Anyone using ProtonMail?

Discussion in 'privacy technology' started by jaypeecee, Jun 19, 2017.

  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,270
    Ah :) Just found this:

    https://www.deepdotweb.com/2015/12/26/nordvpn-review/
    June 4, 2017 at 8:10 pm
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,270
    Damn, I missed the significance of this!

    The protonmail account on HN has claimed that PIA cooperates with the Chinese government. And that this accounts for the fact that the GFW doesn't block PIA as thoroughly as other VPN services.

    This is wild!

    Edit: So, we have ProtonMail claiming that PIA works for the Chinese. And PIA claiming that ProtonVPN and NordVPN are linked to evil Tesonet. It's been years since we've seen this much drama in the VPN world. I'm sure that some of you remember.

    But you know, for those of us who use nested VPN chains, and don't care so much about Chinese intelligence, it would actually a good thing if PIA were working for the Chinese. Because that would arguably mean they're less likely to be working for the NSA and friends.
     
    Last edited: Jul 12, 2018
  3. wshrugged

    wshrugged Registered Member

    Joined:
    Jun 12, 2009
    Posts:
    249
    For clarification: Proton's statement made at HN regarding cooperation with the Chinese government included the proviso––"We're not ready to name names at this point, but you're actually correct....". That response could be considered to be sloppily made, and thought to be meant as a strategic implication (wink,wink), but nonetheless there was no direct naming. Have they made other statements that were direct accusations? Dunno.

    I've found no objective evidence to support PIA's claims about either Proton or Nord*. We emailed Nord, included the relevant HN link and asked the obvious. Nord said they were aware of the charges made by their competitor (they threw no mud in return). They firmly deny the Tesonet ownership charge and deny that they have any association with Proton.
    They did say that they have a business relationship with Tesonet.
    (Also see @mirimir's post #44 on Tesonet.)
    Nord closed their email with the offer to answer any and all further questions on this or any other matter.



    [Overall, I agree with @elapsed 's take on this (final line in post #46).
    And, this drama is an opportunity for potential and existing customers to learn a bit about the character of those with whom business could be or is done.]


    * Disclosure: I have and people close to me do use NordVPN. We have no relationship with them other than being faceless, personally unknown to Nord, customers.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,270
    OK, so both ProtonVPN and NordVPN admittedly work with Tesonet. But I do agree that it's inaccurate (or at least speculative) to characterize Tesonet as a "data mining company". Maybe they're just an enterprise-level VPN provider. So customers use them for competitive research, which could involve data mining.

    Still, I wonder what Tesonet does for ProtonVPN and NordVPN. ProtonVPN said that they helped them setup their office in Lithuania, but chose not to use Tesonet servers, and went with Leaseweb. But I wonder if NordVPN uses Tesonet servers. And if Tesonet provides tech support to both. I may well take a look at the server issues :)

    And no, I haven't seen anything more on ProtonMail's claim the PIA works with a TLA. I do think that it's pretty clear from the HN thread that ProtonMail confirmed said TLA to be Chinese. I can't imagine why he'd leave that impression, if he meant instead the NSA ;)
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    8,813
  6. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    541
    Location:
    Germany
    I'm using both Mail and VPN. I have to say that the VPN has some issues, but the mail-part is great! :)
    You can encrypt emails with a password that you give the recipient in a different way. Then he gets a mail with a link to the message. He can decrypt the message on his end and read it or download the file - for a limited amount of time. After that time limit is over, the message will no longer be readable. You can set the time limit yourself.
    This is even available for Free users! Genius! :D

    But yea, I hope they figure the DDoS attacks out. :/
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    8,813
    Introducing Address Verification and Full PGP Support
    July 25, 2018
    https://protonmail.com/blog/address-verification-pgp-support/
     
  8. korben

    korben Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    825
    It was down yesterday - is it a frequent thing or quite the opposite?
    For me it was a first
     
  9. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,523
    Location:
    Lloegyr
    It started to go down just after midnight for me for a week or so.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,270
    Maybe they're still getting DDoSed?
     
  11. wshrugged

    wshrugged Registered Member

    Joined:
    Jun 12, 2009
    Posts:
    249
    Other postings about Proton/Nord/Tesonet/CloudVPN by posters and by an AirVPN Staff member(s) named *Staff* at AirVPN’s forum here:
    https://airvpn.org/topic/28876-why-you-can’t-trust-nordvpn/

    I don’t know that there’s any new info but thought that AirVPN’s involvement was newsworthy, worthwhile added information for current or future VPN purchasers.

    The VPN marketplace is (technologically speaking) icky.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,270
    Thanks :)

    So the developing argument seems to be that Tesonet aka Cloud VPN operates several VPNs, and not just NordVPN and ProtonVPN.

    And seriously, there are a lot of VPNs.

    In particular, the latest top pick on many review sites is ExpressVPN. It has marketed itself very heavily. There are numerous related URLs, either run by itself or affiliates. And they've arguably grown too fast, given reasonable assumptions about funding, staff and other resources. So maybe Tesonet?
     
