satisfyinghump ago

So, it's been possibly hacked and taken over since 2015, by the IDF??

SearchVoatBot ago

This submission was linked from this v/whatever comment by @gabara.

Posted automatically (#10974) by the SearchVoat.co Cross-Link Bot. You can suppress these notifications by appending a forward-slash(/) to your Voat link. More information here.

gabara ago

BREAKIN THE LAW! BREAKIN THE LAW!

speedisavirus ago

And I'm not buying it.

wesmoc ago

Proof or it didn’t happen.

Simply saying it happened doesn’t mean crap. I am skeptical to start with, and anyone saying “trust me it happened” is immediately untrustworthy.

OakIsland ago

Having strangers guard your data is never secure,

Spectral ago

This comment section is filled with a lot of rumors, fresh accounts and hearsay. Shill alert activated. I've used protonmail extensively and they've been under heavy ddos attacks constantly, seeing this shill thread makes me believe someone is trying to get them shut down. Makes me feel protonmail is safe. Thanks

mad_saxon ago

LOL. Speaking of DDOS, you know who they use for DDOS protection right? Radware in Israel. Keep trusting them, goy.
https://protonmail.com/support/knowledge-base/protonmail-israel-radware/

Spectral ago

Your rhetoric and demeanor makes me think you are a hardcore shill. Prove me otherwise.

mad_saxon ago

Who am I shilling? Nobody. I'm warning goats about Proton. If you don't believe me that's fine. I don't need to prove shit to you faggot.

Spectral ago

You're not warning shit. You're just throwing accusations out there with no evidence. I've seen people shilling against protonmail since the start of it. Gtfo voat, you fake cunt.

mad_saxon ago

Once again, unlike you, I'm not shilling for or defending any service. You are attacking me while ignoring the facts. Typical jew tricks. I'm done with you faggot.

speedisavirus ago

Not found

W0d2n ago

the person who posted this pastebin leak, used a Protonmail competitior as their email for contact details

Deadline 23 November 12:00 UTC
AmFearLiathMor
fearliath @msgden.com

just one thing that made it more fishy

PapShamir ago

ProtonMail == 🍯 HoneyMail

This isn't really a hack much. They left this door open and unaudited intentionally. Proton mail has always been a profitable honey pot. They indirectly broker access to your data to the usual actors.

https://cryptome.org/2015/11/protonmail-ddos.htm

That was ack by the company in fact. Look it up on their site.

Also our own Super Goat @alele-opathic and others have tried warning everyone of the perils of bandwagoning in general, using PotMail as a perfect example of astroturfing success. Critical analysis is hard, but _this is important. _

https://voat.co/v/whatever/2683626/13607896

Dark_Shroud ago

Tutanota, is probably the best of the free services. Everything else requires paying.

PapShamir ago

Given that qualifier you're probably right. Otherwise Kolab is great too.

Dark_Shroud ago

I stopped bothering years ago and just use Hotmail/Outlook. I encrypt sensitive email myself using an OpenPGP program before it leaves my system.

PapShamir ago

Used to do that with Gmail. Problem is searchability, OTR, infinite topology logs, adversarial service assets etc.

It's one way. Just another fish in the sea, albeit the flagged PGP sea.

I do both. Sometimes impossible to block Google on networks. Sometimes administration involves just blocking things like Hotmail etc., but Tuta is unknown to corporate blacklists. There's always a way.

tatrodini ago

Lolz. Proton was never as secure as everyone thought. The guys at horuxx.ru as a demonstration, broke into my Proton mail in less than 2 days. Still yet to break into my Gmail.

mad_saxon ago

Holy shit. Can you elaborate on that?

tatrodini ago

No idea how he did it. I paid him to hack my ex Facebook back then, we got talking and I told him to try hack me, I gave him my Proton which he successfully hacked. Used it to send a mail to my Gmail. I then changed my Gmail password and told him to hack that. After a few days he said not to bother. Must've been too much for him.

mad_saxon ago

Wow. Very interesting.

nyrosis ago

You know how I know this is going to be shown as a fake news psyop? Protonmail has been under attack by state actors with everything from ddos to dns poisoning for over a year. None of that has worked, they continue to get better at what they do and more and more sheeple are moving away from corporate spyware(gmail, yahoo, facebook, microsoft) and learning about gnupg keys.

