Proton Mail CEO Calls New Address Verification Feature 'Blockchain in a Very Pure Form'

Proton Mail, the leading privacy-focused email service, is making its first foray into blockchain technology with Key Transparency, which will allow users to verify email addresses. From a report: In an interview with Fortune, CEO and founder Andy Yen made clear that although the new feature uses blockchain, the key technology behind crypto, Key Transparency isn't "some sketchy cryptocurrency" linked to an "exit scam." A student of cryptography, Yen added that the new feature is "blockchain in a very pure form," and it allows the platform to solve the thorny issue of ensuring that every email address actually belongs to the person who's claiming it.

Proton Mail uses end-to-end encryption, a secure form of communication that ensures only the intended recipient can read the information. Senders encrypt an email using their intended recipient's public key -- a long string of letters and numbers -- which the recipient can then decrypt with their own private key. The issue, Yen said, is ensuring that the public key actually belongs to the intended recipient. "Maybe it's the NSA that has created a fake public key linked to you, and I'm somehow tricked into encrypting data with that public key," he told Fortune. In the security space, the tactic is known as a "man-in-the-middle attack," like a postal worker opening your bank statement to get your social security number and then resealing the envelope.

Blockchains are an immutable ledger, meaning any data initially entered onto them can't be altered. Yen realized that putting users' public keys on a blockchain would create a record ensuring those keys actually belonged to them -- and would be cross-referenced whenever other users send emails. "In order for the verification to be trusted, it needs to be public, and it needs to be unchanging," Yen said.

'Blockchain in a Very Pure Form'?

[Opportunist]

So.... an unadulterated scam?

Re: 'Blockchain in a Very Pure Form'?

[Currently_Defacating]

What's a scam about a cryptographically verifiable database?

Re:

[taustin]

Perhaps crypto isn't inherently scammy, but so far, nobody has found any other use for it.

For the Three People Who Asked

[Press2ToContinue]

Proton Mail diving into blockchain for email verification is like finding a high-tech solution for a party where only a few guests show up. Sure, for those ultra-secret, 'if I tell you I have to delete you' emails, this is top-notch stuff. But let's face it, most of our inboxes are just a mix of newsletters we never read and reminders for bills we wish we didn't have. We've had the option to lock down our emails tighter than Fort Knox with public key encryption for ages, but did we? Nah, too much hassle. So, adding blockchain into the mix is like adding a biometric lock on a door that we barely bother to close. It's like having a super-secure, high-tech vault... to store our collection of expired coupons.

Re:

[radarskiy]

The flip side of this is that if there's only one door that looks like a vault door, then that's likely where all the fun stuff is. If make it easy to install and use vault doors so that most doors look like a vault door, then you have to open them all to find which one has something other than expired coupons, if any.

Wait, what? Privacy?

[iAmWaySmarterThanYou]

I actually read the article and it is unclear what this solves or how it avoids exposing my confirmed email address to the world.

It appears they store users' email address and public key in a public block chain... and then... 3: profit!

This doesn't even guarantee the sender is the sender. It only guarantees that the first person to register an email with a key is the first person to register that email. It just kicks the can down the road and will create as much fraud (permanent now because it's on an immutable public block chain) as it potentially stops.

What prevents TLA or evil ex or whomever from registering an email and then sending fake emails with their falsely created key? A verification email to the email account which is easily hacked by a lover, TLA or other criminal org? And once a an email is falsely registered how can it ever be corrected?

This is a solution that solves nothing and only creates more problems.

All I expect from this is to see spammers and scammers grab a copy of all those confirmed emails off the block chain and a handful of new identify theft victims.

Re:Wait, what? Privacy?

[davide marney]

I actually read the article and it is unclear what this solves or how it avoids exposing my confirmed email address to the world. It appears they store users' email address and public key in a public block chain... and then... 3: profit!

You may want to read the article again. What I read is that this feature only works between two Proton Mail account holders. Secondly, only the hash of the email address and key are stored. And lastly, the database is private, not public.

If I've read that correctly, then your concerns about being able to spoof are unfounded. When you create your Proton Mail account is when the hash of your public key would be created, one assumes.

Re:

[jonbryce]

What exactly does it verify though?
If I register bill.gates@protonmail.whatever; does it prove that my name is Bill Gates? Does it prove that I am the Bill Gates that most people think of when they see that name rather than some other Bill Gates?

Re:

[Voyager529]

And lastly, the database is private, not public.

I never quite got how a "private blockchain" was better than "a SQL database". The public and distributed element of a blockchain was what made the database interesting; the public's ability to replicate and query the blockchain was what made it interesting, but if it's private and not distributed...it's just a database.

Re:

[iAmWaySmarterThanYou]

Yeah - private block chain is an odd concept. I did some work for a wanna be gaming startup that had some pie in the sky ideas about the world, their place in it and block chain. They wanted to jam all this data on public block chain when a simple MySQL setup would've been better, faster, cheaper, easier to code their game app to, etc. They just desperately wanted to say they were a block chain based game.

So I did do two design docs for them showing work flow and data storage, etc. One for a standard 3

Re: Wait, what? Privacy?

[angryman77]

Wikipedia Blockchain Page [wikipedia.org]

A general reason for having a distributed blockchain implementation is to make it a pain in the ass to modify previous ledger entries, because you have to modify all descendant entries in the chain on order for it to work, which can be computationally intensive on a single node, but also would need to be done on enough nodes for a consensus on the new values to be achieved.

Re:

[PPH]

I actually read the article and it is unclear what this solves or how it avoids exposing my confirmed email address to the world.

