The new ProtonMail has passed its independent security audit

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Communication systems uniswap Openpgp Email Ethereum

SurveyJS
Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
Our great sponsors

  • ProtonMail Web Client

    Monorepo hosting the proton web clients

    • > a new protocol that can degrade gracefully

    Does Autocrypt meet that definition?

    https://autocrypt.org/

    Sadly, for the last 3 years, ProtonMail has resisted implementing it (unlike Posteo, for example), using FUD tactics to justify themselves:

    https://github.com/ProtonMail/WebClient/issues/120

  • interface

    🦄 Open source interfaces for the Uniswap protocol

    • Deploying via IPFS might also work? Though it'd require having a trustworthy backend storing state ... or I suppose auditing to ensure backend can't inject anything malicious into client layer.

    From what I i understand, some cryptocurrency DApps like Uniswap[0] are using this route.

    [0] https://github.com/Uniswap/uniswap-interface

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo

  • webext-signed-pages

    A browser extension to verify the authenticity (PGP signature) of web pages

    • Deploying via IPFS might work indeed, but you're then either reliant on a gateway or have to run IPFS yourself locally. I know that Brave now supports IPFS, but for most people a more lightweight solution would be to install the Signed Pages extension for Chrome or Firefox.[0]

    I'm not sure if you actually need a trustworthy backend, or rather, if the frontend is encrypting its state before sending it to the backend, then the worst a malicious backend can do is delete or replay your data. By including timestamps and replicating your state to multiple independent backends, that risk can be largely mitigated.

    [0] https://github.com/tasn/webext-signed-pages

  • proton-mail

    Discontinued React web application to manage ProtonMail

    • The linked site is very low on info high on outrageous claims. It is not the same as gmail and protons response to that paper are accurate imo. The fact is web clients are inherently insecure but you can run your own client entirely afaik (https://github.com/ProtonMail/proton-mail). I don't think anybody has evidence of wrong doing but the service is proprietary so...

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts