Our great sponsors
-
A counter to this would be to let users deploy their open source client [0] themselves to wherever (as one example, this is something that TermPair implements [1]).
-
A counter to this would be to let users deploy their open source client [0] themselves to wherever (as one example, this is something that TermPair implements [1]).
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
Mailvelope ( https://github.com/mailvelope/mailvelope) is an open source extension for Chrome and Firefox that allows users to use openpgp encryption with any webmail provider. Unfortunately, I have only one contact who has corresponded with me with pgp. But two others (both activists) use ProtonMail (my only reason for having an account on the service) -- but not Tor (their ProtonMail use predates the latest "explainer"). At least when it comes to email, I'm going to go out on a limb and say people should _never_ trust it for sensitive communications. Message content itself can be protected by pgp encryption (if people would bother to use it), but there's no watertight way to consistently avoid the kind of relationship mapping that nation states and transnational corporations have been doing for the last two decades. That game is already over, and Big Brother won -- no matter who you use for email.
-
The browser add-on that comes closest is Signed Page[0], and in theory it could provide TOFU level security by requiring the user to opt in to new versions. For unclear reasons, though, the devs seem to be against implementing that.[1]
Any system for protecting against backdoors assumes that someone is auditing the code to check for user-specific code paths, so the only extra layer of security to add is some sort of Binary Transparency. A good example of that is Sigstore, which is being experimentally integrated with the Arch Linux package ecosystem.[2]
[0] https://github.com/tasn/webext-signed-pages
Related posts
- The new ProtonMail has passed its independent security audit
- Ask HN: What is a good alternative to SendGrid?
- Listmonk: Newsletter and mailing list manager with a modern dashboard
- Stalwart mail server (self-hosted all-in-one mail server) now as an admin webui
- Proton Mail says Outlook for Windows is Microsoft's new data collection service