please check out the anti-mandate news »

« prev   random   next »

4
0

Protonmail login reCAPTCHA, WTF?

By qroproton follow qroproton   2021 May 17, 7:27am 839 views   52 comments   watch   nsfw   quote   share      


« First    « Previous    Comments 13 - 52 of 52    Last »

13   mell   ignore (6)   2021 May 17, 6:09pm     ↓ dislike (0)   quote   flag        

NuttBoxer says
I still like protonmail, but unfortunately, I'm unable to pay them for my plan. The once use cards I use aren't accepted, all bitcoin sites I tried require identification, and paypal has been a no-go for a year as they also won't all me to transact because they can't identify me. They do have an option to send cash, but that's a bit sketchy, especially overseas.

Guess it's time I setup my own email server...


Where do you stash your cash? Having one credit card is not a bad idea unless you want to be totally incognito, you don't have to have your primary residence as billing address. If you stash cash or pay once cards then one burglary, flood or fire will take it all. Do you bank at all?
14   Patrick   ignore (1)   2021 May 17, 6:38pm     ↓ dislike (0)   quote   flag        

mell says
Where do you stash your cash?


Lol, no one should ever answer this question honestly.

I've heard of some clever ways. There was some genius poker player who lived in Vegas and just kept it all in various casino lockboxes. He had no bank accounts at all.
15   mell   ignore (6)   2021 May 17, 6:58pm     ↓ dislike (0)   quote   flag        

Patrick says
mell says
Where do you stash your cash?


Lol, no one should ever answer this question honestly.

I've heard of some clever ways. There was some genius poker player who lived in Vegas and just kept it all in various casino lockboxes. He had no bank accounts at all.


lol it wasn't meant literally, like tell me the exact location ;) While I can't see any way that is not burdensome, I'm always interested in clever ideas to diversify. But I still think credit cards have a lot of pros, given you have a bank account.
16   qroproton   ignore (0)   2021 May 17, 7:45pm     ↓ dislike (0)   quote   flag        

HunterTits says
Could be some spyware or whatever intercepts and redirects to a fake protonmail site, @qroproton ?
Do not think so. I use linux, mozilla, and protonVPN!
17   qroproton   ignore (0)   2021 May 17, 7:50pm     ↓ dislike (0)   quote   flag        

Patrick says
I reported reCaptcha as a bug to Protonmail. I doubt that will change anything.
Cool. Here is why protonmail.com uses recaptcha:

https://protonmail.com/support/knowledge-base/human-verification/

"In order to prevent the creation of accounts by spam bots or human spammers, ProtonMail uses a variety of human verification methods. You may be asked to verify using either reCaptcha, Email, or SMS. We have an intelligent algorithm that determines the required verification method based on a number of factors."
18   FJB   ignore (9)   2021 May 17, 8:43pm     ↓ dislike (0)   quote   flag        

I just emailed them too. I was just about to buy their email and vpn too. I told them to let me know it was a mistake and they've created a policy to never use any google products or I'll go elsewhere.
19   qroproton   ignore (0)   2021 May 18, 6:24am     ↓ dislike (0)   quote   flag        

just_passing_through says
I just emailed them too. I was just about to buy their email and vpn too. I told them to let me know it was a mistake and they've created a policy to never use any google products or I'll go elsewhere.
Excelent. Hope they replay back.
20   FJB   ignore (9)   2021 May 18, 8:07am     ↓ dislike (0)   quote   flag        

@qroproton

They did but I don't find it satisfactory:

Thank you for contacting us.

Please note that our reCaptcha implementation is sandboxed on a separate domain so no data is disclosed. We might look into alternative solutions in the future, but so far, we have found no alternatives that work for our service.
21   NuttBoxer   ignore (3)   2021 May 18, 8:08am     ↓ dislike (0)   quote   flag        

mell says
Where do you stash your cash? Having one credit card is not a bad idea unless you want to be totally incognito, you don't have to have your primary residence as billing address. If you stash cash or pay once cards then one burglary, flood or fire will take it all. Do you bank at all?


I work in the system so I have to bank. I live in a modest dwelling in the country, and drive a beat looking car. If you don't flash wealth, and especially if you live out of the city, unlikely to ever be robbed. The cards I buy are used up within a month, and since I'm spreading those around the internet, and they have a fixed limit, my exposure to online theft is very limited. But if someone was to come calling, I have a gun, and even my 11 year old knows how to pull the slide, aim, and fire.

My alternative would be trusting a system designed to rob me at a time when it's fast approaching collapse, and lose everything. There are many thieves in this world, I'll plan for the ones I know are coming.
22   NuttBoxer   ignore (3)   2021 May 18, 8:12am     ↓ dislike (0)   quote   flag        

qroproton says
Do not think so. I use linux, mozilla, and protonVPN!


