I think that the elephant in the room may be UK legislation - which explicitly forces anyone's provider using encryption to hand over decryption keys to UK government - that in turn has treaties to share them with other 5 nations security agencies.
I am not a user and, I hardly encrypt anything other than TLS to save me from marketing research/analysis. For me, the issue would be that once bunch of agencies + the king and his sidekick(s) can see my stuff without warrant - then there is no privacy left. They will of course pay some "super secure/trusted" partner to store and analyse the data for them .... At the very least they will use it to train models which of course are free to be monetised . .... I have no control to what end and to what conclusion they arrive. And no recourse, if they/AI just makes stuff up about me. See: Why apple doesn't encrypt UK user's data. -T On Fri, Mar 21, 2025, 00:25 Russell Senior <[email protected]> wrote: > One question I've had for a while is: how does key management work at > Proton. Public key encryption rests on a foundation where your private > key is exclusively known to you, and that all reasoning about what is > private is directly tied to "who has access to your private key". One > thing I have been unable to discover, which doesn't seem to be well or > transparently documented, is "where is my private key and how is > access to it managed?" Does anyone know? > > My vague understanding is that, supposedly, proton stores an encrypted > version of your private key and supposedly when you type in your > password to the random javascript they send you, you get a copy of the > encrypted key and unlock the key in your browser, but ... and stick > with me here, what if they send you javascript that leaks your > password to them. In that case, they have the encrypted key and the > unlocking password and therefore, they have possession of your private > key and all privacy guarantees provided by the math of PK encryption > are lost. Can someone please help me understand why or how that isn't > possible? > > Thanks! > > -- > Russell Senior > [email protected] > > On Thu, Mar 20, 2025 at 8:23 PM King Beowulf > <[email protected]> wrote: > > > > On 3/20/25 17:41, Michael Ewan wrote: > > > I saw that Proton Pass sponsored a YouTube channel I enjoy (All The > > > Gear is in the UK). It looked good on the surface. I know some of you > > > use Proton Mail, any experience with Proton Pass? > > > > I've been using proton pass on my main linux box for a 2+ years with 90+ > > password stored (mmm....I should check on some of those sites!). Works > > well, easy and transparent, with goo feature set. Only sloth has > > prevented me from migrating it to other devices. > > > > Highly Recommended. > > > > Diclaimer: I am a paying proton mail customer > > > > -Ed > > > > >
