1.Protonmail Behaves like a CIA/NSA “Honeypot”
Protonmail has an Onion domain that allows users to visit their site using the TOR browser. Protonmail even has an SSL cert for that onion address even though it’s completely unnecessary. When a user makes a new account with Protonmail on TOR they are re- directed from Protonmail’s “.onion” to “.com” address. This breaks your secure encrypted connection to their onion address, enabling your identification. There are absolutely no technical reasons for this feature. In fact, the only other websites that operate like this are suspected NSA/CIA Honeypots.
This is a huge security issue that was either created because Protonmail is managed by Particle physicists who do not understand computer security OR they have been forced to operate their website in a similar way as CIA/NSA honeypots. Both possibilities are serious concerns.
- Protonmail Does Not Provide “End to End Encryption”
Professor Nadim Kobeissi mathematically proved that Protonmail does not provide End to End Encryption. Meaning, Protonmail has the ability to decrypt their own user’s data. When this was shown to be true, Protonmail users were outraged they had been lied to. Protonmail was forced to issue a public statement. Their statement begins like you would expect it would.. by shitting on the security researcher that revealed their dishonesty. Then they continued to say: “We lied to our users because other email companies did”. No apologies. They can decrypt any of their user’s data be sending them scripts that allow them to do so. However they advertise that they can not. Protonmail’s admission proves they offer the same security that Gmail offers. Both Gmail and Protonmail offer encryption that they can decrypt whenever they want.
- Protonmail’s Was Created Under CIA/NSA Oversight
Gmail & Protonmail were both created in CIA/NSA funded departments with their oversight. Protonmail has tried to hide this part of their history. We wrote a whole article about it here.
4.Protonmail is Part Owned by CRV and the Swiss Government
After a successful crowdfunding campaign with promises to “remain independent” Protonmail sold equity ownership to CRV and FONGIT. At the time of the equity sale a CRV founder, Mr Ted Ditersmith, was working for the US State Department closely with President Obama. His position as a delegate required close contact with CIA & NSA administration. Mr. Ted Ditersmith had also witnessed the Edward Snowden revelations and made statements that he planned to use his corporate knowledge to “fight terrorism”. FONGIT is a Non Profit organization that is financed by the Swiss Government. Protonmail staff member, Antonio Gambardella, also works for the Swiss Government.
- CRV, In-Q-Tel & the CIA
The CIA openly operates a front company, In-Q-Tel, whose stated purpose is to invest in tech companies on behalf of the CIA. In- Q-Tel has stated they have a specific interest in the information contained in e-mails and encrypted communication. In- Q-Tel has been shown to be the bridge between the CIA and Gmail. An analysis of staff members reveals CRV & In-Q-Tel connections. The US media confirms these connections when they interview CRV so that they can understand In-Q-Tel. Additionally, The mastermind, cryptographer & back end developer that created Protonmail, Wei Sun, now works for Google.
- Protonmail Follows CIA Email format & Metadata Requirements
Leaked documents at Wikileaks show that the CIA requires emails to be stored as an EML filetype. There are several ways to store emails, and Protonmail has selected the format that the CIA requires. Protonmail offers no protection for users’ metadata and has officially stated that they turn metadata over to Law Enforcement. Edward Snowden revealed that the US government cares least about the content of emails. Mr. Snowden revealed the US Law Enforcement cares most about who a person is talking to, the dates & times of the emails, and the subject of the email. Subject and metadata encryption are not difficult to provide. However, Protonmail refuses to offer any protection on data that is most valuable to the CIA & FBI and they store it as plain text (No encryption). Edward Snowden stated the NSA “isn’t able to compromise the encryption algorithms underlying these technologies. Instead, it circumvents or undermines them by forcing companies to cooperate in other ways. Protonmail has refused to protect the information the NSA wants, this is a concern.
