Posted by Hitler_Was_Right in Tech
1.Protonmail Behaves like a CIA/NSA “Honeypot”
Protonmail has an Onion domain that allows users to visit their site using the TOR browser. Protonmail even has an SSL cert for that onion address even though it’s completely unnecessary. When a user makes a new account with Protonmail on TOR they are re-directed from Protonmail’s “.onion” to “.com” address. This breaks your secure encrypted connection to their onion address, enabling your identification. There are absolutely no technical reasons for this feature. In fact, the only other websites that operate like this are suspected NSA/CIA Honeypots.
This is a huge security issue that was either created because Protonmail is managed by Particle physicists who do not understand computer security OR they have been forced to operate their website in a similar way as CIA/NSA honeypots. Both possibilities are serious concerns.
- Protonmail Does Not Provide “End to End Encryption”
Professor Nadim Kobeissi mathematically proved that Protonmail does not provide End to End Encryption. Meaning, Protonmail has the ability to decrypt their own user’s data. When this was shown to be true, Protonmail users were outraged they had been lied to. Protonmail was forced to issue a public statement. Their statement begins like you would expect it would.. by shitting on the security researcher that revealed their dishonesty. Then they continued to say: “We lied to our users because other email companies did”. No apologies. They can decrypt any of their user’s data be sending them scripts that allow them to do so. However they advertise that they can not. Protonmail’s admission proves they offer the same security that Gmail offers. Both Gmail and Protonmail offer encryption that they can decrypt whenever they want.
- Protonmail’s Was Created Under CIA/NSA Oversight
Gmail & Protonmail were both created in CIA/NSA funded departments with their oversight. Protonmail has tried to hide this part of their history. We wrote a whole article about it here.
4.Protonmail is Part Owned by CRV and the Swiss Government
After a successful crowdfunding campaign with promises to “remain independent” Protonmail sold equity ownership to CRV and FONGIT. At the time of the equity sale a CRV founder, Mr Ted Ditersmith, was working for the US State Department closely with President Obama. His position as a delegate required close contact with CIA & NSA administration. Mr. Ted Ditersmith had also witnessed the Edward Snowden revelations and made statements that he planned to use his corporate knowledge to “fight terrorism”. FONGIT is a Non Profit organization that is financed by the Swiss Government. Protonmail staff member, Antonio Gambardella, also works for the Swiss Government.
- CRV, In-Q-Tel & the CIA
The CIA openly operates a front company, In-Q-Tel, whose stated purpose is to invest in tech companies on behalf of the CIA. In-Q-Tel has stated they have a specific interest in the information contained in e-mails and encrypted communication. In-Q-Tel has been shown to be the bridge between the CIA and Gmail. An analysis of staff members reveals CRV & In-Q-Tel connections. The US media confirms these connections when they interview CRV so that they can understand In-Q-Tel. Additionally, The mastermind, cryptographer & back end developer that created Protonmail, Wei Sun, now works for Google.
- Protonmail Follows CIA Email format & Metadata Requirements
Leaked documents at Wikileaks show that the CIA requires emails to be stored as an EML filetype. There are several ways to store emails, and Protonmail has selected the format that the CIA requires. Protonmail offers no protection for users’ metadata and has officially stated that they turn metadata over to Law Enforcement. Edward Snowden revealed that the US government cares least about the content of emails. Mr. Snowden revealed the US Law Enforcement cares most about who a person is talking to, the dates & times of the emails, and the subject of the email. Subject and metadata encryption are not difficult to provide. However, Protonmail refuses to offer any protection on data that is most valuable to the CIA & FBI and they store it as plain text (No encryption). Edward Snowden stated the NSA “isn’t able to compromise the encryption algorithms underlying these technologies. Instead, it circumvents or undermines them by forcing companies to cooperate in other ways. Protonmail has refused to protect the information the NSA wants, this is a concern.
- Swiss MLAT Law Could Give the NSA Full Access
Protonmail’s Servers Reside In Switzerland, a country with an MLAT treaty that could allow the NSA to continue it’s the mission of recording “nearly everything” about a person’s internet communication. Any doubts the MLAT treaty applies are removed when you take into account that Protonmail is part-owned by FONGIT, a Swiss Government-financed company. Protonmail has also recently revised its Privacy Policy to include wording and requirements from the MLAT treaty. Their actions show they are capitulating with the MLAT treaty. Revisions include a change to their privacy policy allowing them to track your location while you use their service in some situations.
