hardened_malloc VS ProtonMail Web Client

Relevant copypasta:

Fellow humans, there are alternatives to Google and Apple! Your neck need not be under anyone's boot! You don't even need to give up any functionality:

Data service:

The simplest thing is to buy a prepaid SIM and top it off with cash. The lovely people over at /r/nocontract maintain a big spreadsheet so you can filter by various properties of the available contracts.

Another way to go is to pay for a postpaid plan with a virtual credit card (VCC) like at privacy.com. It won't be linked to your name at the telco, but of course privacy.com knows who you are. There is also Abine Blur, and some others.

Yet a third way to go, which is nascent, is buy an eSIM with crypto. You can also buy prepaid VCCs with crypto.

An interesting new choice is PGPP https://invisv.com/pgpp/ who rotate your IMSI and do some other cool stuff. It works by e-sims.

All these methods make you /pseudo/nymous, but obviously you're still identifiable by subscriber number and possibly IMEI, to put aside correlational things like your traffic profile. You can help this problem by routing everything through a VPN. Then you're pseudonymous but the cell carrier knows nothing about you other than that you use a VPN. Pay for the VPN with crypto. Of course now the VPN provider knows your traffic, but you're much more anonymous to them than you are to a telco. You make your choices. Defense in depth. Etc.

OS:

GrapheneOS: https://grapheneos.org/ Very much like Calyx, but extra-hardened and with no MicroG. No involvement with Google at all by default. You can make a secondary profile in which you install Google Play Services to set up an environment where you can run unprivileged Play services + whatever crapware you need that requires them. Unprivileged here means it's like any other app: if you don't give it access to your location, it won't know where you are. If you end the profile session when you leave, Play Services stops running and stops talking to Google.

CalyxOS: https://calyxos.org/ Privacy-respecting Android distribution that replaces Google spyware with MicroG, so you can have your cake and eat it too. Most everything will work as you're used to, but it does still talk to Google to make that happen.

LineageOS: https://lineageos.org/ The successor to CyanogenMod, will work with many different phones. More privacy and control than stock Android.

There are also many others: Sailfish, Replicant, e

Hardware:

CalyxOS and GrapheneOS run best on Pixels. The path of least resistance is to get one of these phones and run GrapheneOS with Google Services installed in one profile or other.

You could also buy a Librem 5 https://puri.sm/products/librem-5/ If privacy and security and hacking are really important to you.

Or a pinephone: https://www.pine64.org/pinephone/

Neither work very well by regular standards, but they're cool :-)

It might be worth to switch to GrapheneOS if you have Pixel phones: https://grapheneos.org/

It is a more serious project than LineageOS in the sense that they take security very seriously and they take their development more professionally too. There are no disadvantages to using GrapheneOS compared to LineageOS.

You can see a comparison here: https://eylenburg.github.io/android_comparison.htm

If it still powers up but just won't boot you could try installing https://grapheneos.org/.

On 4thgen Pixels and up you can install GrapheneOS which is a security and privacy focused Android build. It does not come with any Google services pre-installed but you can put them on. https://grapheneos.org/

yes... will also de-google it cuz we can install GrapheneOS and also close the bootloader

> Is this password-derived key the "account key" which I see in the Proton Mail settings interface?

No, the account key is an OpenPGP key which is encrypted with a key derived from your password. The "key encryption key" is not separately visible. The address keys are in turn encrypted using the account key.

> Please clarify what key derivation function is being used.

We use bcrypt, in addition to the OpenPGP S2K (i.e. the bcrypt output is fed as the "password" to OpenPGP's key encryption).

We are in the process of rolling out OpenPGP.js v6, which supports Argon2 for the OpenPGP S2K step, after which we'll start using that - but we aren't quite yet.

> Are there instructions for verifying that all this is happening? I think a lot of folks on HN won't be convinced otherwise.

Take a look at https://github.com/ProtonMail/WebClients/blob/main/packages/..., for example. Though to be honest, if you want to verify that we aren't sending the password to the server anywhere, in principle you'd have to check the code of the entire web app. It's all open source, but it's a lot of work, of course. But you can also check the latest audit report: https://proton.me/blog/security-audit. They also verified all of this stuff.

> It's just that I'm going to create an OpenPGP identity for things like signing code commits on git, signing packages I publish. (...) So I was really hoping to be able to use Proton Mail with this identity instead of the key pair that's generated for the account.

Yeah, I understand. Though, the typical advice from a cryptographer's perspective would be, it's better to use separate keys for separate purposes; and the simplest way to do that is to generate separate OpenPGP certificates, so that's what we'd generally recommend. But, if you want to generate separate subkeys and sign them all using a common primary key, that's also reasonable enough. And, we can improve the documentation on that, although it's a bit of a niche use case (not for HN of course, but for the general audience it is).

> Thanks for reaching out here on HN. I've been a really happy Proton Mail customer and now I'm even happier.

Thanks, glad to hear! :)

The source code is here https://github.com/ProtonMail/WebClients

> Finally, in keeping with our long track record of transparency, Proton Pass is open source so anyone can review and verify our security architecture

They sure do enjoy writing that sentence without including any hyperlinks. This (https://github.com/ProtonMail/WebClients/tree/main/applicati...) appears to be the browser extension and https://github.com/ProtonMail/WebClients/tree/main/packages/... appears to look like the backend referenced in the extension's readme, but that directory's readme is zero bytes so (shrug)

Fork the frontend and make your own lightweight option

PS: I hope that we selfhosters will have a modern, efficient, easy to use mail suite one day with modern features like JMAP, good self-learning spam integration, automated checks and validations for SPF/DMARC/DKIM or whether the IP/host suddenly appears in a blocklist and integrated encryption at rest for emails. Something that isn't 30 services in a container image, with 30 different configuration styles. Maybe even with an API integrated that's compatible to the ProtonMail frontend (like the neutron server once intended to be). Anyway, I'm sorry for dreaming. ;)

And if you want to customize it further you can use Stylus to add custom CSS, Tampermonkey to add JS, or even modify the whole thing yourself from source (if you run it locally it syncs with your actual account).