ProtonMail Community Update

Have you tried ProtonMail yet ?


  • Total voters
    81
Status
Not open for further replies.

_CyberGhosT_

Level 53
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
*Service Alert
Just a Heads Up from ProtonMail I received in my Inbox
 

Attachments

  • ProtonmMail_SS.png
    ProtonmMail_SS.png
    8.6 KB · Views: 516

Dirk41

Level 17
Verified
Top Poster
Mar 17, 2016
797
  • No more waiting list! Invite your friends & family to create accounts instantly: ProtonMail - Sign Up
  • Over half a million new users in the past several months!
Free iOS/Android mobile apps launched globally in March

Some interesting new features include:

Behind the scenes, we have also scaled and improved our infrastructure to provide even more reliable secure email to our community of millions of users. Our team has also expanded, including more customer support staff to ensure quicker help for paid account users.

Looking forward, we will continue to improve our core email encryption technology and add new features such as two factor authentication, improved contacts with mailing lists, and paid plans for small and medium businesses that can support multiple users!

We are committed to providing privacy to the entire world and we believe that continuing to provide free accounts for all is crucial for our mission. In order for ProtonMail to continue to develop and operate at the highest standards, financial support from the community is vital. The best way to support our mission is by upgrading to a paid plan, making a donation, or simply spreading the word about ProtonMail.

Your continuous support over the past couple years has taken ProtonMail further than anybody ever imagined. We are here to serve the community and we look forward to improving ProtonMail with your support!

Best Regards,
The ProtonMail Team


ProtonMail Blog: protonmail.com/blog
Feature Request: protonmail.uservoice.com
Facebook: facebook.com/protonmail
Twitter: twitter.com/protonmail
Google+: plus.google.com/+protonmail
Reddit: reddit.com/r/ProtonMail

Thank you very much for sharing :)

So in order to stay encrypted either the sender or the recipient have to install protonmail? ( like vpn)

They rely just on donations ?
 
A

antreas

Thank you very much for sharing :)

So in order to stay encrypted either the sender or the recipient have to install protonmail? ( like vpn)

They rely just on donations ?

No they have premium accounts.
Message Sending

Emails sent between ProtonMail users

  • Always end-to-end encrypted.
Emails from ProtonMail users to non-ProtonMail users

  • End-to-end encrypted if the “Encrypt for Outside” option is selected. Learn more here.
  • Otherwise encrypted with TLS if the non-ProtonMail mail server supports it (most providers such as Gmail, Yahoo, Hotmail, etc, support TLS). Note, since these message are encrypted, but not end-to-end encrypted, this means Gmail, Yahoo, Hotmail, etc, will be able to read these messages and hand them over. This is not possible if “Encrypt for Outside” is set and ProtonMail end-to-end encryption is enabled
 

Dirk41

Level 17
Verified
Top Poster
Mar 17, 2016
797
No they have premium accounts.
Message Sending

Emails sent between ProtonMail users

  • Always end-to-end encrypted.
Emails from ProtonMail users to non-ProtonMail users

  • End-to-end encrypted if the “Encrypt for Outside” option is selected. Learn more here.
  • Otherwise encrypted with TLS if the non-ProtonMail mail server supports it (most providers such as Gmail, Yahoo, Hotmail, etc, support TLS). Note, since these message are encrypted, but not end-to-end encrypted, this means Gmail, Yahoo, Hotmail, etc, will be able to read these messages and hand them over. This is not possible if “Encrypt for Outside” is set and ProtonMail end-to-end encryption is enabled

Thank you !it was exactly the reply I needed, I was talking about end to end
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
But ProtonMail lacks of encrypting the subject header and sender/receiver email addresses. It can only encrypt the message body

Tutanota can encrypt the subject header and sender/receiver email addresses
 
Last edited:

_CyberGhosT_

Level 53
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
But ProtonMail lacks of encrypting the subject header and sender/receiver email addresses. It can only encrypt the message body

Tutanota can encrypt the subject header and sender/receiver email addresses
Your not correct,
From ProtonMail:
  • All messages in your ProtonMail inbox is stored end-to-end encrypted. This means we cannot read any of your messages or hand them over to third parties. This includes messages sent to you by non-ProtonMail users, although keep in mind if an email is sent to you from Gmail, Gmail likely retains a copy of that message as well.
  • Messages sent “Encrypted for Outside” are also stored end-to-end encrypted.
  • Subject lines and recipient/sender email addresses are encrypted, but not end-to-end encrypted.
  • Source: What is encrypted? - ProtonMail Support
 
  • Like
Reactions: LASER_oneXM

_CyberGhosT_

Level 53
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Heres another Difference between the two. and this fact is accurate ;)

