Talk:Proton Mail: Difference between revisions

Content deleted Content added

Inline

Revision as of 19:40, 1 March 2017

	This article is part of WikiProject Websites, an attempt to create and link together articles about the major websites on the web. To participate, you can edit the article attached to this page, or visit the project page.WebsitesWikipedia:WikiProject WebsitesTemplate:WikiProject WebsitesWebsites articles
C	This article has been rated as C-class on Wikipedia's content assessment scale.
???	This article has not yet received a rating on the importance scale.
	This article is supported by WikiProject Computing.

Software: Computing C‑class

	This article is within the scope of WikiProject Software, a collaborative effort to improve the coverage of software on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.SoftwareWikipedia:WikiProject SoftwareTemplate:WikiProject Softwaresoftware articles
C	This article has been rated as C-class on Wikipedia's content assessment scale.
???	This article has not yet received a rating on the project's importance scale.
	This article is supported by WikiProject Computing.

Cryptography: Computer science C‑class

	This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles
C	This article has been rated as C-class on Wikipedia's content assessment scale.
???	This article has not yet received a rating on the importance scale.
	This article is supported by WikiProject Computer science.

Image resize

Shouldn't [[File:Protonmail_system_architecture_2014.png|thumb|375px|Architecture of a ProtonMail datacenter.]] be smaller? 71.34.137.244 (talk) 09:31, 27 April 2015 (UTC)[reply]

Zero Knowledge

Is protonmail really using a zero-knowledge protocol ? It is being said in the introduction, but nowhere else is anything specified (?) 95.91.240.213 (talk) 20:05, 4 November 2015 (UTC)[reply]

I appended {{clarify}} to the sentence. Maybe someone has a good source for this. Otherwise we should remove it as advertising.–Totie (talk) 18:38, 5 November 2015 (UTC)[reply]
ProtonMail is using client-side encryption. It is not using zero-knowledge proofs or zero-knowledge protocols actually fitting the cryptographic definition of zero knowledge. 85.76.73.223 (talk) 17:09, 24 July 2016 (UTC)[reply]
I removed the phrases entirely. I did not like the formulation to begin with and believe that it puts as into a position that we have to justify the claims made by ProtonMail.–Totie (talk) 11:28, 25 September 2016 (UTC)[reply]

Not really "Open Source“

In contrary to what they say on their blog: "ProtonMail is Open Source”[1] ProtonMail seems to only release small parts of it's code as open source, and they release it slowly after using it in production, this kind of delay could speculatively be caused by the external audits — they speak of "Security Contributors" on their blog [2]</ref>. They have no intention of releasing their back end which — considering the audits — could be seen as some form of security through minority.

The security risks of open sourcing the back-end code is too high. It would let an attacker know how our infrastructure is set up or let spammers get insight into how to circumvent our anti-spam measures.
— ProtonMail Blog Admin, https://protonmail.com/blog/protonmail-open-source/#comment-8926

As of 22 february the only thing released as open source is the previous version (2.0) of the webmail front-end [3] which can still be accessed through v2.protonmail.com. Their server, iOS and Android code are closed. Though founder Andy Yen promised to the backers of the crowdfunding campaign to open source the native apps:

Hi Eric, this is why we are trying to hit our reach goal of $500,000 so we can also build native applications for ProtonMail which will be installed/loaded once, and also be open source.
— Andy Yen, https://www.indiegogo.com/projects/protonmail/#/comments

So I would simplify the introduction by saying

ProtonMail is a free and open-source web-based encrypted email service ...

And in the infobox, the license could be:

Freeware; some components MIT License

--Duvrai (talk) 12:24, 22 February 2016 (UTC)[reply]

I agree somewhat. They do seem to have a commitment to open source and said repeatedly that this happens once the product leaves beta. Nevertheless, Wikipedia is an encyclopedia and it would be wrong to suggest that ProtonMail is open source already. I am in favour of your suggestions and would be open to mentioning their open-source intentions elsewhere in the article.–Totie (talk) 17:03, 22 February 2016 (UTC)[reply]

Links to summary pages on email servers/services

Should the links at the bottom be retained?  While they do link to nice summaries of email options, the Wikipedia pages they linked to does not include ProtonMail.  I would suggest adding rows in the various tables which describe ProtonMail, or removing the links to the comparison pages.  — Preceding unsigned comment added by 75.73.1.89 (talk) 00:26, 26 February 2016 (UTC)[reply]

I see no problem there. The page is for further reading on a directly related topic.–Totie (talk) 13:40, 26 February 2016 (UTC)[reply]

Historical vulnerability

I am moving mention of the following historical vulnerability from the article to the Talk page. It does not seem notable at all, considering especially that it did not affect the then current version. --Hyperforin (talk) 01:26, 25 September 2016 (UTC)[reply]

I disagree about the notability. Given the articles emphasis on security, I do believe that this kind of vulnerability should be mentioned.–Totie (talk) 11:26, 25 September 2016 (UTC)[reply]
I don't feel strongly about it. You're welcome to add it back if you like. Typically I would mention it too, but there is no famous large software product that exists without a history of vulnerabilities. This one in particular was not even exploited as far as we know, making it less than notable. --Hyperforin (talk) 00:05, 26 September 2016 (UTC)[reply]


Vulnerabilities
A video demonstrating a cross-site scripting attack was shown in July 2014.^[1] The ProtonMail developers reviewed the video and confirmed that the issue affected an early development version of ProtonMail that was released in May 2014. The attack did not affect the then-current version.^[2]

User number

According to this source: https://protonmail.com/blog/protonmail-tor-censorship/ there are only "over 2 million" users. While technically 5 Million is "over 2 million", I think they would have wrote 5 million if it would be that much more than 2 million.Andylee Sato (talk) 08:46, 19 January 2017 (UTC)[reply]

Encryption protocol needs citation

The section on encryption provides a moderately detailed description of how the crypto works, but it only sites a stack exchange article. The article has a brief description by someone claiming to be one of the developers, but even that doesn't support a number of the claims. I recommend replacing this section with something that indicates that ProtonMail has not provided an official explanation of how end-to-end encryption works.


^ Hacking protonmail - with a browser. Vimeo. 30 June 2014. Retrieved 19 October 2015.

^ "Update about reported XSS issue". ProtonMail. 8 July 2014. Retrieved 19 October 2015.

[1] Hacking protonmail - with a browser. Vimeo. 30 June 2014. Retrieved 19 October 2015.

[2] "Update about reported XSS issue". ProtonMail. 8 July 2014. Retrieved 19 October 2015.

[1]

[2]

@@ Line 45: / Line 45: @@
 According to this source: https://protonmail.com/blog/protonmail-tor-censorship/ there are only "over 2 million" users. While technically 5 Million is "over 2 million", I think they would have wrote 5 million if it would be that much more than 2 million.[[User:Andylee Sato|Andylee Sato]] ([[User talk:Andylee Sato|talk]]) 08:46, 19 January 2017 (UTC)
+== Encryption protocol needs citation ==
+The section on encryption provides a moderately detailed description of how the crypto works, but it only sites a stack exchange article. The article has a brief description by someone claiming to be one of the developers, but even that doesn't support a number of the claims. I recommend replacing this section with something that indicates that ProtonMail has not provided an official explanation of how end-to-end encryption works.