After viewing the protonmail response that this is extortion that originated from 4chan. I say call their bluff. They have nothing. Protonmail doesn't use Subresource Integrity(SRI) because they do not use a content delivery network(CDN) to distribute. They use their own servers to avoid the CDN weakness altogether.

In other words goats this looks like a big pile of cabal bullshit designed to stop users from encrypting their email. I'm calling the bluff.

nyrosis ago

Am I the only one that feels like this group is being hunted down and suicided right now by the cabal?

boekanier ago

So, I've been hacked, well, my protonmail. Oh boy, I'd better commit suicide now...

Honey_Pot ago

were running a modified and automatized version of their webclient on our end, where we fetched, processed and stored email messages from those affected users in a huge database of our own

Should have noticed that traffic....

HenryCabotLodge ago

I have not read through all the comments, but here is my take from Amerika. /// This ransom description is very similar to one the Indian Police (like India not Elizabeth Warren) have been dealing with out of Pune, India for 3 years. In that random, the target is an individual (executive usually). The hackers write only the executive and give the address, site and password he (mostly hes - I did not see too many females fapping to porn in the data I saw. None now that I think about it). The password is purchased from a hacked data drop is what I was told. Apparently (and I sure F do not know), you can TOR down in the dark work and pay $ for a list of conpromised emails + passwords (old) and the site accesses. With those 3 basic tooks (and the password are outdated), the extortion goes as follows: dear executive. we have been observing you from sometime. Here is your email + here is one of the passwords you use by crackign your account (that is a lie) and here is the site you visited (not to sure how they linked that up - but I just put it our there). The according to the inidan police, the scam was that you have 5 days to come up with about 100,000 Rupees which is + - 1,500$ or something. It had to be paid in a bitcoin wallet. They even had instructions of how to open a wallet and send bitcoin. //// If the executive didn't send the money, the hackers were going to dump the screen grabs of the hairy fat executive with screenshots jacking off to whatever porn was most inflammatory as they wrote the ransom, adultery porn, faggot prom. It seemed to vary. /// According to the Indian police it was a complete ruse dreamed up by hackers in India. However, over about a (not sure exactly 18 mo to 2 year period) they got about 500K to 600K US in funds (boy that was a lot of fucking scared executives :) and a bunch of emails begging them not to release. /// That shit could fill comic books of begging ... sad ... but oddly funny...). .... Most of it was bullshit and they woudl make a few more attempts, but with now way to harm the targets (they did not have the extortion data. They were not in posseson of any compromised date (other than the purchased email + old Pass + target use). .....

So having rambled on about the Indian Pune Attack, I now turn my attention to Protonmail. How is this the same. It is much better and more sophisticated writing for sure. However, it follows the same pathway. //// Consider. We are hackers. We hacked into Protonmail. (that would send the same shivers against us collectively as the targeted executive singularly). Here is how we did it ... blah blah blah --- not belivable. ///// here is what we found. In Protonmail we found 1) corrupt gov employees and 2) child porn. (the threat). In Pune - we found (you mr executive beating off to porn or fucking your mistress and we took screenshots and used your video (ergo why FBI Director Comey had his taped over in the House hearings (we all do)) (so bs on that). (that was the indivdiual threat). //// Then the threat of realase. If you don't do x we will do Y. //// In the executive world is was pretty simply, pay us 100000 R or we will release you fapping (so what in my peronsal opinion). In this protonmail hit is is kind of hard to figure out. He / She / whomever dn state who should pay the ransom. (big mistake - like would you pay these guys a million if you weren't 100% in the gunsites/ He says: "#2 Sold in bulk to the highest bidder on the darknet:" to stop the release. Well what the F does that mean. If I were to pay him (whatever - gee) 500000 R to stop it , what is to keep this criminal from selling it to the next sucker - nothing. THAT is why I think this scam is bs. It breaks down under analysis. If they wanted to REALLY do the ransom it would be some highly specific targeted attack we would never see. He would write some deep insider at Google or Paypal or Apple and say "Hey we have you fucking your girlfriend at that W Hotel in Jakarta. Wanta see? And if you don't want your wife and your boyfriend on the side to see it you will deposit 15000$ in this bitcoin account in 5 days. Otherwise you are going to listen to your wife feed you back how you call her nasty, and frigitd and a gold digger (we looked her up; you are correct, but you will still get fleeced by her lawyer)." So your call, Chump. 15K$ or your wife gets the data.

