Brussels / 1 & 2 February 2020


Building a Web App that Doesn’t Trust the Server

Securing ProtonMail

How do you know WhatsApp Web isn’t spying on your messages, despite the end-to-end encryption? Why did Signal decide to build a desktop application instead of a web app?

Open Source clients are a necessary, but unfortunately not sufficient, requirement for guaranteeing privacy. This talk explores two other issues: how to securely deliver that source code, and how to securely deliver the encryption keys that users use to communicate. It also presents our proposed solutions to these problems.

At ProtonMail, we’re aiming to build a web application that gives users the guarantee that we are physically unable to read their email, even if we wanted to. This comes with a set of challenges: how can the user trust the source code that comes from the server (without reading it each time), and how can the user trust the public keys that they receive (without hosting key signing parties, however fun they may be :)).

We currently support self-hosting, and manual key verification and pinning as solutions to these issues, respectively. However, these are highly manual solutions. This talk will present two projects we’ve been working on to provide privacy guarantees without requiring any action: Source Code Transparency and Key Transparency.

Finally, we’ll also briefly discuss what kind of APIs we could add to browsers to make it easier to develop web apps that don’t trust the server.


Daniel Huigens