  13. DrearyMushroom

    DrearyMushroom Registered Member

    Joined:
    Sep 9, 2017
    Posts:
    27
    Location:
    The Internet
    I assume you saw these? https://webcache.googleusercontent....ing-company-tesonet &cd=2&hl=en&ct=clnk&gl=us

    This one looks very interesting but I don't have a PACER account... https://dockets.justia.com/docket/texas/txedce/2:2018cv00299/183621
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,270
    Yes, I'd read the first one. But that was before it got removed. So thanks for the cache link. I saved a copy.

    About the second one, I've no Pacer account either. I wonder who Luminati Networks is, and what patent Tesonet might be infringing. And anyway, I didn't think that Texas Eastern District Court was still a magnet for patent trolls.

    Edit: Damn, I'd forgotten who Luminati Networks is. They're the folks who sell access to Hola users' ISP uplinks. I didn't think that Tesonet was doing that.
     
  15. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,295
    Location:
    Here, There and Everywhere
    Been awhile since I've chimed in. NordVPN sticks out to me as one to be wary of - due to one red flag: their advertising.
    They are advertising on even network television in the USA, all over cable, they are everywhere.
    Network television advertising is very expensive and somebody has to be paying for this.
    Big bucks behind Nord's advertising. The question is - whose is it? Big red flag for me.
     
  16. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,061
    maybe not so accurate but could it be certain intergalactic aliens?
     
  17. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,295
    Location:
    Here, There and Everywhere
    Or any of a number of governments. Take your pick. I have a favorite though.
     
  18. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,674
    Location:
    UK
    Isn't the important thing to assume a likely government, then chain VPNs with governments which have uncooperative attitudes to each other?

    The other aspect being that your own jurisdiction and their allies have a way of being able to lock you up or extradite you, even if that's only false positives or being awkward, it will be painful.
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,270
    That's a reasonable strategy. But you never know until the fit hits the shan ;)
     
  20. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,295
    Location:
    Here, There and Everywhere
    Absolutely! Hope you're doing well these days.
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,270
    Thanks, and same for you :)
     
  22. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,096
    If Protonmail wanted to gather major points with its users they would allow us to upload our own self created keyset. I am not saying there is a problem only that I feel MUCH safer user a key that I personally generated locally. At that point a compromise becomes much more difficult since the attack surface is my local machine.
     
  23. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,642
    I've re-read all these Tesonet articles. BTW mirimir, some of articles are still available so not sure why archive were used. Maybe at that time they're unavailable? But there're some diff btwn them (edition).
    So far explanation given by Andy, bartbutler, and Proton account in HN appears to be roughly reasonable. I confirmed each fact one by one if possible. E.g. we can confirm the building of Lithuanian address is indeed large facility shared by many org by Google map tho not sure if it's really 50-60.

    One Reddit guy claims "contradiction" but I don't see such many contradiction. E.g. he said Andy's comment
    contradicts, but clearly he confuses infrastructure to combat DDoS in the event w/ that of VPN (in that time ProtonVPN didn't exist). He also said
    contradicts, in this case it's true if you ignore "might", but it seems it was just a mistake ( Andy corrected it) and anyway as Andy said, IP is open info so everyone can confirm if it's true.


    VPNscam guy seems to be motivated by good intention, but I can't hide question to his technical knowledge and/or reasonable thinking. It appears he doesn't understand APK singing. APK signing key is not the private key in usual sense. Everyone can make it and it only provides integrity, so one reddit poster's simile of MAC has a point. Then he claimed Proton contradicts themselves again and again in the HN thread, saying
    But where the "no links" statement? I searched in Wayback machine to see if there's any deleted comments I missed, but no finding. What he said is more than exaggeration if he says what nobody said as being said. Correct me if I'm wrong.


    Given the suspicion thrown to them are based on such broken logic, it's understandable Proton took this not being worth making dedicated blog post to clear things up. But I personally want more clarification. E.g. What is the "Cyber Alliance, UAB" and how it is related to ProtonVPN? What potential access those 3rd parties can have? Have you contemplated the possibility some of them might be malicious? Are you sure saving user credential to Switzerland head is enough to protect all customer data?

    Disclaimer: I use ProtonMail for unimportant things but haven't used ProtonVPN and won't at least soon. I have no motivation to defend them. I just wanna know truth.
     
    Last edited: Oct 26, 2018
  24. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,642
    Maybe you already know, but now PM supports importing your private key.
     
  25. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,270
    @Yuki2718 - Thanks for the careful reading :) I do agree that some of the criticism is iffy. But what mainly concerns me has been ProtonMail/ProtonVPN's dismissive attitude. Perhaps some of the criticisms are too off-the-wall to warrant responses. And it's generally dangerous to let opponents set the agenda, and get drawn into responding to all criticisms. Because it makes you look defensive. But on the other hand, ignoring criticisms can seem evasive. So it's a hard problem.

    I was also grossed out by both sides in the PIA-vs-Proton debate on HN. As I recall, there are some deleted comments that archive.org didn't get. Maybe I have some personally archived versions. I'll take a look, later.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.