[Security and GDPR Issue] ProtonMail includes Google Recaptcha for Login, every single time. · Issue #242 · ProtonMail/WebClient
github.com
external-link
Description: A recent change over the course of the last two weeks led to re-visiting, re-logging-in users. Recaptcha is now injected and compromising a machine's identity on every single l...
@Echedenyan
link
104M

Their server side is already non-free.

Dreeg Ocedam
creator
link
24M

I wasn’t aware of that. Thanks, I’ll avoid it in the future.

@gmate8
link
64M

TO CLARIFY:

They will replace it as soon as possible, but they needed some verification method, because what company they used before to do this, went bankrupt! So don’t worry!

@Echedenyan
link
34M

Disroot also has a verification method and doesn’t include non-free software.

@gmate8
link
14M

Please upvote this, so more people can see it.

@pinknoise
link
34M

Does anybody use their sevice? If so why? They seem pretty expensive and you can’t pay anonymously or use the free tier via tor/proxy. Also they say dumb shit like “We have invested heavily in owning and controlling our own server hardware at several locations within Switzerland so your data never goes to the cloud.”

@yeolsongarak
link
74M

It’s not dumb shit, nowadays if you create a company like that you need to rely on someone else’s servers, so your word of keeping your data safe means nothing. At least if they don’t keep their word with their own servers, they’d be going down on their own.

Also, the question “does anybody use their service” sounds very naive of what’s going on in the world, a lot of people uses Protonmail, it’s probably the first choice of people wanting to avoid big companies.

@pinknoise
link
1
edit-2
4M

The term cloud is commonly used for hosting on external data centers accessable via the internet for convenience. I can’t see how having your mail hosted by protonmail is any different, they are “a cloud”. With “does anybody user their services” I wanted to know about people on lemmy, I guess the proper word would be “someone”.

it’s probably the first choice of people wanting to avoid big companies.

They have their own data centers so they can’t really be that small. Also there are multiple thousands of e-mail hosting providers.

@AgreeableLandscape
admin
link
4
edit-2
4M

People already know me by that email, so I at the very least need to keep the account open even if I switch.

@kinder
link
24M

? I have registered multiple protonmail addresses over the years and used them via .onion (violating their TOS) and no problem.

I’m not aware of any other service that has .onion registrations and uses E2E automatically.

@TheAnonymouseJoker
link
24M

I use it just like SHODAN does, but also for normal life activities that are linked to me. And it is the most accepted email domain outside of Gmail or Outlook.

@SHODAN
link
2
edit-2
4M

I use it but not as my main email.

I use it to subscribe to all those services that spam your inbox; e.g. spotify, amszon, linkedin, xing, steam, local restaurants, etc. It also use to be my main email in 2016, so some acquaintances still only have that email, si I should keep it open. Plus, I am on the free plan, so I am not losing anything.

I use Tutanota as my main email; for bank, personal emails, official stuff, important accounts, etc. I am on a paid subscription for Tutanota.

@bluetoucan
link
24M

Better than google though, no?

@ajz
link
9
edit-2
1M

deleted by creator

@the_tech_beast
link
44M

I use tutanota

@j0ta
banned
link
04M

Yep, Tutanota ftw

big corps only exist to make money out of yo, mindwashed peoples mind, get out of proton mail google facebook amazon etc etc you can thank me later

@pinknoise
link
2
edit-2
4M

I tried to sign up via tor some time ago and had to solve an impossible javascript-only google captcha, receive an sms or donate to verify that I am human.

@ajz
link
7
edit-2
1M

deleted by creator

@gmate8
link
14M

They are in F-Droid. Both apps. I downloaded the VPN and Mail version from F-Droid.

@ajz
link
34M

I cannot find the Proton mail app in F-Droid. Do you have an F-Droid web link for it ?

@gmate8
link
24M

Try Izzyondroid repo

@ajz
link
2
edit-2
1M

deleted by creator

@pinknoise
link
1
edit-2
4M

So the value they provide lies in the software they provide? I would have compared it more to an e-mail hosting service, but it looks like they have some features beyond “we put pgp in the browser because people don’t seem to figure out how to use it themselves”.

our infrastructure runs on the highly reliable AWS cloud

Ok this is definitely worse than telling your customers “our cloud is not a cloud because we own the servers”.

@ajz
link
1
edit-2
1M

deleted by creator

@pinknoise
link
1
edit-2
4M

In the EU (with better-than-nothing privacy legislation) we have a lot of companies that own data centers that offer hosted mail services, thats also what I compared them to when I said they are expensive. But they of course don’t have all the nice software and you have to do the (end-to-end) encryption on your own. They (have to) do transport encryption where possible but they don’t usually enforce encryption when you connect via IMAP/POP3/SMTP. So there is a lot more users can do wrong. But I think that when using a webinterface doing the encryption outside of the browser is a good idea.

@j0ta
banned
link
14M

Use Tutanota and don’t say non-senses

@pinknoise
link
2
edit-2
4M

The Tutanota App seems nice but sadly it also only works with their non-free network service.

Edit: They have way better pricing though.

@pinknoise
link
1
edit-2
4M

I’ve read that (and installed the app) and there seems to be no way to use my own mail or Cal-/ CardDAV server. Is their server software also open source?

@j0ta
banned
link
24M

They cant read your emails or contacts. No, other email service will not work

@pinknoise
link
14M

If you send or receive plaintext emails they can read them if they want or have to.

@j0ta
banned
link
14M

Their email is so safe and annonimous that they need send your data to google captcha which gets your ip location etc etc etc

@SudoDnfDashY
link
0
edit-2
4M

deleted by creator

@DrBenjamin1@lemmy.ca
banned
link
1
edit-2
3M

removed by mod

@30dolls
banned
link
-3
edit-2
4M

removed by mod

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 65 users / day
  • 102 users / week
  • 184 users / month
  • 619 users / 6 months
  • 3434 subscribers
  • 1858 Posts
  • 8257 Comments
  • Modlog