Is Protonmail perfect? No, but it's way better than all the botnets stupid normies use. It's not a meme domain named after male reproductive organs or political activism. Who even takes "wiener.li" seriously? You use email for two reasons: communication and accounts on the internet. If CrunchyRoll banned tutanota, then they are sure not going to allow domains with wiener in it. The whole internet will be that way. Now imagine signing up for a bible study at your church. Now you have to tell all the normies you meet to their face that your email is wiener. Then your entire small group will see you are a wiener when your group leader starts emailing bible study emails. Not to mention the riseup domain....what are you, an anarchaist? People will think you went woke and avoid you due to your mental illness. On the other hand, I know of at least 3 normies IRL with Proton mails.
 CRIME Shirt $21.68 |
 Tip Your Landlord Shirt $21.68 |
CRIME Shirt $21.68 |
>Is Protonmail perfect?
https://encryp.ch/blog/disturbing-facts-about-protonmail/
https://news.ycombinator.com/item?id=29063779
https://arstechnica.com/information-technology/2021/09/privacy-focused-protonmail-provided-a-users-ip-address-to-authorities/
https://www.theregister.com/2021/09/07/protonmail_hands_user_ip_address_police/
https://www.wired.com/story/protonmail-amends-policy-after-giving-up-activists-data/
https://digdeeper.club/articles/email.xhtml#ProtonMail
https://scholar.google.com/scholar?cluster=18327644021252219658
Good shit
They already disable your account and ask for phone number after you register and receive your first mail.
>muh privacy
Why would you trust literally any email provider with illegal content
because the email provider's only selling point is being private. if they aren't private, they literally have nothing of value to offer
Not having your data sold to advertisers does have value tho
Reading these links just make you look like a schizo
Good argument. You must have been the captain of your high school debate team.
I was thank you
HTTPS can be absolutely BTFO'd by the NSA, it doesn't really matter if your HTTP traffic, or even if you're emails are encrypted using Protonmail or not.
The NSA has access to most of the internet's backbone - a large portion of the world's internet flows through the United States. And when you have traffic transiting through your domain, you're able to tamper with it.
>Let's say Anonymous makes a request to protonmail.com.
>Special Agent Glow, operating virtually all of the DNS servers, receives Anonymous' request, and can tell him protonmail.com is at any arbitrary address he wants.
>Note: This is not DNS hijacking in the traditional sense - Agent Glow literally controls the DNS server and is not spamming responses to a Anon's DNS request.
>With that said, Glow knows where on the internet Anonymous wants to visit. Glow can do several things here.
>Most significantly, Glow can act as a man-in-the-middle, taking all subsequent requests to protonmail.com, reading them, and all subsequent responses from protonmail.com, and reading them, before handing them off to the intended recipients.
From Nadim Kobeissi, we know proton mail is only secure if and only if the protonmail servers are not compromised. Well, this falls under that category. The NSA is capable of responding to "Anonymous"'s first request to protonmail with a pozzed fork of https://github.com/ProtonMail/WebClients.
There is no need for the NSA to hit their heads on the wall while waiting to crack the modern era's 2048 bit Diffie-Hellman with the logjam vulnerability (https://en.wikipedia.org/wiki/Logjam_(computer_security)). They simply own all the traffic on the internet instead.
They're already doing that via Cloudflare. Your traffic is redirect to Cloudflare, where it's decrypted and re-encrypted before sending it to the actual destination server.
Doing it through DNS hijacking is a lot harder, though: The DNS server just tells the client which IP they're supposed to connect to, and the client knows which IP they were directed to. So if the authorities tamper frequently (e.g. when doing untargeted mass surveillance) people will notice something's wrong. This is why they need Cloudflare and MITMs at hosting providers (see e.g. the Jabber.ru MITM) for bigger surveillance operations. DNS hijacking is only viable for targeted attacks.
>Note: This is not DNS hijacking in the traditional sense
>This is NOT DNS hijacking
Gorsch Mickey, they aren't reading between the lines
It's not a traditional MITM (which tends to be spotty and accomplished via spamming), but it's a traditional DNS hijack - the client asks the DNS for the IP of a domain and gets a malicious IP back. You won't be able to notice it on one machine (unless you have the IP memorized or something), but you'll definitely notice if you access the same address on a machine which uses a different, non-compromised DNS. This is why it works as targeted attack (at worst you'd get one schizo ranting about how their DNS is hijacked, probably installed some malware) but not as mass surveillance (you can't fool entire communities like that, there will inevitably be some people using non-compromised DNSes pointing out something is weird).
okay, so instead of doing this specific MITM, DNS hijack attack, couldn't they not just pretend to be the real IP address, but "be" the real IP? Basically send some data to Google, but also legitimately have the same IP address as Google because, well, they have the infrastructure by the balls
Another way of stating this - couldn't the glowies create multiple copies of an IP address? Basically get a fraction of the traffic meant for IQfy, and act as the real IQfy server
Not without people noticing, no. This would legit break some stuff, and one of the two IPs would be kicked off pretty rapidly. And considering servers tend to be hosted on static IPs, changing the owner's IP to let them connect again would definitely be noticed. You can only reliably do this if you simultaneously kick the original server offline...which is what they do when they seize a website.
