| ▲ | h4kunamata a day ago |
| People will never understand, Proton is a privacy based email server, it is not the dark web where you can do as you please without consequences. Proton only has access to your IP and device ID, not your data.
With IP and device ID, you can easily track an user like finding the ISP, etc. Do you wanna do naughty things?? Don't use such services do to so. And ironically,this 404 Media is the only place I found covering this information and they require you to login to read the whole thing. Hmmmmmmmmmmmmmmmmmmmmm red flag big time!!!! |
|
| ▲ | observationist a day ago | parent | next [-] |
| Proton isn't opsec, it's just the best available commercial clearweb host that still has to follow all the laws and comply with warrants, but won't be arbitrarily selling your metadata or engaging in the adtech garbage. Kagi is to google as proton is to gmail. You get web mail, custom domains, decent security, decent spam detection, solid features, and no PII being sold. Nice, clean, simple - I like paying them money. I feel good about doing business with them, and I don't run into that often these days. |
| |
| ▲ | rationalist a day ago | parent | next [-] | | Sounds like Fastmail, except Fastmail is less sketchy and has better deliverability. | | |
| ▲ | nawtagain a day ago | parent | next [-] | | Fastmail requires payment meaning it is very closely tied to your identity. Proton is one of the very very few who do not tie a new email account to your identity via phone number, payment info or alternative email (which requires phone, payment info etc..). Even proton only provides webmail free - pop3/imap/smtp require payment. But that's still better than 99.99% of other webmail - everyone verifies via some method that ties to your personal info. | |
| ▲ | wswin a day ago | parent | prev | next [-] | | What's sketchy about proton? | | |
| ▲ | SoftTalker a day ago | parent [-] | | I don't know if sketchy is the right word but every* time I encounter a proton mail user on a mailing list, they are tinfoil-hat paranoid. Like they are a random nobody, but they are convinced that "the Russians" or "the Chinese" are constantly hacking at their laptop and they are constantly trying to harden everything so much one wonders why they even bother using computers at all. * OK "every" is an exaggeration but enough that the impression has been formed. |
| |
| ▲ | jadbox a day ago | parent | prev [-] | | How is Fastmail vs Proton? |
| |
| ▲ | a day ago | parent | prev [-] | | [deleted] |
|
|
| ▲ | wolvoleo a day ago | parent | prev | next [-] |
| Yes it does have access to your data, at least any email coming from or going to another mail provider. Because those are not end to end encrypted. Only encrypted in transit (and even that is optional). So they need to handle the plaintext at the point of transmission. I really don't like this about proton, they're always going on about their encryption but most emails they've seen in plain text on their SMTP servers. Because that's just how SMTP works. And so has the provider of the other party. Once they've put them in your mailbox they can't decrypt them again but I always consider a single exposure a loss of confidentiality. The only emails this doesn't apply to are those from people using PGP (yeah all three of them) and those on proton themselves. In my view this Achilles heel makes most of their protections irrelevant. But they still market it as if it's the email equivalent of signal, which actually can't see what you say at any point of transit. And non technical people have no idea about the difference. Ps I'm not blaming proton for not having a technical solution for this because interoperability makes it an unsolvable problem. But I do blame them for their marketing around it. |
|
| ▲ | Andrex a day ago | parent | prev | next [-] |
| > Do you wanna do naughty things?? Don't use such services do to so. Is that really what happened here? https://en.wikipedia.org/wiki/Stop_Cop_City |
| |
| ▲ | xp84 a day ago | parent | next [-] | | [flagged] | | |
| ▲ | ok_dad a day ago | parent [-] | | Why do police need big training centers to learn about the constitution and our rights, escalation of force, etc? I learned all that stuff in a single room when I was in the military. So yea, “not like that” indeed. |
| |
| ▲ | hunterpayne a day ago | parent | prev [-] | | Look at the numbers for number of people who die from interactions with police (both armed and unarmed) and then compare that to the extra violent deaths that happen because of defund the police polices and then let us know what you find. Only then can you make the claim you are implying. Otherwise you are doing the conspiracy theory thing where you present random data and then imply the idea you are pushing. | | |
