The new ProtonMail has passed its independent security audit

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • OPS - Build and Run Open Source Unikernels
  • SonarLint - Deliver Cleaner and Safer Code - Right in Your IDE of Choice!
  • GitHub repo ProtonMail Web Client

    Monorepo hosting the proton web clients

    > a new protocol that can degrade gracefully

    Does Autocrypt meet that definition?

    https://autocrypt.org/

    Sadly, for the last 3 years, ProtonMail has resisted implementing it (unlike Posteo, for example), using FUD tactics to justify themselves:

    https://github.com/ProtonMail/WebClient/issues/120

  • GitHub repo interface

    🦄 An open source interface for the Uniswap protocol

    Deploying via IPFS might also work? Though it'd require having a trustworthy backend storing state ... or I suppose auditing to ensure backend can't inject anything malicious into client layer.

    From what I i understand, some cryptocurrency DApps like Uniswap[0] are using this route.

    [0] https://github.com/Uniswap/uniswap-interface

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • GitHub repo webext-signed-pages

    A browser extension to verify the authenticity (PGP signature) of web pages

    Deploying via IPFS might work indeed, but you're then either reliant on a gateway or have to run IPFS yourself locally. I know that Brave now supports IPFS, but for most people a more lightweight solution would be to install the Signed Pages extension for Chrome or Firefox.[0]

    I'm not sure if you actually need a trustworthy backend, or rather, if the frontend is encrypting its state before sending it to the backend, then the worst a malicious backend can do is delete or replay your data. By including timestamps and replicating your state to multiple independent backends, that risk can be largely mitigated.

    [0] https://github.com/tasn/webext-signed-pages

  • GitHub repo proton-mail

    React web application to manage ProtonMail

    The linked site is very low on info high on outrageous claims. It is not the same as gmail and protons response to that paper are accurate imo. The fact is web clients are inherently insecure but you can run your own client entirely afaik (https://github.com/ProtonMail/proton-mail). I don't think anybody has evidence of wrong doing but the service is proprietary so...

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts