With nostr:nprofile1qqsdu74x8vw8aqylv6n8hhxjh4xf22sfe4fwuq0d0ke435ym4ktlssqpz4mhxue69uhhyetvv9ujumt0wd68ytnsw43qzxthwden5te0wfjkccte9eeks6t5vehhycm99ehkuegprpmhxue69uhkummnw3ezucm0d9hxvatwvshxzursdn707c, if you don't use two-password mode, they can decrypt your stuff.
Discussion
Hello userπ!
I've made it easy and convenient everyone to easily get to me and have quick convo.
You can connect with me now via simpleX Chat with the link below β¬
Not sure what do you mean,
To the best of my knowledge, ProtonMail uses end-to-end encryption to protect user data, meaning that only the sender and recipient can read the contents of the messages. ProtonMail itself does not have access to the encryption keys, which means they cannot decrypt your emails.
Granted that it is best to have 2FA for better security and the two-password mode is a plus.
I am curious, What am I missing? Any leaks?
Proton Mail's two-password mode uses one password for account login (+2FA if you want) and another for decrypting your mailbox, providing an extra layer of security.
The reason why they combined the passwords, or more like derive the decryption password from the login password, is so that they can provide account recovery. I think it is misleading not to be more upfront about that. People rightly assumed they were getting ee2e
As I understood it, it's up to the user to set various recovery methods. Proton can't help you with recovery.
https://proton.me/support/set-account-recovery-methods
Unfortunately nostr:nprofile1qqsdu74x8vw8aqylv6n8hhxjh4xf22sfe4fwuq0d0ke435ym4ktlssqpz4mhxue69uhhyetvv9ujumt0wd68ytnsw43qzxthwden5te0wfjkccte9eeks6t5vehhycm99ehkuegprpmhxue69uhkummnw3ezucm0d9hxvatwvshxzursdn707c posts from Mastodon so they can't clear this up here.
Yes I think what I said made it sound like you don't get ee2e by default, but that is not what I meant. It is that if they can provide recovery with just an alternate email address, then they can also decrypt your stuff if they wanted to. Going back to a separate decryption password that only you have prevents that. Would be nice for nostr:nprofile1qqsdu74x8vw8aqylv6n8hhxjh4xf22sfe4fwuq0d0ke435ym4ktlssqpz4mhxue69uhhyetvv9ujumt0wd68ytnsw43qzxthwden5te0wfjkccte9eeks6t5vehhycm99ehkuegprpmhxue69uhkummnw3ezucm0d9hxvatwvshxzursdn707c to chime in though