>one of the two IPs would be kicked off pretty rapidly
what mechanism would do this? couldn't the glowies just tell it not to?
>which is what they do when they seize a website
I remember Breach Forums or whatever going back online cus the domain registrar put the domain back into the skiddies name and the FBI was trying to be polite, asking for ownership again kek
it really throws a wrench into them being gods, but who knows if that was the real story
>what mechanism would do this?
Signals sent from the original IP owner not receiving responses because they were sent to the imitator, and the original IP owner receiving weird signals that were intended for the imitator. This inevitably fricks up routing. I'm not familiar enough with networking on the ISP level to know how this would be handled precisely, but I assume this would be noticeable to them (and would probably cause problems) and they'd disconnect whoever is sending these disruptive signals.
>Most significantly, Glow can act as a man-in-the-middle, taking all subsequent requests to protonmail.com, reading them, and all subsequent responses from protonmail.com, and reading them, before handing them off to the intended recipients.
You
are
a
fricking
idiot.
>where it's decrypted and re-encrypted before sending it to the actual destination server
You
are
a
fricking
idiot.
I don't care about schizo ramblings but I'm glad you're back my tbh
I like how this is supposed to be an "epic own" in your opinion but clicking the first link he's already backtracked on every claim he made, and even changed the title of the article to withdraw accusations.
> I have carefully read point 9 and the linked article to it, and now I can confirm that this is not a valid argument. I leaved it crossed out and did not delete it just for historical purposes;
etc
Just more IQfy morons reading blogs and thinking they have absorbed "facts".
As a nice bonus it turned out most of the accusations outlined in that post came from a smear campaign by Private Internet Access, a competitor VPN provider owned by an Israeli adware/spyware company
The only "legitimate" complaint is that they turned over someone's IP to the cops after being given a warrant, and they wouldn't even have done that if the guy had just used Proton's own VPN, because VPNs are completely exempt from logging requirements in Switzerland even with a court order
Using the term "botnet" incorrectly should result in an automatic no-exceptions permanent ban from IQfy - Technology.
Are you saying that Google, Yahoo, Hotmail, Outlook are NOT botnets? I've gotten tons of smishing attempts from all of those domains. Never once gotten a smishing from a Proton domain.
>Are you saying that Google, Yahoo, Hotmail, Outlook are NOT botnets?
Yes. Learn what a botnet is boomer.
You should learn about dead internet theory and how most of the web is a botnet, but I suppose you're a bot so you will never understand,
>a botnet is when there are bots on a network
t. (You), probably
Yep! You're definitely bot so have a nice day!
bot website
He's right though, you don't know what a botnet is. You literally don't know the definition of the word.
>everything I don't like is a botnet
The absolute fricking state of this 60-IQ indian-populated board.
>boomer
lmao this isnt a baby boomer its a fricking zoomer you stupid Black person!
I really hope this is a case of Poe's law.
Hey Boomer, no one fricking uses email for communication in 2024. It's either FB, WhatsApp, Discord, or Telegram.
email is a flawed implementation that will never be fixed
switch to actual secure and private messaging systems if you care about that
>If CrunchyRoll
TORRENTS homie
the problem with wiener.li is the random outages
>need to pay rent
>log into your bank
>they send MFA to your email
>whoops! wiener.li is down
>tell your landlord "wiener.li is down"
>"i don't know what that means but if you don't pay your rent you're out"
>get evicted
i'm not saying to use proton but if you use wiener.li for anything time-sensitive you're a fool
>online banking is down
>tell landlord online banking is down
>get evicted
Use cash homosexual, I can wait 10 mins to sign into Uplay twice a year when I'm so unlucky to check right during a maintenance.
>online banking is fine but i'm an irresponsible fool who relies on unreliable infrastructure
>landlord knows internet banking is up because it Works On His Machine
>get arrested by police for attempted fraud
at least you can spend the night in lockup
wiener.li was down for 2 days when I bought my IQfy pass. It was a disaster
there are better alternatives
http://diggy.club/articles/email.xhtml
that shitty article suggests 2 communist services that just store the emails unencrypted, not sure how thats supposed to be better than proton
email bad. just use proton for your normal life without trying to make it anonymous and use a different communication protocol if you want real anonymity
You already tried this cope in the other thread, and now you're making an entirely new thread?
