Stealing With Style: Using CSS to Exploit ProtonMail & Friends

Privacy-oriented webmail providers like Proton Mail, Tutanota, and Skiff, offer an easy way to secure communications. Even non-technical people can send end-to-end encrypted emails, which is especially useful for high-risk users such as journalists, whistleblowers, and political activists, but also privacy-seeking internauts. End-to-end encryption becomes irrelevant when there are vulnerabilities in the client. That's why we had a closer look and found critical vulnerabilities in ProtonMail, Tutanota, and Skiff that could have been used to steal emails, impersonate victims, and …

activists communications css easy emails encrypted encryption end end-to-end exploit friends high journalists mail non offer people political privacy proton proton mail protonmail risk secure communications send skiff stealing technical tutanota vulnerabilities webmail whistleblowers