[some_furry]

"Is _____ not secure?"

What. is. your. threat. model?

[palata]

I genuinely wonder for ProtonMail (and anything web-based, really): isn't it a fact that if I use ProtonMail, my browser will download and execute a client every time? In the sense that I don't actually know what code my client is running. ProtonMail could totally decide to serve me a client that actually leaks data, and I would not know it unless I somehow save and audit the client every. single. time.

If I use e.g. Signal, I can of course build it from sources I trust, or download it from the Play Store and trust that Google won't send me a modified version of it (at least it seems less likely and harder to pull).

Am I wrong in considering that web-based clients cannot really be considered secure?

[claudiojulio]

Assuming full security, on Signal someone can also copy and paste my message, just as on Proton Mail they can forward it. I don't see any difference.

[some_furry]

From the article:

> Finally, miss me with the “but someone can screenshot Signal” genre of objections.

> As Latacora noted, people accidentally fuck up PGP all the time! It’s very easy to do.

> Conversely, you have to deliberately leak something from Signal.

[claudiojulio]

Ok. I read it without paying attention. Sorry. I got lost in the translation.