I have mixed feelings about protonmail. On the one hand, they tend to be on the right side of political / legal issues, and this transparency report is nice:
On the other hand, they recently reduced the level of detail in the transparency report.
There is also the fact that they are Swiss, and their privacy laws were severely weakened by a recent referendum. In particular, the Swiss government can now monitor all cross border traffic without a warrant.
ProtonMail fought the referendum, but hasn't updated this "Why Switzerland?" page:
Agreed, and that referendum was back in September of 2016. That's almost 9 months ago. This seems really disingenuous.
And the referendum didn't just eek by but it passed by 65%.
So if the Swiss domicile doesn't offer the protections it once did, why would I choose this provider over any of the half a dozen others well-known companies in the space.
Then they should stop claiming that switzerland is protecting them to a degree that they aren't anymore, and explain why their encryption is still secure
See now, this is the part I don't get. Assuming that you don't encrypt your email with pgp (reasonable, if you're emailing someone who isn't very techy) and aren't emailing someone else who also uses protonmail, there's nothing stopping them from making an unencrypted copy of every email they receive.
The decryption only takes place on your local machine. Of course, you'd either have to check the source or, trust them. It very often comes down to trust.
I was trying to do some research to refute this claim, and my ignorance of email standards has once again reared its ugly head. I thought DKIM was for encryption, but it's apparently just for verification? Email is still primarily sent in the clear?
Email is not primarily sent in the clear these days, most providers implement SMTP over SSL/TLS, here you can find some nice stats of such traffic that passes trough google[0].
Of course this means that emails are only encrypted "in transit", that is, in the transmission from server to server, so you have to trust your provider.
On the contrary, PGP gives you end-to-end encryption, so you only have to trust your machine and your correspondent 's.
Switzerland was one place people use the name of as the hallmark of their service being free from surveillance while still residing in a developed country.
So which will be that new country now, since apparently Swizterland isn't that option anymore? And what if that new country does something similar? Then next? And then? I don't think there will be many countries left to go to in that case. Or any, after some time?
So, aren't user privacy and fight against surveillance running towards a wall which is the deadend?
Swiss being a bastion of privacy for anything other than banking should be taken with a pinch of salt. They've been up to their neck in crypto cooperation with the NSA since at least the Crypto AG scandal if not longer.
Germany has very strong privacy laws which is one of the reasons Amazon dropped an AWS region there. Customers are paying a premium for the jurisdiction.
Those laws protect against commercial exploitation, but not against endeavours of law enforcement or intelligence services. "Vorratsdatenspeicherung" (data retention) law just took effect. In fact the BND doesn't care about the law at all. Fear driven neo-con politics are en vogue as everywhere else. I think the main difference is the civil opposition which is probably a tad more vocal and active than in non-EU or soon to be non-EU countries.
I think he means "dropped" as in "the rapper dropped his mixtape today", not as in "the service provider dropped their service due to lack of profitability".
Yes, because I agreed with you that it was perhaps a poor time for a colloquial usage of "dropped" considering that, in the context, it was fairly likely to be interpreted as my counter-example, or your initial interpretation.
I'd like to think my wording was completely unambiguous to make up for any context-switching your brain might have tried to pull on you, and if not I apologize.
Think "drop a pin" like in Google maps parlance. To "drop something" is to release something. In that context it's really American hip-hop slang. Although its used widely by the music press when discussing a new release from any type of artist.
A band or artist might be "getting ready to drop something new" - a new single, a new album, video etc.
I guess that it's even easier to sniff upstream traffic (to/from VPN endpoints) to such small internet outposts than, let's say AWS, Akamai or any other large infrastructure provider out there.
This. You're at the mercy of their upstreams, which are fixed, targets for TLAs, and likely to be sharing the pipes with other people who are (at least in their own eyes) high value targets.
>it might be time for space satellite hosting companies.
Uhm that would probably backfire and make you an open target for every security service on the planet.
German BND did bulk-collection on satellite communications, even tho German law does not allow for something like that. So BND reasoned "Satellites are in space, German Grundgesetz does not apply in space!", dubbing it the "Weltraumtheorie" (Spacetheory)
Afaik this whole "satellite/international water" scenario was suggested to prevent government agencies from forcing access to sensitive data trough legal means.
If your data is so insensitive, that you can have it just sitting there accessible by anybody, then you might as well just put the data on regular public servers and not bother with the effort of building a "space server".
ProtonMail has pretty much stagnated and flat out refuses to cooperate with the community to implement new features of the OpenPGP email standards. Their Reddit guy is also pretty terrible, he pretty much insulted me in a comment after I criticized them.
ProtonMail would be happy to implement more of the OpenPGP encryption standard. Specifically, it would be great if someone would contribute ECC support to the opensource OpenPGPjs project that ProtonMail currently maintains. There are just not cycles to do it internally, right now. ProtonMail is far from idle. A number of new features and offerings are being worked on. For example, take the bridge application (currently in beta testing) that will allow integration with IMAP based applications like Microsoft Outlook.