Protonmail requires two passwords (one for login and one for message encryption while Tutanota requires one password only. In the case of Protonmail the message encryption password is not sent to their servers, but live only in your web browser on your device. The login password is sent to their servers (and a copy is kept on their servers) in order to validate your login. This means that in the case of Tutanota the single password used for login and message encryption is stored on Tutanota's servers. The password is sent and stored encrypted, but the fact remains that Tutanota has a copy of your password.
I will stick with ProtonMail ;)
Source: https://www.quora.com/Which-service...rity-for-email-ProtonMail-or-Tutanota?share=1
 
Last edited:

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
Your not correct,
From ProtonMail:
  • All messages in your ProtonMail inbox is stored end-to-end encrypted. This means we cannot read any of your messages or hand them over to third parties. This includes messages sent to you by non-ProtonMail users, although keep in mind if an email is sent to you from Gmail, Gmail likely retains a copy of that message as well.
  • Messages sent “Encrypted for Outside” are also stored end-to-end encrypted.
  • Subject lines and recipient/sender email addresses are encrypted, but not end-to-end encrypted.
  • Source: What is encrypted? - ProtonMail Support
Tutanota is also end-to-end encryption
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
Heres another Difference between the two. and this fact is accurate ;)

Protonmail requires two passwords (one for login and one for message encryption while Tutanota requires one password only. In the case of Protonmail the message encryption password is not sent to their servers, but live only in your web browser on your device. The login password is sent to their servers (and a copy is kept on their servers) in order to validate your login. This means that in the case of Tutanota the single password used for login and message encryption is stored on Tutanota's servers. The password is sent and stored encrypted, but the fact remains that Tutanota has a copy of your password.
I will stick with ProtonMail ;)
Source: https://www.quora.com/Which-service...rity-for-email-ProtonMail-or-Tutanota?share=1
This is correct. I'm not disputing this.
 

Crypto

Level 2
Verified
Jan 14, 2017
64
Not so concerning.....
Did you check the date of your story ? (11 November 2015)
The DDOS assault was handled and they recovered nicely, a long time ago ;)

You should probably read this part:
"Likely the DDoS attack on ProtonMail was orchestrated to follow with an offer of generous "help" it could not refuse, necessarily a re-route of all traffic through third-party "anti-DDoS" systems. Now the "Switzerland" based privacy firm is proxied by an Israeli firm for traffic analysis, network exploitation of users, cryptographic monkeying. Israeli expertise in the latter is unmatched. Classic gov-mil cyber op with great PR happy ending for exploited asset. Users of ProtonMail must not fret; they got lucky with this fumble. Don't trust this security faker; don't trust the next one."
 
  • Like
Reactions: LASER_oneXM

_CyberGhosT_

Level 53
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
You should probably read this part:
"Likely the DDoS attack on ProtonMail was orchestrated to follow with an offer of generous "help" it could not refuse, necessarily a re-route of all traffic through third-party "anti-DDoS" systems. Now the "Switzerland" based privacy firm is proxied by an Israeli firm for traffic analysis, network exploitation of users, cryptographic monkeying. Israeli expertise in the latter is unmatched. Classic gov-mil cyber op with great PR happy ending for exploited asset. Users of ProtonMail must not fret; they got lucky with this fumble. Don't trust this security faker; don't trust the next one."
It's not accurate I read the entire story, PM ProtomMail support with this if you question what i am telling you, they will get a kick out of this.
I will try to get a rep to come here and respond to your post, lol
I visited the source, but you can believe this if you so choose, the only part correct is the early DDOS that took place very early
when ProtonMail opened for public accounts ;)
 
  • Like
Reactions: LASER_oneXM

_CyberGhosT_

Level 53
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Here is a bit of "truth" for you:
ProtonMail is run by Proton Technologies AG, a company based in the Canton of Geneva, and its servers are located at two locations in Switzerland, outside of US and EU jurisdiction. The service received initial funding through a crowdfunding campaign. The default account setup is free and the service is sustained by optional paid services. As of December 2015, ProtonMail has approximately 1 million users. .

