Sorry about that :) But you get the credit for spotting the problem! Thanks for that!
loudwhisper
With Simplelogin integration Proton does PGP encryption because effectively all emails are forwarded by a simplelogin address. I have just tested to be sure, and I can confirm it is the case. I agree though that this only protects "my side", which is why I said that it doesn't provide all the PGP features.
Publishing your PGP public key next to your email doesn’t require “wasting a domain” or anything like that
It does if I don't have any key that I use for emails. My key(s) is bound to the Proton account with the other domains I use, so for this domain I would need to either add it (back) to Proton (easier option, but "wastes" a domain) or just generate and manage a key myself, that I can then even add manually to Proton, but I didn't bother doing this just yet. I am not going to use any other public key I have because I wanted specifically to keep this domain separated from my identity.
I just thought it was amusing that you didn’t seem to actually follow your own advice.
FWIW, I do follow the described setup for everything personal, which is what matters to me. As I said, ~1/2 months ago I did have my PGP key because I enrolled the domain into Proton, which if anything is a testament to how annoying it is having to manage keys myself (which I already do for signing commits etc.). Maybe I will spend some time to polish the setup, eventually.
I don't think so, does it sound weird? Not a native speaker, so maybe it does :)
Yep, I am aware of the contradiction. I used to, but since then I moved to an alias as it was not worth wasting a domain for a single address. I may spend eventually the time to setup PGP for the alias itself, but I just didn't. It's a Proton alias, so I get anyway PGP encryption, though (obviously without all the features, but good enough for the near-zero volume I currently have).
Not that I know, which is the reason why I essentially didn't consider those threats relevant for my personal threat model. However, it's also possible it happened and it was never discovered. The point is that there are risks associated with having the same provider having access to both the emails (and the operations around them) and the keys/crypto operations.
The cost of stealthily compromising a secure email company is simply disproportionate compared to the gain from accessing my emails. Likewise, it's unrealistic to think some sophisticated attacker would target me specifically to the point that they will discover and then compromise the specific tooling I am using to access/encrypt/decrypt emails. Also, a $5 wrench could probably achieve the same goal in a quicker and cheaper way.
If I were a Snowden-level person, I would probably consider that though, as it's possible that the US government would try to coerce -say- Proton in serving bad JS code to user X. For most people I argue these are theoretical attacks that do not pose concrete risk.
Thanks, I will go and double check, I am sure there are more typos!
I honestly didn't think at all about the use of checkmarks/crosses and the fact that it can be misinterpreted, I will add a disclaimer.
A bigger issue IMO is how you describe email encryption in transit as a matter of fact, but according to Google transparency report[1] there are still domains that do not support in transit encryption, and, what’s worse, when you send an email you can’t tell if it will be encrypted or not.
you are right. The reason why I took that for granted is because I assumed the scenario in which people use the "mainstream" providers. I was looking at data and I think Outlook and Gmail alone make up more than 50% of the market share. I made an assumption which I considered fair, as 99%+ of the users do not need to worry about this at all. However, this is interesting data and I might add a note about it as well, so thanks!
Thanks!
Can you make the images clickable? They’re impossible to read at that size.
I will look into it, there might be a zola option for it. If there is, sure!
This paragraph should probably mention that this won’t work if the provider uses E2EE
That paragraph is in the context of what I call "transparent encryption", which means E2EE works until the provider is not compromised and the E2EE is effectively broken by delivering malicious software or disclosing the key. E2EE is as resilient as the security of the provider, which is why picking a trusted one is important. Of course, compromising the provider and breaking the E2EE is quite complex.
Thanks a lot! Hopefully at least someone finds it helpful!
Oh, it looks like! Something went wrong with Zola build and I must have not noticed. Thanks a lot for pinging me about that, I will fix it today!
EDIT: Fixed! That's what you get when you forget to bump the Docker image version after you upgrade zola version locally with a breaking change in the config! :) Thanks for letting me know, it would have taken me a long time to see it was broken!
Comfort is the main reason, I suppose. If I mess up Wireguard config, even to debug the tunnel I need to go to the KVM console. It also means that if I go to a different place and I have to SSH into the box I can't plug my Yubikey and SSH from there. It's a rare occurrence, but still...
Ultimately I do understand both point of view. The thing is, SSH bots pose no threats after the bare minimum hardening for SSH has been done. The resource consumption is negligible, so it has no real impact.
To me the tradeoff is slight inconvenience vs slightly bigger attack surface (in case of CVEs). Ultimately everyone can decide which compromise is acceptable for them, but I would say that the choice is not really a big one.
The biggest items on the graph are all out of bounds accesses, use-after-free and overflows. It is undeniable that memory safe languages help reducing vulnerabilities, we know for decades that memory corruption vulnerabilities are both the most common and the most severe in programs written in memory-unsafe languages.
Unsafe rust is also not turning off every safety feature, and it's much better to have clear highlighted and isolated parts of code that are unsafe, which can be more easily reviewed and tested, compared to everything suffering from those problems.
I don't think there is debate here, rewriting is a huge effort, but the fact that using C is prone to memory corruption vulnerabilities and memory-safe languages are better from that regard is a fact.