Introducing ProtonMail's Tor hidden service (opens in new tab)

For those wondering how to generate vanity Tor onion addresses in a more efficient manner (taking advantage of your GPU): https://github.com/lachesis/scallion

>And for those who think Protonmail are the only service with a custom address, think again, because Facebook has one too

facebook, scryptmail, one bitcoin exchange, one bitcoin walled, dozes on blogs and chans, there is GoG instance in Tor as well as GitLab.

For those curious to see a vanity finder written in Go: https://github.com/wybiral/onions

Why does Facebook have a tor address?

Vanity Onion addresses are a bad idea. They teach users to ignore part of the address instead of treating the whole address like an IP address.

The GNU Name System gets this sort of thing correct though.

Whatever happened to the Riseup canary issue?

https://riseup.net/canary

https://news.ycombinator.com/item?id=13007234

ProtonMail won't unite with Tutanota, Roundcube or even GPG over standard for email encryption, why would they setup Tor-Tor messaging?

This is a great idea [your edit]!

And its already being developed by some (not protonmail though). See https://github.com/ehloonion/onionmx

Shouldn't you also add super enforced SSL certificate validation for such a setup? Since SMTP is usually merely opportunistic SSL, any Tor exit node could very easily strip STARTSSL (or just MITM with a fake certificate that doesn't get validated) and you're worse off than running over the normal internet?

I finally switched from Gmail to ProtonMail this month as a New Year's resolution to make my privacy better bit by bit. Haven't tested Fastmail, but I like ProtonMail's simple webmail and the Android client a lot. Happily paying them for the service.

What are your experiences with Fastmail? Do they encrypt all your emails and in which country are their servers located?

Well Protonmail doesn't offer IMAP or SMTP so it's a non-starter for many.

besides the security component, which i can't comment on, protonmail does not have a calendar application...

How so? It seems like it would be just as safe as any type of messaging that uses asymmetric cryptography.

What's the problem with tor + PGP?

There's an argument for providing camouflage in the form of boring traffic on the Tor network to help those that are forced to use it, and whose traffic authoritarian governments and nefarious forces might actually find interesting. Otherwise, all the interesting data is conveniently gathered in one place, any given traffic on Tor is more likely to be interesting, and it makes the bad guys' jobs just a little bit easier.

There's a wide spectrum of personal preference for internet privacy, and if you're the type that doesn't trust your ISP you could potentially use TOR to add an additional layer of anonymity. If you trust your ISP there isn't much point.

Given those constraints, you probably wouldn't. However, the moment your interests become interesting, or the political winds change...

I made an account this month and can confirm this is false. The only external info they ask for is a recovery email address, which was optional.

ProtonMail's verification requirements are determined by a complex system of IP reputation and other factors that are analysed in realtime when the sign up page is rendered. As an e-mail service, one of the most challenging things for ProtonMail is preventing abusive accounts from damaging the service's SMTP sending IP addresses' reputation to the point where deliver-ability becomes impossible with other e-mail service providers. This is especially difficult for e-mail providers that work to deliver privacy, and potentially pseudoanonymity, to users.

The goal of providing a tor gateway is not to protect the contents of the messages from being traced back to a specific ProtonMail account. It's also not to prevent the contents or metadata of those messages from tripping dragnet surveillance programs (such as PRISM). The goal of providing a tor gateway is to protect the individual, through their IP address, from being associated with the ProtonMail account and the metadata and contents of messages sent to and from that account.

For example, say that an individual would face a death sentence for religious preaching activity in the country where they live. They are unconcerned about people discovering the content of their messages or whom is receiving them. But, if they are discovered to be the person responsible for them they would likely be killed. Their sending of the messages through ProtonMail would be protected from observation by ProtonMail's TLS w/ PFS HTTPS encryption. But, their local ISP or government could observe all of their traffic. They could then, through traffic correlation, determine that specific individual was sending encrypted packets to ProtonMail's servers at the exact time various messages were sent. Using Tor would protect this individual's identity. The observers could determine tor traffic and attempt to correlate that with messages if they suspected the individual. But, if he was generating additional tor traffic by running as a relay or browsing other sites with tor the correlation would be extremely difficult.

