Protonmail.ch => e-mail address harvesting? Yr opinion, pls

Discussion in 'privacy problems' started by Haggishunter, Jun 13, 2014.

Thread Status:
Not open for further replies.
  1. Haggishunter

    Haggishunter Guest

    Protonmail.ch seems to be a new webmail service, based in Geneva and having links to the CERN. However, they still do not accept registrations. Instead, they write that they send you an invitation as soon as possible. Also, they state that they have chosen Swaziland, since Swiss Federal Data Protection Act and the Swiss Federal Data Protection Ordinance offers some of the strongest privacy protection in the world for both individuals and entities. This is absolutely not true: Starting June 2014, all telco and internet companies must store the data (metadata) for one year as opposed to six months before. Also, a court order can be issued by any of the 26 cantons (counties) of Switzerland. In 2013, Switzerland has issued a total of 16,015 warrants. This is proportionally more than the U.S.A., Russia, and mainland China combined. See https://protonmail.ch/blog/transparency-report/. So, I wonder: Nothing much seems to happen at Protonmail except that it appears they are harvesting e-mail addresses. Also, the Swiss set up is justified with the same lame arguments as Blackphone has used. (Hypersecure, shielded from the U.S., but all bank data of U.S. citizens had be supplied to U.S. authorities). What is your opinion? Is Protonmail.ch another snake-oil candidate or has it even be set up by a three letter agency?
     
  2. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    I think we're seeing a rise of different and competing privacy/security based emails (which is good), most of which are riding the NSA hype. But they get stuck at wondering how to pitch a service that will be easy enough for people to use while also being secure, and with that sometimes some of these are less secure than others. Likewise though, if people like activist or journalist are turning to even less secure services (think Facebook chat) simply because it works; and they don't understand or know how to setup something like OpenPGP then they are vulnerable. "Well, it's their own fault they can't set that up"- not everyone is computer security minded, or technical. But they still need a secure means to get their information out there. So some of these services make it a little bit more hopeful that these people will be protected simply because they at least won't be resorting to WORSE methods.

    So all these services in my view are great. I think they even help push the need for other more mainstream services (like gmail) to up their security methods for sake of competition. And maybe also people who otherwise wouldn't/couldn't have access to such protection now can. But also with all these services being newish, you can't exactly get an idea of trust- and that's the bad part. A lot of these providers have a theme of "End to End encryption" or "we only store encrypted emails, we have nothing to fork over to Governments" or "our servers are hackproof" or "we operate in another galaxy so Earth laws and warrants don't apply" etc. Some of those ideas are sound, but it's also all coming from the provider's mouth- it's advertising to make you feel good about using their product (and it's done with everything we own).

    Unlikely. http://www.forbes.com/sites/hollieslade/2014/05/19/the-only-email-system-the-nsa-cant-access/

    There's obviously going to be people from all over the world (governments included) looking at these "secure private email services" that are popping up. I think there's people who'd be very interested in learning ways to have access to anything- especially if someone they're targeting is using it. Or they might just sooner go for the easier method of just visiting the guy in person, breaking his kneecaps and logging into his account themselves.


    Time will tell how good these things are in years. I personally think, again, that at the very least all this stuff is helping create interest in both the public and service provider to hopefully in the end make everything up its game. Cause even as it all is now, a lot of this stuff is a lot better than the choices we had years ago.
     
  3. Haggishunter

    Haggishunter Guest

    Whatever, but Geneva is not the best place: http://www.swissinfo.ch/eng/politics/They_have_destroyed_the_system_.html?cid=37227298
     
  4. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    There is no "government proof" perfect location. That's why lots of these providers, again, pitch that they "only store encrypted emails and have nothing to turn over if warranted".
     
  5. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    781
    The developers of Protonmail say that they have been swamped with requests for invitations to use protonmail and that's why requests for invitation/registration have been delayed.
    I think that these sorts of glitches can erode peoples confidence but (to be fair) it's still at the beta stage and the developers are still testing the water.
    I believe that the developers should have antiicipated the demand for something like this in the current climate of privacy and security invasion.

    Protonmail works very well with a modern browser but sticks on login with older browsers. Another annoyance and potential security risk is that you have to allow javascript. The developers say that they need javascript for the encryption transactions to work properly.

    In the description of protonmail the developers make a lot of the Cern, Switzerland location as a 'selling' point. I don't think that just because something is operated from Switzerland that it would be any more trustworthy than anywhere else and sometimes this sort of emphasis and polished professional looking frontages are lures to hook.
    Protonmail looks legitimate but it's hard to tell these days in amongst all the glamour and gloss that consumers seem to readily accept these days. A legitimate 'look' is easy to create.

    Personally I'd be happier with a simple functional, secure utilitarian email system but I suppose that doesn't sell.
    If I was in a situation that required an email that didn't threaten my own privacy, safety and security by it's inadequecies, I'd need it to simply be universally functional with the priority of the development focusing around those user concerns primarily.
    If the security and element and privacy element is just a money making gimmick then that would be no good to anyone in those circumstances.

    Protonmail works quite well and looks good but the javascript problem needs dealing with and I believe to be broadly accepted (and useable) around the globe it needs to be backward compatible with older browsers as not everyone likes to have to update browsers to the latest thing when they are using a browser that they know and trust (especially when modern 'updates' often undermine or erode existing security) and those that need this secure mail system most might not have access to the latest hardware to run current operating systems or software. My argument is that if the developers do not develop broadly with all stratas of life, access and ability in mind, the benefits become exclusive to those that have, and those that have not, are left out.

    If you have up to date browsers and hardware etc Protonmail works quite well as long as you are sending to someone with the same access to modern platform as yourself.

    I believe that encrypted email security should be universally useable to be a real tool against oppressive forces in the real world.
     
    Last edited: Jun 16, 2014
Thread Status:
Not open for further replies.