New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add ghostmail #33
Comments
The problem with "secure email" providers like ProtonMail (and GhostMail), is that they are "end-to-end encrypted-kinda-sorta-not-really". Problem 1 - Your private key is not yours
They say it "stays in your browser", but they cannot guarantee that. There are multiple scenarios where your private key would leave your browser and get sent to their server:
Problem 2 - Your friend's public key is not theirsTheir server sends you the public key for your friend. How do you know it's actually your friend's and not theirs? You don't. Neither GhostMail nor ProtonMail belong on this list. |
Also, this is nonsense (from here):
No. That is not forward secrecy. Stay away from all of this nonsense folks. If you want GPG, use GPGTools, Enigmail, or Mailvelope. |
yes, i agree that ghostmail is snakeoil, but i try to document the snakeoil projects too and highlight what is wrong with them. |
https://www.ghostmail.com
The text was updated successfully, but these errors were encountered: