[Telemakhos]

Someone once explained to me that any webmail service is inherently able to read your mail: otherwise it could not display your mail to you. True end-to-end encryption means keeping your private keys client-side and the client on a computer over which you have full physical control.

[Andrew_nenakhov]

You are absolutely correct, with some caveats. Browser client can generate keys on clientside and allow to offload them as a file to be used on other devices. Our own web XMPP client does that. But Protonmail does not work like this.

Verification is very simple: if you log in on a new device and see all your content while using only login and password to authenticate yourself, then the content stored on a server is NOT encrypted and is readable by server owner.

[jayjader]

> if you log in on a new device and see all your content while using only login and password to authenticate yourself

What about if the encryption key is derived from your password? This is common enough for "encrypt file with a password" services, I've personally implemented it in-browser as part of a small project.

Now, having your account password be the same as the email decryption password is also probably a bad idea, but we're far from the server owner being able to read your emails.

[hesk]

AFIAK, Protonmail private keys are kept client-side. They are decrypted by the password inside the browser UI.

[Andrew_nenakhov]

No. I just logged in to that very same account using different browser on a different computer. The email was displayed just fine.

Protonmail keeps generated public and private keys on their servers.

[topranks]

It keeps copies that your browser locally encrypted with a symmetric key derived from your password. When you log on your browser downloads them, and decrypts them with your password.

Protonmail do not see your password and without it cannot decrypt the pub/private key pair.