ProtonMail and Anonymity
Stefan Claas
sac at 300baud.de
Sun May 5 12:12:05 CEST 2019
Hi all,
appologies for posting this, but I think it could
be of interest for GnuPG users, because ProtoMail
uses the OpenPGP protocol too.
Some of you may have signed up with ProtonMail and
enjoy the service, due to it's ease of use and they
think they are anonymous, when using this service.
At least ProtonMail says so on their main page.
I have a different understanding of what anonymous
email is, because not only PGP usage but also the
use of anonymous email services is a hobby of mine
which I use since the mid 90's.
O.k. lets get started with a little test (I did a
while ago):
Fire up Tor browser and register at the ProtonMail
site for a free email account and use as a user
name a string from random.org.
https://www.random.org/strings/
When ProtonMail ask you for verification (...????)
of your email account select SMS and use as
SMS service a free one like:
https://miracletele.com/sms/?fbclid=IwAR2hQ2rZ2vyyXylupj3JhJT4AWu4V4CEjX3ACvRSpryD5cMBreoW4La03qE
I just choose for a new test, which I did a couple
of minutes ago, Poland and received there the SMS
https://miracletele.com/sms/receive/PL
After entering the required verification
code ProtonMail says that either the email
address or the phone number is already taken
and then denies the account creation.
Since the user name string can't be taken
already it tells me that they keep track
of SMS numbers.
If you choose for example the U.S. SMS
number then ProtonMail says that this
number was used to many times and also
denies the account creation.
To come to an end, I do consider this
verification procedure *not* anonymous
and wonder why ProtonMail does not use
captchas to see if a human registers.
Regards
Stefan
More information about the Gnupg-users
mailing list