Open kontrollanten opened 7 years ago
mtaberna
commented
7 years ago I do not entirely see this as a wanted feature; third part browser extensions may compromise security and complicate things a lot. I've following both, Electron and NWJS and I do prefer Electron and its team, but is a matter of preferences. I'll remain the bug open for discussion
kontrollanten
commented
7 years ago I agree that third part extensions may compromise security, but it's more secure to use Protonmail with third part extensions than Gmail with third part extensions.
But maybe you're right that it'll complicate things too much.
HaydenSD
commented
7 years ago It leaves the app open to vulnerabilities, which is an issue for me. Maybe a third party extentsion that's easily enabled?
ghost
commented
5 years ago Rather than using a password manager, it would be nice to have an option to stay logged in.
TheProcedural
commented
4 years ago Using extensions or not should be at the discretion of the user, citing "security risk" as a reason not to do this, to be honest, is stupid. This software is made with web technologies, what security are you speaking about? I can access content from within the app directly from memory in runtime.
Yes, allowing an extension to be installed can facilitate data leaks from the email, but let's be honest here this is user stupidity not a problem with extensions.
Some password managers like Bitwarden, are open-source and quite secure enough to be added externally or integrated by default within Protonmail-Desktop app.
And most importantly, do not confuse the ability to be kept logged-in with the ability to simply login in several accounts and easily managing huge passwords. There is no human way I can memorise my passwords and writing them will take a long time. And NO copy and paste are NOT options, my clipboard ignores passwords as a security measure.
trev-dev
commented
4 years ago I use Bitwarden, it comes with its own client, separate from my browser. It's much wiser to stick to doing one thing really well. I don't really see extensions as necessary.
TheProcedural
commented
4 years ago I use Bitwarden, it comes with its own client, separate from my browser. It's much wiser to stick to doing one thing really well. I don't really see extensions as necessary.
So, you are telling me that you only use the electron-based Bitwarden client but not the browser extension? You always copy and paste passwords.... and having the browser extension in the Protonmail desktop app is a bad idea.... because... I don't know you like the Unix philosophy in complex apps that run in a GUI, not a CLI even though the idea of "doing one task and doing it well" was only meant for a very specific set of core system tools in an age were computing was limited as hell. Sure mate, next time I'm eating chicken I will not drink water, only one task at a time.
trev-dev
commented
4 years ago a bad idea.... because... I don't know you like the Unix philosophy in complex apps that run in a GUI, not a CLI even though the idea of "doing one task and doing it well" was only meant for a very specific set of core system tools in an age were computing was limited as hell.
There's really no need to assume so much. I'm simply saying that on the scale of priorities, the highest priority would be a working email client that does not compromise security*, not browser extensions. So long as your password manager doesn't depend on an extension to actually do its job, it's already got you covered.
TheProcedural
commented
4 years ago The email client is already working. And I think you did not read my initial comment at all.
trev-dev
commented
4 years ago @VandrerenErik I did! Thanks for sharing an opinion.
TheProcedural
commented
4 years ago @VandrerenErik I did! Thanks for sharing an opinion.
Yep, condescending answer as an attempt to step down a conversation as a "nice/polite guy" who does not want to continue arguing after realising he does not have the grounds to elaborate on his opinion and after speaking in the first place without reading. Cheers
trev-dev
commented
4 years ago Yep, condescending answer as an attempt to step down a conversation as a "nice/polite guy" who does not want to continue arguing after realising he does not have the grounds to elaborate on his opinion and after speaking in the first place without reading.
I'm not the one being condescending here. I don't know who hurt you, but I hope you feel better soon.
TheProcedural
commented
4 years ago Yep, condescending answer as an attempt to step down a conversation as a "nice/polite guy" who does not want to continue arguing after realising he does not have the grounds to elaborate on his opinion and after speaking in the first place without reading.
I'm not the one being condescending here. I don't know who hurt you, but I hope you feel better soon.
This is is actually a good comeback. Still, my goal was to tease you into giving an actual answer, or at least make you elaborate on why having extensions is a "bad idea". Maybe as well, please explain how do you make sense out of your first comment?
trev-dev
commented
4 years ago While I agree it's all a wash to be using an electron wrapper for anything at all, I just don't see how adding support more 3rd party code in a 3rd party app for a secure email service could possibly go well is all - but if we're afraid of copying and pasting anything on our native machines, I honestly don't know how to help here.
TheProcedural
commented
4 years ago While I agree it's all a wash to be using an electron wrapper for anything at all, I just don't see how adding support more 3rd party code in a 3rd party app for a secure email service could possibly go well is all - but if we're afraid of copying and pasting anything on our native machines, I honestly don't know how to help here.
Please note that in my first comment I stated, "to be added externally or integrated by default within Protonmail-Desktop app". And yes, not trusting some of my own personal or work computers makes total sense. Let's say I'm for some reason using Windows or macOS, I do not trust these OSes at all, nevertheless I trust third party apps that can and usually read my clipboard... Do you really think it a smart idea having passwords in the clipboard?
trev-dev
commented
4 years ago to be added externally or integrated by default within Protonmail-Desktop app
Huh. I guess I did miss that. Not to split hairs or anything, but this sounds more like a feature/enhancement than it does a 3rd party extension :+1:
TheProcedural
commented
4 years ago to be added externally or integrated by default within Protonmail-Desktop app
Huh. I guess I did miss that. Not to split hairs or anything, but this sounds more like a feature/enhancement than it does a 3rd party extension 👍
Yes, and I actually prefer it like that (a feature) plus I consider it to be a must have.
NW.js seems to support third part browser extensions which should make it possible to enable 1Password, LastPass, etc. Would it be a solution to migrate this app too NW.js just to get this feature? Since the code is pretty light weight it shouldn't be that hard to migrate. But it depends on whether the users wants it or not.