If there's something that is a high priority for you personally to see (such as OpenPGP ECC algorithm support), I would ask that you take the time to submit it to the ProtonMail UserVoice page [ https://protonmail.uservoice.com/forums/284483-feedback ]. That page is monitored and the feedback received through UserVoice is considered and strongly influential. UserVoice has a great end user application and clarification effect that is difficult to experience through interacting with users through e-mail or traditional forum comments.
I don't believe I've seen the Reddit exchange that you are referring to (I don't personally visit that site very often). If someone using an official company account was rude to you, I sincerely apologize.
I would be interested in hearing what the security pros think about this..tptacek, grugq, dguido, idlewords. At this point, these are the guys I trust with security advice.
Worth mentioning their VPN recommendations: algo by trailofbits and freedome. There is another paid service they recommend but I can't recall the name.
First of all, there does not appear to be a whitepaper available that describes the security architecture in any detail. This is an immediate red flag.
Second, they do have a "Security Features" page which is rather light on the details; it mentions that ProtonVPN uses AES-256 (encryption), RSA 2048 (key exchange) and HMAC-SHA256 (auth).
I'll start with RSA: the fact that they use RSA at all for a new cryptosystem in 2017 is a red flag for me. I also can't see any details of how they use RSA, so I don't know if they have implemented padding. If they haven't implemented padding (and done so correctly!), the VPN is insecure and we can stop right here. Honestly, they should be using ECC. I'm assuming they're not using something like ECDSA because RSA is faster (but not so much so to justify the potential security tradeoff, even in a VPN client).
On to AES: they commit the common marketing-mandated-security-page sin of focusing on the key size instead of the block cipher mode. They don't explain which block cipher mode they're using for AES at all - another red flag. For all I know they're using ECB (in which case, the VPN is insecure and we can stop right here). This is putting aside the question of whether or not they correctly implemented AES in whatever mode they're using.
With regards to HMAC-SHA256: in theory this is fine, but again we have no details. I'm going to go ahead and dock another point here because they're choosing to use separate primitives for encryption and authentication, when the best practice would be to use authenticated encryption like AES-GCM or AES-CCM. I admit this is bikeshedding a bit: respectable cryptographers (like cperciva) have a preference for separate construction. However, this is a VPN we're talking about, and an authenticated encryption mode would be faster than separate encryption and authentication.
A few caveats to my points: I'm quarterbacking their cryptosystem design based on one paragraph of the security page, because that's all I can find that describes their crypto. It doesn't describe it in detail, so it might still be secure. I have no knowledge of their implementation, so I can't critique that. That said, if I had to weigh the red flags I've observed here against their "developed by scientists from MIT and CERN" marketing and nothing else, the red flags win out.
If you download the ovpn config file you can see what crypto they employ. According to the ovpn config file for Android it's AES-256-CBC and auth is done with SHA512 hope this helps.
Using public commercial VPN providers for serious security/privacy is a very bad idea. Get someone to set up Trail of Bits "Algo" for you (or do it yourself, if you're comfortable with Ansible).
Looking at Algo (https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-th...), it seems like it provides an easy way to setup a (secure) VPN on a piece of hardware you own or one of the supported public clouds. In that respect, I'm not sure if it gives a lot of privacy. As you're the only one using that VPN, the traffic may not be too hard to trace back to you.
It sounds like you're attempting to gain anonymity, not privacy. Any VPN only offers limited anonymity, since that is not their purpose. If you want robust anonymity, you need to use something like Tor.
Algo isn't that much better than any other VPN - arguably it's slightly better security wise, though I'd argue Wireguard tops it by far on cipher choices and security margins.
Ultimately VPNs just aren't for hiding anything that could cause you significant problems. If you want that, Tor, i2p, or piles of hacked boxes are your only options really if you must interact with the clearnet.
I don't know anyone working in the field who believes Wireguard is likely to be less secure than StrongSwan or OpenVPN, and Wireguard is something that gets talked about a lot.
It's early days for Wireguard, to be sure, but it's one of the most promising security projects there is right now.
I work in the field and anybody that says that a piece of software is secure before it has even had a security evaluation by a third party does not know what they are talking about.
I think what you have seen is security people saying that the design of Wireguard seems to be equal or better than other, current, options, that doesn't mean that the implementation is just yet.
I've spent my career doing third-party software security evaluations --- among other things, I founded the NCC Cryptography Services practice --- and I will tell you right now that the Wireguard security story is far more compelling than any third-party audit.
It's not simply the protocol design, which is superior in pretty much every conceivable way to IKE or TLS, but also the code, which is carefully written to minimize attack surface and increase reviewability.
Choosing OpenVPN or StrongSWAN over WireGuard to minimize exposure to vulnerabilities would be a dumb bet. Sometimes dumb bets pay off, but it's still dumb to make them.
Could you unpack your statement about the careful code writing, or link to an explanation? We would usually expect a formal third-party audit to substantiate such a claim, but if there is other good evidence for their code's secure implementation I'd love to see it.
First, I'm going to try not to go into this in detail right now, but HN has very weird ideas about the potency of third-party code audits, particularly for things involving cryptography. A short summary: most third-party audits of cryptographic software written in systems languages don't accomplish anything. Most crypto software you depend on has never had a full-coverage audit from third-party auditors qualified to evaluate crypto.
