I recently did some research on how ProtonMail’s PGP encryption works. As an advanced user, I was looking forward to using an email host in Switzerland who is supportive of PGP and has a good record in relation to privacy. I can secure my own PGP keys and wouldn’t trust a web client for anything where security matters.
Unfortunatly I have discovered that their entire system is not usable with any key they do not control. In my opinion, this means:
- Claim to “Zero Access to User Data” is incorrect. All they need to do is send a specially crafted web page to the target to access the gpg key.
- Any desktop client must use their closed-source “Bridge”. Bridge can steal the key, etc.
- The Bridge will reject any properly E2EE email where the user alone controls their key (as they always should!).
- Support suggested that I upload my private key to resolve the issue – WTF?
A while back, I tried to signup over Tor and found it was basically impossible to do without revealing my real-world identity via credit card (much worse than gmail). Bitcoin payments were not possible via Tor.
Seems like the information on privacytools.io (all green) is not painting an accurate picture.
Am I alone here or should I suggest changes?