"It seems Nadim (the author of this paper) took it really badly when we called him out for intentionally spreading fake news this weekend." [1]

That's really low. The beautiful thing about computers is that we can prove each others right or wrong with technical arguments. If ProtonMail thinks Nadim has a personal grudge against them, wouldn't it be beautiful for them to disprove him with another professionally written paper as Nadim did? They can't.

Also, I think Nadim knows more than anyone the dangers of pushing weak products and marketing them as secure. It happened to him with Cryptocat. It's a thing that can harm reputation and also harm users, Nadim went through that and I believe he has good intentions by presenting this paper.

---

[1] https://www.reddit.com/r/ProtonMail/comments/9yqxkh/an_analy...

For example, from their security details page [1]:

"This means we don't have the technical ability to decrypt your messages, and as a result, we are unable to hand your data over to third parties."

This is not true for the web client, as shown by the paper and because of the inherent nature of web applications and the (incomplete) verification mechanisms we have today.

In the same page, they claim:

"As ProtonMail is outside of US and EU jurisdiction, only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel us to release the extremely limited user information we have."

I'm not a lawyer and I don't care about the details. But they are saying that there is a way for a court to get their information. If that court cannot be used as a proxy for the US or other country I don't know, and normal users can't easily verify that claim. Only a lawyer could. But I admit, it sounds great!

The hardware security section is complete nonsense:

"Our primary datacenter is located under 1000 meters of granite rock in a heavily guarded bunker which can survive a nuclear attack. This provides an extra layer of protection by ensuring your encrypted emails are not easily accessible to any third parties. On a system level, our servers utilize fully encrypted hard disks with multiple password layers so data security is preserved even if our hardware is seized."

The nuclear bunker thing is really awesome, sounds like a lot of fun. But how does this offer extra guarantees to privacy? Does it have any windows? how secure are the doors? Also, the "multiple password layers" is nonsense, what does that even mean? Are you encrypting the same thing multiple times?

The main problem with ProtonMail and services similar to it is that they keep the concept of e-mail as we know it alive, when it should be disappearing.

ProtonMail's native mobile apps can be somewhat secure yes, but at that point, conceptually, they are the same as any other secure messaging app. But instead they are using an inferior protocol than the one being used by Signal, Wire or WhatsApp.

The claim that WhatsApp and Wire both have webapps I think is valid, every messaging service should do a better work warning users about the dangers of desktop/web-based applications. But if this is their only defense, then I think they should really need to worry about their own service and stop diverting attention.

---

[1] https://protonmail.com/security-details

This is their main defense, they will probably post a link to their GitHub page where the code of the front end application is hosted.

The thing is, to validate that the code published in GitHub is the same one that you're running right now while you're logged into ProtonMail, requires a dynamic analysis challenge that is quite not achievable.

So if ProtonMail decides to go rogue, or if an attacker compromises their servers, it would be doable to send all users, or some targeted users, a modified version of the webapp which steals your password, retrieves the decrypted key, etc, etc, etc.

For example, CEH (Certified Ethical Hacker) is a certification you'll see in a lot of job postings. The thing is, if you know this field, you know that this certification is worthless; it's just an expensive piece of paper. So, if you get a job that requires you to be CEH, it's telling a lot about the company itself, you don't want to work there.

Same goes for the other certs, CISSP is OK but it doesn't really prove you can actually do useful work, and the jobs that require them are not the most interesting ones. The other popular one is OSCP, which I think is quite OK. It shows a minimal level of competence.

But I tend to agree with the feeling that certification in this field do more harm than good. What we need is more professionalism and good engineering.

EDIT: To clarify my point on OSCP, it is good in the sense that they force you to do hands on work. But, it is very narrow and most of what you learn are "tricks". An OSCP holder is proven to know what a pentest it, how to go about with it, and has a lot of sometimes useful tricks under his belt. It will not tell you whether someone really knows how applications and systems works.

If you're interested in stuff like malware analysis, then you could start doing it as a hobby and maintain a good blog where you explain all your analysis as you learn.

I guess that given your background, the smoothest transition will be to something like application security engineer/devops security. There is a trend where companies are hiring developers who also know security, to be part of the dev team. So any bug that has an impact in security will be fixed by this role. Also, the new architectural landscape (cloud everything) is really changing the game, and having expertise in these solutions from a security perspective is a very valuable skill.

I don't know of particular certifications for application security or "DevSecOps" that will help you. I know that for example, in your situation; CISSP is not useful. CISSP jobs are mostly boring.

If you're interested in the offensive side, then the OSCP certification is a good bet; it shows that you understand and are able to execute a simple pentest. It is a well regarded certification and It will mostly make up for your lack of professional experience in the subject.

In conclusion, you're making good money right now; unless you're really bored and unchallenged, I'll start getting into security as a hobbie, and see how can you apply what you learn on your current job. Maybe you can even change roles where you're at. But try to use your current experience and give it a security twist, so you can then build on your experience instead of trying to make up for the lack of it with bogus certifications.

