Even if it is an advertisement, can the threats be true?
IronJumbo
joined 2 years ago
I am not associated with any tested company or this blog.
I am an ordinary user of all Proton products since his birth and I love him.
Because the test looks credible, I just want an expert from Proton to dispel my doubts or honestly confirm the problem.
In that case, it seems to me that the only threat is the mindless copying of public keys to other servers, as described in the article. But who does so? Do admins not create separate private-public keys for each server?
Thank you for the explanation!
Thanks Evgeny for your explanation and time (I'm sure we all appreciate it). But you didn't say directly and specifically - does the app make these connections to Google servers?
It's not about whether the application communicates with these addresses or not. It's about the fundamental question: why are these addresses even encoded in the code of a VERY privacy-sensitive application?
My friend, in every answer you push F-Droid as a cure for all evil. There is no perfect store, F-Droid also has its problems (I wrote about it above). I am not an enemy of F-Droid (I also use it sometimes), but I will repeat: F-Droid control is insufficient (it's security theater - it's not a full audit of the source code).
When installing from Github you only trust the developer and their signed certificate key.
When installing from F-Droid you additionally also have to trust the F-Droid developer's signature.
Besides that F-droid has its own problems:
https://privsec.dev/posts/android/f-droid-security-issues/
I don't use F-Droid. I use Obtainium and additionally check signatures in AppVerifier.
Is this a joke? Do you release a completely rebuilt app, and UnifiedPush is still gone? Users of degoogled phones will still not have notifications? Will you still only use Google FCM?
Why Google (FCM) notifications on Android are dangerous:
Everyone knows that the content of the notification is encrypted, BUT THIS IS NOT ENOUGH:
https://www.privacy-handbuch.de/handbuch_73.htm
Requests to the PM Team (for example, for the implementation of Unified Push) have been ignored for many years.
For some people, using a safe ProtonMail app with a dangerous FCM can be a disaster in some countries (journalists, signals, political opposition, etc.)
Please repair it!