evil.example.onion.fake.com

Beware of Aster Mail - I audited their code I spent some time going through Aster Mail's public codebase. They market themselves as end-to-end encrypted, zero-access, post-quantum secure email. The code tells a different story. I'm posting this because people in this community deserve to know what they're actually trusting their communications to. Everything below is verifiable from their public source code. FULL DISCLOSURE: I am one of the founders of Secria Mail. **The critical issues:** 1. Post-quantum encryption doesn't actually exist. Their README promises "complete post-quantum protection" using ML-KEM-768. The code generates the post-quantum keys, uploads the public half to the server, then immediately deletes the secret half before saving it. It's never used to encrypt anything. They get the marketing checkbox. Users get zero post-quantum protection. 2. "Forgot password via email" uploads the vault key in plaintext. When a user enables email recovery, the client sends both the encrypted vault AND the key that decrypts it in the same HTTP request. Anyone with database access, staff, a breach, a court order, can decrypt the vault and read everything. This single feature breaks their entire "zero-access" claim. 3. Tor mode silently fails open. If Tor fails to start, the client sends the request over the regular internet with no warning. The user thinks they're anonymous. They're not. This is the kind of bug that gets activists and journalists hurt. 4. The password hashing algorithm advertised is not the one used. The API says Argon2id. The code uses PBKDF2 with 310k iterations. Combined with #3, weak passwords can be cracked at hardware speed. **Other serious issues:** 5. The Double Ratchet implementation skips a required authentication step. A network attacker can corrupt the protocol state without decrypting anything. Real protocol-level deviation from the Signal spec. 6. The desktop app exposes an unrestricted "make any HTTP request" function to the r