this post was submitted on 03 Jul 2024
872 points (98.0% liked)

Technology

59578 readers
3381 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
872
Proton launches privacy-focused Google Docs alternative: Docs in Proton Drive is an open-source, end-to-end encrypted collaborative document editor (proton.me)
submitted 4 months ago by ForgottenFlux@lemmy.world to c/technology@lemmy.world
167 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Gestrid@lemmy.ca 2 points 4 months ago (1 children)

That's where the second and third paragraphs come in. Because other companies likely test it themselves, too.

They'll typically report security bugs privately and then, after X amount of months, publicly announce the bug. Doing it this way will, ideally, force the other company to patch the bug prior to the announcement. If not, they'll end up with a publicly known security bug that bad actors can now exploit. The announcement will also let the public (including companies) know to update their software.

[–] Excrubulent@slrpnk.net 0 points 4 months ago (1 children)

Yes, and those other paragraphs are the same thing other proprietary companies do. Your opening paragraph is just absurd on the face of it because "inspected" does not mean "by themselves".

The second paragraph is literally speculation about something that might happen.

The third paragraph is about bug bounties, which every major software company does and which does not involve code inspection.

You just smokescreened and talked around the fact that your opening statement "it probably is inspected" is entirely unverifiable and non-credible even if true. I guess since you started that sentence with "I imagine" then it is technically true. You did imagine that.

[–] Gestrid@lemmy.ca 1 points 4 months ago* (last edited 4 months ago) (1 children)

I admittedly should've done more research before my first comment, but it does actually turn out that everything I said is true. Proton's technology was previously audited by Mozilla and is currently audited by SEC Consult and other companies regularly, and the audits are available for everyone to view. Additionally, they do have a bug bounty program. Also (and this is something I didn't mention), the ProtonVPN and Proton Mail apps are all open source.

[–] Excrubulent@slrpnk.net 0 points 4 months ago (1 children)

Is that the backend code? It seems like they're talking about the apps, not backend code. The thing being discussed here is backend code.

[–] lastweakness@lemmy.world 1 points 4 months ago (1 children)

Nearly all of Proton's stuff uses publicly verifiable client side encryption, so idk what all this is about

[–] Excrubulent@slrpnk.net 1 points 4 months ago

It's about the server-side code. If that's not an issue then someone needs to make the argument, not throw up smokescreens about the apps and frontend code.

You're right that the encryption needs to be verifiable on the client side, but then why not share the server side code?

I mean if they did, anyone could theoretically spin up an instance, which would be good, actually.