Catch up on stories from the past week (and beyond) at the Slashdot story archive
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
So…. an unadulterated scam?
Perhaps crypto isn’t inherently scammy, but so far, nobody has found any other use for it.
The flip side of this is that if there’s only one door that looks like a vault door, then that’s likely where all the fun stuff is. If make it easy to install and use vault doors so that most doors look like a vault door, then you have to open them all to find which one has something other than expired coupons, if any.
I actually read the article and it is unclear what this solves or how it avoids exposing my confirmed email address to the world.
It appears they store users’ email address and public key in a public block chain… and then… 3: profit!
This doesn’t even guarantee the sender is the sender. It only guarantees that the first person to register an email with a key is the first person to register that email. It just kicks the can down the road and will create as much fraud (permanent now because it’s on an immutable public block chain) as it potentially stops.
What prevents TLA or evil ex or whomever from registering an email and then sending fake emails with their falsely created key? A verification email to the email account which is easily hacked by a lover, TLA or other criminal org? And once a an email is falsely registered how can it ever be corrected?
This is a solution that solves nothing and only creates more problems.
All I expect from this is to see spammers and scammers grab a copy of all those confirmed emails off the block chain and a handful of new identify theft victims.
I actually read the article and it is unclear what this solves or how it avoids exposing my confirmed email address to the world. It appears they store users’ email address and public key in a public block chain… and then… 3: profit!
You may want to read the article again. What I read is that this feature only works between two Proton Mail account holders. Secondly, only the hash of the email address and key are stored. And lastly, the database is private, not public.
If I’ve read that correctly, then your concerns about being able to spoof are unfounded. When you create your Proton Mail account is when the hash of your public key would be created, one assumes.
What exactly does it verify though?
If I register [email protected]; does it prove that my name is Bill Gates? Does it prove that I am the Bill Gates that most people think of when they see that name rather than some other Bill Gates?
And lastly, the database is private, not public.
I never quite got how a “private blockchain” was better than “a SQL database”. The public and distributed element of a blockchain was what made the database interesting; the public’s ability to replicate and query the blockchain was what made it interesting, but if it’s private and not distributed…it’s just a database.
And lastly, the database is private, not public.
I never quite got how a “private blockchain” was better than “a SQL database”. The public and distributed element of a blockchain was what made the database interesting; the public’s ability to replicate and query the blockchain was what made it interesting, but if it’s private and not distributed…it’s just a database.
Yeah – private block chain is an odd concept. I did some work for a wanna be gaming startup that had some pie in the sky ideas about the world, their place in it and block chain. They wanted to jam all this data on public block chain when a simple MySQL setup would’ve been better, faster, cheaper, easier to code their game app to, etc. They just desperately wanted to say they were a block chain based game.
So I did do two design docs for them showing work flow and data storage, etc. One for a standard 3
I actually read the article and it is unclear what this solves or how it avoids exposing my confirmed email address to the world.
I actually read the article and it is unclear what this solves or how it avoids exposing my confirmed email address to the world.
EMAIL isn’t very good at concealing addresses. In order to facilitate delivery, many people between sender and recipient need to see the addresses. Definitely that of the sender. And with the increasing use of things like DKIM, the sender’s address must be seen as well. The only thing one can accomplish is to create email addresses that are not tied to your identity in meatspace. And if Nimarata Randhawa* is elected president and gets her way, maybe not any longer.
*Why will I not be able to post under an a
Yes absolutely true, I totally agree. But this would provide third parties you don’t communicate with a list of known valid addresses or way to verify their purchased spam lists.
With no benefit to real people.
I RTFA this time and it looks like it’s more like how your devices’ validity is based on a chain of trust. Like Git basically. Keybase was doing this to exchange/validate PGP keys for a while now, so I wonder if their owners Zoom will get involved? I guess it’s a pretty common idea now if you think about it.
It’s like if you strip away all the woo from blockchain you end up with a pure, unadulterated hash table. Like git.
I like Proton, it’s probably the best available, but don’t confuse the security level.
I like Proton, it’s probably the best available, but don’t confuse the security level.
Absolutely. Proton is not good enough against APT/state actors, but it is a) much better than any hosted alternatives, especially and notably Google, b) allows non-technical people access to technologies that normally would be reserved for techies.
With this change they won’t control it anymore. They will have no ability to change it because it will exist immutable in a public ledger. MITM will not be possible.
Which is the entire point of the feature and what the GP poster does not understand.
Features like this are the entire ideal use case for Blockchain.
They will have no ability to change it because it will exist immutable in a public ledger. MITM will not be possible.
Is revocation possible? If no, what happens if I stupidly let my private key out of my control? If yes, why can’t the MITM revoke the old public key and issue a new one?
You can’t revoke anything on a blockchain. All you can do is append.
So you could UPDATE with a new key in a new appended record, but both keys are there in public on the blockchain, nothing is hidden. The person or technology consuming the blockchain would then decide which one to trust, presumably based on some external factor.
Well, presumably you’d add a revocation record saying that the original key is no longer valid. Sure, the key is still there, but if there’s another record that says it’s obsolete there’s not a lot of point in using it.
But the point of my question is this: You said that MITM attacks would not be possible. If it’s possible to revoke a key and get a new one for the same email address, what prevents someone from issuing a revocation record for your original key and making a new one? They could then interc
What exactly is the usage case for a *private* blockchain? There’s no need for a blockchain if you aren’t trying to get consensus for transactions, is there? You just use a normal database with immutable record logging.
If one entity controls the transactions on the blockchain, you don’t need blockchain technology.
So silly.
Ok, TFA is uninformative. I read a bit on the Proton Mail site, and these seem to be the main points:
The only blockchain benefit I can imagine, is that it would make it more difficult for a hacker (even a state-level hacker) to swap out someone’s public key. Given access to a database, all you need is an update query. With a blockchain, that becomes more difficult: adding a new block leaves obvious evidence, but reforging the entire blockchain is not trivial.
As others have said, ProtonMail security is way more than most people need. However, a few people do, in fact, need this level of security. And it’s good for lots of other people to use the service, to help hide the vulnerable.
I’ve always thought of blockchain when thinking of Microsoft’s old “plan” to try to get spammers to pay for email back in the early 2000’s.
They were working on a digital “stamp” that would take CPU to generate to reduce spam. Pretty much exactly what blockchain does, in theory
Old article on it – https://www.seattlepi.com/busi… [seattlepi.com]
Was never a fan, but it’s not an original idea from Protonmail for sure – wonder if MSFT patented it – and that’s why we are seeing it 20 years later?
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Windows is Now an App for iPhones, iPads, Macs, and PCs
FCC Can Now Punish Telecom Providers For Charging Customers More For Less
The last thing one knows in constructing a work is what to put first. — Blaise Pascal