![]() You are routed via a Tor exit node rather than via a guard node to a hidden service.Īs to why they do it - offering a free service to anonymous users on Tor is a constant battle with spammers and bots. This step won't deanonymize you or "break your secure encrypted connection". This breaks your secure encrypted connection to their onion address ![]() > When a user makes a new account with Protonmail on TOR they are re-directed from Protonmail’s “.onion” to “.com” address. com address and the user can verify this in their browser. ![]() The user knows and authenticates an onion because the endpoint is signed using the same certificate and CA as the. Protonmailrmez3lotccipshtklggee7olb73fu1rgj7r4o4vfu7ozyd.onion Given a link to one of these v2 addresses no user is ever going to authenticate it by memorizing the address: Generating a v2 onion address that begins with "protonmail" takes a few hours of GPU. It is absolutely necessary, especially with the new, longer v3 onion domains. > Protonmail even has an SSL cert for that onion address even though it’s completely unnecessary. What privacy, exactly, is TOR providing in this use pattern? Why in the world are you trusting them to host your email if your threat model doesn't include connecting to them over HTTPS? Your endpoint is still a globally identifiable email address that you're going to use their webmail UI to view. ![]() In fact, the only other websites that operate like this are suspected NSA/CIA Honeypots. There are absolutely no technical reasons for this feature. This breaks your secure encrypted connection to their onion address, enabling your identification. When a user makes a new account with Protonmail on TOR they are re-directed from Protonmail’s “.onion” to “.com” address. Protonmail even has an SSL cert for that onion address even though it’s completely unnecessary. > Protonmail has an Onion domain that allows users to visit their site using the TOR browser. The idea of end-to-end encrypted email is ridiculous (and ProtonMail's business model is effectively built on a marketing lie/false advertising), but come on:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |