Open kontrollanten opened 7 years ago
I do not entirely see this as a wanted feature; third part browser extensions may compromise security and complicate things a lot. I've following both, Electron and NWJS and I do prefer Electron and its team, but is a matter of preferences. I'll remain the bug open for discussion
I agree that third part extensions may compromise security, but it's more secure to use Protonmail with third part extensions than Gmail with third part extensions.
But maybe you're right that it'll complicate things too much.
It leaves the app open to vulnerabilities, which is an issue for me. Maybe a third party extentsion that's easily enabled?
Rather than using a password manager, it would be nice to have an option to stay logged in.
Using extensions or not should be at the discretion of the user, citing "security risk" as a reason not to do this, to be honest, is stupid. This software is made with web technologies, what security are you speaking about? I can access content from within the app directly from memory in runtime.
Yes, allowing an extension to be installed can facilitate data leaks from the email, but let's be honest here this is user stupidity not a problem with extensions.
Some password managers like Bitwarden, are open-source and quite secure enough to be added externally or integrated by default within Protonmail-Desktop app.
And most importantly, do not confuse the ability to be kept logged-in with the ability to simply login in several accounts and easily managing huge passwords. There is no human way I can memorise my passwords and writing them will take a long time. And NO copy and paste are NOT options, my clipboard ignores passwords as a security measure.
I use Bitwarden, it comes with its own client, separate from my browser. It's much wiser to stick to doing one thing really well. I don't really see extensions as necessary.
I use Bitwarden, it comes with its own client, separate from my browser. It's much wiser to stick to doing one thing really well. I don't really see extensions as necessary.
So, you are telling me that you only use the electron-based Bitwarden client but not the browser extension? You always copy and paste passwords.... and having the browser extension in the Protonmail desktop app is a bad idea.... because... I don't know you like the Unix philosophy in complex apps that run in a GUI, not a CLI even though the idea of "doing one task and doing it well" was only meant for a very specific set of core system tools in an age were computing was limited as hell. Sure mate, next time I'm eating chicken I will not drink water, only one task at a time.
a bad idea.... because... I don't know you like the Unix philosophy in complex apps that run in a GUI, not a CLI even though the idea of "doing one task and doing it well" was only meant for a very specific set of core system tools in an age were computing was limited as hell.
There's really no need to assume so much. I'm simply saying that on the scale of priorities, the highest priority would be a working email client that does not compromise security*, not browser extensions. So long as your password manager doesn't depend on an extension to actually do its job, it's already got you covered.
The email client is already working. And I think you did not read my initial comment at all.
@VandrerenErik I did! Thanks for sharing an opinion.
@VandrerenErik I did! Thanks for sharing an opinion.
Yep, condescending answer as an attempt to step down a conversation as a "nice/polite guy" who does not want to continue arguing after realising he does not have the grounds to elaborate on his opinion and after speaking in the first place without reading. Cheers
Yep, condescending answer as an attempt to step down a conversation as a "nice/polite guy" who does not want to continue arguing after realising he does not have the grounds to elaborate on his opinion and after speaking in the first place without reading.
I'm not the one being condescending here. I don't know who hurt you, but I hope you feel better soon.
Yep, condescending answer as an attempt to step down a conversation as a "nice/polite guy" who does not want to continue arguing after realising he does not have the grounds to elaborate on his opinion and after speaking in the first place without reading.
I'm not the one being condescending here. I don't know who hurt you, but I hope you feel better soon.
This is is actually a good comeback. Still, my goal was to tease you into giving an actual answer, or at least make you elaborate on why having extensions is a "bad idea". Maybe as well, please explain how do you make sense out of your first comment?
While I agree it's all a wash to be using an electron wrapper for anything at all, I just don't see how adding support more 3rd party code in a 3rd party app for a secure email service could possibly go well is all - but if we're afraid of copying and pasting anything on our native machines, I honestly don't know how to help here.
While I agree it's all a wash to be using an electron wrapper for anything at all, I just don't see how adding support more 3rd party code in a 3rd party app for a secure email service could possibly go well is all - but if we're afraid of copying and pasting anything on our native machines, I honestly don't know how to help here.
Please note that in my first comment I stated, "to be added externally or integrated by default within Protonmail-Desktop app". And yes, not trusting some of my own personal or work computers makes total sense. Let's say I'm for some reason using Windows or macOS, I do not trust these OSes at all, nevertheless I trust third party apps that can and usually read my clipboard... Do you really think it a smart idea having passwords in the clipboard?
to be added externally or integrated by default within Protonmail-Desktop app
Huh. I guess I did miss that. Not to split hairs or anything, but this sounds more like a feature/enhancement than it does a 3rd party extension :+1:
to be added externally or integrated by default within Protonmail-Desktop app
Huh. I guess I did miss that. Not to split hairs or anything, but this sounds more like a feature/enhancement than it does a 3rd party extension 👍
Yes, and I actually prefer it like that (a feature) plus I consider it to be a must have.
NW.js seems to support third part browser extensions which should make it possible to enable 1Password, LastPass, etc. Would it be a solution to migrate this app too NW.js just to get this feature? Since the code is pretty light weight it shouldn't be that hard to migrate. But it depends on whether the users wants it or not.