You can watch any talk about WireGuard to see what I mean about the way WireGuard's code is written, but the short answer is that the thing was designed from the bottom up to be simple. WireGuard's feature selection was influenced strongly by what would keep the codebase smaller and easier to review. It was also designed to simplify the object lifecycle inside the code itself. All its state is preallocated at initialization.
WireGuard's cryptography is essentially an instantiation of Trevor Perrin's Noise framework. It's modern and, again, simple. Every other VPN option is a mess of negotiation and handshaking and complicated state machines. WireGuard is like the Signal/Axolotl of VPNs, except it's much simpler and easier to reason about (cryptographically, in this case) than double ratchet messaging protocols.
It is basically the qmail of VPN software.
And it's ~4000 lines of code. It is plural orders of magnitude smaller than its competitors.
WireGuard isn't a panacea. In particular: clientside support for it isn't there yet! But it's pretty clear to me at least that WireGuard should imminently be replacing OpenVPN and IPSEC.
I agree with you. It needs formal evaluation by pros with time to dig into it with review and tool-assisted analysis. That said, a person as experienced at pentesting as tptacek saying the crypto and code looked good puts its trustworthiness above most options in my eyes. I mean, you rarely here good things about both in such software. The quality of average development in crypto is just that bad. I also liked what I saw when I looked at it in terms of simplicity.
I only know Thomas via his output, but will say that based on it, he very much knows what he is talking about when it comes to the design and implementation of security protocols.
I installed algo a couple of weeks ago on a server behind an external firewall. I managed to make it work by opening ports 500 and 4500. Maybe that works for you, too.
By the way, is it possible to have all hosts connected to reach each other, as in a lan?
What would people think of a VPN service that builds it for you, then hands over control when done? E.g., it walks you through setting up a DO droplet, uses keys to install a VPN, then prompts you to change the keys so it can't access the server? Think there's a market for that?
I wondered about creating something very like that a couple of months ago. Check out my vapourware! http://digitalsnorkel.net/
I think a key problem may be that there aren't a whole lot of people who (a) understand the tech well enough to know they need this, and (b) don't understand the tech well enough to spin up a VPS and run a Bash script.
To be clear, I was thinking about the less-technically-sophisticated-than-HN crowd. E.g., is there a market for the people who would typically purchase VPN services, don't want to trust a VPN company, but don't know how to setup a cloud server?
Hmm, it depends on your threat model. If you're being targeted by a three-letter agency, then no (of course, you need something more secure than a VPN at that point, anyway). But if you're not singled out, your own VPS is much less likely to be passively surveilled than if it's part of a known VPN IP block.
- TunnelBear is a bit more expensive (4.99$/mo, paid annually vs 4$/mo).
- TunnelBear supports up to 5 connections per account vs 2.
I use TunnelBear regularly for my browser and phone. Both works great.
My subscription is going to expire soon and I'll be open to try other VPN providers, not that there is anything wrong with TunnelBear. Any recommendations?
This site [2] has feature comparisons but experience using VPN services is another story.
HN gets regular "what VPN should I use?" questions and my answer is always the same: Algo [1]. It is designed to be simple to set up, simple to tear down, and usable with numerous cloud providers or your own Linux server.
In terms of privacy, doesn't it kind of let the cat out of the bag if you host your own VPN server? It's not your home address, but it's still just as much an address associated with you, isn't it?
Indeed it doesn't provide anonymity against the sites you visit - quite the opposite, it makes it even easier to correlate your browsing regardless of device/location.
But many (the undersigned for example) use VPNs for many other purposes:
Unencrypted WiFi (airport, hotel, etc)
Secure connectivity but provided by someone you aren't willing to trust (your employer?)
Fooling Geo-IP based restrictions (hello Netflix/BBC)
Not having your VoIP traffic mangled by a shitty carrier who's trying to extort protection money from you in the form of some "VoIP-optimized" expensive plan
It's less private for some forms of traffic, but for me, my main goal is to avoid ISP tracking and provide encryption on potentially malicious networks, which it works well enough for.
I think you misunderstand the reason for using a VPN. Privacy is not the same as anonymity.
Let me try to explain. You use a VPN to protect your connection from MiM attacks, for example if you connect to a public wifi-hotspot, or even when you are connected from home. It also gives you some privacy, because nobody can sniff your traffic, but it does not give you anonymity, well it can, but you'll not be able to verify that it does.
Sure, you hide from your ISP, but you can't verify that your VPN-provider is more trustworthy than your ISP. They might actually log everything and send it on to a third party and you'll never know. Hell, they might even be funded by the NSA...
Use Tor if you want anonymity, even though that's not 100 % sure either.
It just shifts your traffic egress location to a cloud provider, but this is valuable because all of the last mile Internet providers in the US colluded with the government to get permission to use your internet traffic to sell ads, so if you care about privacy, and not allowing your ISP to inspect your traffic, it's a huge benefit.
AWS will make no secondary use of customer data. The ISPs have told us they will, and the FCC gave them permission to do so. Which one will you trust? I know I would trust AWS any day over the ISPs...
