💾 Archived View for gemini.circumlunar.space › users › laur%C3%AB › mail › protonmail.gmi captured on 2024-08-18 at 19:37:13. Gemini links have been rewritten to link to archived content

-=-=-=-=-=-=-

Protonmail

The most popular "private" E-mail provider, and often the first choice of a person getting away from the three giants. But does that mean it is in fact quality? The site is filled by beautiful black screen without JavaScript enabled. But assuming you got past that hurdle, let's consider the sign-up process - if you're signing up through TOR or a VPN, ProtonMail requires SMS confirmation.

And if you try to receive confirmation through a RiseUp E-mail, it says this:

Email verification temporarily disabled for this email domain. Please try another verification method.

So, SMS is the only option (unless you want to donate, which would reveal your personal information of course); therefore their claim that "ProtonMail does not require any personally identifiable information to register" is a shameless lie. Proton later included the option to solve a hCaptcha (used to be reCaptcha) for confirmation; however, the option disappears while using a VPN. They must really want that damn phone number if you are using anonymizers! And the claim that you can sign up without personal data is still false.

The way their "end to end" encryption works is by generating the encryption keys while you sign up - using your already existing keys is not allowed and ProtonMail must store the generated private key for PGP to work. Since the whole encryption process is done by JavaScript in the browser, nothing prevents them from sending you backdoored JS; the encrypted messages can also only be sent to other ProtonMail users, unless using the paid account (update: actually, a friend has told me that the latter isn't true anymore, though you have to upload the recipients' public PGP keys to ProtonMail if you want to use them). According to researchers, ProtonMail's encryption contains serious shortcomings. At the end of this report, I also link to an article detailing the issues with in-browser encryption in general. Mail clients are not supported except, again, through a paid feature called "Protonmail Bridge".

But let's move past the fluff and see which data does ProtonMail actually store and for how long. Quoting from their privacy policy:

We employ a local installation of Matomo, an open source analytics tool. Analytics are anonymized whenever possible and stored locally (and not on the cloud).

So when you visit their website, this Matomo spies on you. But what data does it actually collect? From Matomo's website:

All standard statistics reports: top keywords and search engines, websites, social media websites, top page URLs, page titles, user countries, providers, operating system, browser marketshare, screen resolution, desktop VS mobile, engagement (time on site, pages per visit, repeated visits), top campaigns, custom variables, top entry/exit pages, downloaded files, and many more, classified into four main analytics report categories – Visitors, Actions, Referrers, Goals/Ecommerce (30+ reports)

So that's the website. What about the e-mail service?

we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, message subject, and message sent and received times. [...] We also have access to the following records of account activity: number of messages sent, amount of storage space used, total number of messages, last login time.

Great, even more metadata than Tutanota (if you trust Tutanota's claims that they collect as little metadata as they say they do). And then there's this gem:

When a ProtonMail account is closed, data is immediately deleted from production servers. Active accounts will have data retained indefinitely. Deleted emails are also permanently deleted from production servers. Deleted data may be retained in our backups for up to 14 days.

Read that again! Indefinite retention of data by the "private" ProtonMail! And 14 days for deleted data - enough for "them" to get you. At least there's disk encryption...UPDATE August 28; a direct admission they do store IP logs forever in certain cases - "and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions". Their TOS says this: "You agree to not use this Service for any unlawful or prohibited activities. You also agree to not disrupt the ProtonMail networks and servers", which can cover pretty much anything.

UPDATE June 2022: their new privacy policy (which, by the way, now doesn't display without JavaScript) is kind of different, they deleted some of the offending stuff. Doesn't mean they are not doing it anymore, since they already have proven to violate the user many times.

If you read their transparency report, you will see quite a lot of requests for their data from governments all around the world. ProtonMail pretends to "require a Swiss court order" to cooperate - but you see that they often do that before receiving it - so don't expect that to protect you. One particularly egregious example is from May 2018, where they disabled an account because of terrorist allegiances - and we all know that's not just a convenient excuse these days, right? The new transparency report shows they've complied with 336 government data requests in 2018 alone - including 76 foreign ones. Oh, and since August 28, they finally admit to direct surveillance - "In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities." And you will never be told you're being watched. So, what we have here is a provider that does not support mail clients, requires personal info to sign up while claiming otherwise, spies on you on their website, stores your e-mail metadata (and IP in certain cases) forever and immediately gives it up whenever government knocks on the door and shouts "terrorism!". Its encryption is also lacking according to researchers, and cannot be used for non-ProtonMail accounts without paying. And then - after all that - it claims to be a champion of privacy...As we can see, ProtonMail is found out to be a paper tiger when examined deeper. It does have an onion domain, but guess what - when you try to sign up through it, you are redirected to the clearnet with no indicators unless you happen to look at the address bar. This behavior is something I'd expect from a honeypot - you get lured with the added security of the onion domain, and then it's pulled away like the carrot on a stick. Avoid!

UPDATE: this is no longer valid. But I'm leaving it up to show that these frauds do not care about security at all. And they still have OTHER clearnet redirects up! Even this one took them way too long to fix it. And they seemingly did it ONLY because I trashed them for it. Otherwise, you'd keep being violated by the malicious redirect, since ProtonFail still shows no indication of caring about the user at all.

UPDATE May 2022: the new interface contains dark patterns!

This button appears on the index page. And when you click it, instead of a creation screen for the free account that you were promised, you see this:

https://digdeeper.neocities.org/articles/email#hushmail

Everything on this screen is trying to get you to buy the most expensive plan (even though "Mail Plus" provides pretty much the same features if you only care about the E-mail). Starting from its middle position, which is the part most visible to your eyes. The purple border and button instead of boring white. The full storage bar making you feel like you're getting a crippled version of the service with the other options. The shiny fire button screaming at you how it's the most "popular" option (is it really more popular than the other plans?). Then there is the arrow pointing at the 24 month option (this ensures that, even if you find a better provider, Proton will still run away with your cash). We can add the dark patterns to the pile of reasons to avoid Proton.

But let's assume there aren't any dark patterns. The "Mail Plus" plan still costs more than a mail account alone should. And the free plan is useless, as it does not support mail clients. So, Proton's "Mail Plus" is not only outclassed by cheaper paid plans like Posteo, but also free ones like Disroot. That is even if you ignore the privacy issues. Just bury Proton already.