| ▲ | bairrd a day ago | parent [-] | | Can you give me examples of where police were actually defunded? | | |
| ▲ | hunterpayne 2 hours ago | parent [-] | | I lived in Oakland. It happened there (and about a dozen other major cities). Gaslighting voters is how you lost to Trump. |
|
|
|
|
| ▲ | rideontime a day ago | parent | prev | next [-] |
| 404 Media has an excellent track record and is very reputable, if you're saying the "red flag" applies to them. |
| |
| ▲ | RandomNickname a day ago | parent | next [-] | | Meh,they got their own agenda. If the person or politics / group,they don't support then they have no problem just straight up making stuff up. Like the hit piece of Elons Grok where it was "doxing" pornstars names,but in reality all it did was just search web online and got the info from the first website it could find. But they made it seem like it was some hidden info that only Grok and Elon would know... | | |
| ▲ | datsci_est_2015 21 hours ago | parent [-] | | Sounds like you don’t understand doxing and may be overly sympathetic to a reactionary billionaire’s propaganda machine. Doxing for the most part is simply aggregating publicly available information on an individual and broadcasting it to a wider audience. Rarely does it require more serious sleuthing or even “hacking”, although those are the more notorious instances because it involves someone who may have been trying to hide their identity for various reasons. | | |
| ▲ | tbrownaw 18 hours ago | parent [-] | | > don’t understand doxing No, it's that people keep misusing that word for a broader and broader class of things. Pushing back on dilution of meaning isn't a lack of understanding. | | |
| ▲ | datsci_est_2015 13 hours ago | parent [-] | | What’s the utility of narrow definition of doxing? It’s a form of harassment. Who benefits from a narrow definition, aside from harassers? I think we’re pretty far away from “falsely accused of doxing”. What’s it going to be? “I was just writing a research paper!” |
|
|
| |
| ▲ | expedition32 a day ago | parent | prev [-] | | Journalists should work for free. Which means that they are going to be paid by governments and corporations to spout propaganda because everyone has a mortgage to pay off... | | |
|
|
| ▲ | afavour a day ago | parent | prev | next [-] |
| I really don’t think 404 Media having a login gate is a red flag. They’re a business that needs to make money and the alternative to subscriptions is ads, which would be exponentially worse for user safety than what exists today. |
|
| ▲ | robcohen a day ago | parent | prev | next [-] |
| > Proton only has access to your IP and device ID, not your data. I like Proton. I use Proton. However, the problem with proton is that if you access your email via a web browser, there's nothing stopping protonmail (to my knowledge) from reading your email from within their webapp via JS. This type of attack could be targeted at the behest of authorities. So, actually, Proton COULD read your email (IFF you use webmail). |
| |
| ▲ | gruez a day ago | parent | next [-] | | >So, actually, Proton COULD read your email (IFF you use webmail). The authorities can also read your self-hosted email if they had a warrant to search your house. Even if you enable FDE they can do a cold boot attack. | | |
| ▲ | golem14 a day ago | parent | next [-] | | I believe that you would not expect that level of interaction with LEAs for a "stop cop city" dude that hasn't even been charged with a crime. I'd count that up as a hypothetical win of the self-hosted main in your own location. If you are Dr. Evil, OTOH, other calculi apply. | |
| ▲ | encrypted_bird a day ago | parent | prev | next [-] | | Just out of curiosity, what is a cold boot attack? | | |
| ▲ | gruez a day ago | parent [-] | | https://en.wikipedia.org/wiki/Cold_boot_attack tl;dr they pull the decryption keys from your computer while it's still running, which of course it is because your mail server has to be up 24/7. | | |
| ▲ | wildzzz a day ago | parent | next [-] | | Simple solution: put your server inside of a cabinet or enclosure that immediately powers it off if opened with a hidden micro switch. Additionally, write a little udev rule to immediately power off if any new USB device is connected or Ethernet is unplugged. | | |
| ▲ | encrypted_bird 20 hours ago | parent [-] | | So a trip-switch for the server? How would one access it if one needed to do config changes or, really, anything the server for legitimate purposes? | | |
| ▲ | quesera 19 hours ago | parent [-] | | ssh in and shut down first (and/or just use a properly reliable filesystem). Mail transfer can tolerate multi-hour interruptions. Imagine the drama if it couldn't! |
|
| |
