What does Sup Forums think of ProtonMail?

Alarm bells ring somewhere if you use such a service, best stick to normie providers so you blend in.

>You cant use GPG with it.
Why can't I use it and why would I want to use it with an already locally encrypted email service?

look up how encryption works

That's the point. Everyone can know HOW it works so you know the type and strength of encryption, but don't know the keys/salts/hashes it uses to encrypt the data.

It's pretty good. Shit mobile app though, Tutanota's app is much better.

better than gmail

Trustworthy than cock.li

>B,But cock.li is built by Sup Forums users!
Its server is located at Romania, which is a part of the E.U.

>implying everyone here knows how to setup a web-facing secure server

Running your own server certainly puts it under your control. But it also assumes that you know your way around security.

cock.li isn't supposed to be trustworthy, it's best used for throwaway accounts

>you should only trust something under your control
You can still have other people worried about security while running your own mail server. It's not like you have to worry about the security of your own OS besides making sure it stays updated.

>no IMAP / POP
>no GPG
>>NO IMAP
someone explain to me why protonmail is even taken seriously

>trusting a raspberry pi os mantained by a Sup Forums user for security critical, open internet facing services

lmao

Their mail and VPN services are solid. I have the full version and it's very nice.

I use it because it stores email in encrypted form on a Swiss server which is the best case when using someone else's server. Running my own mail server is not something I want to do or can do unless I used a DO droplet or something. As for encryption of mail in transit you should use your own GPG setup however this is a complete waste of time since email is for communicating with other people and none of the fucking normies you need to send email to are going to read your "weird hacker codez" emails you send them. Even without the security Protonmail web client is pretty comfy.

I unironically use my bank stuff through cock.li and i've been fine.

This. As an alternative to traditional email services like gmail it's great. I just want an email provider that doesn't scan my emails for keywords and then sell that data to advertisers, and ProtonMail appears to fulfil that

It doesnt need any of those. Its that secure.

Do you physically control the servers? If so, then yes. If not, then no.

That said, I would use them, Openmail, Tutanota, etc, before I would use something like hotmail or gmail.

For now. Not that I think the guy that runs it wants to steal everyone's bank info, and it's still probably better than gmail, but being that a lot of anons use it for shitposting across the internet it's probably not the safest option

It can't use POP or IMAP because your account is encrypted. POP and IMAP require the email to be unencrypted on the server

Never trust people on Sup Forums, they are the first to ram you in the ass

>Do you physically control the servers? If so, then yes. If not, then no.
the emalis are locally encrypted and it's open source

Knowing how a lock works doesn't necessarily help get you through a door without a key.

You're taking their word on that. One update is all it takes for that to change.

The wrong type of people can do a lot with that information

A thief knowing that a lock has 14 tumblers doesn't mean that he can unlock said lock.

More often, it's easier to trick the person into unlocking it FOR you. That said, it's still foolish to trust a service. Now, if you were to take Protonmail's/Tutanota's open source code, and build your own service, powered on a device that you own, that's something differently entirely.

This.

Only trust yourself user. Any of these could stop servicing at any time.

Whoops meant for

What do I do if I don't trust myself?

Are you retarded? He's suggesting you use your own server.

Follow a tutorial and write your passwords somewhere safe

Then educate yourself to where you DO trust yourself. Nothing wrong with not knowing something. Something very wrong with not even trying to better your understanding.

Thanks im an idiot and that finally made sense, good post user

what are you, if you are reading a post on Sup Forums? hint: it starts with "a" and ends with " Sup Forums user". now read my post again dumb friend

tutantuas app is a joke.
you are a joke.
neck yourself.

Are you implying that one is not qualified to make an email server if they are an anonymous member of this boars?

Not bank info, but I have like an ebay account and a few other things that are personally identifying linked to it. You shouldn't use it as a permanent solution though, something like that should definitely be on protonmail.

since i'm not using mathematical language you can assume that the language doesn't contain formal logic, and if you assume that you can also safely assume that i'm not implying what you say i'm implying.

i am implying that an average anonymous member of this board is not qualified to make an email server, though.

