#ProtonMail blocks #ElectronMail, saying outdated app

#Protonmail (whose microblogging presence is limited to Elon Musk’s assets) has become quite a burden in the past couple yrs. #Hydroxide is broken, thus pushing us to use the web client (because #Electronmail is broken too), and the web client periodically pushes a CAPTCHA. So it’s a game of trying to login as infrequently as possible, yet if too much time passes your acct is dead.

@Mayana @storydragon It poses a security risk as well because when you are forced to login to a website and run unaudited javascript that can change day to day, you are at risk for malicious js every time you login. The solution used to be a 3rd party tool: #Electronmail, but tutanota support was dropped a year or so ago.

@thatbrickster @orekix @Hyolobrika@mstdn.io @inference@pleroma.inferencium.net The flaw with #Protonmail is that it relies on on-the-fly #JavaScript. A smart user can use #Electronmail or #hydroxide to counter the threat of malicious JS, but then when Protonmail pushes their #CAPTCHA things get dicey.

@dsfgs @pj@bitcoinhackers.org The only control for that scenario is for the user to run a client that bundles in audited JS. #Electronmail demonstrates that scenario. Since #Protonmail will comply with Swiss court orders, you wouldn’t want to visit protonmail.ch from just any browser and download the JS dynamically if Swiss courts are in your threat model. You'd want to download Electronmail anonymously.

@widace @thenewoil @xair @makkusu@mstdn.social I also suspect a lot of normies are competent enough to install #ElectronMail, which bumps the security of Protonmail access up a notch.

@dredmorbius @Hawk1291 the better way is to not use webmail. But if you must, a good compromise is to run #ElectronMail and connect to #Protonmail.

@ataraxia937@fosstodon.org
Yikes - gmail is the worst possible choice. It has no public key crypto & #Google has mastered monetizing data. A small operation like #Protonmail couldn't monetize the data to the extent that google does even if they tried.

Note as well that #Electronmail solves the s/w problem. It's a #freesoftware MUA for Protonmail that you can audit & doesn't require you to trust PM's on-the-fly non-free #javascript.

@cadadr@mastodon.sdf.org