Zelda Runner

Proton Mail Suffers DDOS Hack

16 posts in this topic

I need to start using it. Just have not taken the time. Thank you Zelda! Hope you are able to retrieve your email! 

1

Share this post


Link to post
Share on other sites

Thank you Zelda! I was wondering what was happening. Well... this makes me think about it's reliability. I just moved to Protonmail but maybe I'm on time to get back to the old Gmail.

1

Share this post


Link to post
Share on other sites
40 minutes ago, Zelda Runner said:

For those using Proton mail, it appears shut down today after suffering a DDOS attack. Tech Crunch reported on it:  https://techcrunch.com/2018/06/27/protonmail-suffers-ddos-attack-that-takes-its-email-service-down-for-minutes/

I follow them on twitter. they have been under siege all week.

0

Share this post


Link to post
Share on other sites
4 minutes ago, eatu55 said:

I follow them on twitter. they have been under siege all week.

This is what they said at about 2:30pm

Screen_Shot_2018_06_28_at_2_59_18_PM.jpg

0

Share this post


Link to post
Share on other sites

Just a quick note, a DDOS isnt a hack or security threat. It's just a denial of service. The point is to overload their website to shut it down. 

1

Share this post


Link to post
Share on other sites

Proton Mail is private and doesn't track like Google so it's still a great way to stay safe and below the radar. It's back up now and Switzerland knows how to handle this kind of stuff. 

2

Share this post


Link to post
Share on other sites
10 hours ago, Zelda Runner said:

Proton Mail is private and doesn't track like Google so it's still a great way to stay safe and below the radar. It's back up now and Switzerland knows how to handle this kind of stuff. 

But they do maintain the data. While they’re “safer” than gmail the emails you send with protonmail still live on a server, and while it’s harder because it requires a Swiss court order they can be compelled to hand over data to the US government since Switzerland and The US have a deal to help each other in situations where data and privacy are concerned. 

Protonmail has in fact been asked by the The US government to hand over user data in the past, and while protonmail has that data the lack of that court order meant they didn’t have to comply. 

So again it’s safer because of the end to end encryption but not an absolute safe haven because existing laws prevent it from being the case. 

0

Share this post


Link to post
Share on other sites
3 hours ago, JoDoe27 said:

But they do maintain the data. While they’re “safer” than gmail the emails you send with protonmail still live on a server, and while it’s harder because it requires a Swiss court order they can be compelled to hand over data to the US government since Switzerland and The US have a deal to help each other in situations where data and privacy are concerned. 

Protonmail has in fact been asked by the The US government to hand over user data in the past, and while protonmail has that data the lack of that court order meant they didn’t have to comply. 

So again it’s safer because of the end to end encryption but not an absolute safe haven because existing laws prevent it from being the case. 

Yes all great points and very true. But as we all know, nothing is fully private in this world when it is posted online. Shows how big the government is and how it continues to grow. At least Proton Mail isn't bombarding with ads and tracking for marketing purposes. 

0

Share this post


Link to post
Share on other sites
3 hours ago, JoDoe27 said:

But they do maintain the data. While they’re “safer” than gmail the emails you send with protonmail still live on a server, and while it’s harder because it requires a Swiss court order they can be compelled to hand over data to the US government since Switzerland and The US have a deal to help each other in situations where data and privacy are concerned. 

Protonmail has in fact been asked by the The US government to hand over user data in the past, and while protonmail has that data the lack of that court order meant they didn’t have to comply. 

So again it’s safer because of the end to end encryption but not an absolute safe haven because existing laws prevent it from being the case. 

But as far as I understand it's not just end to end encryption. The data in the server is encrypted. So even if they want or are forced by any government, they wouldn't be able to access the data stored in their servers. According to their website: "Messages are stored on ProtonMail servers in encrypted format."

0

Share this post


Link to post
Share on other sites
14 minutes ago, Bora Bora said:

But as far as I understand it's not just end to end encryption. The data in the server is encrypted. So even if they want or are forced by any government, they wouldn't be able to access the data stored in their servers. According to their website: "Messages are stored on ProtonMail servers in encrypted format."

