PayPal and Proton Mail
Paypal Freezes $275K fundraiser for encrypted mail startup; not sure if encryption is legal. http://www.dailydot.com/politics/paypal-protonmail-freeze/ https://protonmail.ch/
On 7/1/14, 10:27 AM, Jerry wrote:
PayPal has lifted the freeze: https://protonmail.ch/blog/paypal-freezes-protonmail-campaign-funds/ ProtonMail's public Bitcoin address: https://blockchain.info/address/1Q1nhq1NbxPYAbw1BppwKbCqg58ZqMb9A8?filter=2 gf -- Gregory Foster || gfoster@entersection.org @gregoryfoster <> http://entersection.com/
On Tue, Jul 1, 2014 at 2:15 PM, Gregory Foster <gfoster@entersection.org> wrote:
protonmail.ch
From what I can tell, you are loading the code they provide on the fly into your browser to execute crypto ops on your behalf. That is just
This appears to be just one of many startups offering non-solutions. plain bad. Remember hushmail? When you give up your environment to the same parties providing your service, you give up the game. And it's centralized, few will choose different passphrases, etc. https://protonmail.ch/blog/protonmail-threat-model/ "There are more difficult to use, but more secure solutions out there, which are more appropriate for Snowden’s use case." For one, you're better off learning and using some underlying tools like these instead... https://www.gnupg.org/ https://www.enigmail.net/ https://protonmail.ch/sign_up.php -> https://protonmail.ch/invite "Notification Email (Required) - Used only to contact you about our public beta. This should be your current email (Gmail, Hotmail, Yahoo!, etc) - not your new protonmail email. ... Your notification email will not be linked to your ProtonMail account - it is only used for communicating with you during our beta and will be removed from our system after the beta." This is a failure of implied and stated privacy ethics. Invites are linked. And it should not be asked for in the first place. Thus never on the system and no trust needed. "response to our open beta has maxed our server capacity. We're working hard to add more servers While open and honest if true, this does not inspire systems confidence. "I think it is safe to say if we were NSA funded, we wouldn’t need to be going around competing for 100k startup awards" Actually, that is precisely what you'd want to do. There's no architecture whitepaper. And so on, etc... It's a useful service and a step in the game. Just be exactly sure of what it is and what it is not. And you should not rely on service providers to be the sole source of your answer to that question either.
ProtonMail's public Bitcoin address: https://blockchain.info/address/1Q1nhq1NbxPYAbw1BppwKbCqg58ZqMb9A8?filter=2
I'd rather fund something like... "The next gen P2P secure email solution"
On Tue, Jul 1, 2014 at 2:15 PM, Gregory Foster wrote:
https://protonmail.ch/blog/paypal-freezes-protonmail-campaign-funds/
On 7/1/14, 9:20 PM, grarpamp wrote:
This appears to be just one of many startups offering non-solutions...
I did not intend to advocate use of the service, rather I wanted to share the news that PayPal had lifted the freeze. This story caught my attention because it reminded me of another time when PayPal mysteriously found itself engaging in economic warfare. http://www.wired.com/2010/12/paypal-wikileaks/ On Tue, Jul 1, 2014 at 2:15 PM, Gregory Foster wrote:
ProtonMail's public Bitcoin address: https://blockchain.info/address/1Q1nhq1NbxPYAbw1BppwKbCqg58ZqMb9A8?filter=2
On 7/1/14, 9:20 PM, grarpamp wrote:
I'd rather fund something like... "The next gen P2P secure email solution"
And while I do encourage support for this project---which is distinct from use, and perhaps for no other reason than PayPal's unintentional endorsement---my intent was to point out the means to avoid direct subjection to the written and unwritten policies of the existing corrupt global financial institutions. With that said, the critical eyeballs which cypherpunks bring to bear on projects is invaluable. However, the reflexive rejection of closed source projects and the reflexive acceptance of open source projects is a bit too Manichean for my world view. There is merit to both approaches in different contexts. It's helpful to remember that information propagates through a channel in non-quantum entangled systems, so even if it emerges from closed source software or hardware it can be observed. Heartbleed established a helpful corollary to Eric Raymond's belief that "given enough eyeballs, all bugs are shallow": you will never get enough eyeballs because people are lazy and assume that someone else is doing the work. Therefore, take as given that all code sucks, both closed and open source. Then at least you will not be surprised when you find out it's almost always true, and you can enjoy the amplified pleasure of genuine surprise when you encounter projects that really are solid. I think it's beautiful to see and support the proliferation of work occurring to address the new normal of no privacy, both closed and open source. The slumbering cypherpunk spirit has awakened. gf -- Gregory Foster || gfoster@entersection.org @gregoryfoster <> http://entersection.com/
RetroShare is a good player, but it's too buggy for "Average Joe"... And it's more like an IM than an Email. - Gutem ------------------------------------------------------------------------------------------- Registered Linux User: 562142 https://keybase.io/gutem/key.asc <http://keybase.io/gutem> PGP Fingerprint: 2522 ECFA DCD2 FF52 3AAB D2A1 154E 14CD E1A6 97BF 2014-07-02 20:22 GMT-03:00 rysiek <rysiek@hackerspace.pl>:
Gregory Foster wrote: reflexive acceptance of open source projects
Not so much, ie: one must still evaluate them too.
I think it's beautiful to see and support the proliferation of work occurring to address ... privacy ... [with open source]
Yes.
[with closed source].
Pretty products, onesheets, and test vectors. Yes, they're nice and do help in overall movement towards an all encrypted world. They're worth recommending. However, caveat trust and whatever other issues to the recommendee. This applies equally to opensource. Seeing mail providers basically advertise 'you can trust us' to their end users (with whatever backing reasons they have (which btw are typically as full of holes as your typical privacy policy))... that's what should give people pause to think carefully. This, re: proton... which would you rather hear, and which do you hear? - Warning: We detected a breach that injected snake oil into your browser. - Warning: We can inject snake oil into into your browser at will. Any provider who tells you they offer an email service in which they can make your email trustably secure for you, regardless of how they claim to do it, is a liar. Period. You are the trust root, only you can secure your email. So those who want better will need to use provider independant encryption tools. And the best you'll ever get with them under [1] is encrypting everything but the 'envelope to' (which you must expose for delivery), and the authenticated 'envelope from' (which they, being the centralized rulers they are, will require). More self help tools... https://www.mailvelope.com/ https://whiteout.io/
the new normal of no privacy
Any fixes on centralized clearnet 'email', beyond everyone using self help tools, will always have these trust issues now. As with Banks/Paypal vs Bitcoin, remove the delegation of trust to the central provider... by removing the central provider from the equation. [1] http://en.wikipedia.org/wiki/Email
The slumbering cypherpunk spirit has awakened. @gregoryfoster <> http://entersection.com/
http://entersection.com/posts/1238-charlie-chaplin-on-the-patrimony-of-greed... ?
participants (5)
-
grarpamp -
Gregory Foster -
Gutem -
Jerry -
rysiek