Fix inaccuracy with protonmail's tor support about privacyguides.org HOT 9 CLOSED

The point of a .onion domain is to use it right? Also protonmail does not provide the option for captcha on tor, try it.
An anonymous phone number costs money to setup and for a "free" platform its a pay-based hurdle which is just an extra step.

from privacyguides.org.

Protonmail only supports the .onion URL for signing in and onwards. They force the surface web domain for signing up

This isn't really much of an issue as Tor still works without having to use a .onion domain. Contrary to what some people have said, having to use the surface web does not in fact de-anonymize users. Although it is weird that Protonmail does so.

The main reason one would want to connect to a .onion domain in the first place is mainly to avoid having to trust certificates.

They support CAPTCHAs but tor does not work with CAPTCHAs so the only way to sign up using tor is either by using another browser or using a phone number which leaks information.

Tor Browsers works with all major CAPTCHAs like RECAPTCHA and hCAPTCHA. I'm not sure where your getting the information that Tor Browser doesn't work with CAPTCHAs.

Giving out your phone number can also not be an issue as long as you use an anonymous phone number.

from privacyguides.org.

Protonmail only supports the .onion URL for signing in and onwards. They force the surface web domain for signing up

This isn't really much of an issue as Tor still works without having to use a .onion domain. Contrary to what some people have said, having to use the surface web does not in fact de-anonymize users. Although it is weird that Protonmail does so.

It does however severely weaken Tor by having only 3 vs 6 hops and expose new user to not encrypted (except TLS) and maybe even malicious (SSL Stripping attack) exit nodes. AFAIK even the Tor project themselves strongly recommend using onions services wherever possible because that's what Tor has been build for.

The main reason one would want to connect to a .onion domain in the first place is mainly to avoid having to trust certificates.

That is only one of many reasons for using TOR. Besides being more censorship resistant it also prevents MITM attacks or other ears dropping and of course makes you anonymous.

They support CAPTCHAs but tor does not work with CAPTCHAs so the only way to sign up using tor is either by using another browser or using a phone number which leaks information.

Tor Browsers works with all major CAPTCHAs like RECAPTCHA and hCAPTCHA. I'm not sure where your getting the information that Tor Browser doesn't work with CAPTCHAs.

Giving out your phone number can also not be an issue as long as you use an anonymous phone number.

The problem is that Protonmail seem to block the captcha verification method for the majority(?) of exit nodes and only allows email or phone verification. You can test it yourself and see how many times you need to get a new tor identity before the option appears. TBH i'm not even sure they still have the captcha option over TOR since i have not seen that option even once for some time.

Regardless, the description should be changed since its factually incorrect. I think it would even make sense to give a notice that its only possible to sign up for new accounts on there clearnet site.

from privacyguides.org.

The point of a .onion domain is to use it right? Also protonmail does not provide the option for captcha on tor, try it. An anonymous phone number costs money to setup and for a "free" platform its a pay-based hurdle which is just an extra step.

FYI you can use throwaway email provider for verification but some of them are blocked by PM.

from privacyguides.org.

I will be responding to multiple comments by @peepopoggers and @DarkMahesvara.

#Comment 1 by @peepopoggers

The point of a .onion domain is to use it right? Also protonmail does not provide the option for captcha on tor, try it. An anonymous phone number costs money to setup and for a "free" platform its a pay-based hurdle which is just an extra step.

I do agree that having a .onion domain for the subdomain account.protonmail.com rather than the main domain protonmail.com is a weird choice, but until there is evidence that shows malicious intent then I don't think a warning should be added. I think doing a minor description change would be best as I will explain below.

I agree that using an anonymous phone number would be too much of a hurdle. I just wanted to add the tip into the discussion in case you encountered the problem you're outlying yourself and was in need of a way to setup an anonymous ProtonMail account.

#Comment 2 by @DarkMahesvara

It does however severely weaken Tor by having only 3 vs 6 hops and expose new user to not encrypted (except TLS) and maybe even malicious (SSL Stripping attack) exit nodes. AFAIK even the Tor project themselves strongly recommend using onions services wherever possible because that's what Tor has been build for.

1. I do agree that it does weaken Tor by using only 3 hops over 6 but I think further context is necessary here. You could say 512 bits of security is severely better than 256 but 256 is more than adequate for long term storage. The same reasoning applies here, i.e Tor functions perfectly fine with 3 hops over 6.

2. I think I already covered this in my previous comment but if I wasn't clear enough then apologies. Yes, pretty much anything related to TLS/SSL can be used as an attack method when not connecting to a .onion domain. Which is the main reason one would want to use a .onion domain over a normal clearnet one.

3. I'm not sure that Tor was solely built for dark web usage and even if it was I think Tor's main use case is it's mixing/ability to use it while browsing the clearnet.

That is only one of many reasons for using TOR. Besides being more censorship resistant it also prevents MITM attacks or other ears dropping and of course makes you anonymous.

I wasn't implying against the use of Tor but rather implying that using a .onion domain would mainly be used to ward off TLS/SSL attacks. i.e the use of Tor is perfectly fine without using a .onion domain.

The problem is that Protonmail seem to block the captcha verification method for the majority(?) of exit nodes and only allows email or phone verification. You can test it yourself and see how many times you need to get a new tor identity before the option appears. TBH i'm not even sure they still have the captcha option over TOR since i have not seen that option even once for some time.

I think I can relate to this. I have yet to have the ability to use CAPTCHAs as a verification method although that could be because I only ever use Tor for browsing nowadays.

Although I do think this is less of my fault and more with OP as OP claimed that Tor does not work with CAPTCHAs

They support CAPTCHAs but tor does not work with CAPTCHAs

Regardless, the description should be changed since its factually incorrect. I think it would even make sense to give a notice that its only possible to sign up for new accounts on there clearnet site.