I strongly agree with this, with the one caveat that right now algo doesn't provide seamless integrated support yet for a VPS provider that offers a flat bandwidth cap (like OVH or Scaleway) vs a high burstable data cap oriented offering like DigitalOcean. The flat bandwidth (generally 100 Mbps on the cheap plans) tends to come at the expense of burst/cpu/disk storage, but none of those matter in VPN vs reliability and not having to ever think about going over limits, even if you want to let family members for example use it. While for a lot of general projects I'd definitely agree with their current easy cloud choices, for this particular application, for most people, I think the likes of OVH or Scaleway or similar would be a far better fit, though I realize the major holdup is Ansible support. Of course, it can still be setup wherever, just without the same ease of use for someone only mildly technically oriented which is how it truly excels right now.
Still, I think it creams every general public offering. I agree with fictioncircle above that the "anonymity" thing is a total red herring. VPNs in this application are fundamentally about creating a hack to let individuals change their Internet access from a natural monopoly situation to a strongly competitive and customer oriented market situation via virtual end point shifting. That's "it", though it's a big deal. But "anonymity" is a far, far trickier problem, requiring not just extensive infosec but also significant opsec. At a bare minimum most people would need to use something like the Tor browser, not just for the "tor" part but for the hardening they put into the browser to make it somewhat harder to get tracked anyway regardless of IP address. I think a lot of the "anonymity" marketing claims some public VPNs make verge on not merely disingenuous but outright dangerous to the extent they can create a totally false sense of security.
No VPN can reliably anonymize you against government agents so I think the con is a non-issue. VPNs are only really useful when the local network is hostile and/or you want some degree of privacy from the sites you visit.
Anyone with sigint capability is going to figure out who you are with a VPN. (i.e. Government agents)
This isn't about pretending to be James Bond, and "hostile" networks with "government agents" and all their "sigint" coming for your secrets.
In the real world, VPN are mostly used to download copyrighted material. They have a pretty much perfect track record in that regard. Running a cloud VPS, on the other hand, is no more secure than your ISP: they have records, and will share them when ordered to do so.
This is a trade I'm willing to accept. I trust a VPS provider more with those records than I trust either Verizon or Comcast, both of which are motivated by advertising.
Does not install OpenVPN or other risky servers: so what's risky about OpenVPN? And Algo is properly describe as IKEv2/IPSEC? I've read L2TP is recommended over PPTP, but the Algo read me says it does not use L2TP, considering it legacy, along with IKEv1.
There are a few main purposes for a commercial VPN:
- accessing non-encrypted stuff on an untrusted network
- firewall bypassing
- Torrenting
- IP ban bypassing (pretty popular for people writing scrapers or trolling)
Anonymous anything is garbage - many of them log and all can be logged by government agencies or datacenter owners ahead of you. Tor or similar is the best option there. Running something like Algo on your own server is pretty bad for both torrenting and IP ban bypassing as you only have a single IP and many cloud providers will accept DMCA and abuse reports.
All in all if you're looking for either torrenting or IP ban bypassing a commercial VPN solution is going to be a better bet. More IPs for cheaper and with lower risks.
I'm really interested in trying this but nervous with how much a cloud service will cost. Is there a free option for a cloud hosting service that I can start with?
Google has a lifetime free tier, AWS has a 1-year free tier, and Digital Ocean referral links for $10 (2 months on the cheapest server) are easy to find.
I second this. I can't make any claims about the security of the client, but the way they handle things is confidence-inspiring.
I have been in touch with them over some issues I have had,and the support is fantastic. I had an issue with mosh over my local network (SSH worked,mosh did not) and got a very detailed reply about why they treated LAN UDP packets that way, and why I was probably not affected since I ran a modern Linux distro and of course the setting that turned that safety feature off.
And, if you do t trust them to make such decisions for you (or you run an unsupported OS) they have regular openVPN files
They definitely aren't just running a VPN to make a quick buck. The amount of guides and such that they offer for integration, etc. is confidence-inspiring as well.
What sold me was their mention of using Qubes OS in-house. They clearly give 100% fucks about keeping their infrastructure safe.
Really? I know the client stores connection logs (configurable) but I asked them directly and they said they didn't log anything if it's turned off. Their privacy policy says the same [1].
If that's the case then I'm switching immediately.
They log when you connect and disconnect, plus what IP you are using when connected. They will pass on DMCA copyright infringement notices (although they say they do not pass on your details to the copyright agent).
Unless they've changed their policy in the last few months, TunnelBear won't let you use SSH over any port other than 22, so if you need to SSH into a server with a non-standard port you're out of luck.
Yeah, my understanding is they whitelist standard ports, and everything else is blocked. They say it's because of BitTorrent, but it prevented me from accessing a server on a non-standard port, so I didn't buy.
I think it's prudent to assume (even if not accurate in every case) that any VPN provider that reaches PIA scale has already been compromised by the relevant State Actor working its jurisdiction.
It's the tragedy of success in the privacy industry.
Except for the fact that PIA has been subpoenaed by the FBI and state police multiple times and PIA could give them dick all. Yes, their servers could be compromised illicitly, but if the NSA or GCHQ is willing to go to that much trouble just to monitor you, you have bigger problems.
>[...] but if the NSA or GCHQ is willing to go to that much trouble just to monitor you, you have bigger problems.
