If you're looking for a fancy academic whitepaper, here is one example:
An Analysis of the ProtonMail
Cryptographic Architecture
Nadim Kobeissi
September 6, 2021
https://eprint.iacr.org/2018/1121.pdf
and the part me & you are talking about is:
Pg 7 of 14.
Section 4.1.1
If you're looking for me to say it to you in raw shit, here it is:
When you use Nostr you have the private key on your device, browser extension or client.
When you use Protonmail, their web app is unlocking/signing/or generating for you the private key stored via encryption on their server. So there are many ways they can screw with you. Including SOME:
a) serving you bogus code to phish the password
b) telling you the other proton guy's public PGP key is something else
c) brute forcing you, they have unlimited attempts with no time lock. And your password is weaker than a PGP Key.
d) messing with you during registration to begin with
SimplifiedPrivacy.com
npub14s…jt5d6
2024-06-16 05:04:44
in reply to nevent1q…ttrp
Author Public Key
npub14slk4lshtylkrqg9z0dvng09gn58h88frvnax7uga3v0h25szj4qzjt5d6Published at
2024-06-16 05:04:44Event JSON
{
"id": "ce48b0039d8030f3696407b3ff43f5e1060efe54d612936c3956355c0f87cca0",
"pubkey": "ac3f6afe17593f61810513dac9a1e544e87b9ce91b27d37b88ec58fbaa9014aa",
"created_at": 1718507084,
"kind": 1,
"tags": [
[
"p",
"0c3d79f69083fdbdf2a8c884bc9f77bb8c03fef9b3f394cac6973a7b6fbed00c"
],
[
"e",
"9c77ce5cb02eb93b16091241a9551df8d264a4485d7e78469147a9702e90fb0a",
"wss://relay.nostr.bg/",
"root"
],
[
"e",
"2196600e5962c7e62b8a36b04a33f39a155ebdeb82143f04b04d092da53b523f",
"wss://nos.lol/",
"reply"
]
],
"content": "If you're looking for a fancy academic whitepaper, here is one example:\n\nAn Analysis of the ProtonMail\nCryptographic Architecture\nNadim Kobeissi\nSeptember 6, 2021\nhttps://eprint.iacr.org/2018/1121.pdf\n\nand the part me \u0026 you are talking about is:\nPg 7 of 14.\nSection 4.1.1\n\nIf you're looking for me to say it to you in raw shit, here it is:\n\nWhen you use Nostr you have the private key on your device, browser extension or client.\n\nWhen you use Protonmail, their web app is unlocking/signing/or generating for you the private key stored via encryption on their server. So there are many ways they can screw with you. Including SOME:\n\na) serving you bogus code to phish the password\nb) telling you the other proton guy's public PGP key is something else\nc) brute forcing you, they have unlimited attempts with no time lock. And your password is weaker than a PGP Key.\nd) messing with you during registration to begin with",
"sig": "805e68051e5b9cfdbdf96c565e91bd43d8e4484482ec68416142ea349fa11657be3fbfbdf5f82ff6fee2ef135e73472c414da637a3c512be9999afa274fcdcb8"
}