THAT is a specific threat. This S is not. So based on the way the ransom unwinds at the end, I (oh yea big judge me) conclude that this is a rather sophisticated hoax but a hoax nevertheless.

Sorry to ramble so much - but it pissed me off when I read this.

Cheers.

boxjellyfish ago

Maybe it's the work of pajeets. They are upto a new kind of internet invasion. I bet the pajeets already hacked a lot of protonmail women users' account, so later pajeets can rape them via mail, then brag about it to their virgin friends on their little tech blogs how they lost their virginity using protonmail.

Jwolfsen ago

Fake news. But seriously... What is a good low cost provider that will be around for the next 10+ years? I have tried a few suggestions in the past a d they either sucked, merged or folded.

HeavyBeefCurtain ago

start diversity hiring

gets fucked

IMAGINE MY SHOCK

uvulectomy ago

#1 Freely send media outlets the below information:

- - - - - - - -Data Group Two: Conversations revealing rampant pedophilia among executives and the affluent who use Protonmail as their personal email. Including full names and descriptions of their wrongdoings in their own words. Prominent individuals to be named in many corporations and government positions.

If they're for real, they need to publish a couple medium-to-big ones right now. Hell, publish all of them and watch the rats scramble.

ExtraDouble ago

I was just reading about proton VPN..and its links to CERN...deep state is deep state

PiousApostasy ago

What's the point of using some boutique email service if it does the same spying shit Jewggle does but without the security and convenience? Honest question.

petevoat ago

Never trust protonmail. Always thought, like most of them, are honeypots.

the_sharpest_knife ago

Probably a hoax by google. /yawn

NoRoyalty ago

Go for trusted encrypted open source apps. The Guardian Project.

EdSnowden ago

Aka what you should’ve been using all along.

Tallest_Skil ago

Fucking hell, there’s just no point to anything anymore, is there. Thanks.

drstrangegov ago

Emailed you. Read it.

naamasteer ago

just sipping @goatboy milk (-boy) with cinnamon and watching https://www.bitchute.com/video/MHzgfljUXGXD/

@ RIPJEM she was reallygracefull

  • like RRof(T)R OMA not the brightest bulbs in Walmart ( Files Patent for Robot Bees ) shelves, but no shills @ least -

it seems !

so @teddifirst 1̛̮̝́̏1 9̛͕͔̫̊̆ ? my hunch : @kobold eats too much @3141592653 - kekmet + @kekmet-peperoni ZZA

goatboy ago

Is that supposed to be Engrish?

middle-path ago

LOL AS IF ANYONE TRUSTED IT

Cuttwood ago

Tutanota has been compromised as well, but everybody downvotes, doesn't listen, or won't admit it to themselves: https://steemit.com/email/@skuldde/tutanota-the-privacy-oriented-email-provider-is-dead

I wrote them a support ticket - as a paying (quite a bit - I run my business on it) asking them why and to turn it off for my account and they flat out rejected the ticket. No response, just an auto-email that said rejected. That's the first time that EVER happened to me.

W0d2n ago

they 'claim' that they basically compromised the login page and stole your password from you typing and sending it.

goat-ditarod ago

Announced to discourage trust and usage my guess. The tactic works too.

white_male30 ago

The whole story hangs on the SRI bit which is bullshit, you don't have to be a webdev to figure it out. Go to protonmail.com right click -> inspect element, switch to the Network tab and reload the page and you'll see no content from third-parties, try logging in with an account if you want to make sure.

Social_Construct ago

Mother FUCK

white_male30 ago

That's cool, I don't see any proof though. Am I supposed to wait or what?

juicedidwtc ago

...but anyone could have also just posted this on pastebin...

...this post offeres as much evidence as christine ford

W0d2n ago

plus, it ends with him giving his contact details, using an email service that is a competitor of Protonmail.

AmFearLiathMor
fearliath @msgden.com

brandon816 ago

Oh, full-stop. I didn't notice that little remark, that they were using the e-mail services of a competitor.