This type of argument contains the assumption that it would be too much trouble for them/not worth it to monitor an affluent anarchist or semi- anti-authortitarian with an above-average IQ.
We've seen that A) their resources are as virtually unlimited as their paranoia B) tech developments have driven down the cost of sophisticated surveilance strategies C) xkeyscore and all of the other releases is confirmation.
This type of argument does us all a disservice by subtly shaming those who care about state-surveilance of private (and peaceful) citizens who value their privacy and/or who exercise their right to actively participate in progressive movements that challenge the establishment.
It also embeds an assumption that someone is targeting you instead of people like you. Compromising the servers of a VPN provider makes plenty of sense in the service of full-take or person-of-interest collection.
We've already seen that the NSA actively targets people searching for privacy tools (e.g. Tails, Tor). The act of using a VPN is mildly interest-provoking, so it's far from crazy to suspect that someone might try to scrape everything happening there in case some of it is interesting.
PIA might actually log everything and send to the FBI as a regular part of their operation, hell, they might even be funded by the FBI and you would never know.
You should not trust what people tell you over the internet.
If they have your data but won't give it to the authorities, the result is the same, isn't it? Unless you're suggesting the authorities aren't fooled, and will pry it out of them? That hasn't been the case so far.
They're asking how do you know they didn't hand the data over but just publicly say they didn't? Or that they agreed to give it to the FBI if the FBI would treat it as a confidential source.
I found malware in the PIA installer. Not sure if it was planted by PIA themselves or I was subjected to a MITM attack, and so I would never use any bespoke VPN software again. Best just downloading the OpenVPN config files and plug them into something like Viscosity[0] (which I trust over the more bespoke VPN clients made by the VPN providers themselves).
As a general rule of thumb, I have used various VPN services and made sure to never use their clients. Downloading an OpenVPN configuration file IMO seems the best way to go about it.
Speaking of PIA and not using the provider's client, I've written this simple python script that populates PIA OpenVPN routes for NetworkManager on a bunch of Linux distributions, which then pop right into the system tray or are accessible from nmcli, etc. (https://github.com/dagrha/pypia)
What so you mean "found malware?" You checked the installer and found that some aspect was malicious or some software you are running said it found malware? As the installer seems likely to cause false positives.
You're still better using independent VPN clients, but I would not trust them at all if the installer actually has malware.
I spotted loads of malicious network traffic, and using the Sysinternals Autoruns[0] utility I was able to spot attempts at persistence. I also checked the outbound connections and they were C&C servers. I can't remember if the installer was digitally signed or not, but there was definitely malware in it. I always make sure to opt-out of any AD ware that might be bundled with an installer, but this seems to have been injected surreptitiously, and installed with very little interaction.
Just be careful with the bespoke VPN clients as they are very juicy targets for MITM attacks. I know I would be going after VPN software if I wanted to do ex-filtration for a small subset of users trying to hide their tracks from governments and ISPs.
So an installer was trying to set up autoruns, and the outbound connection IP's were on some list? The first part seems like expected behavior, the second sounds like your list of bad IP's included several that one of the most popular VPN providers use.
This was before the client even connected for the first time. And the IPs were well known C&C servers used for collecting keystrokes and screenshots of your O.S
Checking if their various servers exist on install seems likely. And well known C&C servers probably hide their actual IP, they'd be fairly easy to shut down if they didn't.
The free tier is in a waiting list right now. I thought I shouldn't try the paid one without getting a feel for how good and fast the service is (had bad experiences with another highly popular VPN provider in the past and canceled within a few days).
I also wondered why ProtonVPN doesn't list any trial period in the paid plans. So I went to the support page and found that it has nothing about payment, trials and cancellations. I then went to the Terms of Service page [1] and found that one can cancel within 14 days and get a full refund. If anyone from ProtonVPN is reading this, please move this information to the signup page and also list it on your support pages. Those are the places for this important piece of information. Almost nobody reads the terms of use on any website.
Quote from the Terms of Service page (typo "Guaranty" ought to be "Guarantee"):
> Money Back Guaranty
> You may cancel your account with a full refund within 14 days of the initial purchase. Refunds or credits beyond the 14 day window will be considered, but at the sole discretion of ProtonVPN. The Company is only obligated to refund in the original currency of payment and refunds will be processed within 14 days of the request. To request a refund under our Money Back Guarantee, send an email with your request to support@protonvpn.com.
Great that there's more options out there. Will there be an option to signup over TOR, and pay with ETH or BTC?
I run free privacy/security classes for journalists, and some of them have said that their sources can't use paid VPNs because they're afraid of the purchase showing up on their credit card statement.
TOR is great, but doesn't yet work for things like video chat (yes i tell them not to use Skype...)
There's a good comparison chart/spreadsheet of VPN providers at [1] - among other things, it can filter on anonymous sign up and payment.
There are certainly VPNs available that you can sign up for over Tor, and pay for with Bitcoin. However, some bitcoin payment services block Tor IP addresses; tools for VPN-over-Tor can be clumsy; and some sites that accept Bitcoin process the payments manually so it can take a day or two.
