patrick.net

This is a problem because?

If that's real, it gives Google access to everything on the page.

Then Protonmail would not be at all private anymore. It would just be another arm of the Google spyware octopus.

But I have not seen it for myself, maybe this is a hoax. I have a Protonmail account and it does not happen to me.

DO NOT CLICK. I've never seen that, and employing a google tool would defeat the entire purpose of protonmail.

Some sites only show a captcha to visitors which trip their own "bot-heurisitc". For example, maybe visiting from an ip block thats typically used by russian spam farms.

Could be, but in that case they should use hCaptcha and not Google's reCaptcha. Anything but Google.

I forgot my password for the email that I use for patrick.net. when I try repeatedly, I too get recaptcha.

I reported reCaptcha as a bug to Protonmail. I doubt that will change anything.

Shit, I used to like them, and now I don't trust them anymore.

Blue: You can email me at p@patrick.net to change your password.

Thanks Patrick. my username/pw:(..myid..@protonmail.com )/pw_for_patnet for https://patrick.net able to login and works fine. But I forgot pw to be able to login to protonmail.com to access my emails. I will ask in case if I need to change the email.

I still like protonmail, but unfortunately, I'm unable to pay them for my plan. The once use cards I use aren't accepted, all bitcoin sites I tried require identification, and paypal has been a no-go for a year as they also won't all me to transact because they can't identify me. They do have an option to send cash, but that's a bit sketchy, especially overseas.

Guess it's time I setup my own email server...

@NuttBoxer Why would you pay them at all?

The basic plan is free.

I've set up my own email server. Not terribly hard, but not trivial either.

If I like a service, I usually support them financially. I also get the added benefit of multiple emails, which I use to divide me that can be identified from pseudo me.

NuttBoxer says

I still like protonmail, but unfortunately, I'm unable to pay them for my plan. The once use cards I use aren't accepted, all bitcoin sites I tried require identification, and paypal has been a no-go for a year as they also won't all me to transact because they can't identify me. They do have an option to send cash, but that's a bit sketchy, especially overseas.

Guess it's time I setup my own email server...

Where do you stash your cash? Having one credit card is not a bad idea unless you want to be totally incognito, you don't have to have your primary residence as billing address. If you stash cash or pay once cards then one burglary, flood or fire will take it all. Do you bank at all?

mell says

Where do you stash your cash?

Lol, no one should ever answer this question honestly.

I've heard of some clever ways. There was some genius poker player who lived in Vegas and just kept it all in various casino lockboxes. He had no bank accounts at all.

Patrick says

mell says

Where do you stash your cash?

Lol, no one should ever answer this question honestly.

I've heard of some clever ways. There was some genius poker player who lived in Vegas and just kept it all in various casino lockboxes. He had no bank accounts at all.

lol it wasn't meant literally, like tell me the exact location ;) While I can't see any way that is not burdensome, I'm always interested in clever ideas to diversify. But I still think credit cards have a lot of pros, given you have a bank account.

HunterTits says

Could be some spyware or whatever intercepts and redirects to a fake protonmail site, @qroproton ?

Do not think so. I use linux, mozilla, and protonVPN!

Patrick says

I reported reCaptcha as a bug to Protonmail. I doubt that will change anything.

Cool. Here is why protonmail.com uses recaptcha:

https://protonmail.com/support/knowledge-base/human-verification/

"In order to prevent the creation of accounts by spam bots or human spammers, ProtonMail uses a variety of human verification methods. You may be asked to verify using either reCaptcha, Email, or SMS. We have an intelligent algorithm that determines the required verification method based on a number of factors."

I just emailed them too. I was just about to buy their email and vpn too. I told them to let me know it was a mistake and they've created a policy to never use any google products or I'll go elsewhere.

just_passing_through says

I just emailed them too. I was just about to buy their email and vpn too. I told them to let me know it was a mistake and they've created a policy to never use any google products or I'll go elsewhere.

Excelent. Hope they replay back.

@qroproton

They did but I don't find it satisfactory:

Thank you for contacting us.

Please note that our reCaptcha implementation is sandboxed on a separate domain so no data is disclosed. We might look into alternative solutions in the future, but so far, we have found no alternatives that work for our service.

mell says

Where do you stash your cash? Having one credit card is not a bad idea unless you want to be totally incognito, you don't have to have your primary residence as billing address. If you stash cash or pay once cards then one burglary, flood or fire will take it all. Do you bank at all?

I work in the system so I have to bank. I live in a modest dwelling in the country, and drive a beat looking car. If you don't flash wealth, and especially if you live out of the city, unlikely to ever be robbed. The cards I buy are used up within a month, and since I'm spreading those around the internet, and they have a fixed limit, my exposure to online theft is very limited. But if someone was to come calling, I have a gun, and even my 11 year old knows how to pull the slide, aim, and fire.

