Subj : Web based Crypto
To   : All
From : nristen
Date : Tue Nov 06 2018 08:45 am

I wanted to add a comment/question about the discussion on web based crypto
such as Proton Mail and others such as Keybase.io, etc.  I know services that
claim to offer secure encrypted communication ie Facebook, etc keep the
private keys themselves which allows the service provider access to the
communication.  I am not sure about Proton mail but I was under the
impression that Keybase.io does not keep the private key on the servers but
the private keys are generated on the users local machine and are never sent
thus preventing the service provider from accessing content they were not
given permission to see.  I have heard good reports of Proton and wonder if
they have something similar?

Of course, you can always take the point of view that any device connected to
a network is risky.  It can be easy to bypass a lot of security with
keyloggers.  Another item that worries me are reports that I have seen about
various organizations have access to SSL CA certs.

--- Mystic BBS v1.12 A39 2018/04/21 (Raspberry Pi/32)
 * Origin: The Search BBS (21:1/161)

.