True but they’d have the key to uncrypt if needed. If the web service can encrypt they can do the opposite. 

0

Share this post


Link to post
Share on other sites

According to them, they do not. They don't have the key to decrypt the information. It comes encrypted to your browser and it's decrypted right there, on your browser. They explain that here: What is zero-access encryption and why it is important for security

"How does zero-access encryption work?

Zero-access encryption is just what it sounds like: a type of encryption for data at rest that renders digital files inaccessible to the service provider. The files can only be decrypted using the user’s private encryption key. Because the server does not have access to the user’s private encryption key, once the files are encrypted with the user’s public encryption key they are no longer accessible to the server or the server’s owner. When the data owner wants to view their data, they request the encrypted files from the server and decrypt them locally on their device, not on the server."

0

Share this post


Link to post
Share on other sites

Zero-access encryption sounds great for data storage (cloud, backup, etc), but for mail service the key needs to be passed between members of the conversation somehow, either as part of the message or in a separate message.

0

Share this post


Link to post
Share on other sites
15 minutes ago, Bora Bora said:

According to them, they do not. They don't have the key to decrypt the information. It comes encrypted to your browser and it's decrypted right there, on your browser. They explain that here: What is zero-access encryption and why it is important for security

"How does zero-access encryption work?

Zero-access encryption is just what it sounds like: a type of encryption for data at rest that renders digital files inaccessible to the service provider. The files can only be decrypted using the user’s private encryption key. Because the server does not have access to the user’s private encryption key, once the files are encrypted with the user’s public encryption key they are no longer accessible to the server or the server’s owner. When the data owner wants to view their data, they request the encrypted files from the server and decrypt them locally on their device, not on the server."

They must collect some data of sort because their transparency report is on their site. And I could be completely overlooking something  

https://protonmail.com/blog/transparency-report/

“In addition to requests to hand over data, we can also receive requests to retain user data. These requests typically come from the Swiss Federal police when they are asked to assist in a domestic or international investigation. In these circumstances, we may be asked to permanently retain a copy of user data to prevent the destruction of evidence in an ongoing criminal investigation. However, this data is only retained, and is NOT handed over to any third parties.

Under Swiss law, ProtonMail can only turn over user data if we receive a request from a Swiss court that is approved by the judge. ProtonMail can only hand over encrypted messages as we do not have the ability to decrypt user messages. Further details are available here. As a result, we frequently answer requests by stating that we have no useful information.”

Edited by JoDoe27
1

Share this post


Link to post
Share on other sites
6 minutes ago, JoDoe27 said:

They must collect some data of sort because their transparency report is on their site. And I could be completely overlooking something  

https://protonmail.com/blog/transparency-report/

“In addition to requests to hand over data, we can also receive requests to retain user data. These requests typically come from the Swiss Federal police when they are asked to assist in a domestic or international investigation. In these circumstances, we may be asked to permanently retain a copy of user data to prevent the destruction of evidence in an ongoing criminal investigation. However, this data is only retained, and is NOT handed over to any third parties.

Under Swiss law, ProtonMail can only turn over user data if we receive a request from a Swiss court that is approved by the judge. ProtonMail can only hand over encrypted messages as we do not have the ability to decrypt user messages. Further details are available here. As a result, we frequently answer requests by stating that we have no useful information.”

I think this is enough security for people in the hobby that are not trafficking or things like that. It's a long a difficult process: a US court has to request the Swiss court, the Swiss court requests the data to Protonmail, Protonmail give the encrypted info, and then a hacker somewhere in the US legal system will try to decrypt the info.

Good enough for me! :)

1

Share this post


Link to post
Share on other sites
39 minutes ago, Bora Bora said:

I think this is enough security for people in the hobby that are not trafficking or things like that. It's a long a difficult process: a US court has to request the Swiss court, the Swiss court requests the data to Protonmail, Protonmail give the encrypted info, and then a hacker somewhere in the US legal system will try to decrypt the info.

Good enough for me! :)

Very true. I was posting more as a clarification than anything else. Thanks for your input. 

0

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now