Yes, all web apps have the problem, and so it's not end-to-end.
No, It does NOT avoid middle attacks, since they can serve you phising info. Also there's some analysis of proton of your password at account creation to make sure you're not a bot. So if you have 90 random characters, its more likely to reject you as a spam bot, and not let you make an account. But if you have basic WORDS that aren't random like "carrot" it will. This means they are seeing the password, connected to the backend spam filter. That's not private at all. And the source on this is me. We may release an official paper on it, but for now I'm just making the statement.
It's your subjective opinion if the trade off is good, but it's far less secure than self-hosting. And a self-host VPS costs the same as a Proton Pro subscription.
SimplifiedPrivacy.com
npub14sl…t5d6
2024-06-17 16:57:27
in reply to nevent1q…qvg2
Author Public Key
npub14slk4lshtylkrqg9z0dvng09gn58h88frvnax7uga3v0h25szj4qzjt5d6Published at
2024-06-17 16:57:27Event JSON
{
"id": "d1a8f4cf739988338a1ca4487513649f8df0fdf7de9d5374a2d51d97093f4a57",
"pubkey": "ac3f6afe17593f61810513dac9a1e544e87b9ce91b27d37b88ec58fbaa9014aa",
"created_at": 1718636247,
"kind": 1,
"tags": [
[
"p",
"0c3d79f69083fdbdf2a8c884bc9f77bb8c03fef9b3f394cac6973a7b6fbed00c"
],
[
"e",
"9c77ce5cb02eb93b16091241a9551df8d264a4485d7e78469147a9702e90fb0a",
"wss://relay.nostr.bg/",
"root"
],
[
"e",
"4af0c6089566fccf98d88ccd7cb6c5db21f577e2ab671e21e5725ea211a87a63",
"wss://nos.lol/",
"reply"
]
],
"content": "Yes, all web apps have the problem, and so it's not end-to-end.\nNo, It does NOT avoid middle attacks, since they can serve you phising info. Also there's some analysis of proton of your password at account creation to make sure you're not a bot. So if you have 90 random characters, its more likely to reject you as a spam bot, and not let you make an account. But if you have basic WORDS that aren't random like \"carrot\" it will. This means they are seeing the password, connected to the backend spam filter. That's not private at all. And the source on this is me. We may release an official paper on it, but for now I'm just making the statement.\n\nIt's your subjective opinion if the trade off is good, but it's far less secure than self-hosting. And a self-host VPS costs the same as a Proton Pro subscription.",
"sig": "7889ae12b502a8d6ee9a3f33e7739b45336fed92ae9692c7bcbd387b50c34505cbf2535e7f5ed11253e6187faafd7945762146cda1c7522baa1a83e842027b04"
}