How stupid and pathetic are you, idiot?
ok so protonmail bad. what should i use then ?
It should depend on your threat model what email provider you use. If you ain't got no threat model you can't determine what is secure or not.
Anyone that would have a problem with my cumallover.me address is not someone I would give my email to anyways.
Honestly after Skiff and Telios and Postscript shut down I got sick of the free privacy services shutting down, bought my own domain and just moved to Zoho. You have to use their mobile/desktop app but I'm not seeing any weird traffic, their ToS is reasonable (not selling data) and it's free forever assuming you'll be a business that upgrades eventually.
Good morning sir
What's the obsession with email privacy? As long as the provider is not selling your data who gives a frick? Email is the last thing I expect to be private since it's only as private as the recipient is.
>lmao who needs secrecy of correspondence
Why are you using email for secret correspondence first of all? Why wouldn't you have someone that you require that with on Signal where you can auto delete messages and prevent screenshots and shit? Do you think Wikileaks is emailing shit?
They use a two tin cans and silly string
Because in a just world electronic letters would be conferred the same protection as physical letters, considering the exact same reasoning applies there? Are you really so brainwashed by the dystopian state of society that you can't imagine finding it unusual that governments and corporations rape your privacy unless you arm yourself against them? (A possibility they wanted to prevent too, I must note (see the crypto wars of the 90s).)
>cloud mailing service
>botnet
>on someone else's machine
yep
>inb4 mining monero with js
>Who even takes "wiener.li" seriously? You use email for two reasons: communication and accounts on the internet. If CrunchyRoll banned tutanota, then they are sure not going to allow domains with wiener in it. The whole internet will be that way. Now imagine signing up for a bible study at your church. Now you have to tell all the normies you meet to their face that your email is wiener. Then your entire small group will see you are a wiener when your group leader starts emailing bible study emails.
What is it you have against roosters?
I got hired with an airmail e-mail lol.
heh.
why shouldn't you, though. it's a perfectly alright domain
It was a government contractor position providing security for border patrol
I would rather use wienerli and have a funny domain name for my trouble of being watched by the feds.
>thereby undermining the security guarantees offered by encrypted protocols like HTTPS
Frick you, big tech. This isn't even strictly true for HTTPS, your browsers just made it so in practice. This is the direct result of the CA system, and browsers' increasing refusal to use any non-CA certificates. Under the CA system, you only check if a 'trusted authority' have approved the certificate. If even one of those authorities is compromised (and most of them are), this approval doesn't mean jack shit anymore.
In contrast, with a non-CA certificate you receive it once, then store it for all later uses. On the next visit to that same server, the client checks the certificate, and if it no longer matches (e.g. because you were redirect to a malicious server by malicious DNS) it will warn you that shenanigans are afoot (OpenSSH is especially particular about this, refusing to let you connect until you explicitly take steps to accept a new cert for that server). Just web browsers consider this "insecure" and warn you that THEY'RE TRYING TO STEAL YOUR CREDIT CARD whenever you connect to a properly secured server, and refuse to store such certificates rendering the security benefit moot.
so you're saying non CA certs are better than CA certs?
In reasonable clients, yes. In modern-day browsers, no, because they specifically refuse to remember non-CA certs so you have to re-accept them every time (with no guarantee it was the same cert as last time).
We've reached the point where low-IQ IQfy morons are literally posting ChatGPT as if it were capable of giving answers. This is where we're at. Literally the tech equivalent of the magic 8-ball. And I have no doubt whatsoever Rajeesh will fly into a rage at having his faith in ChatGPT-san questioned.
>but i used it for a curry recipe and a javascript scaffold!
Lol whatever you say. Enjoy your "professional" jobs that give a shit what e-mail provide you use.
holy shit, did you report him? his posts got btfod lol
the real meta is to use a chinese email, you end up under chinese glowies' eyes, but if you're not chinese it doesn't matter
How do I read my protonmail email via mutt client?
Oh wait, I don't because protonmail is trash, google mail just works.
if not protonmail, then what?
yahoo
botnet
Gmail plus taking your meds regularly.
the comment that broke IQfy
No, they've bent the knee before.
wiener.li isn't supposed to be a secure email provider, it isn't even encrypted
it's just for le fourchan sekrit club memes, you aren't meant to use anon@totalBlack persondeath.su on real websites
No matter what provider you use, make sure your friends are using Thunderbird so they can 1-button PGP encrypt their emails. There are phone apps that also do this but sensitive emails do not belong on phones. Phones are loose lips without exception.
E2EE provided by a vendor is NOT E2EE, without exception. If you are not using PGP, GPG, OTR or other forms of encryption running entirely on the client and key exchanges occurring out of band then it is not E2EE without exception.
mountainisraelite hoenypot
is it just me or wiener.li is shitting itself again