4
0

Protonmail login reCAPTCHA, WTF?


 invite response                
2021 May 17, 7:27am   3,372 views  50 comments

by qroproton   ➕follow (1)   💰tip   ignore  

« First        Comments 11 - 50 of 50        Search these comments

11   fdhfoiehfeoi   2021 May 17, 6:08pm  

If I like a service, I usually support them financially. I also get the added benefit of multiple emails, which I use to divide me that can be identified from pseudo me.
12   mell   2021 May 17, 6:09pm  

NuttBoxer says
I still like protonmail, but unfortunately, I'm unable to pay them for my plan. The once use cards I use aren't accepted, all bitcoin sites I tried require identification, and paypal has been a no-go for a year as they also won't all me to transact because they can't identify me. They do have an option to send cash, but that's a bit sketchy, especially overseas.

Guess it's time I setup my own email server...


Where do you stash your cash? Having one credit card is not a bad idea unless you want to be totally incognito, you don't have to have your primary residence as billing address. If you stash cash or pay once cards then one burglary, flood or fire will take it all. Do you bank at all?
13   Patrick   2021 May 17, 6:38pm  

mell says
Where do you stash your cash?


Lol, no one should ever answer this question honestly.

I've heard of some clever ways. There was some genius poker player who lived in Vegas and just kept it all in various casino lockboxes. He had no bank accounts at all.
14   mell   2021 May 17, 6:58pm  

Patrick says
mell says
Where do you stash your cash?


Lol, no one should ever answer this question honestly.

I've heard of some clever ways. There was some genius poker player who lived in Vegas and just kept it all in various casino lockboxes. He had no bank accounts at all.


lol it wasn't meant literally, like tell me the exact location ;) While I can't see any way that is not burdensome, I'm always interested in clever ideas to diversify. But I still think credit cards have a lot of pros, given you have a bank account.
15   qroproton   2021 May 17, 7:45pm  

HunterTits says
Could be some spyware or whatever intercepts and redirects to a fake protonmail site, @qroproton ?
Do not think so. I use linux, mozilla, and protonVPN!
16   qroproton   2021 May 17, 7:50pm  

Patrick says
I reported reCaptcha as a bug to Protonmail. I doubt that will change anything.
Cool. Here is why protonmail.com uses recaptcha:

https://protonmail.com/support/knowledge-base/human-verification/

"In order to prevent the creation of accounts by spam bots or human spammers, ProtonMail uses a variety of human verification methods. You may be asked to verify using either reCaptcha, Email, or SMS. We have an intelligent algorithm that determines the required verification method based on a number of factors."
17   Maga_Chaos_Monkey   2021 May 17, 8:43pm  

I just emailed them too. I was just about to buy their email and vpn too. I told them to let me know it was a mistake and they've created a policy to never use any google products or I'll go elsewhere.
18   qroproton   2021 May 18, 6:24am  

just_passing_through says
I just emailed them too. I was just about to buy their email and vpn too. I told them to let me know it was a mistake and they've created a policy to never use any google products or I'll go elsewhere.
Excelent. Hope they replay back.
19   Maga_Chaos_Monkey   2021 May 18, 8:07am  

@qroproton

They did but I don't find it satisfactory:

Thank you for contacting us.

Please note that our reCaptcha implementation is sandboxed on a separate domain so no data is disclosed. We might look into alternative solutions in the future, but so far, we have found no alternatives that work for our service.
20   fdhfoiehfeoi   2021 May 18, 8:08am  

mell says
Where do you stash your cash? Having one credit card is not a bad idea unless you want to be totally incognito, you don't have to have your primary residence as billing address. If you stash cash or pay once cards then one burglary, flood or fire will take it all. Do you bank at all?


I work in the system so I have to bank. I live in a modest dwelling in the country, and drive a beat looking car. If you don't flash wealth, and especially if you live out of the city, unlikely to ever be robbed. The cards I buy are used up within a month, and since I'm spreading those around the internet, and they have a fixed limit, my exposure to online theft is very limited. But if someone was to come calling, I have a gun, and even my 11 year old knows how to pull the slide, aim, and fire.

My alternative would be trusting a system designed to rob me at a time when it's fast approaching collapse, and lose everything. There are many thieves in this world, I'll plan for the ones I know are coming.
21   fdhfoiehfeoi   2021 May 18, 8:12am  

qroproton says
Do not think so. I use linux, mozilla, and protonVPN!