EMAIL isn't very good at concealing addresses. In order to facilitate delivery, many people between sender and recipient need to see the addresses. Definitely that of the sender. And with the increasing use of things like DKIM, the sender's address must be seen as well. The only thing one can accomplish is to create email addresses that are not tied to your identity in meatspace. And if Nimarata Randhawa* is elected president and gets her way, maybe not any longer.

*Why will I not be able to post under an a

Re:

[iAmWaySmarterThanYou]

Yes absolutely true, I totally agree. But this would provide third parties you don't communicate with a list of known valid addresses or way to verify their purchased spam lists.

With no benefit to real people.

Sort of like Keybase's device trust chain

[Night Goat]

I RTFA this time and it looks like it's more like how your devices' validity is based on a chain of trust. Like Git basically. Keybase was doing this to exchange/validate PGP keys for a while now, so I wonder if their owners Zoom will get involved? I guess it's a pretty common idea now if you think about it.

Re:

[ceoyoyo]

It's like if you strip away all the woo from blockchain you end up with a pure, unadulterated hash table. Like git.

Not needed

[sinij]

With all respect to Andy Yen, this is not a feature that Protonmail users like me want. Proton's key feature that it integrates PGP, which is fundamentally uses a peer-to-peer trust model. If we wanted a delegated centralized authority, we would have asked for PKI/CA instead.

Re:

[somethingbardon-nova]

That was also my take. This sounds like worse PGP especially considering the recipients of said "improvement"

Re:

[NotInKansas]

Make no mistake, Proton controls your PGP keys!

Unlike normal PGP in which you control your own secret key, in the case of Proton mail you don't have one on your machine, Proton has it.

Yes they encrypt it with a key derived from your account password and supposedly can't access it. Even assuming all that is accurate, the way Proton works is they deliver your encrypted key with JavaScript for your client browser to decrypt on your machine outside of the Proton infrastructure. This all works nicely and i

Re:

[sinij]

I like Proton, it's probably the best available, but don't confuse the security level.

Absolutely. Proton is not good enough against APT/state actors, but it is a) much better than any hosted alternatives, especially and notably Google, b) allows non-technical people access to technologies that normally would be reserved for techies.

Re:Not needed

[brunes69]

With this change they won't control it anymore. They will have no ability to change it because it will exist immutable in a public ledger. MITM will not be possible.

Which is the entire point of the feature and what the GP poster does not understand.

Features like this are the entire ideal use case for Blockchain.

Re:

[Chelloveck]

They will have no ability to change it because it will exist immutable in a public ledger. MITM will not be possible.

Is revocation possible? If no, what happens if I stupidly let my private key out of my control? If yes, why can't the MITM revoke the old public key and issue a new one?

Re: Not needed

[brunes69]

You can't revoke anything on a blockchain. All you can do is append.

So you could UPDATE with a new key in a new appended record, but both keys are there in public on the blockchain, nothing is hidden. The person or technology consuming the blockchain would then decide which one to trust, presumably based on some external factor.

Re:

[Chelloveck]

Well, presumably you'd add a revocation record saying that the original key is no longer valid. Sure, the key is still there, but if there's another record that says it's obsolete there's not a lot of point in using it.

But the point of my question is this: You said that MITM attacks would not be possible. If it's possible to revoke a key and get a new one for the same email address, what prevents someone from issuing a revocation record for your original key and making a new one? They could then interc

Re:

[sinij]

PGP is not a PKI, there is no delegated authority and no possibility of MITM that doesn't also compromise keys. You encrypt for a specific key you explicitly trust, only that key can be used to decrypt. The issue that Protonmail deviates from having users explicitly trust keys by automatically fetching public keys for any other Protonmail account. Solution is to introduce 'paranoid' mode where that doesn't happen, not try to reinvent PKI but with blockchains.

Private blockchain?

[Gibgezr]

What exactly is the usage case for a *private* blockchain? There's no need for a blockchain if you aren't trying to get consensus for transactions, is there? You just use a normal database with immutable record logging.
If one entity controls the transactions on the blockchain, you don't need blockchain technology.

Wait, he invented a phone book for public keys?

[kid_wonder]

So silly.

Some explanation...

[bradley13]

Ok, TFA is uninformative. I read a bit on the Proton Mail site, and these seem to be the main points:

• - You can already query Proton Mail to verify someone's public encryption key.
• - They will be moving to a private blockchain to contain those public keys.
• - Public keys are not now, and will not be visible. Only fingerprints are visible.
• - There is no stated benefit of moving to the private blockchain.

The only blockchain benefit I can imagine, is that it would make it more difficult for a hacker (even a state-level hacker) to swap out someone's public key. Given access to a database, all you need is an update query. With a blockchain, that becomes more difficult: adding a new block leaves obvious evidence, but reforging the entire blockchain is not trivial.

As others have said, ProtonMail security is way more than most people need. However, a few people do, in fact, need this level of security. And it's good for lots of other people to use the service, to help hide the vulnerable.

Microsoft's "Make Spammers Pay" plan from 2004

[ebob9]

I've always thought of blockchain when thinking of Microsoft's old "plan" to try to get spammers to pay for email back in the early 2000's.

They were working on a digital "stamp" that would take CPU to generate to reduce spam. Pretty much exactly what blockchain does, in theory

Old article on it - https://www.seattlepi.com/busi... [seattlepi.com]

Was never a fan, but it's not an original idea from Protonmail for sure - wonder if MSFT patented it - and that's why we are seeing it 20 years later?