How can Proton Mail, Notesnook, Proton Drive, etc allow you to connect to a totally new device even while your others devices are disconnected from the internet and sync your data ?
Since you are supposed to own the decryption key, how can they send this decription key to your new device ?
Note : I am using device to describe every session so could be app, browser, etc.
I can’t speak for all services, but most backup your masterKey after encrypting it with another key that is derived from your password.
When you sign in on a new device, they derive the key from the password you entered, and use that key to decrypt your encrypted masterKey that was previously stored on their servers.
Note that key-derivation is an expensive operation that cannot be brute forced.
There is a more detailed explanation for how we do this at Ente here: Architecture.