213
submitted 11 months ago* (last edited 11 months ago) by brihuang95@sopuli.xyz to c/privacy@lemmy.ml

Proton Mail, the leading privacy-focused email service, is making its first foray into blockchain technology with Key Transparency, which will allow users to verify email addresses. From a report: In an interview with Fortune, CEO and founder Andy Yen made clear that although the new feature uses blockchain, the key technology behind crypto, Key Transparency isn't "some sketchy cryptocurrency" linked to an "exit scam." A student of cryptography, Yen added that the new feature is "blockchain in a very pure form," and it allows the platform to solve the thorny issue of ensuring that every email address actually belongs to the person who's claiming it.

Proton Mail uses end-to-end encryption, a secure form of communication that ensures only the intended recipient can read the information. Senders encrypt an email using their intended recipient's public key -- a long string of letters and numbers -- which the recipient can then decrypt with their own private key. The issue, Yen said, is ensuring that the public key actually belongs to the intended recipient. "Maybe it's the NSA that has created a fake public key linked to you, and I'm somehow tricked into encrypting data with that public key," he told Fortune. In the security space, the tactic is known as a "man-in-the-middle attack," like a postal worker opening your bank statement to get your social security number and then resealing the envelope.

Blockchains are an immutable ledger, meaning any data initially entered onto them can't be altered. Yen realized that putting users' public keys on a blockchain would create a record ensuring those keys actually belonged to them -- and would be cross-referenced whenever other users send emails. "In order for the verification to be trusted, it needs to be public, and it needs to be unchanging," Yen said.

Curious if anyone here would use a feature like this? It sounds neat but I don't think I'm going to be needing a feature like this on a day-to-day basis, though I could see use cases for folks handling sensitive information.

you are viewing a single comment's thread
view the rest of the comments
[-] demesisx@infosec.pub 21 points 11 months ago* (last edited 11 months ago)

What does Monera do?

it is a crypto currency that:

Monero uses three different privacy technologies: ring signatures, ring confidential transactions (RingCT), and stealth addresses. These hide the sender, amount, and receiver in the transaction, respectively. All transactions on the network are private by mandate; there is no way to accidentally send a transparent transaction. This feature is exclusive to Monero. You do not need to trust anyone else with your privacy.

IMO, as a software engineer, leveraging the network effect of Monero was a wise choice. In decentralized systems, the network effect (the amount of unique, separate nodes on a network) is directly correlated to the security of that network. If I were to transact with you in a public place (like a mall food court), you could correlate the presence of other parties in the food court as unique nodes in a network. The more eyes you have witnessing you transaction, the more intrinsic security that transaction has.

Another concept that actually comes into play in cryptocurrency-based systems is that the intrinsic value of that token directly relates to the security of the data in its network. That could be another reason that they chose Monero. Since it already has stable value, it offers a pre-existing and stable security solution.

[-] cheese_greater@lemmy.world 2 points 11 months ago

How does it address the issues with like money laundering, KYC, etc? Wouldn't you, in practice, basically need a lawyer to help make sure you "use" it correctly and legally?

[-] demesisx@infosec.pub 13 points 11 months ago* (last edited 11 months ago)

I could be wrong (since article is paywalled) but as a DApp dev, Proton probably has a wallet with enough Monero to run this smart contract without anyone needing to add any money at all. So you wouldn’t be getting a Monero wallet in it. It would simply mint an NFT that you could then refer back to for verification that this is the same address that I say it is. It would simply leverage the monero chain every time an account was created and mint that as a unique ID (NFT!).

[-] cheese_greater@lemmy.world 4 points 11 months ago

A valueless NFT? Not sure I can conceive of such a thing ;)

[-] LWD@lemm.ee -4 points 11 months ago* (last edited 10 months ago)
[-] chicken@lemmy.dbzer0.com 1 points 11 months ago* (last edited 11 months ago)

Wouldn’t you, in practice, basically need a lawyer to help make sure you “use” it correctly and legally?

Using private cryptocurrency is not illegal, at least in the United States, nor should it be. This is like worrying if it is legal to pay for things with cash.

this post was submitted on 16 Nov 2023
213 points (93.8% liked)

Privacy

31609 readers
512 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS