Proton Mail
Images are sometimes not shown due to bandwidth/network limitations. Refreshing the page usually helps.
You are currently reading a thread in /g/ - Technology
You are currently reading a thread in /g/ - Technology
Is it worth it /g/? Should I migrate?
>>51854392
No. They were shekeled in record time.
>>51854392
It's pretty good. I'd wait to see what their commercial offering will be next month.
They were attacked by someone DDoS'ing them and when extorted to get the attack to stop, they capitulated almost immediately.
The attack didn't stop, because it turns out hackers extorting you for money don't honor their word. The people at ProtonMail didn't figure on that.
You can say whatever you want about it being stupid that they didn't realize that would happen on a superficial level, but my deeper concern is this: if they're not thinking very much about the mentality and "modus operandi" of deceptive people like hackers, what possible confidence can I have in their ability to anticipate state-sponsored attackers?
Given that their entire pitch is that they're a safe-ish haven with encryption, situated in a neutral place, etc... it seems a lot like well-intentioned but totally naive people are running this operation, which isn't exactly a good thing.
>>51854453
Commercial offering?
>>51854504
Good point but if they get DDoS'd your information is still safe/encrypted is it not?
>>51854392
>Willing to move to a new email
>Not setting up and hosting one
>>51854551
If they get DDoS'd your info is not touched.
>>51854551
This is precisely the shallow analysis that I'm saying I don't care about.
I'm saying that if ProtonMail doesn't understand how to deal with someone DDoS'ing them, I can't take seriously their claim that they really know what they're doing to rebuff a state-sponsored attack. I'm sure that their hearts are in the right place, but it takes operational security knowledge as well as technical security knowledge (as well as knowledge in myriad other fields) to resist a well-equipped government that wants to dive into ProtonMail's servers.
As an example, knowing that you need end-to-end encryption is great and demonstrates some technical understanding necessary to run a secure mail service, but do they have the legal team needed to rebuff a subpoena in Switzerland? Or did they just figure that being in Switzerland magically immunizes them from this stuff? Because it doesn't. There are ways to resist pressure from the US or UK or whomever from within Switzerland, but I'm no longer convinced that they have the social, legal, or operational understanding that's necessary.
>>51854844
>>51854403
>>51854504
>>51854668
so what email service should I use?
>>51854926
Your own
>>51854926
Like >>51854955 said, probably your own. But honestly a very cynical view that I could conceivably take is that if you're going to use ProtonMail on the basis of avoiding state sponsored attacks, you might as well use Gmail, Yahoo, etc...
None of them is a safe haven from government eavesdropping; if you're going to eat poison, it might as well be planted into a decent meal rather than a half-baked one.
Don't use email for anything that's supposed to be secure anyway. PGP helps, but it's agnostic to medium (you could send PGP encrypted messages by carrier pigeon if you were so inclined)
Y'all COMPLETELY missed the point. Yeah they where DDoSed but they didn't pay, that was a collective from their parent ISP. But they did accept protection from international companies. One of which is Israeli. No big deal right? That company created the cyber warfare college for the Israeli military and some other US Intel Corp. The denial of service was on the sophistication level off a nation state. Don't believe me? They blogged the entire thing in real time and packet storm or someone did the audit and published. I'll get links later
>>51855033
>they where DDoSed but they didn't pay
relevant section screencapped; crucial part highlighted. please read up before you post.
http://arstechnica.com/security/2015/11/crypto-e-mail-service-pays-6000-ransom-gets-taken-out-by-ddos-anyway/
i didn't read the rest of your post. if you went over the top to drive home that you were "just kidding" about being an idiot, sorry for giving you a response at all
>>51854392
>>51854403
>>51854453
>>51854504
>>51854551
>>51854668
>>51854688
>>51854844
>>51854926
>>51854955
>>51855025
>>51855033
>>51855099
blog post:
https://protonmail.com/blog/protonmail-ddos-attacks/
what wasn't reported:
https://cryptome.org/2015/11/protonmail-ddos.htm
email to clients:
http://pastebin.com/Em8SsCRT
>>51855099
you're wrong, see my link
>>51855123
The first one is from the stating who payed.
Primary beats tertiary. idiot.
>>51855099
incase you can't read:
"...At this point, we were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do at 3:30PM Geneva time to the bitcoin address =. This was a collective decision taken by all impacted companies, and while we disagree with it, we nevertheless respected it taking into the consideration the hundreds of thousands of Swiss Francs in damages suffered by other companies caught up in the attack against us. ...
Their ISP & a couple hops before them where targeted. A group of companies including the ISP decided to pay them.
Checkout scryptmail.com
in case anyone is missing the point...
Want secure email? PGP. This can still be tracked by subject, recipients, timing, public key, & others.
Want really secure? VPS hosted smtpd & pop3/imap using SSL & PGP that only exists for the duration of the project.
Email is inherently insecure and open for tracking, which has been wrote about in white papers. Try OTR or something ...
>>51855099
>>51855128
#rekt
>>51855275
jews :^)
>>51855304
kek *tips hat*
>>51854955
this tbqh senpai, setting up postfix/dovecot or kolab is a piece of cake, especially if you're familiar with docker.
You only need a domain and some DNS adjustments (and an SMTP reflector if you're on residential ISP).
>>51855221
Too bad it's hosted on the US
https://scryptmail.com/privacypolicy
>>51855374
*in US
shake my head
Cock.li
>>51855211
You're continuing to grossly miss the point that matters; ProtonMail fundamentally doesn't respond appropriately to extortion and other dirty tactics. The bank account that paid for the Bitcoins doesn't matter to me; that ProtonMail acquiesced to pressure to pay someone off to stop a DDoS attack speaks very poorly about them.
If you transferred $10,000 to a Nigerian prince expecting to get back millions, I'm not interested in the details of where that money came from; I'm interested in the fact that you either chose to or allowed yourself to be forced to participate in an *obvious* scam.