Assuming that this is fake and an advertisement, would this count as libel then?

THEx1138 ago

Ding ding ding. Winner.

lanre ago

Protonmail is a honeypot. Just want to re-iterate that.

Simonsaysgoat ago

Fuck I hate computers and computer lingo. "Hackers" are faghots that live online and dedicated themselves to learning this shit, losers

BadGoy1488 ago

Data Group One: Decrypted emails between individuals working for private military contractors discussing government contracts.  Specific details regarding circumventing the Geneva convention, underwater drone activities in the Pacific Ocean, and possible international treaty violations in Antarctica.  We have no way to validate this information but we do have these users information and all the details they use when describing their activities to their acquaintances

Data Group Two:  Conversations revealing rampant pedophilia among executives and the affluent who use Protonmail as their personal email.  Including full names and descriptions of their wrongdoings in their own words.  Prominent individuals to be named in many corporations and government positions.

Holy fuck. I hope Protonmail don't pay up, or they release this stuff publicly anyway.

mad_saxon ago

Starting to think this too, but I still would never use Proton.

sometaters ago

Proton is saying it's fake. They are saying they can't find any breeches and the hackers have provided "zero evidence" that they have data to spread.

I hope it's real because it's always exciting when shit like this happens but I guess we'll just have to see how it unfolds.

W0d2n ago

not as exciting when you use protonmail for your Job and your emails leaking would cost you your job

F_Scott ago

In other words: ProtonMail hacked ProtonMail. Classic Assange.

succubustop ago

Yeah, I've lost a lot of faith in Voat lately. Not seeing a lot of investigation here, people kneejerking and reacting based on their fee fee's and posting outright lies, like the Mily Cyrus incest stuff (not saying she didn't commit incest or other disgusting behavior, just saying people posted quotes about it she never actually made and treat it like gospel truth.) I came here from reddit looking for truth, I'm just finding more lies on the other side of the coin.

gazillions ago

You're looking or someone that has the truth. That person does not exist and will never exist.

Every single person is responsible for piecing together what information they can get, how it fits together and judging or themselves what's accurate. What's true does not exist. My truth and your truth are judgments of color in any regard, otherwise kumbaya would exist. It doesn't and won't.

lip_hips_fingertips ago

im with you succubustop, I never posted for years out of fear of being outed.... but now I'm posting to shut down these complete and total fucking idiots. The truth is that voat is a honeypot for shills, just like reddit, 4chan, every msnbc/cnn/fox message /comments board, liveleak. etc etc.... its real, its called propaganda.

NoRoyalty ago

You fucking reddit lib. GTFO.

HoubovyTomas ago

So go investigate and contribute your findings, you fucking tool.

Member for 1.3 years with 107 SCP and 122 CCP?

FelchingFaggot ago

Wow.

RevoltNow ago

I'm inclined to agree. That's not to say ProtonMail is secure of course, but this particular "hack" announcement looks bogus. In particular, the first thing they talk about, SRI, doesn't make sense in the context of the rest of their claims. It sounds kind of good at first, but if you fully understand what it means it doesn't add up. SRI gives your site's visitors a way to verify client-side code (JavaScript) from a third party has not be tempered with.

First of all, that doesn't mean that not using SRI allows an attacker to change around code automatically, it just forgoes one particular check against it. SRI is not "mandatory" as they claim, even the W3 document the conveniently provide a URL for describes it as a recommendation. These "hackers" completely fail to explain how they actually injected their own code.

Even more importantly, all this is about client side code. Even if they were able to pull it off, they would only be compromising users, not the site itself. Yet somehow they get from their to a permanent backdoor. They throw in stuff about "0-days" (previously unknown bugs), and imply they may have done some other secret hacker stuff, but if they could really do that, the whole first part about SRI would be completely irrelevant.

speedisavirus ago

The only compromise on the client side I could imagine is if they were sending themselves transmitted data such as login information. Not sure otherwise.

white_male30 ago

It's a LARP, if they ever loaded javascript for crypto from a CDN someone would've already blogged about it, like the anti-DDoS service linked to the IDF which outdated info(ofc it's top comment in this thread..), I don't see that IP when using traceroute.

