Red pill me on pic related. Is it secret? Is it safe?

It goes down a lot, that's for sure.

Being based in Switzerland doesn't mean shit privacy and security-wise. It is irrelevant and the fact they think it's important to mention it should be a red flag.

>>52326075
so doues ur mum lel

>>52326091
but does it work? is there any way it can get middlemanned?

Mossad

ProtonMail got extorted a while back when they were DDoS'd by some hackers and told that the attack would stop if they paid a ransom. ProtonMail paid the ransom and the attack didn't stop because "duh".

I don't want to get bogged down in the details of that story except to the extent that we agree that ProtonMail's management gave the hackers money on the assumption that the attack would stop.

ProtonMail advertises itself as being a safe alternative to Gmail, Yahoo Mail, etc... from state-sponsored attacks. They make this point by advertising themselves with end to end encryption and by pointing out that they're based in Switzerland, vaguely gesturing to the protections from external legal action that Swiss businesses enjoy.

The problem is this: security from attacks on the level of a state-sponsored attacker is not *just* about technical security, but operations security as well. ProtonMail demonstrated that they don't have a lot of familiarity or expertise with rebuffing hackers, as demonstrated by their response to the DDoS attack.

If ProtonMail doesn't know the basic logic of dealing with extortion, then suddenly I have serious, grave doubts about whether they know what to do with legal action served to them given that they're in Switzerland. A lot of people just nebulously think that Switzerland is this lawless paradise for tax evasion and whatnot, and that's simply not the case; the reality is that Swiss laws are more amenable to that kind of behavior, but you still need a savvy lawyer (who's familiar with the Swiss legal system) to make use of those laws for your benefit.

This is why I lack confidence in ProtonMail. Their hearts are in the right place, and I'm sure they're a proficient technical staff, but they haven't demonstrated that they know how to fight either individuals hackers or nation-states.

>>52326356
According to Protonmail, there were 2 attacks, the first one, which was done by the hackers and the one for which it was paid a ransom, stopped quickly after paying, but there was a second round of attacks, even stronger ones.

I also dont trust Protonmail, I am from a country that doesnt trust western countries and services

>>52326053
Yes and yes. Your emails can only be decrypted with the second password you choose when you create an account.

If you lose that, goodbye to your account because theres no way to change this password for security.

File: Screen Shot 2016-01-09 at 6.46.09 AM.png (99KB, 1256x874px) Image search: [Google]

99KB, 1256x874px

>>52326401
I hadn't read that, so I was under the impression that the same attackers just didn't stop. Thanks for that update/clarification.

I think it's worth pointing out, though, that either way it doesn't reflect well on ProtonMail; capitulating to a ransom tells other attackers that such a ransom demand would be successful if they can maintain a similar or stronger attack. There's a lot of research on the game theory involved in ransoms, and the consensus is that as unintuitive as it seems, and as painful as it will be in the moment, you *must not* pay a ransom in an "open world" environment where others might take you hostage later.

Governments have wrestled with this question for a while, and while every country is different, we can look at the policies of countries that pay ransoms (e.g. France, Spain, Switzerland) and see that their citizens appear to be taken more often than countries that don't (e.g. Britain, Netherlands, Sweden). I want to stress that these countries have different political regimes and all sorts of other factors influence whether a citizen of that country might be taken hostage (namely, whether those citizens are even visiting other countries all that much, per capita adjustments, etc...), but as a gross sampling it serves to illustrate that it's not good policy to give in to ransoms (particularly if it becomes public knowledge that that's your policy).

>>52326356
>>52326697

An anon with an informed, thoughtful and reasoned position on /g/? What is happening?

>>52326053
le jew top skrit emay, you're better off using jewmail, at least they're honest about being a botnet

>>52327967
>source: my ass

>>52327664
There were two attacks I'll focus on the second one because that's the one that got me worried.

The second attack was multi-step, first APDoS singled their IP out until ProtonMails servers went down. Then the attacked moved to the whole data center where they were located, which brought down more sites in the process. Finally certain servers where hit that belonged to the national Swiss ISP that ProtonMail used, bringing down large Swiss banking sites as well as some others.

These large sites "asked" ProtonMail to pay the APDoSers so they would stop. What other option did they have? This time they paid around 50k for it to stop and chose some Israel/US based proxy server for defense. This kind of attack had to of been some sort of nation/state attack because what group could pull off such a large scale attack.

