What does /g/ think of ProtonMail? Should I trust them?

>>61259402
you should only trust something under your control

>>61259434
This. Run your own email server, its not hard and all it requires is a raspberry pi or similar.

>>61259434
I guess, but is it a better alternative to gmail than cock.li for example?

>>61259402
Tutanota is opensource and offers encryption, like Protonmail. You can also run your own email server with it.

>>61259451
>>>>>>>using cock.li

>>61259470
ProtonMail is also open source.

>>61259470
>>61259506
Really stupid question, but how is opensource encrpytion secure? Wont everyone know how it works?

Some guy i went to gradschool with works there. Heard good things about it.

>>61259402 You cant use GPG with it. Even gmail is better.

>>61259402
Alarm bells ring somewhere if you use such a service, best stick to normie providers so you blend in.

>>61259566
>You cant use GPG with it.
Why can't I use it and why would I want to use it with an already locally encrypted email service?

>>61259532
look up how encryption works

>>61259532
That's the point. Everyone can know HOW it works so you know the type and strength of encryption, but don't know the keys/salts/hashes it uses to encrypt the data.

>>61259402
It's pretty good. Shit mobile app though, Tutanota's app is much better.

>>61259402
better than gmail

Trustworthy than cock.li

>B,But cock.li is built by /g/ users!
Its server is located at Romania, which is a part of the E.U.

>>61259450
>>61259434
>implying everyone here knows how to setup a web-facing secure server

Running your own server certainly puts it under your control. But it also assumes that you know your way around security.

>>61259761
cock.li isn't supposed to be trustworthy, it's best used for throwaway accounts

>>61259765
>you should only trust something under your control
You can still have other people worried about security while running your own mail server. It's not like you have to worry about the security of your own OS besides making sure it stays updated.

>no IMAP / POP
>no GPG
>>NO IMAP
someone explain to me why protonmail is even taken seriously

>>61259450
>trusting a raspberry pi os mantained by a /g/ anon for security critical, open internet facing services

lmao

>>61259402
Their mail and VPN services are solid. I have the full version and it's very nice.

>>61259402
I use it because it stores email in encrypted form on a Swiss server which is the best case when using someone else's server. Running my own mail server is not something I want to do or can do unless I used a DO droplet or something. As for encryption of mail in transit you should use your own GPG setup however this is a complete waste of time since email is for communicating with other people and none of the fucking normies you need to send email to are going to read your "weird hacker codez" emails you send them. Even without the security Protonmail web client is pretty comfy.

>>61259818
I unironically use my bank stuff through cock.li and i've been fine.

>>61259993
This. As an alternative to traditional email services like gmail it's great. I just want an email provider that doesn't scan my emails for keywords and then sell that data to advertisers, and ProtonMail appears to fulfil that

>>61259870
It doesnt need any of those. Its that secure.

>>61259402
Do you physically control the servers? If so, then yes. If not, then no.

That said, I would use them, Openmail, Tutanota, etc, before I would use something like hotmail or gmail.

>>61260155
For now. Not that I think the guy that runs it wants to steal everyone's bank info, and it's still probably better than gmail, but being that a lot of anons use it for shitposting across the internet it's probably not the safest option

>>61259870
It can't use POP or IMAP because your account is encrypted. POP and IMAP require the email to be unencrypted on the server

>>61259993
Never trust people on 4chan, they are the first to ram you in the ass

>>61260273
>Do you physically control the servers? If so, then yes. If not, then no.
the emalis are locally encrypted and it's open source

>>61259532
Knowing how a lock works doesn't necessarily help get you through a door without a key.

>>61260315
You're taking their word on that. One update is all it takes for that to change.

>>61260407
The wrong type of people can do a lot with that information

>>61260429
A thief knowing that a lock has 14 tumblers doesn't mean that he can unlock said lock.

More often, it's easier to trick the person into unlocking it FOR you. That said, it's still foolish to trust a service. Now, if you were to take Protonmail's/Tutanota's open source code, and build your own service, powered on a device that you own, that's something differently entirely.

>>61260459
This.

>>61260424
Only trust yourself anon. Any of these could stop servicing at any time.

>>61260429
Whoops meant for >>61260512

>>61260512
What do I do if I don't trust myself?

>>61259906
Are you retarded? He's suggesting you use your own server.