Private Internet Access allows payment with popular brand gift cards (Starbucks, etc.) purchased at brick-and-mortar locations for cash. Then you use a disposable e-mail account to receive your password.
TL;DR: The Identity to BTC link has to be broken, no matter how you do it, and not in a way that is human-indecipherable but truly distanced.
If your target uses BTC to avoid CC payments, then they had better know how to prevent tracking the payment on the blockchain as well. If I were targeted by a bad actor with state level resources, I would assume any bitcoin transactions to ProtonVPN would be spotted easily and I would assume any wallets I've used are hot. There were lots of ways to do this explored by users of onion sites who purchased illegal items. One of the most popular was to 'launder' the coins using a mixing service which shuffles around the BTC (for a fee) and sends it to a wallet of your choice, typically a one time use wallet which sends the balance to your account on the onion site for purchases from other users. The onion site operators may also mix up their coins, making it a little harder still. The coins from origin are received, split into a bunch of tiny transactions all over in various wallets, like shuffling cards, then many wallets send small amounts whose sum is the amount laundered minus fees, to the final destination one way or another. I encourage you to browse forums on such sites for the scoop on what the users think they know, as well as what security researchers have published on the subject.
Example: User Alice wants to pay for services from Bob. Bob's services are a little questionable in Alice's jurisdiction and she is concerned about someone finding out about her payment. If Alice is being surveilled directly, and the attacker knows about the wallets Alice uses because they got records from the company she buys coins from (or somewhere else like sniffing her traffic), and the service is priced at $X on Y date given the bitcoin value at the time, the attacker can look for any transactions for that amount on dates which Alice visited the site and compare the transactions.
In our example, lets say Alice wants to upgrade to paid ProtonVPN service but doesn't want Throckmorton's Sign Company [1] to find out about it. TSC suspects Alice may be trying to smuggle information through a VPN. Alice is smart and uses all the best practices. She's got a locked down mobile device with no cellular antenna connected to a long range directional antenna. She leaves her phone at home, drives the most secure route available by avoiding main streets with traffic cameras and license plate scanners. She parks in a cheap apartment complex parking lot (no guards/cams) at the base of the mountain. She pulls a mountain bike from the trunk and places her handgun in a waist pack, and rides to a higher elevation scenic point with no security/safety cameras and infrequent civilian or police traffic, aims her high gain antenna at the hotels below, and gets a WiFi signal. She connects with a spoofed MAC address, from a Tails ISO on optical media, to somewhere she cannot be physically linked to, using a device modified for safety. She has a script which changes her apparent desktop resolution, browser size on every page load, user agent strings, window dimensions, all kinds of fingerprinting avoidance. Alice uses a virtual keyboard which randomizes the delay between keystrokes before forwarding her input. Alice checks her configuration for holes, checks TOR, checks DNS, etc. and everything is solid. Feeling secure now, Alice logs into a brand new Proton account not associated with her, checks the price, and pays via Bitcoin. She bought bitcoin from a reputable exchange and had it deposited to a new wallet. She then transfers these coins to another wallet which is brand new and uses this to pay Proton.
An unknown actor at a TSC subsidiary agency has absconded with classified intelligence reports. Agent A is being watched, his stuff searched, no reports found, and Agent A won't talk. TSC thinks Agent A leaked it. Surely he sent it to some damn media hippie who loves communism and Vegemite, and now the whole world will know. They must stop the leak. TSC knows Agent A is a Vegemite sympathizer and is known to talk with people from the media sometimes, which is why they were watching him. They know he eats at Joe's Restaurant. A TSC agent dresses in a shabby suit he rented and puts on a local law enforcement badge and ID. He goes to Joe's and interviews the manager under the auspices of a criminal investigation. The manager at Joe's was all too happy to point out that he comes in every Wednesday, sits at a table near the rear fire exit facing the door with his back to a wall in a part of the dining room with no clear window views. He always orders Vegemite sandwiches and dresses nice. But he noticed that once a month or so, Agent A has someone with him, a real pretty lady friend. He assumes they are having an affair, and he's curious about it, so he pays a little more attention to Agent A and thought there was something funny about him, and he's eager to tell the "policeman" all about it. Agent A always looks sharp but on those days he dresses down a little, wears sunglasses, and removes his wedding ring. The manager calls over Agent A's usual waiter and asks him to tell the nice officer all about this suspicious character. Agent A's waiter says he saw a media ID sticking out of her wallet when she paid one night, so he knows she works for XYZ media. Our friendly TSC agent thanks them for their time and leaves, giving them a business card with a "detective" to contact with any new details.