- Swiss MLAT Law Could Give the NSA Full Access
Protonmail’s Servers Reside In Switzerland, a country with an MLAT treaty that could allow the NSA to continue it’s the mission of recording “nearly everything” about a person’s internet communication. Any doubts the MLAT treaty applies are removed when you take into account that Protonmail is part-owned by FONGIT, a Swiss Government-financed company. Protonmail has also recently revised its Privacy Policy to include wording and requirements from the MLAT treaty. Their actions show they are capitulating with the MLAT treaty. Revisions include a change to their privacy policy allowing them to track your location while you use their service in some situations.
- Protonmail Uses Radware for DNS/DDOS Protection
Privacy companies like Protonmail are required to use a DNS/DDOS service because of the frequent attacks against their service. Protonmail uses a company called Radware for this purpose. Radware is a low-quality service that has failed to provide adequate protection. Protonmail has been taken offline, sometimes by teenage kids, because they insist on using a sub- par service. It’s worth noting that Radware’s international office is a few miles away from the headquarters of the most powerful Intelligence agency on earth, The Israeli Mossad. Radware can gain complete access to all Protonmail user’s accounts in two ways. They could inject a few lines of code that would reveal all users log in username and passwords, thus allowing them to log in as if they are that user. They could also be given users usernames & passwords by Protonmail. Remember Protonmail has admitted they can access all user’s accounts and decrypt their data. Additionally, it has been reported that Radware has direct connections to the Israeli Defense Force.
- Protonmail Developers Do Not Use Protonmail
Protonmail’s developers are in a position to know the real security offered by Protonmail. And Protonmail’s developers do not use Protonmail. If you were served food by a cook who refused to eat the food, would that be a cause of concern to you? This is the same situation. Protonmail developers do not use Protonmail, there are likely good reasons for this.
- Protonmail engages in illegal cyberwarfare
In 2017 Protonmail seems to have used illegal cyber warfare capabilities to unlawfully break into a suspects server. You can see the tweet they posted and read about it here. They soon deleted the tweet and said: “We cannot confirm nor deny if anything happened.” In 2013 the European Union parliament voted to make hacking a crime that carried a prison sentence of 2 years. “Hacking back” is also illegal under Swiss law. Based on Protonmail’s admissions only, they conducted an illegal hack.
- Protonmail has a history of Dishonesty.
From Protonmail’s creation lied to their users. Starting when they crowdfunded $550k to “remain Independent”, a promise they broke almost immediately by selling equity ownership to a US corporation with ties to President Obama and John Podesta.
In our opinion Protonmail is not an email solution you would use if you want privacy or security. Your emails are probably going to end up in a US data center right next to your Gmail emails.
Privacy Watchdog
https://privacy-watchdog.io/truth-about-protonmail/ (Hummm! This website no longer exist)
electronic security is a myth. the only issue is to determine who is staring at your decrypted comms and what are they looking for. if you don't blip their radar that is as much security as you are ever going to get.
Okay. Alternatives?
A private server is the way to go because that’s what the Democrats do!
Keep Bleachbit handy, just in case! I've heard it's been useful in the past!
takes a long time to wipe a drive so it can not be recovered, but it's standard in the fedora package manager
Wipe a drive?
I got drills and a microwave, homie.
its dead
i was commenting on bleachbit. homie?
You said Fedora did this bleachbit rewrite. Was that a hook in YUM or DNF or what?
Was a specific Filesystem? For all I k ow XFS does this or something
This is correct.
However setting up a separate server for receiving emails and a separate SMTP server for sending emails I hear is not an easy thing and not everyone can do it (the SMTP part).
Eugoogley mail only uses one server to send/receive and is the reason why there is so much spam.
You are pretty much screwed if emails are intercepted at the trunk.
Protonmail encryption only works if emails are sent/received from another protonmail acct. Even then, protonmail holds the decryption keys.
Don't forget a super duper nefarious family foundation that launders money. Oh, and suicides those that oppose you. Now thats secure.
I also have a paid ctemplar email address that I use if I want to send something really secure. It’s based in Iceland. But who knows, anything you send electronically is never 100% secure🤷🏼♂️.
Assume everything you type, say, or do is being watched. If you are in the right, fuck um, just don't help them hang you.
