Oddbean new post about | logout
RandomNym666 🏴 | 1 months ago (raw) | root | parent | reply | flag +1 
 Which web apps password?
SimplifiedPrivacy.com Podcast | 1 months ago (raw) | root | parent | reply | flag 
 The run a website which serves you the password prompt.
Do you inspect this source code every single time you login?
RandomNym666 🏴 | 1 months ago (raw) | root | parent | reply | flag +1 
 Its like any other service. Nothing special here.
RandomNym666 🏴 | 1 months ago (raw) | root | parent | reply | flag 
 Do you check every Nostr relay you use, do  you check every VPS you use? Do you check your ISP which data they use?
SimplifiedPrivacy.com Podcast | 1 months ago (raw) | root | parent | reply | flag 
 Yes it's like any other web browser app, so you shouldn't be using web apps.  We encourage people to use CLIENTS.  Nostr clients interact with relays in a way that assumes they are hostile.  The relay can't see the password.

While as protonmail is purposefully pushing people to their web app, because thunderbird or normal email clients don't work.  PGP should be done on the end client, not kept in the cloud.
freeborn | ἐλεύθερος | 1 months ago (raw) | root | parent | reply | flag 
 YOU WOULDN'T 

upload your bitcoin private key to an exchange

SO WHY WOULD YOU

upload your pgp private key to an email server
RandomNym666 🏴 | 1 months ago (raw) | root | parent | reply | flag +1 
 Protonmail is another concept, their concept is build on how to make it super easy for customers. That's it. Even a client can be a problem, that has nothing to do with an web app etc. You also can't never be sure what is really running on an infrastructure. You can never be sure as customer when you buy a email installation service from someone that the someone doesn't install shitty. 
As you see we have the problem everywhere and there is absolutely nothing special with Proton.
SimplifiedPrivacy.com Podcast | 1 months ago (raw) | root | parent | reply | flag +1 
 I am being respectful to educate you, but it's possible this conversation could go downhill if you continue to fail to understand the concept.

Would you agree that a Nostr client is different than inserting your private Nostr key into a web app text box?

If you are capable of understanding this,
Then how do you not grasp that PGP on your end client, is radically different than inserting the PGP private key into a web app text box??

Protonmail is propaganda, changing the definition of end-to-end.  It’s end-to-cloud.
RandomNym666 🏴 | 1 months ago (raw) | root | parent | reply | flag 
 You educate me? JFC 
I know what you mean or what you try to say but still there are some things wrong. But we do not have to argue here because it seems to be senseless.
SimplifiedPrivacy.com Podcast | 1 months ago (raw) | root | parent | reply | flag 
 Is proton better than gmail? Yeah
do we need perfect? no.  something is better than nothing

I’m just saying I’m trying to promote decentralization, people on smaller servers doing email.  If proton is encouraging people to only use their app, which doesn’t translate to real clients, it encourages centralization.  Especially if one can't use external PGP with them, unless it's literally copy pasted as text

We all want the same things, just disagree over what’s the best way to do it.  I appreciate your time regardless