From efa9b5f1ccd26fac5b7b55ef201502c9eaef6be5 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Thu, 18 Nov 2021 09:19:14 +0000
Subject: [PATCH] Better describe Proton Drive threat model (#335)

Signed-off-by: Daniel Nathan Gray <dng@disroot.org>
---
 _data/providers/cloud/2_proton-drive.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_data/providers/cloud/2_proton-drive.yml b/_data/providers/cloud/2_proton-drive.yml
index a52a83a0..0f33b733 100644
--- a/_data/providers/cloud/2_proton-drive.yml
+++ b/_data/providers/cloud/2_proton-drive.yml
@@ -6,7 +6,7 @@ description: |
 
   Proton Drive is currently in beta and only is only available through a web client.
 
-  When using a web client, you are placing trust in the server sending you the JavaScript code that encrypts your files.
+  When using a web client, you are placing trust in the server to send you proper JavaScript code to derive the decryption key and authentication token locally in your browser. A compromised server can send you malicious JavaScript code to steal your master password and decrypt your data. If this does not fit your <a href="/threat-modeling/">threat model</a>, consider using an alternative.
 
 website: 'https://protonmail.com'
 privacy_policy: 'https://protonmail.com/privacy-policy'