PROTONMAIL COMPROMISED
Another one bites the dust. Proton Mail is compromised. Revealed user data thus negating their mandate. Adjust accordingly. pic.twitter.com/989SQB67o2
— Autism Capital 🧩 (@AutismCapital) May 7, 2024
PMAN EDIT:
This is the response from Protonmail. Remeber, your OPSEC is only as strong as your weakest link.
The name/address of the terrorism suspect was actually given to police by Apple, not Proton. The terror suspect added their real-life Apple email as an optional recovery address in Proton Mail. Proton can’t decrypt data, but in terror cases Swiss courts can obtain recovery email.
— Proton Support (@ProtonSupport) May 7, 2024
Share This Story, Choose Your Platform!
6 Comments
Comments are closed.
I wrote my comments on the X forum you provided. People are saying protonmail is strong. BS. They say no logs stored. One needs a passkey phrase to recover a protonmail acct. NOT a recovery email. They use PGE for encryption, which has had a back door since version 6 required by US Gov’t. Also, emails from Protonmail are only encrypted end to end if the recipient also has Protonmail. People look at https://sekur.com/, recommended by Epoch Times.
There is also https://unplugged.com/pages/up-suite?customer_posted=true, recommended by Okeefe OMG; Albeit no email service.
sat123.com also has end to end encryption by voice, provided both ends have the needed device to do so.
We live in unprecedented times. Figure it out!
WOW no edit. So, a thought. Does a possible anomaly that is nearly impossible to compromise sound safe to you, OR a potential back door no one wants to recognize!?!
If it is so hard to find said anomaly, once compromised, how hard would it be for someone else to find the compromise!?!
Correction: PGP not PGE
https://www.varonis.com/blog/pgp-encryption
EXCERPTS:
Finally, you should be aware that PGP encrypts your messages, but it doesn’t make you anonymous. Unlike anonymous browsers using proxy servers or working through a VPN to hide your true location, emails sent through PGP can be traced to a sender and recipient. Their subject lines are not encrypted either, so you shouldn’t put any sensitive information there.
How to Select PGP Software
Your primary reason for using PGP is to ensure the security of your messages. When looking for PGP software, therefore, security should be your first concern. Though PGP itself is unbreakable, there have been instances where specific implementations have been compromised. Unless you are an experienced coder, spotting these vulnerabilities is essentially impossible, and so the best solution is to check for any reported vulnerabilities in the software you are considering.
I ask myself, with today’s brute force quantum computing, do I think PGP can defeat quantum computing? I would not bet my freedom on it, meaning today even legal by law info in my messages I do not trust i.e. Christian talk regarding Bible quotes.
Parting note only your message in encrypted, NOT the sender or recipient address!!
P.S. I may be wrong on needing proton accts on both ends. Any service that supports PGP can be used. Not all emails support PGP. That would be where I confused the issue.
Just wanted to address this and some of the comments posted above….
1. No commercial entity is going to go to prison for you, in other words, they are bound to comply with lawful requests from the authorities in their respective jurisdictions. This fact needs to be kept in mind whenever dealing with services provided by tech companies, regardless of whether they are considered “good” or “bad” actors. That’s a whole separate aspect.
2. PGP proper was purchased by Symantec years ago and became proprietary, I would avoid it and instead use OpenPGP or GnuPG (open-source versions). If I recall correctly Proton uses OpenPGP. I am not aware of any “backdoor” in OpenPGP/GnuPG; furthermore, we are still many years away from a quantum computer with enough logical qbits to run Shor’s Algorithm which could conceivably break public/private key encryption. There is simply no evidence of this and to suggest it without any evidence or data just creates paralysis of paranoia.
3. Email is and always has been a security and privacy dumpster fire. It is wholly inappropriate for anything needing high security. Even with well implemented GnuPGP it spills a shit ton of metadata. Not good. There are far better comms solutions out there for secure communicating.
I should expand on PGP back door. In the early 90s a computer show would have an MI6 come on and share information. That is where the source for the back door originated . also, I distinctly remember an article stating the US Gov’t required PGP to install a back door. So take that for what it is worth. Version 6 is where it started happening. I recall at the time the dark web had source code for version 5. Of course, using that could get one looked at.
Thanks to K CSG for expanding on my comments. I’ve never claimed to be a perfect person! You spoke wise words. I’m curious what “better comms solutions” you mentioned would be?
You are correct about openPGP:
EXCERPT:
Proton
proton.me
› blog › what-is-pgp-encryption
What is PGP encryption and how does it work? | Proton
August 8, 2019 – Most don’t offer email client support, so if you use a desktop app like Outlook, Apple Mail, or Thunderbird, you won’t be able to encrypt your emails. The final way to use PGP is to get an app or software that supports OpenPGP(new window).
https://proton.me/blog/what-is-pgp-encryption#what-is-openpgp
My information was based on 1991 PGP, before Zimmerman created openPGP in 1997.
Paul Harvey rest of the story stuff.