>>52328869
>What other option did they have?
the other option is always to refuse. if the hostage-takers determine that their hostage (in this case ProtonMail) is worthless to them, they'll either kill it or release it. Hostage takers don't develop reputations (unless they're stupid and have a persistent identity), so the risk of capitulating (and letting it be known that you can stare them down) is minimal.

The fact that ProtonMail failed to defend against a nation-state scale attack says that the entire point of ProtonMail's existence - to be resistant to nation-states interfering with your email - is null; maybe a subpoena won't work (although that hasn't been tested), but a marginally clandestine attack like the one they experienced sure as hell would, as proven by the recent events.

>>52328869
One russian faggot I know from IRC has a 1.000.000 bot spam botnet, if he launches an attack with that, he can knock out pretty much anything

>>52326098
upvoted and tweeted :^)

>>52326098
nice meme friend, but yes OP, >>52326075 is correct.

Good insight from >>52326356

>>52326356
Actually the hosting provider forced them to pay.

You faggots who say that the hacks didn't stop by the first group who extorted them are absolutely retarded. With the faggots who DDOS people for ransom, it is in their best interest to stop once they are paid. If they are known to continue attacks even after payment, then no one will pay up because the attacks will continue anyway.

Also, Protonmail is now tunneling their entire traffic through a server farm in Israel. The same company also hosts, built and manages the IDF's server farms.
Even though the traffic is encrypted, this alone is a red flag for me.

Another option to choose from is Tutanota which is based in germany. Germany has okay-ish laws regarding data privacy, but we also know that Merkel is hot for Obama's BBC so I wouldn't count on infallible security with them either.

You could rent a mail server with server-bunker in the netherlands and host your own stuff.

>>52331729
>Germany has okay-ish laws regarding data privacy
No.

>>52331762
They actually do. But since the government is best-friends with the US, those laws are pretty much useless.

You are dumber than a nigger if you trust them after they were ddosed by Israel and then offered a low-cost 'solution' to their new problem which gave Israel unlimited access.

https://cryptome.org/2015/11/protonmail-ddos.htm

>>52331781
>he doesnt know what happened to cock.li servers

>>52332280
The german police """""""""""""""""""legally took""""""""""""""""""" one of the mirrored raid drives from the server.

File: share_image.png (9KB, 1024x1024px) Image search: [Google]

9KB, 1024x1024px

I signed up to Tutanota recently. IMO best of the lot.
Open-source all the way.
Based in Germany.
Nice UI.
Good looking Android and iOS apps.

https://tutanota.com/
https://app.tutanota.de/#login

Other than that, these were options;
https://www.hushmail.com/
https://mail.riseup.net/rc/
https://mail.yandex.com
https://www.ghostmail.com/
https://protonmail.com/login
https://www.openmailbox.org/
https://bitmessage.ch/roundcube/?_task=mail&_mbox=INBOX

>>52333831
>https://www.hushmail.com/
give your data to NSA

>https://mail.yandex.com
Russian NSA

>>52331503
My second paragraph anticipated that. I don't care if ProtonMail decided on their own to do it or were coerced, mandated, or otherwise compelled to do it by another party. The fact is that the whole value ProtonMail proposed was that they were immune to external influence, and an inept hosting service forcing them to pay a ransom doesn't strike me with any confidence whatsoever.

>>52333831

>Tutanota

someone redpill me on this lads?

>>52326053
i signed up, got my invite a week or two later, completed my registration and log in every once in a while to go "huh, well that's it then"

>>52336363
German "ProtonMail", basically. While Proton is becoming pretty big, and gathers more and more attention as times goes (which isn't necessarily a good thing), Tuta is flying somewhat under the radar.

Proton is a few weeks away from "going public", introducing paid-tier storage, and releasing iOS and Android apps. More educated normies will flock to it. And, as we all know, normies kill anything that they touch.

>>52333831
>Tutanota
This.

>>52333831
The only problem is giving out a tutanota email address to someone over the phone or in conversation.

They'll ask you to always spell it out. "I'm sorry, what was that letter?Could you begin once more?"

Horrible name.

>>52326091
They mention it because at the company I work for, some European countries will refuse to send us needed data for being based in the US