#Protonmail has started using #Google #reCAPTCHA: https://github.com/ProtonMail/WebClient/issues/242 And yes, it's also disturbing that they use #Microsoft #Github.
@resist1984 Is nothing safe from the claws of these parasites?
@resist1984 Signal does to, and I don't see anyone caring.
@glitcher32 #Signal has been called out for it: https://github.com/privacytoolsIO/privacytools.io/issues/779
@Salastil The problems w/MS #Github are direct privacy offenses to a small extent (Tor users get bad treatment) & indirect privacy offenses to a large extent (MS profits from privacy abuse so any time you use any of their services you help a privacy abuser's bottom line). Github is also detrimental to quality of #freesoftware by discouraging bug reports:
@Salastil https://infosec.exchange/@bojkotiMalbona/104637098084869887 see also this article for a comprehensive outline on the ethical issues with #Github: https://git.sdf.org/humanacollaborator/humanacollabora/src/branch/master/github.md
@Salastil As for storing email at #Protonmail, that's a non-issue because it's encrypted (e2ee & at rest). If it's unencrypted mail that triggers your comment, that's a valid concern. I have no idea to what extent people use Protonmail for plaintext email. PM-to-PM & PM-to-external-PGP only exposes metadata to mass surveillance programs to the extent that the Swiss jurisdiction has them.
@Salastil For threat models that include targeted surveillance, Protonmail is generally a bad choice because they can selectively push malicious javascript. But there is a control for that: anonymously download #Electronmail. That ensures that you're running the same static js that everyone else is.
@resist1984
The migration continues: Google to Proton to?? Recommendations?
@jpaul it depends on the scenario. The best move for expert users doesn't change, which is to use an ESP like danwin or onionmail w/a PGP-capable MUA like mutt or Thunderbird. For novice users it's non-trivial, but generally #tutanota, #hushmail, or #countermail.
@jpaul Losing #Protonmail is a big loss for expert-to-novice comms b/c an expert can get a novice's PM pubkey & reach them securely w/out having a PM acct themselves. Apart from PM only Hushmail can do that AFAIK & HM is no longer gratis.
@jpaul
I feel/share your pain.
I have serious doubts wrt TB. A while ago there was a widespread encryption bug in mail clients and the only ones not affected were mutt and kmail if HTML-mail was disabled (by default). Thunderbird was affected.
https://mastodon.social/@nwalfield contains various relevant toots. Possibly (a bit) biased, but also knowledgeable.
Could be a (weird) coincidence, but recently got an encrypted email from someone using TB which I couldn't open; sth went wrong
@resist1984
This is concerning, especially considering there are better captcha alternatives and Proton's aim is to provide their own Google-style suite but for the privacy-conscious.
@resist1984
As usual @protonmail promises security and privacy, while not offering it.
I mean it's not even open-source, why does the FLOSS community love it so much?
@gmate8
That's just the website.
I was talking about the servers themselves(the backend) which is closed and was confirmed to stay that way because they belive in security through obscurity.
Also would add that their apps and bridges were cloused source for years after the offical release
@resist1984
#protonmail is a #honeypot.
Follow the money:#EU
@resist1984 hmm I did not know that ty
@resist1984 Wow! This is really, really bad! But at least, they say that they will shift to #hcaptcha "within weeks", which is better but still annoying. I don't understand though why they chose #google #recapcha in the first place.
@resist1984 It’s very disturbing they’re using Google reCAPTCHA, but I understand (although I don’t agree) that they chose GitHub. It’s where the vast majority of developers are. There are people who even think Git and GitHub are the same thing
@resist1984 JFC... I'll be leaving if this is not taken back immediately.
@resist1984 It seems to be gone now.
@resist1984 Nah, it's still there. I'm organizing my getaway.
@tagomago i don't think i've encountered the captcha myself, just saw the issue ticket. You might want to try using #Electronmail to reach your protonmail box, if you aren't already
@resist1984 apparently they at least thought about the consequences and how to reduce the impact. Having it only in an iframe is somewhat acceptable
@resist1984 webmail has a bot problem. is that surprising?
@nergal surprises are a bad thing, but what's going on here is much worse than surprises. It's also wrong to say that bots are a "problem". Just like humans, bots can be either harmful or beneficial.
@nergal People need to stop the bot hate. Comp Sci people at #CarnegieMellon created a robot that harvests #banking websites for #privacy policies, and do an automated comparison to find banks that are relatively more privacy respecting: https://www.vice.com/en/article/9a3nbp/carnegie-melons-bank-privacy-tool-exposes-too-often-opaque-sharing-policies
@nergal That robot found 24 US banks that were illegally sharing consumer data.
@resist1984 Hi! reCaptcha has actually been there since 2014. It’s not new, and few people notice it since it only comes up if that account is being attacked. In 2014, sadly there were no alternatives. However, we are now in the process of switching over to hCaptcha, and this transition should take place in the next few weeks.
@protonmail #hCAPTCHA isn't good either because it discriminates against people with disabilities & impairments. hCAPTCHA is also partnered with #Cloudflare, the web's biggest privacy abuser. #Protonmail users don't want to support privacy abusers. hCAPTCHA also needlessly imposes a GUI & non-free #javascript on users. Plz find a different option than hCAPTCHA.
@resist1984 the google botnet is expanding
@resist1984 I'm sure Protonmail users don't care about some good ol' Google surveillance. 😅 👍