Protonmail is not safe ?!

I found this, someone tried to explain in detail how protonmail is not secure and spies on users.
The website as far as I can see is new from 2020, he just writes against and condemns protonmail and i think it spreads misinformation.

Is anyone familiar with this, is this all true?

https://privacy-watchdog.io/protonmails-creation-with-cia-nsa/

https://privacy-watchdog.io/protonmail-devs-do-not-use-protonmail/

See other post.

Yeah, there’s a lot of anti-protonmail blogs around that have no real substance.

2 Likes

Yeah that’s the site that claimed PTIO was paid to list ProtonMail. Pure BS. Don’t take anything on that site seriously.

2 Likes

Apparently VPNs are a very cutthroat business and would resort to funding disinformation campaigns to fight off rivals. Protonmail is frequently attacked with these campaigns because it is frequently recommended.

At the same time it is safe to assume that the folks at Protonmail would not choose jail just to protect your secret, given the choice.

3 Likes

they cant spy on users because data encrypted BUT they can do spy on users if they want i mean it’s their servers at the end so real question here if they want or ready to spy on us and until now it seems they good and really want respect our privacy

That guy has serious issues, so I wouldn’t worry about anything he writes.

It is true though we were deleting his posts, because his blog is low-quality conspiracy bullshit. He started spamming his crappy blog every other day and it was getting annoying.

If you have no moderation in your community it becomes a cesspool of bullshit conspiracy rubbish, that in turn is not useful to new users, who are trying to get the facts.

One of the most amusing things about that article is he links to this correspondence with ProtonMail support and it actually debunks his argument. He just kept doubling down on his conspiracy.

He will write stuff that has links that don’t support his argument, because most readers won’t bother checking, he’s been called out on Reddit for doing that numerous times.

Incidentally ProtonMail makes it pretty obvious about what is encrypted. They also make it very clear what they will provide to law enforcement and under what circumstances.

ProtonMail is also fairly clear about what their threat model is so yeah.

2 Likes

What do you mean by “explain in detail”? One of the links provided is basically a rant of the contributors using gmail instead of protonmail. Which by the ways does not mean they don’t use PM for other channels.

The other link talks about how ProtonMail hides their involvement with MIT. The links provided point to: the current wikipedia page (claiming they’ve edited… but you can see the review history) and a talk given at MIT.

How is that indication that Protonmail is not safe, exactly?

The narrative on the About Me page is “I’m the only reliable source on the internet, all other blogs are paid to hide the truth, and the big companies will attempt to censor my truth while I hide behind Cloudflare.”

We encoutered a blogger with a similar narrative two years ago: He claimed that Posteo, a German e-mail service provider, is affected by many security vulnerabilities. This person hid his identity while constantly spreading myths. Finally, he was legally forced to put his name and address on his website, as required in Germany. It turned out that this person was a former employee of mailbox.org, a competitor of Posteo.

Meanwhile, another blogger took up the story to spread “the truth” that Posteo tried to censor the former mailbox employee. On Twitter, a well-known journalist argued that these so-called vulnerabilities do not really exist; then, the narrative turned from “Posteo is so insecure” to “Posteo tries to suppress ‘the truth’ and this is unethical.” The “Posteo is insecure” posts were modified or disappeared.

The moral of the story and the “Privacy Watchdog” articles: Always check blog articles twice. This applies to any blog, including ours and post here on PTIO. This doesn’t mean that we spread myths, but we are all humans and make mistakes. So even a well-researched blog post can be based on a wrong assumption, or become outdated over time.

3 Likes

I agree that the linked “privacy watchdog” articles are full of holes. They claim gmail was created by the CIA, then link to 2 “sources” that do not mention gmail at all. The whole website seems to be built to attack PM.

That being said, there are some things about PM that concern me:

Their “zero-access” claim is not accurate IMO.