Alright, sensible.

You can use gpg literally everywhere. If your email software can decript it directly or not is another thing.

>implying also my shitty home internet has reliable enough uptime to allow me to properly run a server off of it

I think most servers retry every 30min-1hr for a week, any connection could do.

Anytime ProtonMail is under a DDoS attack they route all their traffic through Radware and Internet Binat, the company that built the Israeli Defense Forces "cloud" server farm and Mossad network.

Anytime the kikes want your email they simply DDoS ProtonMail, run some decryption tools on your email, and violoa, you're now owned by fucking Schlomo.

Enjoy giving your emails to kikes.

cryptome.org/2015/11/protonmail-ddos.htm

Sup Forums plz go, this is fake disinfo

>decryption tools
I don't think they have enough computing power to break the encryption of every email that passes through their network

It's not fake news, you can verify yourself with a traceroute next time ProtonMail is under DDoS attack.

ProtonMail is not fully open source like Tutatnota. We don't know how shitty their code is. We don't know what kind of zero-day exploits the Mossad is sitting on. The fact that traffic is routed through an Israeli telecom firm with links to the Mossad is suspicious in itself and should raise red flags.

>ProtonMail is not fully open source
proof?

Only their web client front-end is open source.
github.com/ProtonMail/WebClient

You have to take their word that they implemented the encryption correctly on the back-end. What the code is doing on the back-end is a mystery. I wonder what ProtonMail has to hide? The Bynet Data Communications encryption key?

Only Tutanota is fully open source.

>Only their web client front-end is open source.
Yes and the encryption is local.
Who cares what goes on in the back end as long as they don't have trillions of processing units working on decrypting everything.
>Only Tutanota is fully open source.
There's no way for you to check what they're actually running on the back-end, so they're about as trustworthy as protonmail.

Tutanota doesn't route traffic through Radware / Israeli Bynet so I'd say they're more trustworthy.

>Likely the DDoS attack on ProtonMail was orchestrated to follow with an offer of generous "help" it could not refuse
Remember: shiny side out.

(checked)
smart man

It's swiss based so they have no bullshit with the US/EU treaties regarding data. I use it daily.

You can enable GPG in the config, and get the public keys used internally should you need to upload them to a SKS pool or something similar. But I do some research on public key cryptography, and I've seen that even a simple caff fails. I just don't think you can fully trust in-house managing of keys.

>WTF is CAFF
pgp-tools.alioth.debian.org/
wiki.archlinux.org/index.php/GnuPG#Using_caff_for_keysigning_parties

The Israel thing is real, Sup Forums was right again...
>pic related
>security.radware.com/ddos-experts-insider/ert-case-studies/protonmail-overcomers-sophisticated-ddos-ransom-attack/
>iplookup.flagfox.net/?ip=94.188.206.61&host=security.radware.com

I think if you like how Protonmail did stuff you can still use this one, is a fully open Protonmail server implementation in Go: github.com/emersion/neutron
and just use the webclient, or embed it in an electron wrapper for comfyness github.com/BeatPlus/Protonmail
you still need to point the client to your server of course

Wait- what's wrong with Israel?

It has no point if the IDF/Mossad can still MiTM it. knows what's up. you can still use Tutanota if you like.

>the IDF/Mossad can still MiTM it
and how exactly would they go about doing that?
are you saying they have enough computing power to decrypt each email in transit?

They only care about themselves, the country has a history of being fishy and belic as fuck with anyone who isn't jewish. Jewish religion literally teaches that they're god's chosen people (thus their arrogant pride and nepotism), and that non-jewish people "goys", are on the same level as animals and exist solely for the purpose to serve the jewish class. Although just as there are good people in the world, there are of course good jewish people, the majority are just mischevious. Another important teaching from their holy scriptures is the old "eye for an eye", and since throughout history they've been expelled and murdered due to them being mischeavious, therefore it fuels the fire even more.

