[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vm / vmg / vr / vrpg / vst / w / wg] [i / ic] [r9k / s4s / vip / qa] [cm / hm / lgbt / y] [3 / aco / adv / an / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / pw / qst / sci / soc / sp / tg / toy / trv / tv / vp / vt / wsg / wsr / x / xs] [Settings] [Search] [Mobile] [Home]
Board
Settings Mobile Home
/g/ - Technology

[Advertise on 4chan]


Thread archived.
You cannot reply anymore.


[Advertise on 4chan]


New retarded exploit found, fucking with the api can return any users creation date, and with this any dumbass can email protonmail and recover 'their' account. Fuck this shitty email service.
>>
>>82642731
>source; I didn't take my meds
>>
now it makes sense it was banned in my country
>>
>>82642731
I think it's grossly irresponsible that shit like ProtonMail and Signal get marketed to dissidents. They're nowhere near secure enough for such uses, not to mention the phones people use to access that shit. You use these services if you're just a regular guy wanting to avoid some Big Tech data mining.
>>
>>82643851
>You use these services if you're just a regular guy wanting to avoid some Big Tech data mining.
Exactly
>>
>>82642751
fpbp /thread
Recovering the account with only the creation date doesn't even make sense unless you're off your fucking meds.
Also this >>82643851
>>
>>82643899
OP is thinking about socially engineering Customer Support into believing that he's the creator of a certain account, using the data he obtained with the exploit
>>
>>82643920
Yeah good luck with that. If someone emails support with only the specific account creation date and nothing else they will promptly tell you to fuck off.
And if you disabled password recovery altogether (which you fucking should anyways) you can't recover the account at all. Even if we assumed the absolute worst case, support is clinically brain dead, password recovery is enabled, adversary has physical access to your phone, all emails are still gone once you reset the password. And all of that assumes you can even get the creation date in the first place which I fucking doubt until and unless OP present proof instead of schizo ramblings.
>>
>>82643851
>You use these services if you're just a regular guy wanting to avoid some Big Tech data mining.
If this needs to be stated now I understand why they get so much backlash here. People didn't have the right expectations for these services. They're good at what they do for the average person but they're not going to help you from targetted surveillance (especially not email).
>>
>>82644552
Most people have no fucking idea about anything at all and /g/ especially doesn't have the first fucking clue what surveillance even entails thus having ideas and expectations that are completely out of touch with reality.
Nothing and I mean absolutely fucking nothing is going to help you if become a POI. Tor isn't going to help you, your curry android roms aren't going to help you, not even tails is going to help you. If you're even so much as suspect you're under surveillance and still use email you just deserve what's coming your way. Email is not secure nor private nor anonymous and it neither can or ever will it be.
>>
>>82643851
>You use these services if you're just a regular guy wanting to avoid some Big Tech data mining.
uh... exactly? half of you niggers go through so many privacy and anonimity hoops like you hold information SO important that no one else can see it.
here's some news for you: no one gives a shit, schizo
>>
>>82644666
You seem to give a shit because you endorse (((protonmail))), glownigger
>>
File: 1615355779097.jpg (480 KB, 1620x1080)
480 KB
480 KB JPG
>>82644698
>The glownigger is projecting again
Still waiting for proof NSA janny.
>>
>>82642731
>using protonmail and not using GPG
anon...
>>
>>82642731
> no source
> no links
kill yourself, fbi.
>>82643851
>They're nowhere near secure enough for such uses
> no proof
it's amazing how badly these disinformation campaigns fail on sites like 4chan and reddit. it isn't a surprise either, considering such threads are created by feds that quite happily sit on tor all day running child porn websites, phishing scams and honeypots.
>>
>>82644736
you won't get any from the pedophiles of the glow in the dark spy agencies.
>>
whoah the schizo typed all that ?
Thanks, but I'm still using protonmail
>>
>>82642731
>and recover 'their' account.
Accounts recovery is gay.
It's should be banned.
If you lost your password you lost it.
>>
>>82642731
>Protonmail once again proved its shit
I'm confused
>>
>>82642731
meh, happens all the time to every service provider, literally a non-issue as usual
>>
>>82643851
>You use these services if you're just a regular guy wanting to avoid some Big Tech data mining

yes that is pretty much the goal. If you're running away from glowies you should be on tails hosting your own email.
>>
i just want dark mode for the mobile app
>>
>>82642751
ProtonMail is a criminal organization that conducted an illegal hack against a target that ended up being innocent. They were proud of it, so they tweeted they broke the law. When they realized ProtonMail leadership could go to prison over this hack they deleted all evidence. VICE wrote an article about it.[1] I just feel bad for the innocent guy who was mistakenly assaulted by a group of criminal PhD's. ProtonMail can never comment about this because if they did it would result in company employees going to jail for criminal behavior.