- Protonmail Uses Radware for DNS/DDOS Protection
Privacy companies like Protonmail are required to use a DNS/DDOS service because of the frequent attacks against their service. Protonmail uses a company called Radware for this purpose. Radware is a low-quality service that has failed to provide adequate protection. Protonmail has been taken offline, sometimes by teenage kids, because they insist on using a sub-par service. It’s worth noting that Radware’s international office is a few miles away from the headquarters of the most powerful Intelligence agency on earth, The Isreali Mossad. Radware can gain complete access to all Protonmail user’s accounts in two ways. They could inject a few lines of code that would reveal all users log in username and passwords, thus allowing them to log in as if they are that user. They could also be given users usernames & passwords by Protonmail. Remember Protonmail has admitted they can access all user’s accounts and decrypt their data. Additionally, it has been reported that Radware has direct connections to the Israeli Defense Force.
- Protonmail Developers Do Not Use Protonmail
Protonmail’s developers are in a position to know the real security offered by Protonmail. And Protonmail’s developers do not use Protonmail. If you were served food by a cook who refused to eat the food, would that be a cause of concern to you? This is the same situation. Protonmail developers do not use Protonmail, there are likely good reasons for this.
- Protonmail engages in illegal cyberwarfare
In 2017 Protonmail seems to have used illegal cyber warfare capabilities to unlawfully break into a suspects server. You can see the tweet they posted and read about it here. They soon deleted the tweet and said: “We cannot confirm nor deny if anything happened.” In 2013 the European Union parliament voted to make hacking a crime that carried a prison sentence of 2 years. “Hacking back” is also illegal under Swiss law. Based on Protonmail’s admissions only, they conducted an illegal hack.
- Protonmail has a history of Dishonesty.
From Protonmail’s creation lied to their users. Starting when they crowdfunded $550k to “remain Independent”, a promise they broke almost immediately by selling equity ownership to a US corporation with ties to President Obama and John Podesta.
In our opinion Protonmail is not an email solution you would use if you want privacy or security. Your emails are probably going to end up in a US data center right next to your Gmail emails.
Privacy Watchdog
Hitler_Was_Right OP wrote
Protonmail’s False Claim List
Lie: “Protonmail obeys the law”
In 2017 Protonmail seems to have used illegal cyber warfare capabilities to unlawfully break into a suspected phishing server. You can see the tweet and read about it here. They soon deleted the tweet and said: “We cannot confirm nor deny if anything happened.” In 2013 the European Union parliament voted to make hacking a crime that carried a prison sentence of 2 years. “Hacking back” is also illegal under Swiss law.
Lie : Protonmail offers “Zero Access” or “End to End Encryption”
A professor who teaches computer science and cryptography Nadim Kobeissi proved that Protonmail does not provide End to End Encryption. Protonmail has since publicly acknowledged that they can decrypt anyone’s encrypted content by obtaining their password/passphrase.
Lie: Protonmail protects free speech
Protonmail has stated on Reddit that they are “controlled by the politics of the community that dominates the ProtonMail userbase”. So if a majority of their users wanted to ban an innocent minority group, Protonmail has stated they would “yield to community pressure” and ban all those users from their platform even if their terms of service are not broken. So Protonmail protects free speech as long as it agrees with the majority of their users. Protonmail is not safe for any minority group including Jews, activists or missionaries. If Protonmail has a majority group ask them to ban a minority group of users then Protonmail has stated explicitly that they will do it even if no terms of service are broken. Read Protonmail’s statements here.
Lie: “Protonmail is open source code.”
Their front end code is open source. Their back end code and mobile code is kept private. This can be confirmed by reviewing their open-source code here
Lie: “By default, we do not keep any IP logs”
Protonmail’s Privacy Policy States: “This includes, the sender & receivers, the IP addresses were emails originated from, message subject, messages sent & received times, storage space, total emails and login times.” Protonmail is also legally required to store all users data for 6 months in Switzerland.
Lie: ProtonMail does not require any personally identifiable information to register.
If a user tries to signup without personal information, via VPN or TOR, they detect it and require a “donation” with a credit/debit card or a confirmation with your personal phone.
Lie: “When a ProtonMail account is closed, data and emails are immediately deleted from production servers”
By Swiss law, Protonmail is required to record all data for 6 months. When a user deletes an email, the email and all meta-data must legally be retained for 6 months
Protonmail Claims to be “Independently Audited”.
There is only 1 company listed as conducting an Audit of Protonmail, Cyberkov.com. Cyberkov’s website says it’s connected to Harvard, MIT & CERN. And their team is full of Harvard and MIT grads, exactly like Protonmail. So Protonmail’s audit was probably done by Protonmail’s college friends or colleagues. Protonmail also shows a list of people who’ve audited their code, but anyone can email Protonmail to add their name to the list. Years later Professor Kobeissi did a real independent audit and proved Protonmail doesn’t provide “end to end encryption Privacy Watchdog
https://privacy-watchdog.io/protonmails-false-claims/