|
|
|
|
|
|
by nonameiguess
1487 days ago
|
|
|
They can potentially allow you to delegate key generation to a third-party hardwire device, i.e. Yubikey or a Smart Card, but then you're trusting the vendor of that. It's pretty hard not to have to trust somebody. They can at least protect against individual rogue employees with reasonable change management processes that involve simple measures like separation of duties and mandatory vacation. If you're trying to protect against compelled change management by law enforcement, unfortunately, your only option is illegal providers, which are likely to be inherently less trustworthy. I really question who you think this is misleading. Normal users are not trying to conduct illegal activities in private, and leaders of drug cartels and what not are well aware that they need to do more than use paid, E2EE public services for their IT infrastructure needs. Even the other popular targets of nation states, militaries and intelligence services, use their own private infrastructure for that reason. A regular person can't feasibly do that, but if you're the Cali Cartel or Al Qaeda, maybe you can. I have trouble believing that Swiss law enforcement coming with a warrant is "one of the most important sorts of attacks" for any significant number of Proton users. If it is, clearly don't use them, but you also need to go a lot further than that, probably being a credible threat to murder anyone you do business with that seems likely to sell out, moreso than law enforcement. |
|
|