ProtonMail was created with NSA/CIA oversight[2]

ProtonMail crowdfunded to "Stay Independent." Then weeks after collecting $500k from average people they sold part of their company to a US firm that has close ties to President Obama. How close? The company that part-owns ProtonMail also has delegates to the UN who were selected by Obama.[3]

ProtonMail Behaves like a CIA/NSA "Honeypot." ProtonMail has an Onion domain[4] that allows users to visit their site using the Tor browser. ProtonMail even has an SSL cert for that onion address even though it's completely unnecessary. When a user makes a new account with ProtonMail on Tor they are re-directed from ProtonMail's ".onion" to ".com" address. This is exactly how CIA honeypots operate.

ProtonMail brags about their Swiss privacy protection but ignores the fact that the Swiss have an information sharing MLAT treaty[14] with the United States. So anything on those Swiss servers is likely also on NSA servers.

ProtonMail doesn't provide true end-to-end encryption. A professor who teaches computer science and cryptography Nadim Kobeissi[5] proved that ProtonMail does not provide end-to-end encryption. ProtonMail has since publicly acknowledged that they can decrypt anyone's encrypted content by obtaining their password/passphrase.[6]

ProtonMail's developers do not use ProtonMail. They would know if the company is corrupt, and their dev's do not use it.[7]
(Part 2, next post)
>>
>>82645953
ProtonMail Claims to be "Independently Audited."[8] There is only one company listed as conducting an Audit of ProtonMail, Cyberkov.com.[9] Cyberkov's website says it's connected to Harvard, MIT & CERN. And their team is full of Harvard and MIT grads, exactly like ProtonMail. So ProtonMail's audit was most likely conducted by ProtonMail's college friends or colleagues.

ProtonMail betrayed all early Crowdfunder's. When ProtonMail was being created the founders would frequently decline seed startup capital. Andy Yen clarified this when he told Forbes "The reason we have to be bootstrapped is because if we take our money from something like Google Ventures, there goes our credibility. By being in this market we have to fund ourselves,"[10] So ProtonMail crowdfunded $550k to create a secure & 'independent' email service. A few months after this croundfunding, they accepted $2 million from CRV & FONGIT.

CRV’s founder is Mr Ditersmith a US State Department employee appointed by President Obama himself.[11] The nature of a delegate’s work requires close communication with the CIA & NSA. ProtonMail is part owned by this company.

ProtonMail also sold equity to FONGIT. FONGIT is financed by the Swiss Government.[12] FONGIT installed their director, Antonio Gambardella, as ProtonMail's "guide" to all "strategy and operations." ProtonMail's website states that Antonio represents the "State of Geneva and the Swiss Federal government."[13] The Swiss Government signed an MLAT treaty[14] with the US government which can allow the US government complete access to ProtonMail's decrypted data.
(Part 3, next post)
>>
>>82645962
Later in 2018, ProtonMail was hit with another DDOS attack. After the attack appeared to have ended, ProtonMail CTO, Dr. Bart Butler, mocked the attacker and then later goaded them via Twitter.[15] In response to the harassment, the attacker restarted the attack with increased strength resulting in ProtonMail being taken offline again. The attackers said 3 times they would stop the attack if ProtonMail CTO, Dr. Bart Butler, apologized. Dr. Butler would not apologize for publicly mocking and goading the attacker, so the DDoS continued. ProtonMail tried to blame the DDOS attacks on Russia,[16] jumping onto the "Just blame Russia" bandwagon. Everyone who had the facts disagreed with ProtonMail's "blame Russia" approach, including their own contractor, Radware. As ProtonMail was trying to figure out where it was coming from, Krebsonsecurity came to the rescue and identified the attacker as an autistic teen living in the UK.[17] ProtonMail later credited him officially. ProtonMail was not taken offline by Russia after all, it turns out it was pretty easy to do.
>>
>>82645971
References
---
[1] https://www.vice.com/en_us/article/qvvke7/email-provider-protonmail-says-it-hacked-back-then-walks-claim-back
[2] https://privacy-watchdog.io/protonmails-creation-with-cia-nsa/
[3] https://privacy-watchdog.io/protonmails-crowdfunding-equity-sale/
[4] protonirockerxow.onion
[5] https://eprint.iacr.org/2018/1121.pdf
[6] https://protonmail.com/blog/cryptographic-architecture-response/
[7] https://privacy-watchdog.io/protonmail-devs-do-not-use-protonmail/
[8] https://protonmail.com/blog/protonmail-security-contributors/
[9] https://cyberkov.com/
[10] https://www.forbes.com/sites/hollieslade/2014/05/19/the-only-email-system-the-nsa-cant-access/#6a8aa8167f7f
[11] https://teddintersmith.com/about-ted/
[12] https://fongit.ch/about-us/
[13] https://archive.fo/jNwjm
[14] https://www.rhf.admin.ch/dam/data/rhf/strafrecht/rechtsgrundlagen/sr-0-351-933-6-e.pdf
[15] https://www.bleepingcomputer.com/news/security/protonmail-ddos-attacks-are-a-case-study-of-what-happens-when-you-mock-attackers/
[16] https://www.securityweek.com/significant-ddos-attack-protonmail-blamed-russia-linked-group
[17] https://krebsonsecurity.com/2018/09/leader-of-ddos-for-hire-gang-pleads-guilty-to-bomb-threats/
>>
>>82645953
>>82645962
>>82645971
>>82645979
automated schizo post is kinda late this thread
>>
>>82646097
seems legit to me
>>
>>82644972
>>They're nowhere near secure enough for such uses
>> no proof
Dude, have you been paying attention to the news lately? Oppressive regimes compromise phones and endpoint devices with ease, including no-interaction-required remote exploits. Dissidents are sitting ducks.
>>
>>82645953
>>82645962
>>82645971
>>82645979
I used to deride this pasta, but after reading [5] I just couldn't pretend ProtonMail was worthy of charitability anymore. It's complete fucking snake oil, and PGP is yet still unmached. /cyb/+/sec/ shilling it is also a testament to how much of a bunch of fucking posers they are.