I agree. I think adding a minor description change would be best, probably something like this.

Current

ProtonMail's login and services are accessible over Tor, protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion

Edited

ProtonMail's login is accessible over Tor, protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion

or

ProtonMail has the ability to login over Tor, protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion

Note: I'm pretty sure it's spelt Tor in all cases. Whether referring to the actual protocol or the browser, although correct me if this isn't the case.

Note 2: #Comment 3 by @DarkMahesvara

FYI you can use throwaway email provider for verification but some of them are blocked by PM.

I've used SimpleLogin for account verification with no problems. Anonaddy probably works the same way. You can create a SimpleLogin or Anonaddy account using a temporary email service such as Guerrilla Mail.

from privacyguides.org.

#Comment 2 by @DarkMahesvara

It does however severely weaken Tor by having only 3 vs 6 hops and expose new user to not encrypted (except TLS) and maybe even malicious (SSL Stripping attack) exit nodes. AFAIK even the Tor project themselves strongly recommend using onions services wherever possible because that's what Tor has been build for.

I do agree that it does weaken Tor by using only 3 hops over 6 but I think further context is necessary here. You could say 512 bits of security is severely better than 256 but 256 is more than adequate for long term storage. The same reasoning applies here, i.e Tor functions perfectly fine with 3 hops over 6.

Comparing 3 vs 6 hop count to 256 vs 512 bit bit is not very accurate. The probability of being able to trace traffic back and deanonymize user by controlling enough nodes is big between 3 vs 6 nodes but in either case the guard node should hopefully thwart most attacks.

I think I already covered this in my previous comment but if I wasn't clear enough then apologies. Yes, pretty much anything related to TLS/SSL can be used as an attack method when not connecting to a .onion domain. Which is the main reason one would want to use a .onion domain over a normal clearnet one.

I'm not sure that Tor was solely built for dark web usage and even if it was I think Tor's main use case is it's mixing/ability to use it while browsing the clearnet.

I would not say design for dark web but obviously more secure than clearnet e.g. no exit node.

That is only one of many reasons for using TOR. Besides being more censorship resistant it also prevents MITM attacks or other ears dropping and of course makes you anonymous.

I wasn't implying against the use of Tor but rather implying that using a .onion domain would mainly be used to ward off TLS/SSL attacks. i.e the use of Tor is perfectly fine without using a .onion domain.

The problem is that Protonmail seem to block the captcha verification method for the majority(?) of exit nodes and only allows email or phone verification. You can test it yourself and see how many times you need to get a new tor identity before the option appears. TBH i'm not even sure they still have the captcha option over TOR since i have not seen that option even once for some time.

I think I can relate to this. I have yet to have the ability to use CAPTCHAs as a verification method although that could be because I only ever use Tor for browsing nowadays.

Although I do think this is less of my fault and more with OP as OP claimed that Tor does not work with CAPTCHAs

They support CAPTCHAs but tor does not work with CAPTCHAs

Regardless, the description should be changed since its factually incorrect. I think it would even make sense to give a notice that its only possible to sign up for new accounts on there clearnet site.

I agree. I think adding a minor description change would be best, probably something like this.

Current

ProtonMail's login and services are accessible over Tor, protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion

Edited

ProtonMail's login is accessible over Tor, protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion

or

ProtonMail has the ability to login over Tor, protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion

That would be fine.

Note: I'm pretty sure it's spelt Tor in all cases. Whether referring to the actual protocol or the browser, although correct me if this isn't the case.

Yeah right it used to be only an acronym.

Note 2: #Comment 3 by @DarkMahesvara

FYI you can use throwaway email provider for verification but some of them are blocked by PM.

I've used SimpleLogin for account verification with no problems. Anonaddy probably works the same way. You can create a SimpleLogin or Anonaddy account using a temporary email service such as Guerrilla Mail.

I just hope that PM overhauls there onion service making it possible to sign up over tor and use captchas as verification again.

from privacyguides.org.

Agree with the rest of the comment besides this.

Comparing 3 vs 6 hop count to 256 vs 512 bit bit is not very accurate. The probability of being able to trace traffic back and deanonymize user by controlling enough nodes is big between 3 vs 6 nodes but in either case the guard node should hopefully thwart most attacks.

I think you missed my point here, if you we're to ask a cryptographer whether you should be using 128 bit or 256 bit encryption or 256/512 bit encryption he would probably say that for most use cases worrying about whether or not to use 128 bit or 256 bit is unwarranted as there are more likely attacks to happen elsewhere. The same can be said here in that deanonymization on 3 vs 6 hops is less likely to happen than an attack occurring elsewhere, although I do acknowledge that ProtonMail should probably be covering their onion domain towards the entire domain rather than a subdomain, although I also will acknowledge that perhaps there is a reason for this.

from privacyguides.org.

It does however severely weaken Tor by having only 3 vs 6 hops

No, this is not how Tor works. You are protected with 3 hops regardless of whether you are connecting to a clearnet domain or an onion service, you will never be protected with more than 3 hops in any situation.

When you connect to an onion service, you see an additional 3 hops which keep the server you are connecting to anonymous, not you. Because ProtonMail is a public service that does not require anonymity on their end, the additional hops provide no extra privacy/security to either you or ProtonMail.

from privacyguides.org.

Closing, The description doesn't mention anything about signing up, it specifically mentions "ProtonMail's login and services are accessible over Tor" which is accurate.

There is nothing stopping someone from signing up with Tor, (you can still do that), it just won't be over the .onion. Considering you only do that once there isn't really much gained or lost by them providing .onion support for signup.

from privacyguides.org.