PayPal and Proton Mail

grarpamp grarpamp at gmail.com
Tue Jul 1 19:20:44 PDT 2014


On Tue, Jul 1, 2014 at 2:15 PM, Gregory Foster <gfoster at entersection.org> wrote:
> protonmail.ch

This appears to be just one of many startups offering non-solutions.
>From what I can tell, you are loading the code they provide on the fly
into your browser to execute crypto ops on your behalf. That is just
plain bad. Remember hushmail? When you give up your environment
to the same parties providing your service, you give up the game. And
it's centralized, few will choose different passphrases, etc.

https://protonmail.ch/blog/protonmail-threat-model/
"There are more difficult to use, but more secure solutions out there,
which are more appropriate for Snowden’s use case."

For one, you're better off learning and using some underlying tools
like these instead...
https://www.gnupg.org/
https://www.enigmail.net/

https://protonmail.ch/sign_up.php -> https://protonmail.ch/invite
"Notification Email (Required) - Used only to contact you about our
public beta. This should be your current email (Gmail, Hotmail,
Yahoo!, etc) - not your new protonmail email. ... Your notification
email will not be linked to your ProtonMail account - it is only used
for communicating with you during our beta and will be removed from
our system after the beta."

This is a failure of implied and stated privacy ethics. Invites are linked.
And it should not be asked for in the first place. Thus never on the
system and no trust needed.

"response to our open beta has maxed our server capacity. We're
working hard to add more servers

While open and honest if true, this does not inspire systems confidence.

"I think it is safe to say if we were NSA funded, we wouldn’t need to
be going around competing for 100k startup awards"

Actually, that is precisely what you'd want to do.

There's no architecture whitepaper.

And so on, etc...

It's a useful service and a step in the game. Just be exactly sure
of what it is and what it is not. And you should not rely on service
providers to be the sole source of your answer to that question
either.

> ProtonMail's public Bitcoin address:
> https://blockchain.info/address/1Q1nhq1NbxPYAbw1BppwKbCqg58ZqMb9A8?filter=2

I'd rather fund something like...
"The next gen P2P secure email solution"




More information about the cypherpunks mailing list