I actually deleted Mozilla last night and switched over to Brave. Been hearing some bad stuff about them lately. I did think about protonVPN when I switched providers recently, but don't like keeping too many eggs in one basket. Have you considered installing torBrowser, or using Whonix, or even Brave?
23   NuttBoxer   ignore (3)   2021 May 18, 8:15am     ↓ dislike (0)   quote   flag        

qroproton says
"In order to prevent the creation of accounts by spam bots or human spammers, ProtonMail uses a variety of human verification methods. You may be asked to verify using either reCaptcha, Email, or SMS. We have an intelligent algorithm that determines the required verification method based on a number of factors."


I tried creating a second account last night, they require SMS or donation to open and account. Temp SMS numbers all came up as already registered, and I already mentioned the issues I had with anonymous payment. One of the only privacy focused email providers I found that doesn't require any personal info is msgsafe.io. They have some pretty cool anonymizing features out-of-the-box. Not sure how private it is though, or how well the service works.
24   Patrick   ignore (1)   2021 May 18, 8:42am     ↓ dislike (0)   quote   flag        

just_passing_through says
They did but I don't find it satisfactory:

Thank you for contacting us.

Please note that our reCaptcha implementation is sandboxed on a separate domain so no data is disclosed. We might look into alternative solutions in the future, but so far, we have found no alternatives that work for our service.



They could use hCaptcha.
25   FJB   ignore (9)   2021 May 18, 8:44am     ↓ dislike (0)   quote   flag        

Patrick says
They could use hCaptcha.


Yes, I told them this initially. I also told them thanks for the fast reply I'll use some other email/vpn service.
26   Patrick   ignore (1)   2021 May 18, 8:47am     ↓ dislike (0)   quote   flag        

I'll say the same if they reply to me.
27   FJB   ignore (9)   2021 May 18, 8:47am     ↓ dislike (0)   quote   flag        

I didn't file it as a bug, just used their regular contact us addy.
28   Patrick   ignore (1)   2021 May 18, 9:20am     ↓ dislike (0)   quote   flag        

I stopped using Mozilla/Firefox too.

I didn't like them for kicking out Brendan Eich because of his own personal and private donation to a group that wants to keep marriage between men and women. But I didn't stop at that time.

After they changed Firefox so that you cannot stop it from continuously calling home, that's when I stopped.
29   Hircus   ignore (0)   2021 May 18, 10:46am     ↓ dislike (0)   quote   flag        

NuttBoxer says
Guess it's time I setup my own email server...


I've been considering this too.

One thing I worry about is if my email traffic will be sent as plaintext. I haven't looked into this topic much yet, but I know maybe 5ish years ago I read an article about how google was pushing lots of other email providers to setup encrypted email channels with gmail and other large providers, because the default was plaintext, making it really easy to eavesdrop if you can sniff network traffic. If google had to hobnob others to do this, it makes me think email encryption isn't some easy default thing given the current industry tech stack, and that it might require quite a bit of effort.

I'm just talking route point to point encryption, which still lets each mail server node along the route read the email, but prevents those along the network from snooping. Ideally I want end to end encryption, but despite being such a valuable thing to have, we oddly still dont have ubiquity of it. I know ~20 yrs ago I think there was a few end to end email providers like hushmail and ziplip, but you had to send and receive from the same provider. So emailing from hushmail to hotmail was still unencrypted, obviously. I think the gmails who like to read our emails have probably sabotaged the industry, preventing end to end from happening. In fact, now that I think about it, I bet that was google's motivation 5 yrs ago to improve email encrypted routes - I bet they were worried if it were to stay unencrypted, end to end might end up being the solution, preventing gmail from spying. So they improve the situation, making it less of a problem, which makes people less likely to care about e2e.
30   NuttBoxer   ignore (3)   2021 May 18, 10:58am     ↓ dislike (0)   quote   flag        

I think for Linux server email setup there is encryption you can add. I started setting it up one day, then realized it was way more work than a few hours over one weekend. There are really good tutorials, so totally doable, just need some time. And if all mail is stored on your server, and it's just the calls from the individuals using the service to the server, that reduces the surface of attack as long as you've set it up correctly. And I don't think it will work for more than personal emails, as most sites will blacklist personal email domains.
31   Patrick   ignore (1)   2021 May 18, 6:47pm     ↓ dislike (0)   quote   flag        

Yes, setting up my own email server was quite a pain in the ass. But after that, it's been pretty hands-off. Just works.
32   FJB   ignore (9)   2021 May 19, 8:03am     ↓ dislike (0)   quote   flag        

So they replied to my "I'm going elsewhere" reply:

Hello,

Thank you for the follow-up.

Please note that we respect everyone's decision and we will be happy if you ever change your mind and try our ProtonMail service.

