Proton Mail, the leading privacy-focused email service, is making its first foray into blockchain technology with Key Transparency, which will allow users to verify email addresses. From a report: In an interview with Fortune, CEO and founder Andy Yen made clear that although the new feature uses blockchain, the key technology behind crypto, Key Transparency isn’t “some sketchy cryptocurrency” linked to an “exit scam.” A student of cryptography, Yen added that the new feature is “blockchain in a very pure form,” and it allows the platform to solve the thorny issue of ensuring that every email address actually belongs to the person who’s claiming it.

Proton Mail uses end-to-end encryption, a secure form of communication that ensures only the intended recipient can read the information. Senders encrypt an email using their intended recipient’s public key – a long string of letters and numbers – which the recipient can then decrypt with their own private key. The issue, Yen said, is ensuring that the public key actually belongs to the intended recipient. “Maybe it’s the NSA that has created a fake public key linked to you, and I’m somehow tricked into encrypting data with that public key,” he told Fortune. In the security space, the tactic is known as a “man-in-the-middle attack,” like a postal worker opening your bank statement to get your social security number and then resealing the envelope.

Blockchains are an immutable ledger, meaning any data initially entered onto them can’t be altered. Yen realized that putting users’ public keys on a blockchain would create a record ensuring those keys actually belonged to them – and would be cross-referenced whenever other users send emails. “In order for the verification to be trusted, it needs to be public, and it needs to be unchanging,” Yen said.

Curious if anyone here would use a feature like this? It sounds neat but I don’t think I’m going to be needing a feature like this on a day-to-day basis, though I could see use cases for folks handling sensitive information.

  • cheese_greater@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    1
    ·
    edit-2
    1 year ago

    What does Monero do? Why don’t they emulate whatever it is that Monero achieves its reputation and functionality with?

    • demesisx@infosec.pub
      link
      fedilink
      English
      arrow-up
      18
      ·
      edit-2
      1 year ago

      What does Monera do?

      it is a crypto currency that:

      Monero uses three different privacy technologies: ring signatures, ring confidential transactions (RingCT), and stealth addresses. These hide the sender, amount, and receiver in the transaction, respectively. All transactions on the network are private by mandate; there is no way to accidentally send a transparent transaction. This feature is exclusive to Monero. You do not need to trust anyone else with your privacy.

      IMO, as a software engineer, leveraging the network effect of Monero was a wise choice. In decentralized systems, the network effect (the amount of unique, separate nodes on a network) is directly correlated to the security of that network. If I were to transact with you in a public place (like a mall food court), you could correlate the presence of other parties in the food court as unique nodes in a network. The more eyes you have witnessing you transaction, the more intrinsic security that transaction has.

      Another concept that actually comes into play in cryptocurrency-based systems is that the intrinsic value of that token directly relates to the security of the data in its network. That could be another reason that they chose Monero. Since it already has stable value, it offers a pre-existing and stable security solution.

      • cheese_greater@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        How does it address the issues with like money laundering, KYC, etc? Wouldn’t you, in practice, basically need a lawyer to help make sure you “use” it correctly and legally?

        • demesisx@infosec.pub
          link
          fedilink
          English
          arrow-up
          12
          ·
          edit-2
          1 year ago

          I could be wrong (since article is paywalled) but as a DApp dev, Proton probably has a wallet with enough Monero to run this smart contract without anyone needing to add any money at all. So you wouldn’t be getting a Monero wallet in it. It would simply mint an NFT that you could then refer back to for verification that this is the same address that I say it is. It would simply leverage the monero chain every time an account was created and mint that as a unique ID (NFT!).