So all it takes for you is a single post with the only thing backing it up being a link that doesn't load? You realize not everything on the internet is real right? Proton is good enough for Project Veritas to accept whistleblower tips to. OP didn't give suggestions on an alternative. Guy links to fuckin Google groups at the start ffs.
Don't depend on what I post. Do your on research. Prove the information provided wrong. Plus I did not make any claims, I just provided the information that I found credible, but you need to do your own research.
I switched to Protonmail from you-know-whoogle simply because at the time it felt like the lesser of two evils. I dunno, maybe I'm just too cynical but end of the day nothing 'free' in cyberspace is all that it beseeches us and that's not going to change anytime soon. I don't have anything to do with the 'allium' facility and nor do I do anything remotely 'interesting' with the account, so it'll do for me for now. But thanks for alerting others potentially.
I don't understand most of this but you outdid yourself with this post!
Shit I use that. Alternatives?
Rob Braxman Tech can confirm Proton, Tutanota, any email service marketed as secure/encrypted is not safe.
This guy is a prepper/ex software architect/privacy expert and believe his info to be true, with my limited software testing and network experience. I think he fits into "the 1% saying no with the other 99% saying yes" category regarding privacy on the internet. Give him a listen. He changed my online habits for the better.
Check his Odysee channel.
That’s a lot of words to say that any digital medium is not secure.
Nothing that needs to stay secure can ever be said on a digital platform.
At best digital platforms offer tactical secrecy, but not strategic.
No, I said it was in the package manager, but you can install with the dnf command.
OP - saw a comment below that the original site link didn't load. I found an archived version on wayback machine - link here: https://web.archive.org/web/20210719011623/https://privacy-watchdog.io/truth-about-protonmail/
Archived version also contains multiple links (also archived) to sources that corroborate claims made in original post.
OP, while I figured virtually any service offered is not secure. Can you give a decent option to side with?
I assume there is NO way to prevent signals going through the internet from being intercepted, decrypted, and stored by the big intelligence operations.
I use encryption not to prevent the NSA from seeing my emails or surfing habits -- I'm sure they can if they want to, just as they can follow my phone around town as I run errands or listen in to my phone calls -- but to make it less likely that identity thieves and other crooks have access to my email etc. Someone I know had an identity theft problem and it cost them a LOT of money and unpleasantness.
Still, I have to say the corruption you allege with ProtonMail (and ProtonVPN) is jaw-dropping and disturbing, and all-too-believable. I'd go back to Cryptohippie if they hadn't gone under a few months ago [that's the only reason I'm not with them still]; too few people would pay the price they were asking.
I've been looking into protonmail alternatives a bit. I know it's pretty much impossible to find a service that is completely private/secure, however I was wondering if anyone has any opinions on the options below.
**Startmail (https://www.startmail.com/en/) - from the creators of startpage, offers pgp encryption, advertises self-hosted servers in netherlands that comply with strict privacy regulations, is a paid service but is currently offering a discount to new users through March 18 (more info here: https://support.startmail.com/hc/en-us/articles/4405633857949-StartMail-Deal-2022)
**Mailfence (https://mailfence.com/) - open pgp encryption, advertises no third party access to data, free and paid account options
**Ctemplar (https://ctemplar.com/) - advertises anonymous end to end encrypted communication, based out of iceland > strong privacy laws, no data retention, free and paid account options
**Disroot (https://disroot.org/en/#services) - offers email (rainloop) along with other cloud services, advertises focus on freedom, privacy, federation and decentralization, free and open source, may take a bit more work to set up when compared to other options
Can’t trust anyone !
Right, not even your own lying heart, so the saying goes.
Geeezz I hope I’m not lying to myself 😂😂 Thanks for all the great info !
Did you read #9. I like the question asked.
** Protonmail Developers Do Not Use Protonmail** Protonmail’s developers are in a position to know the real security offered by Protonmail. And Protonmail’s developers do not use Protonmail. If you were served food by a cook who refused to eat the food, would that be a cause of concern to you? This is the same situation. Protonmail developers do not use Protonmail, there are likely good reasons for this.