TSC has only to look at all bitcoin transactions received by Proton since the leak, and I imagine this is a small set, and look at where those coins came from. TSC can and does keep banking and financial records for companies who sell Bitcoin. They run a search against the transactions looking for any wallets associated with those used to pay Proton during the period since the leak. They find 666 wallets. 420 are from Alice's country. Of these payers, only 42 paid with BTC from a wallet which had no other appreciable history. They check these 42 and the wallets connected to them by BTC transactions and find exactly one which was separated by 2 degrees and funded by BTC from Alice's reputable exchange. They quickly search the exchange's records and find that the wallet in question was funded by an account with a CC# belonging to one Alice Suspect who lives right there in Big Brotherville, and her name is on the list of XYZ media employees. TSC now knows Alice bought a VPN account, and to some courts that might be enough to escalate this. In some jurisdictions that shit will get you killed. Alice lives in a civilized democratic nation however, so instead she becomes the target of a massive and focused TSC investigation. They raid her home or intercept her vehicle, maybe they throw her in a van with a burlap sack over her head. Regardless of how they get her, TSC agents find encrypted disks, and order her to unlock them or go to prison (or face a $5 hammer). Alice sure did a lot to cover her ass, for nothing. One leaker, one media contact locally with a BTC wallet which paid Proton. Even assuming they don't target Proton, but check against all records of all VPNs on a list, doesn't change much but computing requirements to find out who is buying VPN service with BTC on their list. Assuming they don't ever go to Joe's restaurant, or even know about the pretty lady, they know local media only has so many journalists, fewer who travel these circles, and fewer still who would touch something that hot. Even assume they check ALL journalists in the entire country, how freakin hard would you have to look? How many suspects would there be who have bitcoin exchange accounts? Monitoring their search entries or IP traffic would reveal a lot and narrow the list down. Assume this is all happening in a state with a highly developed legal system and TSC has to request warrants and subpoena records to get them, and show to the satisfaction of a court that she is guilty, they still have the authority needed to grab the rest of the info they need once they have a short list of targets and they can acquire the rest through this investigation. Assume TSC never found the actual documents on Alice or in her property, the original problem of Alice being known to use a VPN is still not solved. Another approach would be to check all persons of interest for bitcoin exchange accounts by CCs, emails, names, etc., and then check those accounts for direct or indirect payments to VPN receiving wallets. Let's even assume that Alice purchased a prepaid credit card and for some reason was able to buy bitcoins with it, now they just ask FailMart to give them the register record and the video from that time. Even assume Alice isn't a journalist but a source as the OP says, and this source doesn't want people knowing they got a VPN. Follow the same breadcrumbs and you still have a bloody short list, the rest is old school tradecraft and detective work. In a not so developed legal system, only a shred of suspicion can end your life without needing anything solid at all. You see where I'm going I hope. The moral of the story is, BTC come from money, money is watched, BTC are watchable, so without a mixnet or something between purchase of coins and purchase with said coins, or a way to acquire them with complete anonymity, you're holding up a sign with your name on it which is just obfuscated enough to seem anonymous to average people. Money and identity are linked thanks to our current global financial system and all of the people who have exploited it. Selling BTC is regulated to "prevent drug lords and child sex traffickers" and other evil persons of the week from using BTC to launder money, but it's watched anyhow and every technique to link identities of individuals to bitcoin purchases can be assumed to be in use.
Come on, that was a stress situation, their data center was shared and many other companies were feeling the pain. Yes I would also tell them "don't do it", but they made a decision under very high pressure from many sides at once. They since started protecting themselves and I'm sure they won't pay anymore now. I don't see why people keep bringing this up with all the positive things they also do.
By the way, the party that initiated the ddos did stop the attack but a much bigger one took over. Probably state sponsored.
Looks the time has come for a small country to create a data haven like the fictional Sultanate of Kinakuta. I believe that the idea will attract foreign investment quickly.
It doesn't need to be a country. Just get some container ships, sail to international waters dragging a fiber cable with you and bam, data haven. You could also operate as a secure key storage. No worries about governments requesting keys as there is no government.
Yes, but it's fairly trivial to drop a "Seal Team 6" in and physically seize whatever they want, or just sabotage your equipment. Also, they could pressure your mainland circuit provider, or simply cut your cable every time you repaired it, which would put you out of business fairly quickly.
I'm not sure a data haven works unless you have a sovereign military that can defend itself against the rest of the world (good luck!)...
It's still a rather bad trade-off. If you base your operation in a country with strong privacy laws then these at least protect you from that domestic government.
If you base your operation in international waters/outer space then there's literally no privacy law protecting you from anybody, you are fair game for every government out there.
Good idea, but any government that can launch satellites can also shoot them down. It's actually much easier to shoot one down than it is to launch one in the first place.
blowing up a satellite in orbit is a massive escalation over even something like a commando raid -- i believe it would qualify as a violation of outer space treaty as well. a great deal of 'space junk' was generated by china's (one, individual) test of an antisatellite missile in 2011, and it caught a lot of critical international attention over it because it puts other satellites in danger -- thousands of tiny pieces zipping around like a 3d minefield. this hazard would potentially apply to US military satellites as well.
besides this: there are many, many ways to spy on satellites. the US is believed to have at least one satellite that sits 'above' a major middle eastern comms satellite with a football field-sized antenna, passively snooping everything shot at it. you can encrypt it, sure, but do you have high enough trust in your crypto implementations to deal with an adversary like that?
what i'm getting at is, i don't think they would shoot down the satellite.
Does anyone know why they require existing ProtonMail users to enter their account's password AND the decryption password? Fair enough, they're linking my account, they require the account password. But the key that encrypts the email data too?
Your access token to the service is encrypted with your primary public key as an extra security measure, thus your client needs to decrypt it to use it.
