Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
General Apps
Other software
ProtonMail includes Google Recaptcha for Login
Message
<blockquote data-quote="Paul.R" data-source="post: 944930" data-attributes="member: 8305"><p><em>Description:</em></p><p><em></em></p><p><em>A recent change over the course of the last two weeks led to re-visiting, re-logging-in users. Recaptcha is now injected and compromising a machine's identity on every single login; especially so if cookies are deleted afterwards to preserve user privacy.</em></p><p><em></em></p><p><em>Steps to reproduce the behavior:</em></p><ul> <li data-xf-list-type="ul"><em>Use any adblocker of choice (e.g. uBlock Origin with Cookie Autodelete)</em></li> <li data-xf-list-type="ul"><em>Go to <a href="https://mail.protonmail.com/login" target="_blank">Login - ProtonMail</a></em></li> <li data-xf-list-type="ul"><em>Find out ProtonMail is using Google Recaptcha, compromising privacy of all its already registered users.</em></li> </ul><p><em>Expected behavior:</em></p><p><em></em></p><p><em>As a project/company that was founded as an immediate response to the Snowden Leaks, which revealed that the Google PREFs cookie is literally how the NSA tracks users across the planet, I find this very absurd to see.</em></p><p><em></em></p><p><em>I understand that there's intention to lower the rate of spammer accounts in the Registration process. But reoccuring users that have -TWO- passwords to identify themselves with should not need to re-identify themselves as a human. And especially not with an unethical service such as Google that seem to not respect any privacy laws that are applicaple in the European Union.</em></p><p><em></em></p><p><em>To be honest, this issue is for me a reason to change services; and I feel betrayed in the sense that I as a crowdfunding campaign sponsoring user think that this is a serious breach of GDPR law. I'm a European citizen (from Germany) and I never agreed to share any information with Google.</em></p><p><em></em></p><p><em>I also understand that other Recaptcha using services are necessary when ProtonMail would face lots of TOR traffic (which actually would also endanger journalists abroad btw). But this web traffic was received by ProtonMail without any Proxy in between, from my ISP's geo-ip-confirmable IP.</em></p><p><em></em></p><p><em>Currently, if ProtonMail continues to deanonymize its users by including Google's Recaptcha code, I cannot recommend ProtonMail as a service to anyone anymore.</em></p><ul> <li data-xf-list-type="ul"><em>OS is ArchLinux</em></li> <li data-xf-list-type="ul"><em>Browser is Ungoogle Chromium (latest)</em></li> <li data-xf-list-type="ul"><em>URL is mail.protonmail.com</em></li> </ul><p></p><p>PROTON MAIL RESPONSE: <a href="https://news.ycombinator.com/item?id=27326961" target="_blank">A few comments about this. A very small fraction of logins get the CAPTCHA chal... | Hacker News</a></p></blockquote><p></p>
[QUOTE="Paul.R, post: 944930, member: 8305"] [I]Description: A recent change over the course of the last two weeks led to re-visiting, re-logging-in users. Recaptcha is now injected and compromising a machine's identity on every single login; especially so if cookies are deleted afterwards to preserve user privacy. Steps to reproduce the behavior:[/I] [LIST] [*][I]Use any adblocker of choice (e.g. uBlock Origin with Cookie Autodelete)[/I] [*][I]Go to [URL='https://mail.protonmail.com/login']Login - ProtonMail[/URL][/I] [*][I]Find out ProtonMail is using Google Recaptcha, compromising privacy of all its already registered users.[/I] [/LIST] [I]Expected behavior: As a project/company that was founded as an immediate response to the Snowden Leaks, which revealed that the Google PREFs cookie is literally how the NSA tracks users across the planet, I find this very absurd to see. I understand that there's intention to lower the rate of spammer accounts in the Registration process. But reoccuring users that have -TWO- passwords to identify themselves with should not need to re-identify themselves as a human. And especially not with an unethical service such as Google that seem to not respect any privacy laws that are applicaple in the European Union. To be honest, this issue is for me a reason to change services; and I feel betrayed in the sense that I as a crowdfunding campaign sponsoring user think that this is a serious breach of GDPR law. I'm a European citizen (from Germany) and I never agreed to share any information with Google. I also understand that other Recaptcha using services are necessary when ProtonMail would face lots of TOR traffic (which actually would also endanger journalists abroad btw). But this web traffic was received by ProtonMail without any Proxy in between, from my ISP's geo-ip-confirmable IP. Currently, if ProtonMail continues to deanonymize its users by including Google's Recaptcha code, I cannot recommend ProtonMail as a service to anyone anymore.[/I] [LIST] [*][I]OS is ArchLinux[/I] [*][I]Browser is Ungoogle Chromium (latest)[/I] [*][I]URL is mail.protonmail.com[/I] [/LIST] PROTON MAIL RESPONSE: [URL="https://news.ycombinator.com/item?id=27326961"]A few comments about this. A very small fraction of logins get the CAPTCHA chal... | Hacker News[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
