Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
ProtonMail demanded private user data, because someone wrote about them badly (twitter.com/brokep)
101 points by ushakov on Nov 4, 2021 | hide | past | favorite | 25 comments


The entire privacy industry is a bit of scam. Ranging from vpns to things like brave browser to email providers, almost everyone is just trying to make a quick buck in exchange for things of questionable value. Worst are the youtube influencers and websites who will peddle things endlessly.


Most VPNs are a scam, sure, but things like ProtonMail have demonstrable value when it comes to privacy. Re. ProtonMail, their protocol has been verified to be E2EE and their clients are far better than what we had before in terms of usability, especially for beginners.


sponsorblock has helped immensely in that regard. i just do not see those snake oil peddling "sponsored by" segments.


Did something change with Proton corp that has them being a bit more hostile as of late? Peter Sunde is a credible source for this, and it doesn't seem like he'd fall victim to dog-piling on the media's hate-du-jour like the normal facebook news cycle. There is concern forming on this end for the future of the service if they continue with mis-steps like this.


i don't think the service was/is as good as the image they created for it to begin with


I think ProtonMail changed after about a year. That's when I suddenly could no longer create new accounts with tor unless I linked a phone number or "real" email address (gmail/etc).

Around the same time they also changed the system so that password recovery was easier to do. This means they were now generally able to unencrypt your emails without your password.

The last secure email provider was the original Lavabit.


They set out to create a secure email service for all.

They got lots of darkweb drug dealers & buyers, spammers, fappers, leakers, escorts, johns, and privacy larpers.

For a while post snowden it looked like people cared, it turns out they didnt, hence why after a year or so the anti abuse stuff picked up.

> The last secure email provider was the original Lavabit.

Was never secure in the first place ... yes they used ssl, but so did/does gmail.


All the animals come online at night. Johns, darkweb drug dealers, fappers, escorts, spammers, larpers, sick, venal.

Someday a real rain will come and wash all this scum off the internet.

I sell bandwidth to anyone. I don't care. Don't make no difference to me. It does to some.

Some won't even take MAGA. Don't make no difference to me.


"unencrypt", do you mean they can decrypt user emails? because that would be a surprise to me, where did you find this?


If you can lose your password, and then hit "Forgot password" and get access to your emails again...then they can run the same routines without your password.


> If you can lose your password, and then hit "Forgot password" and get access to your emails again...then they can run the same routines without your password.

runnerup, what leads you to believe this is possible? According to their password reset instructions, resetting your password will prevent you from decrypting any existing messages: https://protonmail.com/support/knowledge-base/reset-password...

An attack using this specific method would require resetting your password and then reading any emails you receive afterwards.


to anyone wondering, this was the blogpost Peter was talking about: https://encryp.ch/blog/truth-about-protonmail/


Wow, worse than I thought. Was considering ProtonMail, then I asked why I should trust them and the answer was I should not simply just trust them because they were claiming to respect privacy. Tried to host it myself, then it turned out too much trouble as I no longer have a fixed IP. Even tried those managed mail services with my own domain but well, none really fits all my needs.


Just FYI that post is wildly inaccurate and the submission has been flagged: https://news.ycombinator.com/item?id=29103056


You can buy a cheap vps + domain and setup the mail server on it or use it ro reroute traffic.

Worse case you can buy expensive dyndns.


>Worse case you can buy expensive dyndns.

DONT USE DYNAMIC IP's for mail-servers, never ever!


Funny part is the author of that blog post demanded Cloudflare identify customers and explain why Cloudflare customers were doing a legal activity.


Is this about the blog post which was mentioned in this Ask HN post?

https://news.ycombinator.com/item?id=29063779



Earlier [flagged] discussion: https://news.ycombinator.com/item?id=28652978 (85 comments)


Why is it flagged? It is surely a story that is relevant for HN.

I realize that some the claims were obviously wrong but we can handle that in the discussion. Flagging effectively removes the post from here completely.


I would guess because it was quite wrong and some people just read the article and not the comments. If it had stayed on the front page, there would have been lots of people who read it and just assumed it was true because it's on the front page after all. Just a guess though...


This coming on the heels of that other court ordered disclosure is not a good look for ProtonMail.


> that other court ordered disclosure

https://protonmail.com/blog/transparency-report/

Turns out it was all just faux outrage over something that they do / did / will do and have disclosed doing for the entire life of the company.


I can't find any example of Proton either confirming or denying this. Can anyone? If not, since it's been a week, it seems reasonable to assume this is accurate.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: