so now proton completely blocking account creation through their onion adress? I have standard protection, javascript enabled. Time to swith for those who use this service as they are ditching tor and switzerland?

  • francois@sh.itjust.works
    3·
    11 days ago

    While on dread recently I stumbled across this old post regarding issues with their onion adresses https://encryp.ch/blog/disturbing-facts-about-protonmail/

    When a user makes a new account with Protonmail on TOR they are re-directed from Protonmail’s “.onion” to “.com” address. This breaks your secure encrypted connection to their onion address, enabling your identification. There are absolutely no technical reasons for this feature. In fact, the only other websites that operate like this are suspected NSA/CIA Honeypots.

  • coffeetastesbadlikecoffee@sh.itjust.works
    2·
    12 days ago

    Just tested it, same here. Clearnet works but tor not. I will contact support since part of the reason I like to pay for unlimited is to subsidize free, anonymous accounts.

    Edit: here is my other comment:

    I previously commented I would write the support, now I actually read the docs first and found out why:

    If you want to create an account over tor you can, just not via the clearnet URL, probably due to rate limiting by IP adress. However if you use their Onion Link as specified in this article by their support (https://proton.me/support/tor-setup) it works just fine (as far as I just tested). So great! Because using .onion services is far more secure than accessing clearnet over Tor anyway.

    Here the url, verify it with the link in the support article tho: https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/

  • coffeetastesbadlikecoffee@sh.itjust.works
    2·
    12 days ago

    I previously commented I would write the support, now I actually read the docs first and found out why:

    If you want to create an account over tor you can, just not via the clearnet URL, probably due to rate limiting by IP adress. However if you use their Onion Link as specified in this article by their support (https://proton.me/support/tor-setup) it works just fine (as far as I just tested). So great! Because using .onion services is far more secure than accessing clearnet over Tor anyway.

    Here the url, verify it with the link in the support article tho: https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/

    • markstos@lemmy.world
      1·
      12 days ago

      There is a relatively small number of shared Tor exit node IP addresses.

      So it’s more likely using Tor will trigger “too many attempts for IP” throttling for any service with bot protection.

      It’s nothing against Tor, but is an expected side-affect of attempting to be anonymous by sharing the same IP address with many people.

  • XenGi@feddit.orgEnglish
    2·
    13 days ago

    Proton always felt like a scam to me. Their claims on privacy and security are questionable at best.

        • meta4@retrolemmy.com
          0·
          12 days ago

          So, they operate a repo of open source code as a cover for their internal repo of completely different code?

          • XenGi@feddit.orgEnglish
            0·
            12 days ago

            I’m not saying they do that. But you have to trust them that they don’t do it. You can never proof it.

              • XenGi@feddit.orgEnglish
                0·
                11 days ago

                No. It’s an inherit compromice you have to deal with. At least with email hosting. There are services where you can proof that no one was listening in but with email thats not possible.

    • BluescreenOfDeath@lemmy.worldEnglish
      0·
      13 days ago

      There’s been evidence in their github repo that they’re using LLMs to code their tools now.

      It’s making me reconsider using them.

      • Zetta@mander.xyz
        1·
        13 days ago

        Theres evidence they use the very popular tool cursor that many devs and large companies use.