I actually deleted Mozilla last night and switched over to Brave. Been hearing some bad stuff about them lately. I did think about protonVPN when I switched providers recently, but don't like keeping too many eggs in one basket. Have you considered installing torBrowser, or using Whonix, or even Brave?
22   fdhfoiehfeoi   2021 May 18, 8:15am  

qroproton says
"In order to prevent the creation of accounts by spam bots or human spammers, ProtonMail uses a variety of human verification methods. You may be asked to verify using either reCaptcha, Email, or SMS. We have an intelligent algorithm that determines the required verification method based on a number of factors."


I tried creating a second account last night, they require SMS or donation to open and account. Temp SMS numbers all came up as already registered, and I already mentioned the issues I had with anonymous payment. One of the only privacy focused email providers I found that doesn't require any personal info is msgsafe.io. They have some pretty cool anonymizing features out-of-the-box. Not sure how private it is though, or how well the service works.
23   Patrick   2021 May 18, 8:42am  

just_passing_through says
They did but I don't find it satisfactory:

Thank you for contacting us.

Please note that our reCaptcha implementation is sandboxed on a separate domain so no data is disclosed. We might look into alternative solutions in the future, but so far, we have found no alternatives that work for our service.



They could use hCaptcha.
24   Maga_Chaos_Monkey   2021 May 18, 8:44am  

Patrick says
They could use hCaptcha.


Yes, I told them this initially. I also told them thanks for the fast reply I'll use some other email/vpn service.
25   Patrick   2021 May 18, 8:47am  

I'll say the same if they reply to me.
26   Maga_Chaos_Monkey   2021 May 18, 8:47am  

I didn't file it as a bug, just used their regular contact us addy.
27   Patrick   2021 May 18, 9:20am  

I stopped using Mozilla/Firefox too.

I didn't like them for kicking out Brendan Eich because of his own personal and private donation to a group that wants to keep marriage between men and women. But I didn't stop at that time.

After they changed Firefox so that you cannot stop it from continuously calling home, that's when I stopped.
28   Hircus   2021 May 18, 10:46am  

NuttBoxer says
Guess it's time I setup my own email server...


I've been considering this too.

One thing I worry about is if my email traffic will be sent as plaintext. I haven't looked into this topic much yet, but I know maybe 5ish years ago I read an article about how google was pushing lots of other email providers to setup encrypted email channels with gmail and other large providers, because the default was plaintext, making it really easy to eavesdrop if you can sniff network traffic. If google had to hobnob others to do this, it makes me think email encryption isn't some easy default thing given the current industry tech stack, and that it might require quite a bit of effort.

I'm just talking route point to point encryption, which still lets each mail server node along the route read the email, but prevents those along the network from snooping. Ideally I want end to end encryption, but despite being such a valuable thing to have, we oddly still dont have ubiquity of it. I know ~20 yrs ago I think there was a few end to end email providers like hushmail and ziplip, but you had to send and receive from the same provider. So emailing from hushmail to hotmail was still unencrypted, obviously. I think the gmails who like to read our emails have probably sabotaged the industry, preventing end to end from happening. In fact, now that I think about it, I bet that was google's motivation 5 yrs ago to improve email encrypted routes - I bet they were worried if it were to stay unencrypted, end to end might end up being the solution, preventing gmail from spying. So they improve the situation, making it less of a problem, which makes people less likely to care about e2e.
29   fdhfoiehfeoi   2021 May 18, 10:58am  

I think for Linux server email setup there is encryption you can add. I started setting it up one day, then realized it was way more work than a few hours over one weekend. There are really good tutorials, so totally doable, just need some time. And if all mail is stored on your server, and it's just the calls from the individuals using the service to the server, that reduces the surface of attack as long as you've set it up correctly. And I don't think it will work for more than personal emails, as most sites will blacklist personal email domains.
30   Patrick   2021 May 18, 6:47pm  

Yes, setting up my own email server was quite a pain in the ass. But after that, it's been pretty hands-off. Just works.
31   Maga_Chaos_Monkey   2021 May 19, 8:03am  

So they replied to my "I'm going elsewhere" reply:

Hello,

Thank you for the follow-up.

Please note that we respect everyone's decision and we will be happy if you ever change your mind and try our ProtonMail service.

