Forem: Mithun GS The latest articles on Forem by Mithun GS (@mithun_gs). https://forem.com/mithun_gs https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3651362%2Ff8e6b228-3f7e-4e29-b96e-c5cc76a66dad.png Forem: Mithun GS https://forem.com/mithun_gs en Why Isn’t True Zero-Trust Encryption Used in Email Systems? Mithun GS Tue, 09 Dec 2025 08:07:18 +0000 https://forem.com/mithun_gs/why-isnt-true-zero-trust-encryption-used-in-email-systems-3mae https://forem.com/mithun_gs/why-isnt-true-zero-trust-encryption-used-in-email-systems-3mae <p>Most “secure email” platforms still rely on provider-managed keys:<br> either the provider generates the user’s key pair, or stores an encrypted copy for sync, or encrypts stored mail with server-side keys. In all cases, the provider retains theoretical decrypting capability.</p> <p>A strict zero-trust model would require:</p> <p>user-generated private keys</p> <p>provider never storing or handling private keys</p> <p>stored mail encrypted only with the user’s public key</p> <p>no server-side key material that could decrypt data</p> <p>provider cryptographically incapable of accessing message content</p> <p>This model is common in password managers and zero-knowledge file storage, but rarely seen in email.</p> <p>So the question is:</p> <p>What stops email providers from adopting true zero-trust storage?</p> <p>Is it:</p> <p>key-management friction for users?</p> <p>multi-device sync challenges?</p> <p>server-side search/indexing requirements?</p> <p>business reasons?</p> <p>or just legacy expectations around email UX?</p> <p>Curious how others in the dev/crypto community see this.</p> privacy security cybersecurity startup I Checked Proton Mail’s Security… and I Was Not Ready for What I Saw 😳 Mithun GS Mon, 08 Dec 2025 07:21:39 +0000 https://forem.com/mithun_gs/i-checked-proton-mails-security-and-i-was-not-ready-for-what-i-saw-2bal https://forem.com/mithun_gs/i-checked-proton-mails-security-and-i-was-not-ready-for-what-i-saw-2bal <p>I’m building Millionaire.email, a security-first email service.<br> And like everyone else, I’ve always heard:</p> <p>“Proton Mail is the most secure email on the planet.”</p> <p>So I got curious.<br> How did Proton get so much hype?<br> Let me check their security… should take 5 minutes, right?</p> <p>Yeah. NO.<br> That was the last peaceful thought I had. 😂</p> <p>I started checking DNSSEC… DANE… MTA-STS… TLS-RPT… DKIM…<br> One by one…</p> <p>And instead of finishing in minutes, I ended up sitting there like:</p> <p>“Wait… this can’t be right… WHAT?!” 😳</p> <p>DNSSEC not fully enforced</p> <p>No ED25519 DKIM</p> <p>No DANE/TLSA</p> <p>MTA-STS gaps</p> <p>TLS-RPT missing in places</p> <p>I genuinely thought Proton would be flawless.<br> But I got plot-twisted by reality.</p> <p>If you want the full technical breakdown (with proof):<br> 👉 <a href="https://www.millionaire.email/post/millionaire-email-vs-proton-me-complete-security-architecture-comparison-2025" rel="noopener noreferrer">https://www.millionaire.email/post/millionaire-email-vs-proton-me-complete-security-architecture-comparison-2025</a></p> <p>Not throwing hate — Proton is good.<br> But as someone building a secure email from scratch, this was a shock + comedy + motivation moment.</p> <p>And it made my philosophy even stronger:</p> <p>Don’t trust us. Verify us. 🔐</p> security privacy startup cybersecurity