[–][email protected]45 points4 years ago* (last edited 4 years ago)
(1 children)
Protonmail even has an SSL cert for that onion address even though it’s completely unnecessary.
The reason they have an EV TLS certificate is because it still authentifies the remote server as genuine. If their Tor private key were to be leaked, users would be able to see that an impersonating service is not serving the right certificate. This also allows for cert pinning and HSTS.
When a user makes a new account with Protonmail on TOR they are re-directed from Protonmail’s “.onion” to “.com” address. This breaks your secure encrypted connection to their onion address, enabling your identification. [...] the only other websites that operate like this are suspected NSA/CIA Honeypots.
Redirecting to the clearweb from a Tor address does not break "your secure encrypted connection". Accessing an onion-routed service is only marginally more "secure" than accessing a TLS-enabled clearweb service over Tor.
Professor Nadim Kobeissi mathematically proved that Protonmail does not provide End to End Encryption. Meaning, Protonmail has the ability to decrypt their own user’s data.
This issue is hardly mathematical, and the argument is simple: if they want to serve you a JS file that sends them the decrypted contents of your mailbox, they can. It can be helped by hosting their webclient yourself. Supply-chain attacks are hardly a reason not to use software since every single one of them is affected.
I also doubt anyone here has read the entirety of the source code of the software they use, so why would you use Linux, of which entire components were originally written by the NSA, or Tor, which has its roots in US Navy research labs and DoD funds? How about the websites that use NIST-approved elliptic curves designed by the NSA? Surely, you agree that SELinux and Tor can be reasonably trusted. You probably visited hundreds of websites that use NSA Suite B ECs. In fact, privacy-watchdog.io uses the NSA-designed P-256 EC. It seems to me there is no reason to have particular distrust for the ProtonMail webclient.
That is not to say ProtonMail is secure, all third-party hosted webmail services are vulnerable to the attack Kobeissi outlines in his paper. You may not trust any of them, but I also do not trust myself to correctly configure everything correctly, and I much less trust hosting services to keep my data secret. Overall, the e-mail ecosystem being as broken as it is, you'd rather not use it for secure communications.
The other, non-technical points I can't be bothered to investigate (as IMO they hardly matter). Point 6, EML files are standard. Point 10, am I supposed to care? Point 11 assumes "independence" is an attribute worth pursuing ("but small business owners!"), or that it even is possible to pursue at scale.
The reason they have an EV TLS certificate is because it still authentifies the remote server as genuine. If their Tor private key were to be leaked, users would be able to see that an impersonating service is not serving the right certificate. This also allows for cert pinning and HSTS.
Redirecting to the clearweb from a Tor address does not break "your secure encrypted connection". Accessing an onion-routed service is only marginally more "secure" than accessing a TLS-enabled clearweb service over Tor.
This issue is hardly mathematical, and the argument is simple: if they want to serve you a JS file that sends them the decrypted contents of your mailbox, they can. It can be helped by hosting their webclient yourself. Supply-chain attacks are hardly a reason not to use software since every single one of them is affected.
I also doubt anyone here has read the entirety of the source code of the software they use, so why would you use Linux, of which entire components were originally written by the NSA, or Tor, which has its roots in US Navy research labs and DoD funds? How about the websites that use NIST-approved elliptic curves designed by the NSA? Surely, you agree that SELinux and Tor can be reasonably trusted. You probably visited hundreds of websites that use NSA Suite B ECs. In fact, privacy-watchdog.io uses the NSA-designed P-256 EC. It seems to me there is no reason to have particular distrust for the ProtonMail webclient.
That is not to say ProtonMail is secure, all third-party hosted webmail services are vulnerable to the attack Kobeissi outlines in his paper. You may not trust any of them, but I also do not trust myself to correctly configure everything correctly, and I much less trust hosting services to keep my data secret. Overall, the e-mail ecosystem being as broken as it is, you'd rather not use it for secure communications.
The other, non-technical points I can't be bothered to investigate (as IMO they hardly matter). Point 6, EML files are standard. Point 10, am I supposed to care? Point 11 assumes "independence" is an attribute worth pursuing ("but small business owners!"), or that it even is possible to pursue at scale.