| ▲ | encrypted_bird 20 hours ago | parent | prev [-] | | That is fascinating! Thanks for sharing! |
|
| |
| ▲ | Tepix a day ago | parent | prev [-] | | What if you use encryption? | | |
| |
| ▲ | johanyc 15 hours ago | parent | prev | next [-] | | You always put trust in the vendor even if they use e2ee because the end clients are made by them. They can just send things without e2ee from any of their clients (not just web). > This type of attack could be targeted at the behest of authorities. No? How can authorities tell them how to do their business? | |
| ▲ | perching_aix a day ago | parent | prev [-] | | Is even that needed? Nothing e2ee about the emails you receive normally, they could just read them right away if they really wanted to. And that is to say nothing about the metadata. |
|
|
| ▲ | netfortius a day ago | parent | prev | next [-] |
| Here you are: https://archive.ph/Zvw3O |
|
| ▲ | a day ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | mandeepj a day ago | parent | prev | next [-] |
| >Proton is a privacy based email server, it is not the dark web where you can do as you please without consequences. If you are so hard-pressed to do something, then maybe setup your own smtp server |
|
| ▲ | mhitza a day ago | parent | prev | next [-] |
| That's 404 media's approach. That's why I only read their headlines. In theory you could open up your protonmail account over tor and with bitcoin (or does that not work anymore?). Its been a good while since I tried them out. Why I don't recommend them anymore is because when I didn't extend my subscription in time (expecting an account downgrade), my mail was locked and emails hold on to as random. Allowed to login only for payment. That was one red flag from me, the second was when they shared IP address logs of a French protestor. E̶v̶e̶n̶ ̶t̶h̶o̶u̶g̶h̶ ̶a̶t̶ ̶t̶h̶e̶ ̶t̶i̶m̶e̶ ̶t̶h̶e̶y̶ ̶h̶a̶d̶ ̶a̶ ̶n̶o̶ ̶l̶o̶g̶s̶ ̶p̶o̶l̶i̶c̶y̶,̶ ̶i̶f̶ ̶I̶ ̶r̶e̶m̶e̶b̶e̶r̶ ̶c̶o̶r̶r̶e̶c̶t̶l̶y̶.̶ ̶O̶r̶ ̶i̶f̶ ̶I̶ ̶d̶o̶n̶'̶t̶.̶ |
| |
| ▲ | gruez a day ago | parent | next [-] | | >the second was when they shared IP address logs of a French protestor. Even though at the time they had a no logs policy, if I remeber correctly. Or if I don't. You probably aren't remembering correctly given that specifically have a "login logs" option that can be toggled on/off. | | | |
| ▲ | encrypted_bird a day ago | parent | prev | next [-] | | I let my subscription expire and my account was never locked down or emailed held for ransom. I suspect there is another piece to the story you're either neglecting to mention or don't know. | | |
| ▲ | mhitza a day ago | parent [-] | | Yes, this happened 5-6 years ago, I've publicly complained before, and I paid with bitcoin. Those are the only details not included in my previous comment. | | |
| |
| ▲ | mistyvales a day ago | parent | prev | next [-] | | You can still pay with cash! | |
| ▲ | tototrains a day ago | parent | prev [-] | | last time i tried they asked for an email to link the account to. I don't think they provide anonymous accounts anymore, but you can probably create one with another anonymous email. |
|
|
| ▲ | lucb1e a day ago | parent | prev | next [-] |
| What device identifier are you referring to, something like the MAC addresses of your network cards? How are they retrieving that via a browser? |
|
| ▲ | hypeatei a day ago | parent | prev [-] |
| Proton doesn't really protect anything email related unless the recipient is also using protonmail. The article also points out they sought payment data, not "IP and device ID" information. |
| |
| ▲ | niam 21 hours ago | parent | next [-] | | This seems misleading inasmuch as your correspondents aren't all on the same mail servers. Yes, correspondence between you and Build-A-Bear, and between you and your local terrorist cell, are unencrypted individually. But Build-A-Bear presumably doesn't know about your correspondence with the cell, and the latter presumably has some interest in not sharing organizational data access with the former. I suppose you do have to trust that Proton isn't served a directive to snoop on your correspondence in transit with other providers. But that's still a much better position than leaving all of your historical data unencrypted at rest. | |
| ▲ | lucb1e a day ago | parent | prev [-] | | > unless the recipient is also using protonmail Or any similar service from another vendor? Or hosts their own email. If someone using Protonmail emails me, their data is also not getting sold for example, it's just stored on my laptop | | |
| ▲ | wolvoleo a day ago | parent [-] | | Even if it's another self hosted service, proton still needs the plain text in order to send it to them with transit encryption only. Proton does have interoperability with PGP/GPG but very few people use that because of its UX. |
|
|
