webext-signed-pages
ios-mail
webext-signed-pages | ios-mail | |
---|---|---|
16 | 61 | |
180 | 1,349 | |
- | 0.5% | |
0.0 | 9.8 | |
over 1 year ago | about 1 month ago | |
JavaScript | Swift | |
BSD 3-clause "New" or "Revised" License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
webext-signed-pages
-
E2EE on the web: is the web that bad?
There is "Signed Pages" by the debeloper of EteSync. It is a browser extension, that checks webapps based on signatures in the html file. The addon then warns the user if the signature is not correct or - if I remember correctly - the source changed. This allows you to be sure what webapp code was delivered. But it seems like it did not really get used outside of his own projects. https://github.com/tasn/webext-signed-pages
-
Cloudflare and CDNs - call for community opinions
EteSync has implemented something called Signed Pages, this might be worth looking closer at. This uses PGP keys which is preloaded into the browser; but I suspect that will be a barrier too high for most non-tech users.
- Is there any tool to verify client-side website code you get served is the same as the open source version?
-
Truly safe?
There are also projects like signed web pages which can also help increasing the trust level to some degree. But that requires that you can download the source code and regenerate the verification hash locally - or have other trusted methods to verify the hash value hasn't been modified as well. The current concept is reasonably sane, but it requires too much from users currently to make it widely used.
- A browser that verifies Javascript
-
Security experts declare all Proton apps secure after security audit
> The server can at any time start serving malicious payloads
True, and I call this threat model "Beware Each and Every Fetch" (BEEF) in contrast to the more common TOFU model (although if you trust a desktop app to auto-update itself then these two models might not be all that different).
In any case, I think you're being a little quick to dismiss the idea of server-hosted applications. It's true that browsers don't natively have a nice way of pinning specific versions of a web app, but there is the clever hack of SecureBookmarks[0] (if you're prepared to sacrifice the UX), or, more realistically, you can pin the web app version using some sort of browser extension.
Examples of the latter include the Signed Pages extension[1], and Code Verify[2], which is the result of a collaboration between Meta and Cloudflare (for securing the WhatsApp Web code, currently, but should eventually support other sites like Proton's too). Of course, it would be much better if this capability was natively included in browsers themselves, but hopefully adoption of this technology will pressure browsers and standards bodies to take ownership of this.
[0] https://coins.github.io/secure-bookmark/
[1] https://github.com/tasn/webext-signed-pages
[2] https://github.com/facebookincubator/meta-code-verify
-
ProtonMail Is Inherently Insecure, Your Emails Are Likely Compromised
Something like a browser extension for this does already exist, fortunately:
https://github.com/tasn/webext-signed-pages
-
"Were you able to subpoena ProtonMail?"
In regards to untrusted webapp, yes, that is a reasonable attack vector. That said, I've heard from ProtonMail they have been considering to implement Signed Pages to help mitigate (at least some of the) issues with this attack vector.
-
Proton’s priorities
Which is why it is important to get proper E2E encryption on e-mail, where the source is open source and can be audited. And then that there are verify mechanisms to verify that the source code has not been manipulated. For web services there are signed-pages which is quite interesting.
ios-mail
-
Ask HN: Have you migrated to Proton mail/calendar/pass/etc.? How was it?
I see that Proton (https://proton.me/) offers a fuller suite of tools these days beyond just mail: calendar/password manager/cloud storage/vpn
The pricing looks pretty good too at $9.99/month for everything
Has anyone migrated everything to them? How is it if so?
I currently pay for a Google Workspace on my own domain and iCloud for storage, which already amounts to more than Proton are charging (and Proton allows 3 custom domains for email vs Googles 1)
-
ASK HN: Where to host my personal email
I've been running my own email server for the last 10 years or so using iRedMail / CentOS on a cheap VM. It requires very little maintenance and I never have problems with delivery (just make sure you have DMARC, DKIM, SPF, all setup).
Occasionally I consider moving to service provider but I don't really trust any of them with something so important. Especially Google, as there are so many cases of people getting locked out of their account with virtually no support available to them.
If I were going to switch to a provider, it would likely be Proton. They are based out of Switzerland and as far as I know have an outstanding reputation.
https://proton.me
-
I can't connect to ProtonMail.
If you have Proton VPN installed on an iOS, MacOS, or Android device, could you please try switching to the Stealth protocol (https://protonvpn.com/blog/stealth-vpn-protocol/) to see if you will be able to successfully connect afterwards. If you do manage to connect to a VPN server with the Stealth protocol, please try accessing proton.me afterwards and let us know how it goes.
-
Issue with FireStick and Surfshark
Just for science, you should try a different VPN. You can get Proton for free if you sign up for Proton email at Proton.me. It’s at least another data point.
-
Proton services no longer work with non-Proton VPNs
Meanwhile, you could try accessing proton.me from another web browser, disable any browser extensions on your current web browser, and make sure you can access any other websites on the same setup.
-
Pretty sure simpcity.su thinks I am a bot. Help!
So two days ago I signed up with a fresh account with Brave, a VPN, and a fresh proton.me email. Went thru fine-- no problems, and used the site since. I used the site on my phone with the Brave browser, and fine again.
-
Can I trust SimpleLogin/passmail.net to never go down?
Proton AG is a privately-owned company and does not publish financial information, which makes assessing their future success or failure, or product strategy, difficult to predict. Any voluntarily released information is available through their website under Who We Are and Resources & Support, much of which is summarized on Wikipedia). I doubt that an officer or employee of Proton will provide insider information on Reddit that isn't already on the Proton website. Someone else here, who might be closer to the company, might be able to share better insights, but I see no reports of financial distress. I judge the financial and organizational stability of Proton to be at least equal to any of its competitors, and better than most. But these are my opinions and I have little concrete evidence to support them.
- Calendar app/site that doesn't track your data
-
Small business owner: considering signi g up to Microsoft Office Premium for mail etc.
Proton is a decent alternative for email and calendar among others if you value privacy
- Beyler yerli ve milli goebbels Proton (ProtonVPN vs.)'u banlamış olabilir mi bi baksanıza amk buney
What are some alternatives?
photos-app - ➡️ Moved to https://github.com/ente-io/ente
proton-mail-android - Proton Mail Android app
mailvelope - Browser extension for OpenPGP encryption with Webmail
OpenAdapt - AI-First Process Automation with Large [Language (LLMs) / Action (LAMs) / Multimodal (LMMs)] / Visual Language (VLMs)) Models
frame - System-wide Web3 for macOS, Windows and Linux
strawberry - A GraphQL library for Python that leverages type annotations 🍓
pacman-bintrans - Experimental binary transparency for pacman with sigstore and rekor
tor-relay-docker - Tor relay Docker images for x86-64, armhf & arm64 (from source)
leCrypt-web-extension - leCrypt is a decentralised password manager which is cross-platform, free and secure.
linux-cli-community - Linux command-line client for ProtonVPN. Written in Python.
proton-mail - React web application to manage ProtonMail
Simple-Calendar - A simple calendar with events, tasks, customizable colors, widgets and no ads.