I've been mulling over many tablet options recently with a goal to reduce the number of devices I travel with (terminal, email, playing HW accelerated video, reading comics). I considered everything from an iPad through a Surface with Linux and all the way to more exotic options like https://junocomputers.com/product/juno-tab-2/ or https://www.fydetabduo.com/ but they all lacked something. I was close to going with a Google Pixel with Graphene OS but Google's atrocious pricing in Europe made me reconsider. This one finally made me pull the trigger, mostly because it is Linux-first and came with no "This is a beta product" or "generally works, but..." asterisks. Fingers crossed that it delivers.
I was backed into a corner when it came time to replace my Samsung Galaxy Book 12 and had to by a Samsung Galaxy Book 3 Pro 360 --- really wish that there was something like to the Samsung Galaxy Tab Ultra 9 which ran Windows.
Even when it does use PGP, it is meaningless, explanation:
I just created a spare protonmail account. It asked me to pick a username and password, and my account is created.
Next, I send there a message from my other account. Yes, on the receiving end it does write "End-to-end encrypted and signed message", but encrypted and signed by what exactly? I have never created a PGP keys and loaded the public key to Protonmail on either account (and never used my private key to decrypt anything. This can mean only one thing: even if there is some kind of encryption happening, Protonmail themselves generate keys, and uses it for encryption-decryption, never asking you for anything but your password. And if they can uses these keys to decrypt the messages for you, they can decrypt it for anybody.
Protonmail also gives a user an option to export his private keys. Yeah, right. Your private keys.
That experiment shows that whatever is stored on ProtonMail's servers plus your password is sufficient to decrypt your emails. This could be explained by the private key being derived from or encrypted with your password. ProtonMail's documentation says it's the latter (https://protonmail.com/support/knowledge-base/how-is-the-pri...):
> Your ProtonMail private key is generated in your browser. Before sending the private key to the server for storage, we encrypt it with your password (or mailbox password if you use two-password mode). This ensures that you and only you can use your private key.
Of course, there are other threats to worry about, such as ProtonMail changing their client-side JavaScript to exfiltrate your password. But the system as they've documented it does not appear to have any way to decrypt your email server-side short of guessing your password.
The most likely attacker against proton mail are various law enforcement or intelligence agencies.
Such agency can force PM to modify login process to derive password from submitted form, or to just switch private keys for non-encrypred ones, because the user won't even notice it.
Truly secure entity just wouldn't have private keys on a server at all. Users would have to go through an an uncomfortable process of generating and uploading keys to clients, but they would be truly safe.
To sum it up, you can't really have security and convenience at once. besides skipping a proper key management process, PM also mail skips such important steps as verification of email partner identify and key verification, so you have to trust PM that you are really talking to a person you think you are talking.
> Truly secure entity just wouldn't have private keys on a server at all.
They don't. They have your encrypted private key, but there's no need to keep that secret. (The decryption key is derived from your password, so the password needs to be strong and secret.)
> Such agency can force PM to modify login process to derive password from submitted form, or to just switch private keys for non-encrypred ones, because the user won't even notice it.
Yes, definitely. It's hard to trust self-updating software (like JavaScript in the browser), particularly if you're concerned about targeted attacks. But creating your own private keys and then entering them in the browser wouldn't help you at all against that sort of attack. You would instead need a different type of client that could be trusted somehow not to leak your private key.
It's not uncommon for services like this to offer a downloadable version of the web client so you can pin a version and audit the code as needed. I think maybe https://github.com/ProtonMail/WebClient is that for ProtonMail? If so, you should be able to verify that code and then use that. The fact that an encrypted copy of your private key will live on ProtonMail's servers shouldn't bother you.
YOU make a poor argument. All email correspondence with external servers (I believe it to be 90+ percent of all correspondence) is not encrypted at all, and the rest is bypassable if Protonmail wants or forced to decrypt it. This is just a security theater.
True security is when the provider can't decrypt anything under all circumstances, even under coercion.
Someone once explained to me that any webmail service is inherently able to read your mail: otherwise it could not display your mail to you. True end-to-end encryption means keeping your private keys client-side and the client on a computer over which you have full physical control.
You are absolutely correct, with some caveats. Browser client can generate keys on clientside and allow to offload them as a file to be used on other devices. Our own web XMPP client does that. But Protonmail does not work like this.
Verification is very simple: if you log in on a new device and see all your content while using only login and password to authenticate yourself, then the content stored on a server is NOT encrypted and is readable by server owner.
> if you log in on a new device and see all your content while using only login and password to authenticate yourself
What about if the encryption key is derived from your password? This is common enough for "encrypt file with a password" services, I've personally implemented it in-browser as part of a small project.
Now, having your account password be the same as the email decryption password is also probably a bad idea, but we're far from the server owner being able to read your emails.
It keeps copies that your browser locally encrypted with a symmetric key derived from your password. When you log on your browser downloads them, and decrypts them with your password.
Protonmail do not see your password and without it cannot decrypt the pub/private key pair.
I'm in the self-hosted camp as well with two Synology NAS boxes in two different countries that all of the family's computers synchronize to using Syncthing. Each of the boxes runs a local backup to an external drive nightly and one of them also runs a backup of a subset of (really important) folders to Backblaze. This uses Synology's proprietary backup tool (HyperBackup) which I intend to replace with an open source solution (most likely rclone but I'd be interested in suggestions). As an additional measure I rotate the external drives in one location weekly. So far it proved quite reliable when switching machines (in combination with git-managed dotfiles and stow) and accessing data on demand. I also make a full image of my laptop on an external drive more or less once a month to enable quick restore in case my OS gets hosed. One problem I still only semi-solved is synchronizing iPhones. Right now we just synchronize photos using Synology's DS File and I do an iTunes backup using a Windows VM which is clunky. High hopes for libimobiledevice here but I've had no time to properly research it yet.
All of the above requires some work but it's fun more than a nuisance. Probably not that great of a solution when I'm no longer around though.
