ProtonMail Web Client
Tutanota makes encryption easy
ProtonMail Web Client | Tutanota makes encryption easy | |
---|---|---|
181 | 467 | |
4,146 | 5,772 | |
2.1% | 1.2% | |
10.0 | 9.9 | |
about 1 month ago | 2 days ago | |
TypeScript | TypeScript | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ProtonMail Web Client
-
Proton Mail Discloses User Data Leading to Arrest in Spain
> Is this password-derived key the "account key" which I see in the Proton Mail settings interface?
No, the account key is an OpenPGP key which is encrypted with a key derived from your password. The "key encryption key" is not separately visible. The address keys are in turn encrypted using the account key.
> Please clarify what key derivation function is being used.
We use bcrypt, in addition to the OpenPGP S2K (i.e. the bcrypt output is fed as the "password" to OpenPGP's key encryption).
We are in the process of rolling out OpenPGP.js v6, which supports Argon2 for the OpenPGP S2K step, after which we'll start using that - but we aren't quite yet.
> Are there instructions for verifying that all this is happening? I think a lot of folks on HN won't be convinced otherwise.
Take a look at https://github.com/ProtonMail/WebClients/blob/main/packages/..., for example. Though to be honest, if you want to verify that we aren't sending the password to the server anywhere, in principle you'd have to check the code of the entire web app. It's all open source, but it's a lot of work, of course. But you can also check the latest audit report: https://proton.me/blog/security-audit. They also verified all of this stuff.
> It's just that I'm going to create an OpenPGP identity for things like signing code commits on git, signing packages I publish. (...) So I was really hoping to be able to use Proton Mail with this identity instead of the key pair that's generated for the account.
Yeah, I understand. Though, the typical advice from a cryptographer's perspective would be, it's better to use separate keys for separate purposes; and the simplest way to do that is to generate separate OpenPGP certificates, so that's what we'd generally recommend. But, if you want to generate separate subkeys and sign them all using a common primary key, that's also reasonable enough. And, we can improve the documentation on that, although it's a bit of a niche use case (not for HN of course, but for the general audience it is).
> Thanks for reaching out here on HN. I've been a really happy Proton Mail customer and now I'm even happier.
Thanks, glad to hear! :)
- Has anyone tried to run the Proton Mail UI locally?
-
ProtonDrive encryption key
The source code is here https://github.com/ProtonMail/WebClients
-
Proton Pass – Protecting your passwords and online identity
> Finally, in keeping with our long track record of transparency, Proton Pass is open source so anyone can review and verify our security architecture
They sure do enjoy writing that sentence without including any hyperlinks. This (https://github.com/ProtonMail/WebClients/tree/main/applicati...) appears to be the browser extension and https://github.com/ProtonMail/WebClients/tree/main/packages/... appears to look like the backend referenced in the extension's readme, but that directory's readme is zero bytes so (shrug)
- Where is the source code for Proton Drive?
-
Basic HTML Mode?
Fork the frontend and make your own lightweight option
- Where can I find the source code of the web app?
-
Announcement: SMTP Server in Rust with DMARC, DANE, MTA-STS, Sieve, OTEL support
PS: I hope that we selfhosters will have a modern, efficient, easy to use mail suite one day with modern features like JMAP, good self-learning spam integration, automated checks and validations for SPF/DMARC/DKIM or whether the IP/host suddenly appears in a blocklist and integrated encryption at rest for emails. Something that isn't 30 services in a container image, with 30 different configuration styles. Maybe even with an API integrated that's compatible to the ProtonMail frontend (like the neutron server once intended to be). Anyway, I'm sorry for dreaming. ;)
-
Why is the "Special offer" button still there after I purchased 1 year of Mail Plus through that very button?? Not happy.
And if you want to customize it further you can use Stylus to add custom CSS, Tampermonkey to add JS, or even modify the whole thing yourself from source (if you run it locally it syncs with your actual account).
- Is Proton Drive better than Sync.com?
Tutanota makes encryption easy
-
Show HN: TutaCrypt, post-quantum encryption protocols for securing emails [pdf]
Hi HN, we are the developers from Tuta (formerly Tutanota), the German end-to-end encrypted email provider, and we recently released the world's first post-quantum encryption for email.
We have included a full technical write-up of the cryptography involved in these changes and we have released it for open public review.
This document specifies TutaCrypt, a protocol designed for hybrid email encryption in Tuta Mail. The protocol combines a classical Elliptic-Curve-Diffie-Hellman key exchange with a post-quantum KEM. The goal is to replace the usage of RSA in Tuta Mail.
In the remainder of this document we describe some preliminaries such as the cryptographic primitives used. We define the core algorithms of the protocol and describe the flow of messages between the communicating parties. Finally, we discuss the security properties and some limitations of the protocol in its current form.
We are eager for your constructive feedback. All cryptography related source code is available for review and experimenting here: https://github.com/tutao/tutanota/blob/master/src/api/worker...
If you have any questions or comments related to post-quantum cryptography please let us know in the comments!
- How to Escape Gmail
-
A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
Tutanota - Free secure email account service provider with built-in end-to-end encryption, no ads, no tracking. Free 1GB storage. Which is also partially open source, so you can self-host.
-
secret storage
You are probably using a window manager and Electron is not able to detect the secret service backend you have installed. We recently switched to Electron’s built in api for storing credentials, which is the reason for this issue. https://github.com/tutao/tutanota/issues/6265
-
⟳ 4 apps added, 32 updated at f-droid.org
Tuta Mail (version 3.119.3): Encrypted email & calendar service - easy to use, secure by design.
-
Please move away from Amazon for Tuta's Domain Name System
A look at tuta.com and tutanota.com demonstrates that Tuta is using an Amazon Start of Authority (SOA) DNS record and 4 corresponding Amazon Name Server (NS) DNS records.
-
Apple and Google Monitor Notifications. We Need Push Notification Alternatives
rich coming from tuta who still lack a onion based login. this ticket from 2018 was locked as off-topic. https://github.com/tutao/tutanota/issues/528
as lenin said, the best way to control the opposition is to lead it. for me, unless the company has been raided by the government they simply cannot be trusted.
apple proudly advertises privacy billboards while sharing everything they are asked under shadow laws. absolute hypocrisy and double standards. but then they wouldnt be where they are without government money and favours.
-
Change current email from Tutanota to tuta
Have a non business paid account. Can you change your current tutanota.com email to the tuta.com email?
-
Unable to access account
I have an at tutanota.com account. All of a sudden, this evening, it disconnected and I haven't been able to re-access my account. It actually seems like the whole platform is down, but maybe that's just the context from my devices.
-
Migration is needed for which domains?
I have a fairly recent free account that I believe was on the domain tutanota.com which I can no longer log into.
What are some alternatives?
SimpleLogin - The SimpleLogin back-end and web app
Roundcube - The Roundcube Webmail suite
AnonAddy - Anonymous email forwarding
RainLoop - Simple, modern & fast web-based email client
duckduckgo-locales - Translation files for <a href="https://duckduckgo.com"> </a>
Mailpile - A free & open modern, fast email client with user-friendly encryption and privacy features
Mailcow - mailcow: dockerized - 🐮 + 🐋 = 💕
proton-mail - React web application to manage ProtonMail
Disposable Mailbox