>>61260537
Follow a tutorial and write your passwords somewhere safe

>>61260537
Then educate yourself to where you DO trust yourself. Nothing wrong with not knowing something. Something very wrong with not even trying to better your understanding.

>>61260459
Thanks im an idiot and that finally made sense, good post anon

>>61260558
what are you, if you are reading a post on /g/? hint: it starts with "a" and ends with " /g/ anon". now read my post again dumb friend

>>61259726
tutantuas app is a joke.
you are a joke.
neck yourself.

>>61260966
Are you implying that one is not qualified to make an email server if they are an anonymous member of this boars?

>>61260155
Not bank info, but I have like an ebay account and a few other things that are personally identifying linked to it. You shouldn't use it as a permanent solution though, something like that should definitely be on protonmail.

>>61261502
since i'm not using mathematical language you can assume that the language doesn't contain formal logic, and if you assume that you can also safely assume that i'm not implying what you say i'm implying.

i am implying that an average anonymous member of this board is not qualified to make an email server, though.

>>61261793
Alright, sensible.

>>61259566
You can use gpg literally everywhere. If your email software can decript it directly or not is another thing.

>>61259450
>implying also my shitty home internet has reliable enough uptime to allow me to properly run a server off of it

>>61264411
I think most servers retry every 30min-1hr for a week, any connection could do.

File: 3d8e9cb92cf7907cfd8ad06094234c629863249765a86eb43942422cd90ac880.jpg (161KB, 1080x1101px) Image search: [Google]

161KB, 1080x1101px

>>61259402
Anytime ProtonMail is under a DDoS attack they route all their traffic through Radware and Internet Binat, the company that built the Israeli Defense Forces "cloud" server farm and Mossad network.

Anytime the kikes want your email they simply DDoS ProtonMail, run some decryption tools on your email, and violoa, you're now owned by fucking Schlomo.

Enjoy giving your emails to kikes.

https://cryptome.org/2015/11/protonmail-ddos.htm

>>61265527
/pol/ plz go, this is fake disinfo

>>61265527
>decryption tools
I don't think they have enough computing power to break the encryption of every email that passes through their network

File: 1464437689613.jpg (958KB, 921x1316px) Image search: [Google]

958KB, 921x1316px

>>61265566
It's not fake news, you can verify yourself with a traceroute next time ProtonMail is under DDoS attack.

>>61265609
ProtonMail is not fully open source like Tutatnota. We don't know how shitty their code is. We don't know what kind of zero-day exploits the Mossad is sitting on. The fact that traffic is routed through an Israeli telecom firm with links to the Mossad is suspicious in itself and should raise red flags.

>>61265767
>ProtonMail is not fully open source
proof?

File: 1450845902739.png (68KB, 1371x928px) Image search: [Google]

68KB, 1371x928px

>>61265778
Only their web client front-end is open source.
https://github.com/ProtonMail/WebClient

You have to take their word that they implemented the encryption correctly on the back-end. What the code is doing on the back-end is a mystery. I wonder what ProtonMail has to hide? The Bynet Data Communications encryption key?

Only Tutanota is fully open source.

>>61265838
>Only their web client front-end is open source.
Yes and the encryption is local.
Who cares what goes on in the back end as long as they don't have trillions of processing units working on decrypting everything.
>Only Tutanota is fully open source.
There's no way for you to check what they're actually running on the back-end, so they're about as trustworthy as protonmail.

>>61265886
Tutanota doesn't route traffic through Radware / Israeli Bynet so I'd say they're more trustworthy.

>>61265527
>Likely the DDoS attack on ProtonMail was orchestrated to follow with an offer of generous "help" it could not refuse
Remember: shiny side out.

>>61265911 (checked)
smart man

>>61259402
It's swiss based so they have no bullshit with the US/EU treaties regarding data. I use it daily.

File: Screenshot from 2017-07-07 18-50-00.png (629KB, 1040x610px) Image search: [Google]

629KB, 1040x610px

>>61259592
You can enable GPG in the config, and get the public keys used internally should you need to upload them to a SKS pool or something similar. But I do some research on public key cryptography, and I've seen that even a simple caff fails. I just don't think you can fully trust in-house managing of keys.

