Show threadCatherine (she/her, any)Feb 1, 2024

@alternativeto https://github.com/vladimiry/ElectronMail is a great unofficial Desktop app for Proton Mail. It's a libra(fLOSS) application, and you can use it with PM's free tier.

#floss #foss #libra #opensource #protonmail #encryption #email #electronmail

GitHub - vladimiry/ElectronMail: Unofficial ProtonMail Desktop App

Unofficial ProtonMail Desktop App. Contribute to vladimiry/ElectronMail development by creating an account on GitHub.

GitHub
bojkotiMalbonaOct 30, 2022
#Protonmail (whose microblogging presence is limited to Elon Musk’s assets) has become quite a burden in the past couple yrs. #Hydroxide is broken, thus pushing us to use the web client (because #Electronmail is broken too), and the web client periodically pushes a CAPTCHA. So it’s a game of trying to login as infrequently as possible, yet if too much time passes your acct is dead.
Show threadcensored for “transphobia”Jan 2, 2022
@thatbrickster @orekix @Hyolobrika @inference The flaw with #Protonmail is that it relies on on-the-fly #JavaScript. A smart user can use #Electronmail or #hydroxide to counter the threat of malicious JS, but then when Protonmail pushes their #CAPTCHA things get dicey.
Show threadbojkotiMalbonaDec 22, 2021
@dsfgs @pj The only control for that scenario is for the user to run a client that bundles in audited JS. #Electronmail demonstrates that scenario. Since #Protonmail will comply with Swiss court orders, you wouldn’t want to visit protonmail.ch from just any browser and download the JS dynamically if Swiss courts are in your threat model. You'd want to download Electronmail anonymously.
Show threadresist1984Aug 20, 2021
@eloquence @cnx BTW, this article is good but misses an important point: https://web.archive.org/web/freedom.press/training/protonmail-pro/ Harlo Holmes warns that malicious js could compromise users but gives no remedy to that. She should suggest #ElectronMail & #Hydroxide as ways to avoid on-the-fly javascript.
Protonmail like a pro

ProtonMail is a Switzerland-based email client that offers end-to-end encryption between its users by default. We cover some of its more advanced uses and configurations, and tackle some of its main issues head-on.

teqcriticAug 13, 2021
#Debian #Bullseye is set to release in the next day or two. You will be impacted if you run any of these apps/pkgs: #VBox, #gksudo, #openssl, #fetchmail, #ocrodjvu, #evince, #okular, #xpdf, #neomutt, #electronmail, #wire, #bitlbeeMastodon, #Kitty. More details: https://raddle.me/f/freesoftware/132542/what-you-will-lose-when-upgrading-to-debian-bullseye
What you will lose when upgrading to Debian Bullseye

Show threadresist1984Aug 4, 2021
@kzimmermann @dianoetic And for expert users there is #Hydroxide which is leaner & also benefits from static js (as #Electronmail does)... right up until #Protonmail pushes a CAPTCHA, at which point Hydroxide falls over & (bloated) #Electronmail becomes essential. The use case for hydroxide is that sometimes experts need to talk to normies & doing a key exchange is enough to alienate normies.
Show threadresist1984Aug 4, 2021
@dianoetic @kzimmermann #Protonmail has the same vulnerability to subpoena power that #Hushmail has: the server can push malicious javascript that grabs whatever the server admin wants, including but not limited to the private key. There is a defense that's possibly in reach for normies-- running #ElectronMail over Tor, which uses static (potentially reviewed) javascript that's anonymously downloadable.
Show threadresist1984Jul 28, 2021
@jasper @ashwinvis @silmathoron It's safer to use #Electronmail because the javascript is static, potentially reviewed, and you can obtain it anonymously. So if Protonmail were to serve malicious js targeted to you, you would never execute it. But note that Electronmail is broken in #Debian #Bullseye.
Show threadresist1984Jul 28, 2021
@celia @telroy Ah, I think I found the answer to that: https://github.com/emersion/hydroxide/issues/179 Apparently a GUI login is needed with Firefox as a precondition to using #Hydroxide. Which BTW brings security risks because AFAIK you must run #Protonmail's on-the-fly #JavaScript (instead of #Electronmail).
[9001] Login temporarily not permitted from your connection for security reasons · Issue #179 · emersion/hydroxide

2021/05/31 11:13:28 request failed: POST https://mail.protonmail.com/api/auth/refresh: [10013] Invalid refresh token 2021/05/31 11:13:30 request failed: POST https://mail.protonmail.com/api/auth: [...

GitHub