The new ProtonMail has passed its independent security audit

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
hardware-buttons scrape-images linkedin-bot

CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  1. ProtonMail Web Client

    Monorepo hosting the proton web clients

    > a new protocol that can degrade gracefully

    Does Autocrypt meet that definition?

    https://autocrypt.org/

    Sadly, for the last 3 years, ProtonMail has resisted implementing it (unlike Posteo, for example), using FUD tactics to justify themselves:

    https://github.com/ProtonMail/WebClient/issues/120

  2. CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo

  3. interface

    🦄 Open source interfaces for the Uniswap protocol

    Deploying via IPFS might also work? Though it'd require having a trustworthy backend storing state ... or I suppose auditing to ensure backend can't inject anything malicious into client layer.

    From what I i understand, some cryptocurrency DApps like Uniswap[0] are using this route.

    [0] https://github.com/Uniswap/uniswap-interface

  4. webext-signed-pages

    A browser extension to verify the authenticity (PGP signature) of web pages

    Deploying via IPFS might work indeed, but you're then either reliant on a gateway or have to run IPFS yourself locally. I know that Brave now supports IPFS, but for most people a more lightweight solution would be to install the Signed Pages extension for Chrome or Firefox.[0]

    I'm not sure if you actually need a trustworthy backend, or rather, if the frontend is encrypting its state before sending it to the backend, then the worst a malicious backend can do is delete or replay your data. By including timestamps and replicating your state to multiple independent backends, that risk can be largely mitigated.

    [0] https://github.com/tasn/webext-signed-pages

  5. proton-mail

    Discontinued React web application to manage ProtonMail

    The linked site is very low on info high on outrageous claims. It is not the same as gmail and protons response to that paper are accurate imo. The fact is web clients are inherently insecure but you can run your own client entirely afaik (https://github.com/ProtonMail/proton-mail). I don't think anybody has evidence of wrong doing but the service is proprietary so...

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Daily General Discussion - May 27, 2022

    6 projects | /r/ethfinance | 26 May 2022

  • ProtonMail: Important clarifications regarding arrest of climate activist

    4 projects | news.ycombinator.com | 6 Sep 2021

  • 5 smart contract projects that can land you a job 🚀 💼

    4 projects | dev.to | 13 Mar 2025

  • Free, Open-Source Anonymous Email Forwarding – Addy.io

    1 project | news.ycombinator.com | 12 Mar 2025

  • Revolutionizing Email: Stalwart Mail Server - Secure, Modern, and Easy to Use

    1 project | dev.to | 4 Mar 2025
Loading...