>WTF is CAFF
https://pgp-tools.alioth.debian.org/
https://wiki.archlinux.org/index.php/GnuPG#Using_caff_for_keysigning_parties

>>61265566
The Israel thing is real, /pol/ was right again...
>pic related
>https://security.radware.com/ddos-experts-insider/ert-case-studies/protonmail-overcomers-sophisticated-ddos-ransom-attack/
>https://iplookup.flagfox.net/?ip=94.188.206.61&host=security.radware.com

I think if you like how Protonmail did stuff you can still use this one, is a fully open Protonmail server implementation in Go: https://github.com/emersion/neutron
and just use the webclient, or embed it in an electron wrapper for comfyness https://github.com/BeatPlus/Protonmail
you still need to point the client to your server of course

>>61266075
Wait- what's wrong with Israel?

>>61265988
It has no point if the IDF/Mossad can still MiTM it. >>61265911 knows what's up. >>61265904 you can still use Tutanota if you like.

>>61266116
>the IDF/Mossad can still MiTM it
and how exactly would they go about doing that?
are you saying they have enough computing power to decrypt each email in transit?

>>61266091
They only care about themselves, the country has a history of being fishy and belic as fuck with anyone who isn't jewish. Jewish religion literally teaches that they're god's chosen people (thus their arrogant pride and nepotism), and that non-jewish people "goys", are on the same level as animals and exist solely for the purpose to serve the jewish class. Although just as there are good people in the world, there are of course good jewish people, the majority are just mischevious. Another important teaching from their holy scriptures is the old "eye for an eye", and since throughout history they've been expelled and murdered due to them being mischeavious, therefore it fuels the fire even more.

TL;DR Israel being a historic jewish haven, inherits the cancer of "bad" teachings from judaism, namely revenge and arrogance.

>>61266091
>blew up their own allies
>use their allies money to destabilize the world

that's why anon, they might as well be north korea

>>61266245
This series portraits it better.
https://en.wikipedia.org/wiki/The_Honourable_Woman#Synopsis
If you can do stuff from the physical layer, you are even more fucked. The lower the layer, the higher risk.

>>61266310
what are you even trying to say?
answer my question or don't quote me

>>61259434
>trusting your own e-mail server

Unless you have an extensive background in network security, that's literally the worst possible idea anyone could ever have.

I'd much rather trust a team of experts in the field who get paid to maintain the server full time.

>>61266245
he probably meant that even though the frontend is open source, they can inject their own code and it wouldn't matter

can they do that despite HTTPS and SSL though?

>>61266245
thats not how it works, even if your connection has tls, you can still offer a rogue site in between traffic with a fake certificate and since you actually need to send your password well the rest is history

>>61266342
>>61259765
>>61266342
>too dumb to run a secure mail server when there are extensive tutorials on the matter and not too mention anyone with a grasp of server management will have it even easier
what the fuck are you lame faggots doing on /g/, fuck off back to /v/ and stop spouting the same "it's too hard, muh security" excuse when the matter is discussed

>>61266377
>you can still offer a rogue site in between traffic with a fake certificate
what the fuck is the point of certificates then?
are you saying that if someone uses my computer as a proxy to connect to facebook, I can easily offer a phishing site and not get detected?

File: slappy.jpg (38KB, 600x426px) Image search: [Google]

38KB, 600x426px

>>61265767
Take your antisemitic fake disinfo back to pol

https://protonmail.com/support/knowledge-base/protonmail-israel-radware/

>>61266411
>>61266377
>inb4 no reply

>>61266332
That if you can put a physical infrastructure around your attack, implementing it is very straightforward because you can tamper the data almost in raw. Say for example that in your home network, you have your own email solution, server, client, you name it, the point is if I have control for your router you're pretty much fucked.

>>61266436
lmao
The stupid had spread so far and wide they actually felt compelled to dismiss it publically.

>>61266436
don't even bother, tutanota is hosted in fucking germany and has major security flaws yet babbies keep shilling it here

>>61266473
>if I have control for your router you're pretty much fucked
not if the emails are encrypted before they go through the router

>>61266487
>hosted in germany

A first world country, wow so danger

>>61266508
an EU country
>wow so danger
unironically yes

>>61266508
>hosting your shit in a 5 eyes country
>hosting your shit in a place that complies with american warrants
cockli had their german servers taken by the polizei under an american warrant cause some amerimemer thought is was funny to threaten Los Angeles schools with bombs while using cockli email addresses

>>61266405
>tutorials

So, you don't trust a professional, secure email server, but you trust xXxh4xx0r2003's tutorial on installing and poorly configuring an email server. Gotcha.

