A deep-dive into ProtonMail’s systems shows that our ‘end-to-end’ encrypted emails may not be so secure after all.
Cyber Security researcher Truls Aandal (21) from Norway discovered something rather interesting. This happened when one of his test-accounts was disabled from accessing ProtonMail services for what ProtonMail calls “abuse or fraud”.
– “Like any other ban I receive during testing, I appeal it by contacting support asking for information on why the account is inaccessible. In some cases, the accounts are unrecoverable” Truls states.
ProtonMail Customer Support’s Reply
It was the answer Truls received from Protonmail Customer Support team that really got his attention.
According to ProtonMail’s security details, email communication made from ProtonMail email addresses is not accessible by the Switzerland-founded company.“Your encrypted data is not accessible to us. ProtonMail’s zero access architecture means that your data is encrypted in a way that makes it inaccessible to us. Data is encrypted on the client-side using an encryption key that we do not have access to. This means we don’t have the technical ability to decrypt your messages, and as a result, we are unable to hand your data over to third parties. With ProtonMail, privacy isn’t just a promise, it is mathematically ensured. For this reason, we are also unable to do data recovery. If you forget your password, we cannot recover your data.”
We have reviewed your account AND EMAILS once again..
Apparently, the Abuse Team at ProtonMail sits on the decryption key for anything that goes through ProtonMail and is able to review email communication and accounts. Going back on not only the promise but the mathematical insurance that privacy is well-maintained for ProtonMail inboxes.
– “For a company that has grown this big since just 2014, I find it amusing how they can get away with something like this and not be questioned on it. My attempt at extracting information regarding this account review they did, didn’t succeed.”
We’ve been unsuccessful in trying to reach out for a comment from ProtonMail regarding this discovery of the privacy breach, however, we will be sure to update this if we do get an update.
The post Is ProtonMail Really Safe? Cyber Security Enthusiast Reveals New Data Security Concerns appeared first on Hiptoro.
No comments:
Post a Comment