You can always follow our blog or social media to get the latest updates: https://protonmail.com/blog/

Feel free to contact us if you need any other assistance regarding our ProtonMail service.
33   porkchopexpress   ignore (0)   2021 May 29, 1:29pm     ↓ dislike (0)   quote   flag        

Looks like Protonmail is phasing out Google captcha

https://news.ycombinator.com/item?id=27326961
35   Patrick   ignore (1)   2021 May 29, 1:43pm     ↓ dislike (0)   quote   flag        

Yes!

Maybe we are helping Protonmail to become more secure.
36   Hircus   ignore (0)   2021 May 30, 9:43am     ↓ dislike (0)   quote   flag        

Ya looks pretty obvious your emails and suggestion to use hcaptcha resulted in this change.

Good job. And It's good to see protonmail be receptive to good advice.
37   FJB   ignore (9)   2021 May 30, 10:18pm     ↓ dislike (0)   quote   flag        

Nice job Pat! I may reconsider now...
38   qroproton   ignore (0)   2021 Jun 24, 7:43pm     ↓ dislike (0)   quote   flag        

Well, looks like your e-mails had some impact!

41   Eric Holder   ignore (1)   2021 Sep 7, 11:40am     ↓ dislike (0)   quote   flag        

porkchopexpress says
Bummer. Protonmail now releasing IP addresses to law enforcement.


Sic transit gloria mundi.
42   NuttBoxer   ignore (3)   2021 Sep 7, 12:41pm     ↓ dislike (0)   quote   flag        

They have a tor site, and that's the only way i never access my email. Good luck tracking my IP...
43   Patrick   ignore (1)   2021 Sep 7, 12:45pm     ↓ dislike (0)   quote   flag        

By default, we do not keep any IP logs which can be linked to your anonymous email account.


Lol, by default.

But at soon as someone objects to gentrification in Switzerland (that's the criminal charge it seems) then Protonmail does indeed track your IP address.
44   porkchopexpress   ignore (0)   2021 Sep 7, 1:18pm     ↓ dislike (0)   quote   flag        

I don't do anything illegal, so meh...but still
45   NuttBoxer   ignore (3)   2021 Sep 7, 2:45pm     ↓ dislike (0)   quote   flag        

porkchopexpress says
I don't do anything illegal, so meh...but still


By whose definition? I'd strongly advise against relying on the law to shield you, as that can be re-written at any point, and your past can suddenly make you a criminal.
46   porkchopexpress   ignore (0)   2021 Sep 7, 3:12pm     ↓ dislike (0)   quote   flag        

NuttBoxer says
porkchopexpress says
I don't do anything illegal, so meh...but still


By whose definition? I'd strongly advise against relying on the law to shield you, as that can be re-written at any point, and your past can suddenly make you a criminal.
Tis true
47   Patrick   ignore (1)   2021 Sep 7, 4:08pm     ↓ dislike (0)   quote   flag        

The real question is whether you can trust the government.

After all this mandate shit and obvious corruption at the CDC/FDA/NIH, the answer is obviously NO.
48   NuttBoxer   ignore (3)   2021 Sep 8, 8:17am     ↓ dislike (0)   quote   flag        

I was unable to load the Tor address for protonmail this morning. Tor site sometimes go down, but the timing certainly leaves questions.
50   Patrick   ignore (1)   2021 Sep 30, 9:42pm     ↓ dislike (0)   quote   flag        

Maybe time to move on to tox like @RichWicks introduced us to:

https://tox.chat/faq.html
51   HeadSet   ignore (3)   2021 Oct 1, 7:09am     ↓ dislike (0)   quote   flag        

NuttBoxer says
By whose definition? I'd strongly advise against relying on the law to shield you, as that can be re-written at any point, and your past can suddenly make you a criminal.

Absolutely right. I had made some videos about how my company can provide transportation for blind or wheelchair bound folks, and so on. These videos were shown to various agencies who thought the firms were excellent, so they decided to show these videos to a group of city officials in a large auditorium downtown. I had put the films on a Windows laptop so a manager could take it to the auditorium and use their projector. I was not there when it was played, but when the videos finished the manager did not turn off the computer. He just left it running until the video player finally quit and displayed the main Windows desktop. The desktop had the folder where I had put the video, and I had named the folder "CrippleFilms." Well, apparently "cripple" is a bad word now, despite being in the dictionary and not labeled as disparaging in any reference. My boss got calls from city officials and an attorney or two who wanted me fired. None of the blind or wheelchair folks I had worked with making the videos were offended, just the officials. I did not get fired, but instead was given a day off without pay.
52   Patrick   ignore (1)   2021 Oct 1, 12:06pm     ↓ dislike (0)   quote   flag        

HeadSet says
I did not get fired, but instead was given a day off without pay.


Late in my career, I would have considered a day off without pay as a bonus, because benefits continue and time off was becoming the most valuable thing to me.

Now I have all my days off, and I'm very happy with that because it gives me time to do the things I've always wanted to do, like working more on this site and my other personal projects.

« First    « Previous    Comments 13 - 52 of 52    Last »


about   best comments   contact   one year ago   suggestions