>>61266558
All those tutorials are made by the same people that develop and support the mailserver solutions multinational corporations use, but not like you'd know since you're some /v/ shitter that hasn't even typed one like in a terminal.

>>61266558
>leddit spacing
just go back to wherever you came from already you mongoloid

>>61266411
More or less, you can easily offer a phishing site that's a fact. Faking the cert and so on is tricky, because there are certs installed in your computer that are still used to tell if some site is fake or real. But the point of using the hardware layer is to circunvent the protection done in the transport layer.
https://media.blackhat.com/bh-us-12/Briefings/Alonso/BH_US_12_Alonso_Owning_Bad_Guys_Slides.pdf

>>61266504
>what is xss?

>>61259502
What's wrong with cock.li?

>>61266604
>what are certificates

>>61266604
also, you probably meant to say MiTM you dumb fag

>>61266611
vince got his ass handed to him by the german police and then by customs agents in an ameri airport

>>61259402
>inb4 and tlfr threat modeling
ProtonMail is of course hard to crack for an average attacker, but due to the way it is built, the most practical way to perform an attack is available at an Israel based company known for fishy stuff related to the Israel army which implies a link to the Israel government .

>>61266627
Didn't he then move his servers to some other country?
Finland or some shit?

>>61266641
see >>61266436

>>61266644
yeah but he didn't recover the drives

>le jew meem

File: kikes your daughter.jpg (88KB, 960x640px) Image search: [Google]

88KB, 960x640px

>>61266682
shhh the goyim know

>>61266650
anon you donut understand, radware can be the nicest people, but it is possible for israel to use them as they want just because they have actual means to do so: laws and physical telecommunications network

if it is a matter of trust, well the choice is clear, and is up to you to decide what you want for yourself

>>61259532
Do you know how to find the prime factors of a large number? No? Then encryption is safe.

>>61267016
give me time

Name a single evil jew

>>61267191
Soros

>>61267212
/thread

>>61267212
>>61267233
>>61266743
>>>/pol/

>>61266682
>>61267191
>>>/o/ven

>>61259402
Better than gmal, but far away from ideal.

>>61259402
>Should I trust them?
no

PROTON TECHNOLOGIES IS THE BEST

>>61267191
you.

>>61259402
just use any mail service + gpg if you're actually concenred.

>>61259450
this is a terrible idea for anyone with a dynamic IP (everyone ever)

>>61268236
Thankfully you can easily solve that with Dynamic DNS

https://wiki.archlinux.org/index.php/Dynamic_DNS
https://www.nsupdate.info/

If you're not comfortable sending your info you can even setup a .bit domain with namecoin and update it dynamically with sftdyn
https://github.com/SFTtech/sftdyn
https://bit.namecoin.org/

>>61260309
Possibly literally

>>61267273
>far away from ideal
WRONG

>>61268364
That sounds like a lot of work

>>61260407
Uhh, that's quite literally how some people crack lacks, by using an xray or knowing the model, thus knowing how to crack it.

If you want to burden people to click a link and open a browser to read every fucking mail you send, go for it

Otherwise just pay for email. I use fastmail. It's excellent

>>61268608
That's actually how you pick a lock. You don't ever really know until you've got your tools in. Most work on the same exact principals even, it just takes time to work through them.

>>61259402
Encrypt your emails with PGP noob. never trust anything willy nilly silly

>>61259450
Good luck in sending email

>>61259402
>muh Switzerland
Switzerland has an MLAT with the US and many other countries, and Swiss courts will readily compel Swiss companies to turn over information requested by law enforcement in those countries. As for intelligence agencies, if they want something Protonmail has, they have many options for getting it.

>muh encryption
Protonmail stores your private key on their servers. It's worthless. Yes, it is theoretically only decrypted locally. All it takes is changing a couple of lines of js to leak your passphrase to them. Have you audited Protonmail's js? Do you audit it every time you load the site? No? Then assume your private key is compromised.

It's mememail for funsies. It's not suitable for anything serious.

>>61259402
Host your own server at home and use PGP.
That is what I think of protonmail.

>>61268515
nsupdate is a saas you just literally sign up for an account and setup your router and never touch it again

>>61266545
Germany is not part of the five eyes. Five eyes is literally just the anglosphere.

>>61272043
Germany is part of 14 eyes.

Lol the domains on cock.li are hilarious.
Is cock.li secure?