GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I wouldn't be using it via an app, as I don't have a smartphone, but they do have a browser interface too.
Their web mail service performs decryption of messages on the client via Javascript, and with Javascript the clients computer is the compiler, but by definition the client is untrustworthy.. E.g. JS sends the client source code and expects the client to translate this code into "client computer behavior", but a hacker can inject malitious code into the environment, dynamically, which can alter the JS code thats running on the client.. This is possible cause JS code cant be digitally signed cause all its code is dynamic and not static.. This makes is possible for Proton mail (or a hacker) to give you Bob's public key along with their own public key, thus allowing them to eavesdrop on your encrypted messages.. That's not something you can do with a native app cause the code is digitally signed by the developer (protonmail) and the platform (e.g. Apple), and thus it cant be altered.. Protonmail can put a backdoor into their app, but their not likley do that since everyone would get the backdoor (rather than before with JS they can target specicically based on IP).. So using JS is not a proper use of GPG-based end-to-end encryption between the client and the Protom mail servers.. With that said this problem is not specific to Protonmail, as all "privacy focused" email services offer a web-based email service that does this... The web-mail service is convientent, but not secure... Some "privacy focused" email providers like mailbox.org get around this by storing your private key on their servers (instead of on your client), thus not needing to use JS.. But then do you trust them with your private key?
Thank you, Young Jedi. That's a brilliant explanation. But I'm not as hooked on total security as some folks around here. After all, my ISP doesn't encrypt my email (though Google does) and, as I explained above, none of the people I exchange emails with using my private address would know what to do if I sent them a pgp public key. Well, Cousin Lucky perhaps but no one else.
What I like about protonmail so far is that it doesn't do any obvious snooping to sell you ads and isn't susceptible to US government intervention. In other words, it's probably as secure as I need it to be.
Citibank has the same thing available with some of their cards - they call it a Virtual Account Number. I use it all of the time for online purchases. It's one of the big reasons I've kept my Citibank card.
Thanks. I've often wondered if other big banks had similar. For CitiBank, is it Visa or MasterCard or both?
At one point Discover Card had a similar thing to generate temporary numbers but they discontinued it for some reason a couple of years ago.
Thanks. I've often wondered if other big banks had similar. For CitiBank, is it Visa or MasterCard or both?
At one point Discover Card had a similar thing to generate temporary numbers but they discontinued it for some reason a couple of years ago.
I have a MasterCard, but I'm pretty sure it's available for both. It seems to be pretty standard, and I read some place that only 3 or 4 Citi cards didn't offer it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.