Andy Yen made clear that although the new feature uses blockchain, the key technology behind crypto, Key Transparency isn’t “some sketchy cryptocurrency” linked to an “exit scam.”
Blockchains are an immutable ledger, meaning any data initially entered onto them can’t be altered. Yen realized that putting users’ public keys on a blockchain would create a record ensuring those keys actually belonged to them—and would be cross-referenced whenever other users send emails.
“In order for the verification to be trusted, it needs to be public, and it needs to be unchanging,” Yen said.
The feature will be automatic for users of Proton, which will do a search to ensure that the public key matches the intended recipient. If there isn’t a match, users will see a warning.
Proton rolled out the beta version of Key Transparency on their own private blockchain, meaning it’s not run by a decentralized series of validators, as with Bitcoin or Ethereum. Yen said Proton might move the feature to a public blockchain after the current version serves as a proof of concept.
In his interview with Fortune, Yen acknowledged that the feature isn’t necessarily for everyday people, but for users with a sophisticated threat model who need to ensure their emails are going to the correct destination, such as world leaders, executives, and activists.
Blockchain not crypto: Proton Mail CEO calls new address verification feature ‘blockchain in a very pure form’
My coworkers don’t like it when I refer to “git commit” as a blockchain.
Available now in your account preferences!
And yeah… I guess technically it’s a blockchain lol — but this is similar to Certificate Transparency with HTTPS or iMessage’s upcoming contact key verification.
I think the problem with Proton’s solution here is that Proton is still running the logs, there isn’t independent third-party logging/auditing. The Proton web client can search the blockchain, sure, but who’s checking to see whether Proton tampered with their blockchain in the first place? Certificate Transparency solves this problem with multiple logs and separate monitors/auditors.
Apple's solution has this same problem but they committed to solve it eventually...
Even with gossip and device consistency verification, there remains a set of consistency issues that can be detected only by third-party auditors. Certificate Transparency has demonstrated the importance of this type of auditing ecosystem, but our key transparency deployment is drastically larger. The largest CT logs have had approximately two billion entries over the last four years (Google’s Xenon 2023), while Apple’s Key Transparency log receives more than two billion entries per week. As we work to achieve operational maturity and resolve bugs at this tremendous scale, we will be launching Key Transparency with an internal auditing service across our production KT trees. We plan to share more details about our public auditing strategy in 2024.
…to be clear it’s still better than not having this feature at all
What do they mean by “public blockchain”? Is it going to be just publicly visible while still hosted by Proton? Or are they going to open it to be “run by a decentralized series of validators”? What’s going to be the incentive to host your own node then? It’s not a cryptocurrency that you can mine by solving transactions.
Anyway, looks cool, but i can’t see the point in this unless they make it decentralized and transparent, which i don’t see a way to do.