ProtonMail bolts on an encrypted contacts manager and digital signing for contacts

JustForex

Europe
JustForex



Another neat addition to end-to-end encrypted email client ProtonMail: It’s added a zero-access encrypted contacts manager that also digitally signs the contact info you store in it.

The new features have been added to v3.12 of ProtonMail’s web client, with the Swiss-based startup saying it’s working on also bringing the feature to its Android and iOS apps.

In a blog post announcing the contacts manager, it says the feature is a security benefit especially to those with a strong need to keep sources confidential — such as journalists — although it’s worth noting that any email addresses stored in the contacts manager are not encrypted (so the added security layer only applies to phone numbers and addresses).

ProtonMail writes:

The addition of encrypted contact fields brings many security benefits. For example, if you are a journalist with a confidential source, it is very important to protect the phone number or address of that source. Using the notes field in contacts, you can also add other information about the contact that will be protected with zero-access encryption. In order to do email filtering, we do not use zero-access encryption for email addresses — doing so also does not significantly improve privacy because as an email service, we necessarily must know who you are emailing in order to deliver the message.

It adds that it’s digitally signing contacts to “verify the integrity of contacts data” — offering users a “cryptographic guarantee that nobody (not even ProtonMail) has tampered with your contacts”.

The new digital signatures are used for all contact fields, including email address, with signed (and thus untampered) contacts being denoted by a tick icon displayed alongside.

ProtonMail‘s zero access encrypted email service exited beta in March last year. The company offers both a free e2e encrypted email client, with limited storage and feature, and paid tiers that beef up available capacity and capabilities.

It tells TechCrunch the new digital signature verification for contacts is available for all users.

While the e2e encrypted contact fields feature is currently only available for paid users — although co-founder Andy Yen says “this may change in the future”.

“In our view, verifying the authenticity of contacts data is even more important than hiding contacts data which is why digital signature verification is available for everyone,” he adds.

The full implementation of both features can be examined by outsiders via ProtonMail’s source code, which it open sources.

The company is also trailing a number of additional security enhancements that it says will build on the new contacts manager — and are coming in 2018.

“For example, our new contacts manager can also be extended to store public keys, which is an essential component for both sending PGP messages to people who don’t use ProtonMail, verifying the integrity of the keys themselves, and verifying the authenticity of received messages via digital signatures,” it writes, adding: “We are working on these, and many other security enhancements, and look forward to sharing them with the ProtonMail community in the future.”

The pro-privacy startup reported a boost in sign ups for its email service a year ago, following the election of Donald Trump in the US.

Yen says ProtonMail has around five million users at this stage — across its email product and a VPN service it also now offers.

Featured Image: Bryce Durbin/TechCrunch



Source link

JustForex

Products You May Like

Articles You May Like

Why is bitcoin’s price so high?
New net neutrality rules spark protests (CNET News)
In spite of digital transformation, 2017 did not yield the desired financial results for GE
Why gear rental marketplace Lumoid shut down
Facebook co-founder’s B Capital leads $10M investment in Indian payment startup Mswipe

Leave a Reply

Your email address will not be published. Required fields are marked *