GoodGodKirk ago

Yes, especially since photonmail claims to not use CDN's, which would have been a reason to setup a SRI, so how exactly did they breach the site undetected and not show a pattern of accounts being leeched to another offsite location.

Also, no group name attached. Who's responsible for the lulz? Only state actors don't like to be named.

brandon816 ago

They claimed to have installed a backdoor into their systems, and then that passwords / keys were stolen.

What if they only did the first? And / or, simply didn't remove the backdoor later as they claimed? Changing your password would only compromise your account.

nyrosis ago

Exactly, changing a password could be very bad If a state actor is using a new tool. This smells like bait.

Turn_Coat ago

Well, we'll find out soon enough.

FuckYesJefferson ago

This reads like a kid in 7th grade English class.

mad_saxon ago

Or a non-native speaker.

DANKGHIDORAH ago

I've never been charged a monthly fee whatsoever.

GIIOST ago

thats because you arent a paid account.... duh. they have different tiers

DANKGHIDORAH ago

Yea, I'll be looking for a new service if this turns out to he true. Or I'll just quit using the Interner altogether.

W0d2n ago

setup your own email server like hillary did

DANKGHIDORAH ago

What could go wrong?

W0d2n ago

atleast you arent putting all your eggs in a huge honeypot. meanwhile your mail-server will likely not be a real target unless you are a high profile target.
actually its not a real good advice, since proton mail is made to be anonymous. and hosting your own mail-server isn't gonna be very anonymous.

FelchingFaggot ago

So this could be some strange ploy? Like them doing it to themselves or them just saying "this happened"?

DANKGHIDORAH ago

Could be real, could be they're just kind of dumb. Could be fake, an attempt to bleed them financially and scare people away. There are better options I'm not aware of I'm sure, but it is factually incorrect that Protonmail charges their users any fee at all.

W0d2n ago

there are paid plans. there is Plus, Visionary and Business tiers.
https://protonmail.com/signup

FelchingFaggot ago

🚩

polygeek ago

Hoax? Guess we're going to find out, because Protonmail claims it's not true... https://www.bleepingcomputer.com/news/security/hacker-say-they-compromised-protonmail-protonmail-says-its-bs/

SquarebobSpongebutt ago

If it's true: GIVE US SETH RICH'S EMAIL.

By their own admission they probably couldn't do that. They didn't hack in and steal old data on everyone, they found a way to collect users and passwords from date x forward on people who logged in and then went and got their email. Without knowing what that date is Rich's stuff may not be involved.

polygeek ago

Probably not, then. I really hope it turns out to be a hoax.

ChiComs ago

Though it is amusing to always say its (((them))), as a knee-jerk quip, in this case there actually are indeed State of Israel fingers all over this backdoor the hackers found and followed!

Oy Vey!

10TonMantis ago

Just to remind you goats. If it is not encrypted BEFORE being typed into a browser or leaving your computer IT IS NOT SECURE

Rawrination ago

Nothing is secure. Intel and AMD have hardware back-doors into almost every single machine.

oddlike777 ago

This. Security is a placebo.

phoenix883 ago

No it's not. Let me rephrase it so it becomes obvious what is true:

"X can never be perfect. Therefore, we should not bother doing X at all. Just lay down and take it like a champ."

You want us to make our overlord's job patrolling us easier?

If you are working for them, shill somewhere else. If you don't, then please stop spreading your nihilistic blackpills.

If everyone does whatever they can to make observation more difficult, then as a whole the process becomes terribly hard for the enemy.

oddlike777 ago

Aww cute. Look at this guy with hope left for humanity. Good luck with your fight againt the man, brother. Unfortunately you're about 100 years late. Your own people already sold you to Israel.

phoenix883 ago

If you're sure about that, do something. Why wait for nature to take its course?

Otherwise it's all bark and no bite.

Do what's necessary, if you can't, help those who can. If not, you get out of the way.

You can have any opinion you want, but you stop black pilling people. Otherwise you are worse than the shekels, because you do that stuff for ego, not even for money. You want to watch everything go to shit just to say "I told you so". Dragging the world down because you're bored and have too little own ideas. Worst traitor ever.

jollux ago

It's like locking your door. It won't stop someone who is really determined. But you'd be an idiot to not lock your door.

mad_saxon ago

And who owns Intel?