Too bad they're focused on new and shiny at the expense of real (paying) email users. After a year of Visionary, I finally went back to Google. PM just isn't designed for large mailboxes, real search, or navigation. Plus they still have not provided any way for you to export your emails out. They're locked up forever, unless you want to forward each one, one at a time.
Search has been dramatically improved. Difficulties with large mailboxes are often a complex function of many variables with things like client side javascript decryption speeds often playing a large role. While testing is done with large mailboxes as part of the development process, the ultimate solution for people with extremely large boxes will likely be the use of the Bridge program with an IMAP mail client such as Microsoft Outlook. There are unofficial export programs available that call pull all mail out through Proton's API. An official, supported, export (and import) program is planned for the future.
Unless this was introduced within the last couple of months, I never had the option to do IMAP. I wanted it... I would have happily offloaded all that to a local mail client. Plus I would now possess copies of all my email for the year.
With the small number of nodes they can offer (compared to the tor network exit nodes), traffic analysis seems relatively easy, especially with standard VPN software that may have no fake traffic generator capability.
I've been using the beta now for many months. For my use case--hiding from ISPs / other malicious non-government actors who want my IP--it's been pretty good and plenty fast. Not really sure what they plan to do with our beta plans, but I'd pay a couple of bucks a month for their speed / reliability (haven't been knocked off once). Or maybe this is just normal service and all the other VPNs I've tried in the past have been shit. Hard to tell really.
For anyone wondering, their speed claims aren't inaccurate. I ran a quick iperf test on a server in Hurricane Electric Fremont 2 with a gigabit port and it did ~500Mbit/s. DSLReports backs it up: http://www.dslreports.com/speedtest/17167172
What are security features of their VPN or email that are not in other VPNs or emails, that I can measure? I.e. I don't care how military grade is their server side encryption or I don't care that they decrypt in my JS, as long as threat model remains the same.
I'd pay for a VPN with integrated tracker / ad blocking. I currently have a low cost VPS with a VPN where I set the hosts with a couple of block lists, but I think it could be good to have a proper VPN service with that option.
The reason is using it on mobile unlocked devices, rather than desktop.
Anyone knows how to use Protonmail to send/receive attachments encrypted by a different PGP key than Protonmail uses for one's account? It never allows to download such an attachment and I surely won't upload my private key there...
Please report your difficulties to the Support Team: https://protonmail.com/support-form You don't need to be a paid user to do this. They will respond to your ticket. I have done this before - some time ago. But, perhaps a bug was introduced somewhere in the code or there is some other issue that you are running into (perhaps some configuration with the local platform). It should be possible and work correctly.
I'm currently using hide.me under Linux and even though the speed is great, I have issues all the time.
Will try this during this month to see how it compares.
I saw that they use OpenVPN protocol[1], then I stopped reading other things. Although the encrypted connections can not be decrypted, the OpenVPN protocol is easy to be detected and banned in some highly censored network.
I recommends the shadowsocks protocol[2] which I used in the censored network, which is hard to be detected and decrypted.
At a glance shadowsocks doesn't look like a secure protocol to me, so even if you use shadowsocks to obfuscate the protocol, you still need to tunnel a secure encrypted protocol inside of shadowsocks.
I don't expect most VPN users to need protocol obfuscation, especially since the IPs of the VPN operator are probably well known. If you're serious about that, you either need your own server or take great effort to hide the entry points (like Tor bridges attempt to).
> the OpenVPN protocol is easy to be detected and banned in some highly censored network.
Tunnelbear are one of the few VPN providers that use a thing called obfsproxy to circumvent this kind of censorship. They call it 'Ghostbear'[0] but really it's just an obfsproxy bundling which uses the domain fronting technique.
You can use a ssl tunnel to avoid DPI detection by your censored network or ISP. It will obfuscate your openvpn tunnel with another ssl layer, although you'll take a performance hit.
Packages like STunnel/stunnel might help(available for both windows/linux).
Mozilla's made a couple of bet-the-company decisions in the last couple years, including Firefox OS and the phone. Given the results of those, it's a miracle of luck and effective management that they're still in business.
But that would be another bet-the-company prospect, and I don't see them likely to try that for a couple years.
"ProtonVPN is a no logs VPN service. We do not track or record your internet activity, and therefore, we are unable to disclose this information to third parties."
hmm ok benefit of doubt given - refused every possible username and does not say what is wrong with them, did not appear to work, then did unexpectedly, then tried username recovery but got 404s. Genuinely I'd never heard of them before now so I was like - 'wait what is there something else going on? like some shell thing posted to hackernews'...
I just tried again and it completed and is working okay now - bit of a fiddly registration process but actual vpn seems to pretty good and there are lots of endpoints, so great too.
https://protonmail.com/blog/transparency-report/
On the other hand, they recently reduced the level of detail in the transparency report.
There is also the fact that they are Swiss, and their privacy laws were severely weakened by a recent referendum. In particular, the Swiss government can now monitor all cross border traffic without a warrant.
ProtonMail fought the referendum, but hasn't updated this "Why Switzerland?" page:
https://protonmail.com/blog/switzerland/
They also haven't moved to a more appropriate legal jurisdiction.
[edit: clarify links]