Protonmail

Discussion in 'privacy technology' started by anon_private, Sep 25, 2015.

  1. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    78
    Location:
    UK
    Hi,

    I note that Protonmail is encrypted, but I don't think it is anonymous. Hence anyone could send spam to the address. Can this be avoided?

    Can mail be forwarded from Protonmail?

    I can't find a dedicated Protonmail discussion forum.

    I didn't notice a 'cancel my account' button. If someone decided not to use it, I suppose one just stops using it.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Anonymous? Email is never anonymous. There are addresses. Some spammers send to every possible Protonmail address and see what they hear back from.

    Protonmail will alert you about incoming messages.
     
  3. Rafales

    Rafales Registered Member

    Joined:
    Feb 20, 2013
    Posts:
    62
    Location:
    Earth
    Last edited: Sep 29, 2015
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    That is bad news :(

    The ProtonMail mailbox password can end up stored locally as plaintext :eek:

    So don't use ProtonMail without FDE.
     
  5. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Likewise don't use ProtonMail without TFA. Wait - none of these kinds of providers HAS TFA, it's coming RSN.
    As mentioned in the article, it's really not that hard. U2F would do the job.
     
  6. Rafales

    Rafales Registered Member

    Joined:
    Feb 20, 2013
    Posts:
    62
    Location:
    Earth
    Protonmail team might need to hire a independent third party to carry out security audit on their applications and servers to fix gaps / vulnerabilities in the implementation and code (if any)
     
    Last edited: Sep 29, 2015
  7. Rafales

    Rafales Registered Member

    Joined:
    Feb 20, 2013
    Posts:
    62
    Location:
    Earth
  8. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Funnily enough, the situation for me IS that I want LE to use MLATs because then there's a chance of warranted interception with articulated cause - I want LE to obey the rule of law. But the current situation with mass indiscriminate surveillance forces a reasonable person into additional protection.
    ProtonMail has issues as all these types of webmail services do, principally in terms of certificate and code verification. I won't use them until they have 2FA as well.
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    New users flock to ProtonMail in wake of Trump’s victory
    https://www.helpnetsecurity.com/2016/11/14/new-users-protonmail/
     
  10. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
    Under settings - account - at the bottom, there is "delete my account" tab.
     
  11. TomeiNingen

    TomeiNingen Registered Member

    Joined:
    Nov 8, 2016
    Posts:
    50
    Location:
    Fort Meade, Maryland
  12. guest

    guest Guest

    I think you can start now ;)
    ("ProtonMail supports the OTP protocol")
    -----
    And they introduced a "One-Password Mode" so the user can login with a single password instead of two passwords (login password + mailbox password).
    More technical details in the blog:
     
  13. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    @mood - thanks, good news.

    It appears to major on smartphones as a second factor, but I'm not sure whether - say - a Linux system with freeOTP - would work. Any feedback on that front would be good if anyone knows.

    My ideal is to have something like a Yubikey as - apart from not having a smartphone - I do not trust smartphones for anything much.
     
  14. TomeiNingen

    TomeiNingen Registered Member

    Joined:
    Nov 8, 2016
    Posts:
    50
    Location:
    Fort Meade, Maryland
    @deBoetie & @mood

    From a privacy standpoint I've always been somewhat wary of TFA. I'm a big proponent of compartmentalizing, but obviously there are undeniable security benefits to TFA. I don't know of any feasible alternatives, do you?

    (@mirimir - if I recall you're a proponent of compartmentalizing as well. If you care to weigh in I'd be interested to get your take on that problem as well.)
     
  15. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Well, there's TFA and TFA. Compartmentalisation is necessary because that's only way to prevent leakage and risk, but that then has to apply to all your TFA systems too - they are "within" that compartment, and must not be reused in other compartments.

    For many reasons, it seems to me that TFA based on biometrics and smartphones is a privacy disaster, but that's why the corporates are so keen to promote them.

    As a knowledgeable user: Just Say No.

    Of course, in the unavoidable "public" persona one must more or less necessarily have if transacting on the internet, it may be you have to accept some of the grottier TFA schemes.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    TFA can be implemented in so many ways, that it's impossible to make blanket statements. For pseudonymous personas, as @deBoetie says, "TFA based on biometrics and smartphones is a privacy disaster". But TFA based on GnuPG keys is fine. Or anything else that's not linked to the meatspace compartment. For one's meatspace identity, TFA based on smartphones is fine. Just don't let that stuff leak into pseudonymous compartments. Biometrics is bad for many reasons.
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    ProtonMail gets own Tor-accessible .Onion Hidden Service
    https://threatpost.com/protonmail-gets-own-tor-accessible-onion-hidden-service
     
  18. guest

    guest Guest

    ProtonMail 2017 Annual Survey
    https://protonmail.com/blog/2017-survey/
     
  19. Socio

    Socio Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    362
    Don't get me wrong I love the service and have been using it for a long time;

    I started to take that survey yesterday but when it wanted to know how old I was, what gender I was how much money I made etc... I exited out of it.

    What does this kind of information have to do with product improvement?
     
  20. guest

    guest Guest

    List of ProtonMail Secure Email Reviews (updated 2018)
    January 10, 2018
     
  21. compleo

    compleo Registered Member

    Joined:
    May 3, 2016
    Posts:
    134
    Proton now offers a free VPN.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.