@resist1984 I'm sure Protonmail users don't care about some good ol' Google surveillance. 😅 👍

@resist1984 Is nothing safe from the claws of these parasites?

@resist1984 I think people are a bit misguided when it comes to "privacy" concerns. After a certain point the problem is with the user rather than the service. Using Github is fine, the data is inert and is a simple one-off connection to clone the repo or file an issue. Re-captcha is an issue for sure, but ultimately you're connecting and storing data at Protonmail, you traded privacy for convenience and uptime guarantees. If you're that concerned with privacy host the E-mail yourself.

@Salastil The problems w/MS are direct privacy offenses to a small extent (Tor users get bad treatment) & indirect privacy offenses to a large extent (MS profits from privacy abuse so any time you use any of their services you help a privacy abuser's bottom line). Github is also detrimental to quality of by discouraging bug reports:

@Salastil As for storing email at , that's a non-issue because it's encrypted (e2ee & at rest). If it's unencrypted mail that triggers your comment, that's a valid concern. I have no idea to what extent people use Protonmail for plaintext email. PM-to-PM & PM-to-external-PGP only exposes metadata to mass surveillance programs to the extent that the Swiss jurisdiction has them.

@Salastil For threat models that include targeted surveillance, Protonmail is generally a bad choice because they can selectively push malicious javascript. But there is a control for that: anonymously download . That ensures that you're running the same static js that everyone else is.

The migration continues: Google to Proton to?? Recommendations?

@jpaul it depends on the scenario. The best move for expert users doesn't change, which is to use an ESP like danwin or onionmail w/a PGP-capable MUA like mutt or Thunderbird. For novice users it's non-trivial, but generally , , or .

@jpaul Losing is a big loss for expert-to-novice comms b/c an expert can get a novice's PM pubkey & reach them securely w/out having a PM acct themselves. Apart from PM only Hushmail can do that AFAIK & HM is no longer gratis.

I feel/share your pain.

I have serious doubts wrt TB. A while ago there was a widespread encryption bug in mail clients and the only ones not affected were mutt and kmail if HTML-mail was disabled (by default). Thunderbird was affected.

mastodon.social/@nwalfield contains various relevant toots. Possibly (a bit) biased, but also knowledgeable.

Could be a (weird) coincidence, but recently got an encrypted email from someone using TB which I couldn't open; sth went wrong


This is concerning, especially considering there are better captcha alternatives and Proton's aim is to provide their own Google-style suite but for the privacy-conscious.

As usual @protonmail promises security and privacy, while not offering it.
I mean it's not even open-source, why does the FLOSS community love it so much?

That's just the website.
I was talking about the servers themselves(the backend) which is closed and was confirmed to stay that way because they belive in security through obscurity.

Also would add that their apps and bridges were cloused source for years after the offical release

@resist1984 Wow! This is really, really bad! But at least, they say that they will shift to #hcaptcha "within weeks", which is better but still annoying. I don't understand though why they chose #google #recapcha in the first place.

@resist1984 It’s very disturbing they’re using Google reCAPTCHA, but I understand (although I don’t agree) that they chose GitHub. It’s where the vast majority of developers are. There are people who even think Git and GitHub are the same thing

@resist1984 JFC... I'll be leaving if this is not taken back immediately.

@resist1984 Nah, it's still there. I'm organizing my getaway.

@tagomago i don't think i've encountered the captcha myself, just saw the issue ticket. You might want to try using to reach your protonmail box, if you aren't already

@resist1984 apparently they at least thought about the consequences and how to reduce the impact. Having it only in an iframe is somewhat acceptable

@nergal surprises are a bad thing, but what's going on here is much worse than surprises. It's also wrong to say that bots are a "problem". Just like humans, bots can be either harmful or beneficial.

@nergal People need to stop the bot hate. Comp Sci people at created a robot that harvests websites for policies, and do an automated comparison to find banks that are relatively more privacy respecting: vice.com/en/article/9a3nbp/car

@nergal That robot found 24 US banks that were illegally sharing consumer data.

@resist1984 Hi! reCaptcha has actually been there since 2014. It’s not new, and few people notice it since it only comes up if that account is being attacked. In 2014, sadly there were no alternatives. However, we are now in the process of switching over to hCaptcha, and this transition should take place in the next few weeks.

@protonmail isn't good either because it discriminates against people with disabilities & impairments. hCAPTCHA is also partnered with , the web's biggest privacy abuser. users don't want to support privacy abusers. hCAPTCHA also needlessly imposes a GUI & non-free on users. Plz find a different option than hCAPTCHA.

Sign in to participate in the conversation
Mastodon 🔐 privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!