There is a similar project, which I think is better organized and has more lists to play with:

https://github.com/danielmiessler/SecLists

We tend to attribute their success to corruption, exploitation, or brute-force (given their population). But, could it be that they have something going for them? Maybe they are as capable as we are, as productive as we are, and also are putting the extra work.

Don't get me wrong, I believe this is totally unhealthy for individuals. But it doesn't seem unreasonable for me that a highly capable and motivated individual would indeed produce more in 16 than in 8 hours, health and normal life aside.

It is totally OK if you are extremely worried about hypothetical scenarios where the phone number you used to register to the Signal network can be correlated to your physical location and then a gas station camera filmed you and then all is lost; but I want to believe that really at risk people are smarter than that, and just get a burner phone and even pay a homeless person a few bucks to buy it for them.

There are also ways to get a phone number through the Internet, so you don't even have to go to a physical location to buy it.

I think that's why Signal isn't prioritizing this right now, phone numbers can be a problem? yes. Is it hard to get a fake phone number that is not traceable to you? not really. Next problem please.

I think Signal is achieving the goal of being the default go-to secure messenger. I'm sure, even technical people who like to nerd out on alternatives, faced with a real world risky situation when they have to communicate with a non-technical person, would recommend Signal without a second thought.

If they catered to what some people want (no phone numbers and federated network) then the regular user would have different options to use Signal. Which one is the correct one? Are they all the same? No. if you decide to develop your own client (like the LibreSignal example), do you trust that the client is secure? If the end application has vulnerabilities, then the communication privacy is compromised. That's why I say they're intertwined. Even Signal suffered from this same thing with the Desktop client. It is not an easy problem to solve, and that's why Signal does not want to have random people creating custom client apps and having them associated with the project, as it could confuse non-technical users.

What you achieve with custom ROMs and custom app stores is customization capabilities and nothing more. If you believe you're achieving next-level security or privacy because you don't have Google installed; you're kidding yourself. Yes, you may be leaking (at first glance) less data to advertisers; but you've opened a whole different kind of attacks that could compromise all your data on your phone, not just what Google and the Android platform allow to share.

A perfect example is the "LibreSignal" project you mentioned, what kind of joke was that? The project was abandoned because it didn't get Moxie's blessing? That's a really strong sign of commitment with the cause. I'm sure that LibreSignal has more than zero active users, what do you think about their security/privacy level currently?

"We’re not placing any particular bounds on this project and will work to improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers"

--- [1] https://googleprojectzero.blogspot.com/2014/07/announcing-pr...

It's "plata o plomo".

"Plata" can mean "silver" or "money". In this context they are referring to "money".

"Plato" is literally "plate" as in where you put your food on.

This risk is real even in the hypothetical world were everyone uses ProtonMail, but in the real world you have a bigger risk: most people don't use ProtonMail and the risk of your e-mail being included/forwarded whatever to a "plaintext" service is really high.

I would recommend to avoid ProtonMail and other e-mail services that claim to be secure, and stick to end-to-end solutions like Signal/Wire/WhatsApp.

Totally agree with your point about trust being a very hard problem to solve, that's why CAs first came in to place, and now we have CT (which is not widely adopted yet). It is a problem that has no clear and definite solution yet.

Edit: Also, CT is no magical solution. It's just another "node" in the graph of trust we're establishing. As many other things have in the past, the CT system itself could also fail.

I totally agree that it's important, and I understand the attack vectors. But what about your outdated WordPress/Joomla installation? What about your default password on your admin site? Those I think are more serious issues, but of course harder to tackle.

To exploit a MiTM you need to be on the same network, this could be achieved through your local-cafe's WiFi or by compromising an internal system of a local network. Not a trivial task I would say. If you manage to pull it off, the impact is contained to that local network.

If you compromise the insecure site directly, you can have an much wider audience and HTTPS won't help you in this scenario.

The value of a CA is that it's a trusted 3rd party that holds a private key used to sign public keys (certificates). Never a CA should get hold of your private keys.

Also, why would they do this? It's smarter to compromise the existing CAs.

We end up discussing on what this hypothetical "regular user" does with biased examples from our own experience. The ones who really have a basic idea of what regular users do are the big players like Apple, Google and Microsoft; from all the telemetry they collect.

I'm certainly not condescending "regular users", on the contrary; I understand why a lot of people don't want to deal with technology and I defend the fact that systems should be easy to use. From your comments I think you're trying to portray us as if we think that regular users are stupid. Which is certainly not the case.

My point is that most people don't base their purchase decisions on technical grounds. Mostly because of money and sometimes status factors.

Again, all these coming from my personal experience; I haven't taken the time to search for an actual statistical study on user preferences. I know I've installed Linux on a lot of people's home/personal computer without them knowing what happened and are happy to this day.