The reason that ProtonMail set up the .onion site is because accessing ProtonMail over congested exit nodes that may be far from ProtonMail's servers is very slow. The .onion site has dedicated bandwidth directly to ProtonMail's webservers and is located close by in Switzerland. It should be expected that it much faster for users to use the .onion site than exit nodes to access ProtonMail.

In my experience with researching online drug and exploit markets as soon as a reliable Tor-hosted email provider springs up they become the default email provider for almost everybody.

Previously the default provider has been safe-mail.net but they've had a lot of issues. Before that it was TorMail, and the FBI ended up seizing all of those mailboxes since it was hosted at Freedom Hosting (and was an amateur operation) [1]

What it means is that web email providers act more like online dead drops rather than as traditional email providers. PGP use is pretty consistent in these communities - as is rotating keys and email accounts.

[1] I can't recall of the top of my head any indictements that resulted from TorMail being seized.

It doesn't make the messages themselves private, but it may protect the anonymity of the person accessing the email account.

It doesn't.

> Is there any technical reason why they cant use protonmail.onion?

Sure, there is. You can read about it in the Tor Phishing Resistance section of the article.

> Onion site addresses are 16-character hashes of encryption keys that typically look like this: 3ens52v5u7fei76b.onion. The problem is that there is no good way to differentiate between 3ens52v5u7fei76b.onion and 3lqpblf7bsm532xz.onion, as to the human eye, both are equally unrecognizable. This opens up a phishing risk because a phishing site can trivially be created and unless the 16-character random URL is checked carefully each time, users cannot be certain they are visiting the correct onion site. From a usability standpoint, it is not really realistic to expect users to perform this check every single time.

> To bypass this problem, we used ProtonMail’s spare CPU capacity to generate millions of encryption keys and then hashed them, using a “brute force” approach to find a more human readable hash for our onion address. The end result, after expending considerable CPU time, is the following address which is much more resistant to phishing: protonirockerxow.onion as it can be easily remembered as: proton i rocker xow

Hidden service addresses are not just regular domain names resolved via DNS, they're actually a hash of the hidden service's private (edit: public, see below) key. The fancy onion addresses out there (like Facebook's) were generated by doing a whole lot of brute-forcing to find a key that looks cool.

I was looking into possibly switching over from Fastmail while I happened upon the 5 alias limit and couldn't help but chuckle. I'd have to have an acute need for encrypted email to overlook that.

If you are using proton for additional "privacy" don't do that, since it would effectively mean that your adversary can now know your new email identity.

If you don't worry about that, then in all honesty it's somewhat redundant.

I use hushmail because it has PGP integrated into their service, including a PGP client in the webmail, yes they have a copy of my key (you can do PGP over JAVA if you want to keep the key on your computer) and yes since they are HIPAA compliant and a Canadian company they will comply with NSL but those aren't threat models i worry about.

I want to be able to use PGP easily and from anyplace and not worrying about having to carry my key with me, having PGP or GPG installed and fussing around with it if I have to access my mail in an emergency from a device that might not have a full setup.

Whilst I am aware that the NSA and other agencies with similar capabilities are technically adversaries I don't fuss about them, I'm more worried about sending my mail to the wrong person than the NSA reading my mails, if they want to they'll be able too regardless of where I host them, and I would never go toe to toe with some one who's likely to use rubber hose cryptography on me.

Hopefully this will be coming soon!

That's rather impossible or we wouldn't be using weird .onion addresses but just .com (at least before gTLDs became commonplace). Please read up on how they work.

Isn't that true of all of Tor? An extremely attractive target; arguably anyone with the resources, including most state intelligence agencies, would see high value in finding exploits (and not revealing them).

"In addition, your inbox is encrypted with AES-256 which is superior to RSA."

Ha!

https://blog.scryptmail.com/q-a/