>As ProtonMail was trying to figure out where it was coming from, Krebsonsecurity came to the rescue and identified the attacker as an autistic teen living in the UK.
Based aspie.
>>
>>82645953
>ProtonMail's developers do not use ProtonMail

what do protonmails devs use?

honestly gmail was amazing, protonmail always wants me to upgrade because i am running out of space, but i am not paying them.
i also had the perfect adress on gmail but i deleted it to use protonmail and i cant have it back.
>>
>>82647611
I think you can even still use gmail without JS
>>
>>82643920
Who the fuck remembers the exact date they created their email account?
>>
File: proton.png (80 KB, 2693x505)
80 KB
80 KB PNG
>>82642731
okay cool who do we use instead
>>
is gmx mail ok to use?
>>
>>82648260
+1
what website is that?
What's the most anti-glowie option other than self-hosting? I'm willing to pay.
>>
No shit its a honeypot. I only use it when 10minmail or guerrilla mail doesnt work, i register a proton acc and use it. Simple as
>>
>>82648775
https://wiki.techxodus.org/en/Email
Crosschecking techxodus' email list with privacytools.io, both lists do not yield a perfectly private provider. the vast majority are all in a 14 eyes country and/or have key disclosure laws, or some form of cross-nation/international information sharing agreement (switzerland sharing info with usa for example)
>>
>>82648260
i use posteo.de
>>
>>82648775
disroot or riseup
>>
>>82648917
nice 14 eyes
>>
>>82649140
>commiekazie
>we wont ban or datamine you we promise
>thanks /Nanon/
jesus christ just pay for tutanoa or some obscure email service like the ones used by ransomware gangs
>>
>>82650011
Why are there always incels screaming "NOOOO DON'T USE LE COMMIE SERVICE PAY FOR MY SNAKE OIL HONEYPOT INSTEAD" every time the only e-mail service that's explicitly anti-LEM is mentioned?
>>
>>82650709
LEA*
>>
>>82642731
>Free email server
>AKA Honeypot
>>
>exploit found
WOW FUCKING AMAZING NEWS IT'S NOT LIKE EXPLOITS ARE FOUND FOR EVERYTHING EVERY FUCKING SECOND
>>
What other choice is there for a reliable email host which you can use for your everyday life?

ProtonMail with a custom domain just seems like the best option. Your account doesn't stand out as weird (no ProtonMail domain) while not being tied to services from Google, Microsoft which can and often do terminate accounts for no reason. The encryption is an added bonus, although I wouldn't rely on it for anything serious. It stood the test of time and works reliably, won't go down anytime soon. Privacy-wise certainly better than the bigger services.

There is nothing that can quite compete. Note, I'm talking about everyday life email. Something like riseup or disroot simply isn't suitable. Using a custom domain with ProtonMail already pushes it a bit far
>>
>>82650779
Tutanota.
>>
I got a code for cock.li. Where the hell do I regester this thing?
>>
>>82651859
They still don't have threaded email in 2021
>>
>>82645971
>>82647246
> no proof
you post the same debunked cancer in every thread, pedophile policeman. you need to consider suicide.
>>
One word. Posteo.



Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.