ProtonMail Web Client
Killed by Google
ProtonMail Web Client | Killed by Google | |
---|---|---|
181 | 2,308 | |
4,157 | 2,388 | |
2.4% | - | |
10.0 | 7.0 | |
about 1 month ago | 9 days ago | |
TypeScript | TypeScript | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ProtonMail Web Client
-
Proton Mail Discloses User Data Leading to Arrest in Spain
> Is this password-derived key the "account key" which I see in the Proton Mail settings interface?
No, the account key is an OpenPGP key which is encrypted with a key derived from your password. The "key encryption key" is not separately visible. The address keys are in turn encrypted using the account key.
> Please clarify what key derivation function is being used.
We use bcrypt, in addition to the OpenPGP S2K (i.e. the bcrypt output is fed as the "password" to OpenPGP's key encryption).
We are in the process of rolling out OpenPGP.js v6, which supports Argon2 for the OpenPGP S2K step, after which we'll start using that - but we aren't quite yet.
> Are there instructions for verifying that all this is happening? I think a lot of folks on HN won't be convinced otherwise.
Take a look at https://github.com/ProtonMail/WebClients/blob/main/packages/..., for example. Though to be honest, if you want to verify that we aren't sending the password to the server anywhere, in principle you'd have to check the code of the entire web app. It's all open source, but it's a lot of work, of course. But you can also check the latest audit report: https://proton.me/blog/security-audit. They also verified all of this stuff.
> It's just that I'm going to create an OpenPGP identity for things like signing code commits on git, signing packages I publish. (...) So I was really hoping to be able to use Proton Mail with this identity instead of the key pair that's generated for the account.
Yeah, I understand. Though, the typical advice from a cryptographer's perspective would be, it's better to use separate keys for separate purposes; and the simplest way to do that is to generate separate OpenPGP certificates, so that's what we'd generally recommend. But, if you want to generate separate subkeys and sign them all using a common primary key, that's also reasonable enough. And, we can improve the documentation on that, although it's a bit of a niche use case (not for HN of course, but for the general audience it is).
> Thanks for reaching out here on HN. I've been a really happy Proton Mail customer and now I'm even happier.
Thanks, glad to hear! :)
- Has anyone tried to run the Proton Mail UI locally?
-
ProtonDrive encryption key
The source code is here https://github.com/ProtonMail/WebClients
-
Proton Pass – Protecting your passwords and online identity
> Finally, in keeping with our long track record of transparency, Proton Pass is open source so anyone can review and verify our security architecture
They sure do enjoy writing that sentence without including any hyperlinks. This (https://github.com/ProtonMail/WebClients/tree/main/applicati...) appears to be the browser extension and https://github.com/ProtonMail/WebClients/tree/main/packages/... appears to look like the backend referenced in the extension's readme, but that directory's readme is zero bytes so (shrug)
- Where is the source code for Proton Drive?
-
Basic HTML Mode?
Fork the frontend and make your own lightweight option
- Where can I find the source code of the web app?
-
Announcement: SMTP Server in Rust with DMARC, DANE, MTA-STS, Sieve, OTEL support
PS: I hope that we selfhosters will have a modern, efficient, easy to use mail suite one day with modern features like JMAP, good self-learning spam integration, automated checks and validations for SPF/DMARC/DKIM or whether the IP/host suddenly appears in a blocklist and integrated encryption at rest for emails. Something that isn't 30 services in a container image, with 30 different configuration styles. Maybe even with an API integrated that's compatible to the ProtonMail frontend (like the neutron server once intended to be). Anyway, I'm sorry for dreaming. ;)
-
Why is the "Special offer" button still there after I purchased 1 year of Mail Plus through that very button?? Not happy.
And if you want to customize it further you can use Stylus to add custom CSS, Tampermonkey to add JS, or even modify the whole thing yourself from source (if you run it locally it syncs with your actual account).
- Is Proton Drive better than Sync.com?
Killed by Google
-
Apple Introduces M4 Chip
>Google operates in China albeit via their HK domain.
The Chinese government has access to the iCloud account of every Chinese Apple user.
