Protonmail

Discussion in 'privacy technology' started by anon_private, Sep 25, 2015.

  1. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    59
    Location:
    UK
    Hi,

    I note that Protonmail is encrypted, but I don't think it is anonymous. Hence anyone could send spam to the address. Can this be avoided?

    Can mail be forwarded from Protonmail?

    I can't find a dedicated Protonmail discussion forum.

    I didn't notice a 'cancel my account' button. If someone decided not to use it, I suppose one just stops using it.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,547
    Anonymous? Email is never anonymous. There are addresses. Some spammers send to every possible Protonmail address and see what they hear back from.

    Protonmail will alert you about incoming messages.
     
  3. Rafales

    Rafales Registered Member

    Joined:
    Feb 20, 2013
    Posts:
    55
    Location:
    Earth
    Last edited: Sep 29, 2015
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,547
    That is bad news :(

    The ProtonMail mailbox password can end up stored locally as plaintext :eek:

    So don't use ProtonMail without FDE.
     
  5. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,272
    Location:
    UK
    Likewise don't use ProtonMail without TFA. Wait - none of these kinds of providers HAS TFA, it's coming RSN.
    As mentioned in the article, it's really not that hard. U2F would do the job.
     
  6. Rafales

    Rafales Registered Member

    Joined:
    Feb 20, 2013
    Posts:
    55
    Location:
    Earth
    Protonmail team might need to hire a independent third party to carry out security audit on their applications and servers to fix gaps / vulnerabilities in the implementation and code (if any)
     
    Last edited: Sep 29, 2015
  7. Rafales

    Rafales Registered Member

    Joined:
    Feb 20, 2013
    Posts:
    55
    Location:
    Earth
  8. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,272
    Location:
    UK
    Funnily enough, the situation for me IS that I want LE to use MLATs because then there's a chance of warranted interception with articulated cause - I want LE to obey the rule of law. But the current situation with mass indiscriminate surveillance forces a reasonable person into additional protection.
    ProtonMail has issues as all these types of webmail services do, principally in terms of certificate and code verification. I won't use them until they have 2FA as well.
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,776
    New users flock to ProtonMail in wake of Trump’s victory
    https://www.helpnetsecurity.com/2016/11/14/new-users-protonmail/
     
  10. Ya5h Kh4n

    Ya5h Kh4n Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,026
    Under settings - account - at the bottom, there is "delete my account" tab.
     
  11. TomeiNingen

    TomeiNingen Registered Member

    Joined:
    Nov 8, 2016
    Posts:
    50
    Location:
    Fort Meade, Maryland
  12. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,284
    I think you can start now ;)
    ("ProtonMail supports the OTP protocol")
    -----
    And they introduced a "One-Password Mode" so the user can login with a single password instead of two passwords (login password + mailbox password).
    More technical details in the blog:
     
  13. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,272
    Location:
    UK
    @mood - thanks, good news.

    It appears to major on smartphones as a second factor, but I'm not sure whether - say - a Linux system with freeOTP - would work. Any feedback on that front would be good if anyone knows.

    My ideal is to have something like a Yubikey as - apart from not having a smartphone - I do not trust smartphones for anything much.
     
  14. TomeiNingen

    TomeiNingen Registered Member

    Joined:
    Nov 8, 2016
    Posts:
    50
    Location:
    Fort Meade, Maryland
    @deBoetie & @mood

    From a privacy standpoint I've always been somewhat wary of TFA. I'm a big proponent of compartmentalizing, but obviously there are undeniable security benefits to TFA. I don't know of any feasible alternatives, do you?

    (@mirimir - if I recall you're a proponent of compartmentalizing as well. If you care to weigh in I'd be interested to get your take on that problem as well.)
     
  15. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,272
    Location:
    UK
    Well, there's TFA and TFA. Compartmentalisation is necessary because that's only way to prevent leakage and risk, but that then has to apply to all your TFA systems too - they are "within" that compartment, and must not be reused in other compartments.

    For many reasons, it seems to me that TFA based on biometrics and smartphones is a privacy disaster, but that's why the corporates are so keen to promote them.

    As a knowledgeable user: Just Say No.

    Of course, in the unavoidable "public" persona one must more or less necessarily have if transacting on the internet, it may be you have to accept some of the grottier TFA schemes.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,547
    TFA can be implemented in so many ways, that it's impossible to make blanket statements. For pseudonymous personas, as @deBoetie says, "TFA based on biometrics and smartphones is a privacy disaster". But TFA based on GnuPG keys is fine. Or anything else that's not linked to the meatspace compartment. For one's meatspace identity, TFA based on smartphones is fine. Just don't let that stuff leak into pseudonymous compartments. Biometrics is bad for many reasons.
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,776
    ProtonMail gets own Tor-accessible .Onion Hidden Service
    https://threatpost.com/protonmail-gets-own-tor-accessible-onion-hidden-service
     
Loading...
Similar Threads
  1. jaypeecee
    Replies:
    18
    Views:
    579