You can always follow our blog or social media to get the latest updates: https://protonmail.com/blog/

Feel free to contact us if you need any other assistance regarding our ProtonMail service.
32   porkchopXpress   2021 May 29, 1:29pm  

Looks like Protonmail is phasing out Google captcha

https://news.ycombinator.com/item?id=27326961
33   Patrick   2021 May 29, 1:43pm  

Yes!

Maybe we are helping Protonmail to become more secure.
34   Hircus   2021 May 30, 9:43am  

Ya looks pretty obvious your emails and suggestion to use hcaptcha resulted in this change.

Good job. And It's good to see protonmail be receptive to good advice.
35   Maga_Chaos_Monkey   2021 May 30, 10:18pm  

Nice job Pat! I may reconsider now...
36   qroproton   2021 Jun 24, 7:43pm  

Well, looks like your e-mails had some impact!

37   Patrick   2021 Jun 24, 7:45pm  

Nice!
39   Eric Holder   2021 Sep 7, 11:40am  

porkchopexpress says
Bummer. Protonmail now releasing IP addresses to law enforcement.


Sic transit gloria mundi.
40   fdhfoiehfeoi   2021 Sep 7, 12:41pm  

They have a tor site, and that's the only way i never access my email. Good luck tracking my IP...
41   Patrick   2021 Sep 7, 12:45pm  

By default, we do not keep any IP logs which can be linked to your anonymous email account.


Lol, by default.

But at soon as someone objects to gentrification in Switzerland (that's the criminal charge it seems) then Protonmail does indeed track your IP address.
42   porkchopXpress   2021 Sep 7, 1:18pm  

I don't do anything illegal, so meh...but still
43   fdhfoiehfeoi   2021 Sep 7, 2:45pm  

porkchopexpress says
I don't do anything illegal, so meh...but still


By whose definition? I'd strongly advise against relying on the law to shield you, as that can be re-written at any point, and your past can suddenly make you a criminal.
44   porkchopXpress   2021 Sep 7, 3:12pm  

NuttBoxer says
porkchopexpress says
I don't do anything illegal, so meh...but still


By whose definition? I'd strongly advise against relying on the law to shield you, as that can be re-written at any point, and your past can suddenly make you a criminal.
Tis true
45   Patrick   2021 Sep 7, 4:08pm  

The real question is whether you can trust the government.

After all this mandate shit and obvious corruption at the CDC/FDA/NIH, the answer is obviously NO.
46   fdhfoiehfeoi   2021 Sep 8, 8:17am  

I was unable to load the Tor address for protonmail this morning. Tor site sometimes go down, but the timing certainly leaves questions.
48   Patrick   2021 Sep 30, 9:42pm  

Maybe time to move on to tox like @RichWicks introduced us to:

https://tox.chat/faq.html
49   HeadSet   2021 Oct 1, 7:09am  

NuttBoxer says
By whose definition? I'd strongly advise against relying on the law to shield you, as that can be re-written at any point, and your past can suddenly make you a criminal.

Absolutely right. I had made some videos about how my company can provide transportation for blind or wheelchair bound folks, and so on. These videos were shown to various agencies who thought the firms were excellent, so they decided to show these videos to a group of city officials in a large auditorium downtown. I had put the films on a Windows laptop so a manager could take it to the auditorium and use their projector. I was not there when it was played, but when the videos finished the manager did not turn off the computer. He just left it running until the video player finally quit and displayed the main Windows desktop. The desktop had the folder where I had put the video, and I had named the folder "CrippleFilms." Well, apparently "cripple" is a bad word now, despite being in the dictionary and not labeled as disparaging in any reference. My boss got calls from city officials and an attorney or two who wanted me fired. None of the blind or wheelchair folks I had worked with making the videos were offended, just the officials. I did not get fired, but instead was given a day off without pay.
50   Patrick   2021 Oct 1, 12:06pm  

HeadSet says
I did not get fired, but instead was given a day off without pay.


Late in my career, I would have considered a day off without pay as a bonus, because benefits continue and time off was becoming the most valuable thing to me.

Now I have all my days off, and I'm very happy with that because it gives me time to do the things I've always wanted to do, like working more on this site and my other personal projects.

« First        Comments 11 - 50 of 50        Search these comments

Please register to comment:

api   best comments   contact   latest images   memes   one year ago   random   suggestions   gaiste