>They also had project DragonFly if you remember.
Which never materialized.
>The lesser of two evils is that one company doesn’t try to actively profile me (in order for their ads business to be better) with every piece of data it can find and forces me to share all possible data with them.
Apple does targeted and non targeted advertising as well. Additionally, your carrier has likely sold all of the data they have on you. Apple was also sued for selling user data to ad networks. Odd for a Privacy First company to engage in things like that.
>Google is famously known to kill apps that are good and used by customers: https://killedbygoogle.com/
Google has been around for 26 years I believe. According to that link 60 apps were killed in that timeframe. According to your statement that Google kills an app a month that would leave you 252 apps short. Furthermore, the numbers would indicate that Google has killed 2.3 apps per year or .192 apps per month.
>As for the subpar apps: there is a massive difference between the network traffic when on the Home Screen between iOS and Android.
Not sure how that has anything to do with app quality, but if network traffic is your concern there's probably a lot more an Android user can do than an iOS user tp control or eliminate the traffic.
-
Google Fit APIs get shut down in 2025, might break fitness devices
> This is proved by countless “killed by Google” incidents..
Oh, the Google's Graveyard: https://killedbygoogle.com/
-
How I migrated from Firebase to Supabase
I was already starting to feel a little cornered in the whole Google ecosystem and a bit limited with stuff like backups, vendor lock in, etc. (and you always have the obvious hanging over your head) and ultimately, I think I just find the mental model of a SQL database more intuitive compared to a NoSQL database. So I thought to myself; "the longer I leave it, the harder it'll be to make the switch".
- With Vids, Google thinks it has the next big productivity tool for work
-
Google Axion Processors, our new Arm-based CPUs
https://killedbygoogle.com/
Their reputation is deserved. Google domains was killed only last year!
-
Google's Decision to Effectively Kill-off Small Sites
And this isn't even the first time I've been burned by Google's decisions. If you're familiar at all with the Google Graveyard, you'll know that Google has a long history of killing off products and services that people have come to rely on. This has happened to me a number of times, in both a personal and professional capacity, and frankly it's getting old.
- Google Scholar PDF Reader
-
Calls grow for Sundar Pichai to step down from Google CEO position
Just because Google has a couple of decent services that you're willing to pay for doesn't detract from the fact that most of their products have a worse life expectancy than a victorian child in the 1800s. https://killedbygoogle.com
They ruined every single opportunity to be more than an advertising company since Orkut. With scrapped attempts, starts and lack of intention for most of the 2010s to even during the early half of the Pixel Era, they seemingly haven't learnt to stick to something and iterate on it well.
And the fact that over 50% of their revenues come from search and by extension, advertising.
The fact' that til this day, they still haven't evolved from the "throwing shit at the wall then at the fan" strat which explains how they have fumbled so much so quickly.
- Google's Gemini Headaches Spur $90B Selloff
-
Our Company Is Doing So Well That You're All Fired
Yeah. The Google Graveyard really shows how far this can go.
https://killedbygoogle.com
The punchline is that in addition to hundreds of failed hobby projects, their stock is doing great. Monopoly power is a helluva drug.
What are some alternatives?
SimpleLogin - The SimpleLogin back-end and web app
Materialize - Materialize, a CSS Framework based on Material Design
Roundcube - The Roundcube Webmail suite
babel-plugin-superjson-next - Automatically transform your Next.js Pages to use SuperJSON
RainLoop - Simple, modern & fast web-based email client
Ryujinx-Games-List - List of games & demos tested on Ryujinx
Tutanota makes encryption easy - Tuta is an email service with a strong focus on security and privacy that lets you encrypt emails, contacts and calendar entries on all your devices.
tModLoader - A mod to make and play Terraria mods. Supports Terraria 1.4 (and earlier) installations
Mailpile - A free & open modern, fast email client with user-friendly encryption and privacy features
BetterJoy - Allows the Nintendo Switch Pro Controller, Joycons and SNES controller to be used with CEMU, Citra, Dolphin, Yuzu and as generic XInput
proton-mail - React web application to manage ProtonMail
kotlin - The Kotlin Programming Language.