TL;DR Israel being a historic jewish haven, inherits the cancer of "bad" teachings from judaism, namely revenge and arrogance.

>blew up their own allies
>use their allies money to destabilize the world

that's why user, they might as well be north korea

This series portraits it better.
en.wikipedia.org/wiki/The_Honourable_Woman#Synopsis
If you can do stuff from the physical layer, you are even more fucked. The lower the layer, the higher risk.

what are you even trying to say?
answer my question or don't quote me

>trusting your own e-mail server

Unless you have an extensive background in network security, that's literally the worst possible idea anyone could ever have.

I'd much rather trust a team of experts in the field who get paid to maintain the server full time.

he probably meant that even though the frontend is open source, they can inject their own code and it wouldn't matter

can they do that despite HTTPS and SSL though?

thats not how it works, even if your connection has tls, you can still offer a rogue site in between traffic with a fake certificate and since you actually need to send your password well the rest is history

>too dumb to run a secure mail server when there are extensive tutorials on the matter and not too mention anyone with a grasp of server management will have it even easier
what the fuck are you lame faggots doing on Sup Forums, fuck off back to Sup Forums and stop spouting the same "it's too hard, muh security" excuse when the matter is discussed

>you can still offer a rogue site in between traffic with a fake certificate
what the fuck is the point of certificates then?
are you saying that if someone uses my computer as a proxy to connect to facebook, I can easily offer a phishing site and not get detected?

Take your antisemitic fake disinfo back to pol

protonmail.com/support/knowledge-base/protonmail-israel-radware/

>inb4 no reply

That if you can put a physical infrastructure around your attack, implementing it is very straightforward because you can tamper the data almost in raw. Say for example that in your home network, you have your own email solution, server, client, you name it, the point is if I have control for your router you're pretty much fucked.

lmao
The stupid had spread so far and wide they actually felt compelled to dismiss it publically.

don't even bother, tutanota is hosted in fucking germany and has major security flaws yet babbies keep shilling it here

>if I have control for your router you're pretty much fucked
not if the emails are encrypted before they go through the router

>hosted in germany

A first world country, wow so danger

an EU country
>wow so danger
unironically yes

>hosting your shit in a 5 eyes country
>hosting your shit in a place that complies with american warrants
cockli had their german servers taken by the polizei under an american warrant cause some amerimemer thought is was funny to threaten Los Angeles schools with bombs while using cockli email addresses

>tutorials

So, you don't trust a professional, secure email server, but you trust xXxh4xx0r2003's tutorial on installing and poorly configuring an email server. Gotcha.

All those tutorials are made by the same people that develop and support the mailserver solutions multinational corporations use, but not like you'd know since you're some Sup Forums shitter that hasn't even typed one like in a terminal.

>leddit spacing
just go back to wherever you came from already you mongoloid

More or less, you can easily offer a phishing site that's a fact. Faking the cert and so on is tricky, because there are certs installed in your computer that are still used to tell if some site is fake or real. But the point of using the hardware layer is to circunvent the protection done in the transport layer.
media.blackhat.com/bh-us-12/Briefings/Alonso/BH_US_12_Alonso_Owning_Bad_Guys_Slides.pdf

>what is xss?

What's wrong with cock.li?

>what are certificates

also, you probably meant to say MiTM you dumb fag

vince got his ass handed to him by the german police and then by customs agents in an ameri airport

>inb4 and tlfr threat modeling
ProtonMail is of course hard to crack for an average attacker, but due to the way it is built, the most practical way to perform an attack is available at an Israel based company known for fishy stuff related to the Israel army which implies a link to the Israel government .

Didn't he then move his servers to some other country?
Finland or some shit?

see

yeah but he didn't recover the drives

>le jew meem

shhh the goyim know

user you donut understand, radware can be the nicest people, but it is possible for israel to use them as they want just because they have actual means to do so: laws and physical telecommunications network

if it is a matter of trust, well the choice is clear, and is up to you to decide what you want for yourself

Do you know how to find the prime factors of a large number? No? Then encryption is safe.