The jews.

speedisavirus ago

No they don't.

mad_saxon ago

Jew troll identified. GTFO

speedisavirus ago

Identified the low IQ faggot that has no idea what they are talking about.

1F4A9 ago

It doesn't even matter.

The US can legally enforce any company operating in their juristuction to put in a back door and shut up about it.

Products of American companies should be considered compromised, al least by a back door for the NSA, and who knows what other actors have gained access to these back doors.

All Intel, AMD, Qualcomm, and Apple chips have back doors built in. Those companies together are 99% of computers and mobile phones.

Question is how compromised non-American chip vendors like Samsung and MediaTek are. Legally they can't be forced to cooperate for chips sold outside of the US, but maybe they do voluntarily because otherwise the US denies them access to their market. It's not a coincidence that the US government was tageting Huawei. It was not because Huawei CPUs contained a Chinese back door (they probably do btw), but because they lacked a NSA back door. It's not a conincidence Samsung doesn't use its own CPUs for the American market, but buys them from Qualcomm.

NoRoyalty ago

Wrong. Leftists.

Buff_Awesome ago

Is this real?

0x16 ago

Any good alternatives to ProtonMail?

speedisavirus ago

This likely isn't true and proton already denied it

nyrosis ago

Roll your own Email Server with Mail-In-A-Box and make sure to use gnupg to encrypt your emails. No exceptions on gnupg. Organize signing parties to sign each others keys.

middle-path ago

DO NOT TRUST THIRD PARTIES.

ENCRYPT LOCALLY.

NoRoyalty ago

Open source.

ChiComs ago

You mean end-to-end PGP mail I assume? You can manually use PGP tools atop encrypted emails and in the 1990s email programs made it trivially to add into desktop email programs, even apple did. Nowadays, morons use web interfaces and look at emails a lot on a could, instead of xfer it all locally to their machine. Other than that, anyone can still use PGP for their emails INCLUDING BEFORE sending the encypted emails through services such as protonmail.

Notice the hacker's press release is a signed and public key PGP mail?

GIF-lLL-S0NG ago

Its not so much the PGP itself that is insecure, but the implementation.

NoRoyalty ago

Also the fact that proprietary anything is usually suspect.

Pythagoras345 ago

Tutanota.com

fhaqyu ago

self host your own email.

tendiesonfloor ago

Yeah, because some amateur setting up a home server is sure to be hack-proof!

fhaqyu ago

true, but they can have a friend who knows better set it up for them if they really.

10TonMantis ago

How much for us to buy the data and release it

fhaqyu ago

not sure, but I'd throw in to the hat for this. especially the military contractors and the pedo's.

but again, that's why I think this is bullshit.

we have incriminating evidence against but if they pay us, we won't release it.

GTFO with that bullshit. just like assange and wikileaks sitting on actual intel that could literally lead to real change. I'm so sick of these fuckers.

you got something, release it to the public

polygeek ago

IIRC, Seth Rich had a private account there too.

mad_saxon ago

Incidentally during this period we noticed that Protonmail sends decrypted user data to American servers frequently. This may be due to the Swiss MLAT treaty requiring swiss companies reveal all their data to the Americans. However it also might be possible they are sending this decrypted user data to the American firm that owns them. This was simply a surprising thing to note but did not significantly influence our operation.

speedisavirus ago

Yeah, prove your claim. I see no Swiss mlat requiring transmission of all their data to the US

mad_saxon ago

Not my claim faggot, it was the hackers' claim. Just keep using Proton. You have nothing to worry about.

performance ago

Good. Shaming these companies is the only way to force them to fix holes and alert other companies to check their own shit.

mad_saxon ago

Lots of red flags with Proton for those who can see:
1) Tons of hype and promotion all over US media.
2) Ties to Mossad and Israel: https://cryptome.org/2015/11/protonmail-ddos.htm
3) Promoting jewish/leftist "diversity" narrative: https://protonmail.com/blog/diversity-in-tech-why-it-matters/

Honey_Pot ago

"hacked" is not always outside job. Many companies with any type of database: credit card, financial services, etc sell their lists against TOS/law and just report it as a theft, when it is more of a paid leak. That way, if your info directly traceable to that specific account can be explained away , for only the low cost of " a year of free credit monitoring". vomit.

