The Truth About Protonmail
privacy-watchdog.io

You should assume that US and Israeli intelligence services can read everything in your Protonmail.

Other encrypted webmail providers should also be regarded with suspicion for similar reasons

  • Tov
    564 years ago

    Protonmail even has an SSL cert for that onion address even though it’s completely unnecessary.

    The reason they have an EV TLS certificate is because it still authentifies the remote server as genuine. If their Tor private key were to be leaked, users would be able to see that an impersonating service is not serving the right certificate. This also allows for cert pinning and HSTS.

    When a user makes a new account with Protonmail on TOR they are re-directed from Protonmail’s “.onion” to “.com” address. This breaks your secure encrypted connection to their onion address, enabling your identification. […] the only other websites that operate like this are suspected NSA/CIA Honeypots.

    Redirecting to the clearweb from a Tor address does not break “your secure encrypted connection”. Accessing an onion-routed service is only marginally more “secure” than accessing a TLS-enabled clearweb service over Tor.

    Professor Nadim Kobeissi mathematically proved that Protonmail does not provide End to End Encryption. Meaning, Protonmail has the ability to decrypt their own user’s data.

    This issue is hardly mathematical, and the argument is simple: if they want to serve you a JS file that sends them the decrypted contents of your mailbox, they can. It can be helped by hosting their webclient yourself. Supply-chain attacks are hardly a reason not to use software since every single one of them is affected.

    I also doubt anyone here has read the entirety of the source code of the software they use, so why would you use Linux, of which entire components were originally written by the NSA, or Tor, which has its roots in US Navy research labs and DoD funds? How about the websites that use NIST-approved elliptic curves designed by the NSA? Surely, you agree that SELinux and Tor can be reasonably trusted. You probably visited hundreds of websites that use NSA Suite B ECs. In fact, privacy-watchdog.io uses the NSA-designed P-256 EC. It seems to me there is no reason to have particular distrust for the ProtonMail webclient.

    That is not to say ProtonMail is secure, all third-party hosted webmail services are vulnerable to the attack Kobeissi outlines in his paper. You may not trust any of them, but I also do not trust myself to correctly configure everything correctly, and I much less trust hosting services to keep my data secret. Overall, the e-mail ecosystem being as broken as it is, you’d rather not use it for secure communications.

    The other, non-technical points I can’t be bothered to investigate (as IMO they hardly matter). Point 6, EML files are standard. Point 10, am I supposed to care? Point 11 assumes “independence” is an attribute worth pursuing (“but small business owners!”), or that it even is possible to pursue at scale.

    • @styx@lemmy.world
      1010 months ago

      Yea, the whole article seems to wrap few valid possible vectors to a bunch of “scary facts” that does not mean what they sound.

    • @redjoker
      54 years ago

      I’ve been told good things about self-hosting via Mail-in-the-Box, I’ve been looking into hosting mail on Alibaba Cloud to allow for more bureaucratic hurdles, but I haven’t done much there. Get people to use GPG with everything possible

      • @redjoker
        44 years ago

        To clarify, my own mail server on Alibaba Cloud

        • Muad'DibberMA
          54 years ago

          I’ve always thought about doing this, but I’m too lazy. If its sites I have to sign up for, then I just use a non-US email, and if its personal convos with ppl, I just use matrix or signal. Its really unfortunate that encryption was an afterthought with email.

        • @redjoker
          54 years ago

          GNU Privacy Guard, the GNU Project’s implementation of OpenPGP (Pretty Good Privacy)

          You form a web of trust with other people, sign each other’s keys, and can use it to encrypt any file, including emails

          You use Windows, Linux, or macOS?

          • @LeftBrain
            44 years ago

            windows and mac. this is interesting, but I doubt i could get any family or friends to use that kind of thing with me. They already think I’m weird for using a VPN

  • @LeftBrain
    34 years ago

    I only used protonmail once, thankfully.

    What about startpage email? I heard they were bought by an advertising company

    • @chad1234OP
      24 years ago

      Protonmail and tutanota offer an open source client, allowing you to verify their promises of encryption. Start does not, so it is quite possible that your message appears in plain text on their side. Start uses TLS for user to server which is similar level of security as normal gmail, hotmail etc.

    • @chad1234OP
      24 years ago

      Netherlands is in 9 eyes also

  • @LeftBrain
    34 years ago

    Informative article, thank you!

  • @Liu
    24 years ago

    I’ve never believed otherwise.

    • @chad1234OP
      44 years ago

      I believe that having one of the encrypted webmails be exposed as being built to serve as a honeypot is sufficient to cast doubt over the whole idea of encrypted webmail.

      protonmail started just after the FBI forced Lavabit to hand over data relating to snowden. Maybe they had a change of heart and decided that encrypted mails should be allowed to continue to exist to serve as honeypots.

      After brief reading the websites of protonmail, tutanota, startmail :

      Protonmail and tutanota offer an open source client, allowing you to verify their promises of encryption. Start does not, so it is quite possible that your message appears in plain text on their side. Start also says it uses TLS for user to server which is similar to gmail

      Proton and tuta state that they generate the keys on your client and then encrypt privat key using your password. So it would appear that they cannot read your encrypted message plain text.

      However, apparently it is possible that the server could be made to send you a web client which is rigged to leak your password. Tuta also offers a desktop client which is supposedly not vulnerable to such an attack.

      the only thing which can be verified as being end to end encrypted is the content messages written by Proton/Tuta users using the open source client. Any mails you receive from outside can potentially be read plain text, before they later encrypt it.

      Tuta has been forced to implement systems to hold messages unencrypted by German law: https://old.reddit.com/r/privacy/comments/dwouqj/tutanota_cooperated_with_authorities_to_keep/

      to actually have any privacy benefits, you’d have to convince everyone to join the same email provider, but if you could do that you could instead make them join matrix/ signal

      Obviously they can still track who is sending messages to who and what time. Tuta also claims that your metadata is encrypted but that seems absurd IMO since their server can easily be made to keep these records.

      In additio to that, they have physical possession of your encrypted message archive so at any time, they could attempt to crack it or make attempts to steal your password in order to decrypt it.

      • @chad1234OP
        44 years ago

        LOL. Tutanota also encrypts a second copy of the private key using the recovery code which is generated on their end, at least for the first time. So at all times they were able to decrypt everything.

    • @chad1234OP
      24 years ago

      Germany is also in 14 eyes