From 3 to 7 November 2015, ProtonMail was under several DDoS attacks that made the service largely unavailable to users. ProtonMail believed that it was affected by two separate attacks, the first led by a group of hackers known as the Armada Collective and the second by an unknown, more technically advanced group with abilities similar to a state-sponsored group. The first attack was tied to a ransom of 15 Bitcoins (roughly US$6,000) which ProtonMail eventually paid due to pressure from ISPs and other companies affected by the attack. The DDoS attacks, however, did not stop and instead began to take on more sophistication, with rates exceeding 100 Gbit/s. The company received an email from the Armada Collective in which they denied responsibility for the ongoing attack. During the attack, the company stated on Twitter that it was looking for a new data centre in Switzerland, saying that "many are afraid due to the magnitude of the attack against us". They have since posted that they "have a comprehensive long term solution which is already being implemented" END
 
Last edited:
  • Like
Reactions: LASER_oneXM

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
Here is a bit of "truth" for you:
ProtonMail is run by Proton Technologies AG, a company based in the Canton of Geneva, and its servers are located at two locations in Switzerland, outside of US and EU jurisdiction. The service received initial funding through a crowdfunding campaign. The default account setup is free and the service is sustained by optional paid services. As of December 2015, ProtonMail has approximately 1 million users. .

From 3 to 7 November 2015, ProtonMail was under several DDoS attacks that made the service largely unavailable to users. ProtonMail believed that it was affected by two separate attacks, the first led by a group of hackers known as the Armada Collective and the second by an unknown, more technically advanced group with abilities similar to a state-sponsored group. The first attack was tied to a ransom of 15 Bitcoins (roughly US$6,000) which ProtonMail eventually paid due to pressure from ISPs and other companies affected by the attack. The DDoS attacks, however, did not stop and instead began to take on more sophistication, with rates exceeding 100 Gbit/s. The company received an email from the Armada Collective in which they denied responsibility for the ongoing attack. During the attack, the company stated on Twitter that it was looking for a new data centre in Switzerland, saying that "many are afraid due to the magnitude of the attack against us". They have since posted that they "have a comprehensive long term solution which is already being implemented" END
If I'm not wrong those guys running ProtonMail are US citizens but residing in Switzerland. I believe they will surrender your info if there's a bit of pressure from the NSA/FBI, right? Time will tell. This is similar to some US VPN companies operating in Hong Kong. Hong Kong do not have data logging retention law but these US-operated VPN companies do keep logs of you even though they claimed not to.

Secondly, if I'm not wrong again, the CEO of the Israeli company, Radware, which supplies the anti-DDOS technology to ProtonMail is related to the Unit 8200 Israeli Intelligence Corp Unit. Why do you think the Israelis is interested in ProtonMail?

Quote

Jolly Wallet was created by Radyoos, which was co-founded in 2011 by Roy Zisapel, who is also CEO of security provider Radware. He doesn’t advertise his connections to Unit 8200, though in an article from 2011 Zisapel notes he was part of the division. Zisapel seems to be using his experience in both offensive and defensive cyber to profit in two huge markets. He declined to be interviewed for this article.

These Ex-Israeli Surveillance Agents Hijack Your Browser To Profit From Ads
 
Last edited:

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
News for ProtonMail users

The new system of signing in and accessing your mails now only requires 1 password instead of 2 passwords.

However, the option to use 2 passwords is there. And earlier users can also revert to the use of a single password.

All these is to simply and the ease of using single password.
 
Last edited:

LASER_oneXM

Level 37
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
^^....thanks for this info: now the login is faster and simpler/easier.
The level of privacy seems to be stil very high (see first quote). I switched
few minutes ago to the new one pasword mode...

Two quotes from a support article about the new login mode:

source: What is One Password Mode? - ProtonMail Support

When ProtonMail was originally released, two passwords were necessary to enter your account, a Login password and Mailbox password. This was done for security reasons to ensure end-to-end encryption. However, after extensive and careful study, our research team developed a way to provide the same level of privacy and security with just a single password. Technical details can be found here.

Because this improves the usability of ProtonMail, this is now the default for all newly created accounts. For Legacy accounts (those created before December 2016), we also provide the option to switch to One Password Mode. Two Password Mode will continue to be supported, and more information about Two Password Mode is provided at the bottom of this article.

One Password Mode removes the need to remember two passwords (Login and Mailbox), making it even easier to use ProtonMail. Instead of two passwords, just a single password is required to enter your account.

If your account was created after November 2016, you are already in One Password Mode. If you have an older account, you can activate One Password Mode within the Account tab of the Settings within your account.
 
Last edited:

_CyberGhosT_

Level 53
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
^^....thanks for this info: now the login is faster and simpler/easier.
The level of privacy seems to be stil very high (see first quote).

Two quotes from a support article about the new login mode:

source: What is One Password Mode? - ProtonMail Support
Yeah, I had one of the original beta testers acct's with the 1gig of storage, at the end of the beta it was upgraded to 5gig
by the team for free. I also have one of the newer free acct's that comes with 500MB of storage I use it for my Gaming acct's.
Both use the dual password system, I have used the Login + Decryption password so long I am just used to it.
Been there from the start, was there for the DDos attack and don't see me leaving anytime soon.
I may convert them to the single PW, but for now I don't mind typing two to login.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top