protonmail.ch

From Paltry Hamerkop, 11 Years ago, written in Plain Text.

URL http://geopaste.scratchbook.ch/view/6e307e61

Embed

> protonmail.ch

This appears to be just one of many startups offering non-solutions.

From what I can tell, you are loading the code they provide on the fly

into your browser to execute crypto ops on your behalf. That is just

plain bad. Remember hushmail? When you give up your environment

to the same parties providing your service, you give up the game. And

it's centralized, few will choose different passphrases, etc.

https://protonmail.ch/blog/protonmail-threat-model/

"There are more difficult to use, but more secure solutions out there,

which are more appropriate for Snowden’s use case."

For one, you're better off learning and using some underlying tools

like these instead...

https://www.gnupg.org/

https://www.enigmail.net/

https://protonmail.ch/sign_up.php -> https://protonmail.ch/invite

"Notification Email (Required) - Used only to contact you about our

public beta. This should be your current email (Gmail, Hotmail,

Yahoo!, etc) - not your new protonmail email. ... Your notification

email will not be linked to your ProtonMail account - it is only used

for communicating with you during our beta and will be removed from

our system after the beta."

This is a failure of implied and stated privacy ethics. Invites are linked.

And it should not be asked for in the first place. Thus never on the

system and no trust needed.

"response to our open beta has maxed our server capacity. We're

working hard to add more servers

While open and honest if true, this does not inspire systems confidence.

"I think it is safe to say if we were NSA funded, we wouldn’t need to

be going around competing for 100k startup awards"

Actually, that is precisely what you'd want to do.

There's no architecture whitepaper.

And so on, etc...

It's a useful service and a step in the game. Just be exactly sure

of what it is and what it is not. And you should not rely on service

providers to be the sole source of your answer to that question

either.

> ProtonMail's public Bitcoin address:

> https://blockchain.info/address/1Q1nhq1NbxPYAbw1BppwKbCqg58ZqMb9A8?filter=2

I'd rather fund something like...

"The next gen P2P secure email solution"

Author

Title

Language

Your paste - Paste your paste here

&gt; protonmail.ch

This appears to be just one of many startups offering non-solutions.
From what I can tell, you are loading the code they provide on the fly
into your browser to execute crypto ops on your behalf. That is just
plain bad. Remember hushmail? When you give up your environment
to the same parties providing your service, you give up the game. And
it's centralized, few will choose different passphrases, etc.

https://protonmail.ch/blog/protonmail-threat-model/
&quot;There are more difficult to use, but more secure solutions out there,
which are more appropriate for Snowden’s use case.&quot;

For one, you're better off learning and using some underlying tools
like these instead...
https://www.gnupg.org/
https://www.enigmail.net/

https://protonmail.ch/sign_up.php -&gt; https://protonmail.ch/invite
&quot;Notification Email (Required) - Used only to contact you about our
public beta. This should be your current email (Gmail, Hotmail,
Yahoo!, etc) - not your new protonmail email. ... Your notification
email will not be linked to your ProtonMail account - it is only used
for communicating with you during our beta and will be removed from
our system after the beta.&quot;

This is a failure of implied and stated privacy ethics. Invites are linked.
And it should not be asked for in the first place. Thus never on the
system and no trust needed.

&quot;response to our open beta has maxed our server capacity. We're
working hard to add more servers

While open and honest if true, this does not inspire systems confidence.

&quot;I think it is safe to say if we were NSA funded, we wouldn’t need to
be going around competing for 100k startup awards&quot;

Actually, that is precisely what you'd want to do.

There's no architecture whitepaper.

And so on, etc...

It's a useful service and a step in the game. Just be exactly sure
of what it is and what it is not. And you should not rely on service
providers to be the sole source of your answer to that question
either.

&gt; ProtonMail's public Bitcoin address:
&gt; https://blockchain.info/address/1Q1nhq1NbxPYAbw1BppwKbCqg58ZqMb9A8?filter=2

I'd rather fund something like...
&quot;The next gen P2P secure email solution&quot;

Create Shorturl - Create a shorter url that redirects to your paste?

Private - Private paste aren't shown in recent listings.

Delete After - When should we delete your paste?

Reply to "protonmail.ch"