I admittedly should’ve done more research before my first comment, but it does actually turn out that everything I said is true. Proton’s technology was previously audited by Mozilla and is currently audited by SEC Consult and other companies regularly, and the audits are available for everyone to view. Additionally, they do have a bug bounty program. Also (and this is something I didn’t mention), the ProtonVPN and Proton Mail apps are all open source.
It’s about the server-side code. If that’s not an issue then someone needs to make the argument, not throw up smokescreens about the apps and frontend code.
You’re right that the encryption needs to be verifiable on the client side, but then why not share the server side code?
I mean if they did, anyone could theoretically spin up an instance, which would be good, actually.
I admittedly should’ve done more research before my first comment, but it does actually turn out that everything I said is true. Proton’s technology was previously audited by Mozilla and is currently audited by SEC Consult and other companies regularly, and the audits are available for everyone to view. Additionally, they do have a bug bounty program. Also (and this is something I didn’t mention), the ProtonVPN and Proton Mail apps are all open source.
Is that the backend code? It seems like they’re talking about the apps, not backend code. The thing being discussed here is backend code.
Nearly all of Proton’s stuff uses publicly verifiable client side encryption, so idk what all this is about
It’s about the server-side code. If that’s not an issue then someone needs to make the argument, not throw up smokescreens about the apps and frontend code.
You’re right that the encryption needs to be verifiable on the client side, but then why not share the server side code?
I mean if they did, anyone could theoretically spin up an instance, which would be good, actually.