Meme_Factory_1776 ago

And that's why you use your own mail server. Hmm who else did that.

Ghetto_Shitlord ago

Some of you are professional victims.

GoyimNose ago

what's a good alt?

selpai ago

Any suggestions for an email service?

andrew_jackson ago

Thanks. They had me rather taken in.

ForTheUltimate ago

Tons of hype and promotion all over US media.

I'm sorry to ask but can u gib some examples for this one too?

HenryCabotLodge ago

Me 2. Where dat info?

Vic_V ago

ive personally seen it shilled here on voat. and i say use something else. vfemail maybe

F_Scott ago

For a genius, Julian, you're pretty stupid.

prairie ago

Tons of promotion here despite people calling it out. Big surprise.

andrew_jackson ago

OK, here's my analysis of the threat. See several goofs and indicators. From the pastebin:

After proving Protonmail knowingly permits misconfiguration to maliciously target users we decided to deploy our full capabilities against them. We began with months of dedicated penetration testing, we asked assistance from other organizations and deployed unreleased 0-days.

Hackers would never refer to what they were doing as penetration testing. If protonmail was hacked at all, it probably wasn't garden variety computer criminals doing it.

Although arduous we successfully installed a permanent backdoor on their major machines without Protonmail’s knowledge, bypassing their detection mechanisms.

What's a permanent backdoor? If they had a backdoor at all they wouldn't likely announce it, unless they were complete amateurs.

Once we obtained that access we took advantage of their misconfiguration and collected passwords from a large percentage of active accounts that accessed Protonmail during that period. After that we were running a modified and automatized version of their webclient on our end, where we fetched, processed and stored email messages from those affected users in a huge database of our own, thus having significant useful information from many different individuals and companies.

OK, whatever. But it sure sounds fake.

speedisavirus ago

What exactly are they doing with the passwords. If proton mail is good they are one way hashed and the database is encrypted. If they are serious about security.

andrew_jackson ago

I'll admit I didn't dig too far into this, because it looked fake AF. I understand your points, but I'd thought that the trolls were claiming to have sniffed the passwords. Hashing won't block that type of attack? At any rate the whole thing is now thought to be fake, except to that one chucklefuck below.

speedisavirus ago

Can't do anything with hashes directly. Besides try and figure out how they were hashed which then you can solve the password problem. If you have enough of the hashed passwords you can determine this but it's not cheap to compute. The only way they were sniffing passwords was if they were in the middle of the client and server within the SSL line of communication. I mean, the NSA and some high level state actors can do this but some random fag bois are not. Unless Proton done fucked up at some level.

lip_hips_fingertips ago

I see all this nay-saying... but you're nay saying doesnt really hold up... Hackers would definitely use a phrase like "penetration testing"....it's what opsec ppl do for a living. There is no desk reference to make sure all hackers use the same lexicon. So, this as a argument that this hack isnt real is bullshit and it's scraping at the fold. Whats a permanent backdoor? Who knows, a fake user account with admin permissions? who knows, a ssh key put in the known hosts file? Seems easy enough. it does make sense that with stolen credentials you could just fire up your own client and just siphon all the files, im sure it's just an api call.

The only thing pointing to it being fake is a lack of a dump sample, if they really wanted to get paid they would show us 50 lines of the goods. But a lack of evidence isnt proof itself that it's not real. Its not as thought protonmail hasnt had some serious security issues as of late...https://protonmail.com/blog/a-brief-update-regarding-ongoing-ddos-incidents/ it goes on..

andrew_jackson ago

.it's what opsec ppl do for a living

rotfl this has already been debunked

mleczko ago

wow i thought you could trust them

lip_hips_fingertips ago

did you really just cross post reddit... REALLY??? RRREEEAAAAALLLLY? SHOOT YOURSELF RIGHT NOW. THERE SHOULD BE ONE RULE ON VOAT... NO... REDDIT.... CROSS POSTS. WHAT IN THE FUCK IS WRONG WITH YOU BOY WE DONT TAKE KINDLY TO YOUR KIND ROUND' HERE YA SEE.

W0d2n ago

thats the only place they made their official statement. its that or a twitter reply.

FuckYesJefferson ago

Why would you trust anybody aside from you?