead of on your client), thus not needing to use JS.. But then do you trust them with your private key?

Source: https://www.youtube.com/watch?v=AhdJzjC7Leo
Source: https://www.wired.com/2015/10/mr-rob...-fully-secure/

Quote:

Originally Posted by hazel Sure, if you have Deutschmarks available! I don't.

hazel!
it's been euros for almost 20 years now.
but yeah, you probably don't have euros immediately available either.

Thank you, Young Jedi. That's a brilliant explanation. But I'm not as hooked on total security as some folks around here. After all, my ISP doesn't encrypt my email (though Google does) and, as I explained above, none of the people I exchange emails with using my private address would know what to do if I sent them a pgp public key. Well, Cousin Lucky perhaps but no one else.

What I like about protonmail so far is that it doesn't do any obvious snooping to sell you ads and isn't susceptible to US government intervention. In other words, it's probably as secure as I need it to be.

Quote:

Originally Posted by sgrlscz Citibank has the same thing available with some of their cards - they call it a Virtual Account Number. I use it all of the time for online purchases. It's one of the big reasons I've kept my Citibank card.

Thanks. I've often wondered if other big banks had similar. For CitiBank, is it Visa or MasterCard or both?

At one point Discover Card had a similar thing to generate temporary numbers but they discontinued it for some reason a couple of years ago.

Quote:

Originally Posted by MensaWater Thanks. I've often wondered if other big banks had similar. For CitiBank, is it Visa or MasterCard or both? At one point Discover Card had a similar thing to generate temporary numbers but they discontinued it for some reason a couple of years ago.

I have a MasterCard, but I'm pretty sure it's available for both. It seems to be pretty standard, and I read some place that only 3 or 4 Citi cards didn't offer it.