My alternative would be trusting a system designed to rob me at a time when it's fast approaching collapse, and lose everything. There are many thieves in this world, I'll plan for the ones I know are coming.

qroproton says

Do not think so. I use linux, mozilla, and protonVPN!

I actually deleted Mozilla last night and switched over to Brave. Been hearing some bad stuff about them lately. I did think about protonVPN when I switched providers recently, but don't like keeping too many eggs in one basket. Have you considered installing torBrowser, or using Whonix, or even Brave?

qroproton says

"In order to prevent the creation of accounts by spam bots or human spammers, ProtonMail uses a variety of human verification methods. You may be asked to verify using either reCaptcha, Email, or SMS. We have an intelligent algorithm that determines the required verification method based on a number of factors."

I tried creating a second account last night, they require SMS or donation to open and account. Temp SMS numbers all came up as already registered, and I already mentioned the issues I had with anonymous payment. One of the only privacy focused email providers I found that doesn't require any personal info is msgsafe.io. They have some pretty cool anonymizing features out-of-the-box. Not sure how private it is though, or how well the service works.

just_passing_through says

They did but I don't find it satisfactory:

Thank you for contacting us.

Please note that our reCaptcha implementation is sandboxed on a separate domain so no data is disclosed. We might look into alternative solutions in the future, but so far, we have found no alternatives that work for our service.

They could use hCaptcha.

Patrick says

They could use hCaptcha.

Yes, I told them this initially. I also told them thanks for the fast reply I'll use some other email/vpn service.

I'll say the same if they reply to me.

I didn't file it as a bug, just used their regular contact us addy.

I stopped using Mozilla/Firefox too.

I didn't like them for kicking out Brendan Eich because of his own personal and private donation to a group that wants to keep marriage between men and women. But I didn't stop at that time.

After they changed Firefox so that you cannot stop it from continuously calling home, that's when I stopped.

NuttBoxer says

Guess it's time I setup my own email server...

I've been considering this too.

One thing I worry about is if my email traffic will be sent as plaintext. I haven't looked into this topic much yet, but I know maybe 5ish years ago I read an article about how google was pushing lots of other email providers to setup encrypted email channels with gmail and other large providers, because the default was plaintext, making it really easy to eavesdrop if you can sniff network traffic. If google had to hobnob others to do this, it makes me think email encryption isn't some easy default thing given the current industry tech stack, and that it might require quite a bit of effort.

I'm just talking route point to point encryption, which still lets each mail server node along the route read the email, but prevents those along the network from snooping. Ideally I want end to end encryption, but despite being such a valuable thing to have, we oddly still dont have ubiquity of it. I know ~20 yrs ago I think there was a few end to end email providers like hushmail and ziplip, but you had to send and receive from the same provider. So emailing from hushmail to hotmail was still unencrypted, obviously. I think the gmails who like to read our emails have probably sabotaged the industry, preventing end to end from happening. In fact, now that I think about it, I bet that was google's motivation 5 yrs ago to improve email encrypted routes - I bet they were worried if it were to stay unencrypted, end to end might end up being the solution, preventing gmail from spying. So they improve the situation, making it less of a problem, which makes people less likely to care about e2e.

I think for Linux server email setup there is encryption you can add. I started setting it up one day, then realized it was way more work than a few hours over one weekend. There are really good tutorials, so totally doable, just need some time. And if all mail is stored on your server, and it's just the calls from the individuals using the service to the server, that reduces the surface of attack as long as you've set it up correctly. And I don't think it will work for more than personal emails, as most sites will blacklist personal email domains.

Yes, setting up my own email server was quite a pain in the ass. But after that, it's been pretty hands-off. Just works.

So they replied to my "I'm going elsewhere" reply:

Hello,

Thank you for the follow-up.

Please note that we respect everyone's decision and we will be happy if you ever change your mind and try our ProtonMail service.

You can always follow our blog or social media to get the latest updates: https://protonmail.com/blog/

Feel free to contact us if you need any other assistance regarding our ProtonMail service.

Looks like Protonmail is phasing out Google captcha

https://news.ycombinator.com/item?id=27326961

Yes!

Maybe we are helping Protonmail to become more secure.

Ya looks pretty obvious your emails and suggestion to use hcaptcha resulted in this change.

Good job. And It's good to see protonmail be receptive to good advice.

Nice job Pat! I may reconsider now...

Well, looks like your e-mails had some impact!

Nice!

Bummer. Protonmail now releasing IP addresses to law enforcement.

https://thehackernews.com/2021/09/protonmail-shares-activists-ip-address.html?utm_source=patrick.net&utm_medium=patrick.net&utm_campaign=patrick.net

porkchopexpress says

Bummer. Protonmail now releasing IP addresses to law enforcement.

Sic transit gloria mundi.

They have a tor site, and that's the only way i never access my email. Good luck tracking my IP...