❌ Software Removal | ProtonMail #2318

New Issue

2021-06-01T05:19:00Z

rusty-snake commented

2021-06-01 05:19:00 +00:00

(Migrated from github.com)

Description

ProtonMail started to use Google Recaptcha on (better: after) login, see https://github.com/ProtonMail/WebClient/issues/242.

Why I am making the suggestion

My connection with the software

user

I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

## Description ProtonMail started to use Google Recaptcha on (better: after) login, see https://github.com/ProtonMail/WebClient/issues/242. ## Why I am making the suggestion ## My connection with the software user - [ ] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

👎 1 👀 1

waltercool commented

2021-06-01 05:57:34 +00:00

(Migrated from github.com)

There is no technical reason to do that. Unless you can prove Google Recaptcha used on Protonmail is a threat to your information

rusty-snake commented

2021-06-01 06:03:23 +00:00

(Migrated from github.com)

Well, it forces me to connect to Google, download javascript code from them and execute it.

👍 1

waltercool commented

2021-06-01 06:07:51 +00:00

(Migrated from github.com)

@rusty-snake And what's the issue about that? Do you see a leak of information or identifier going to Google?

I put the main requests/responses obtained from reCaptcha on the mentioned ticket, but there is no cookie data or e-tag related to identify you as an user.

Seems like protonmail makes a proxy for Google requests, just like Brave and Ungoogled Chromium does.

@rusty-snake And what's the issue about that? Do you see a leak of information or identifier going to Google? I put the main requests/responses obtained from reCaptcha on the mentioned ticket, but there is no cookie data or e-tag related to identify you as an user. Seems like protonmail makes a proxy for Google requests, just like Brave and Ungoogled Chromium does.

waltercool commented

2021-06-01 06:14:49 +00:00

(Migrated from github.com)

I did an early analysis about this 13 days ago at https://mastodon.social/@protonmail/106255978912201582, but I did a bad analysis. The cookie IS created, but it's empty

rusty-snake commented

2021-06-01 06:33:32 +00:00

(Migrated from github.com)

Do you see a leak of information or identifier going to Google?

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN

Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

so yes

> Do you see a leak of information or identifier going to Google? https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN > Natural persons may be associated with online **identifiers** provided by their devices, applications, tools and protocols, **such as internet protocol addresses**, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them. so yes

👍 1

waltercool commented

2021-06-01 06:58:12 +00:00

(Migrated from github.com)

@rusty-snake ReCaptcha request is initiated by ProtonMail, you only use Google to download assets and confirm ReCaptcha.

For example, under your strict anti-google point of view because Google may track you by IP address, PrivacyTools suggest Firefox as browser, then you go to Firefox.com, they use a Google request on their website.

Firefox uses Google's Safe Browsing also https://wiki.mozilla.org/Security/Safe_Browsing

Should PrivacyTools remove Firefox?

@rusty-snake ReCaptcha request is initiated by ProtonMail, you only use Google to download assets and confirm ReCaptcha. For example, under your strict anti-google point of view because Google may track you by IP address, PrivacyTools suggest Firefox as browser, then you go to Firefox.com, they use a Google request on their website. ![Screenshot_20210601_025529](https://user-images.githubusercontent.com/86944/120279802-e2b64600-c284-11eb-974b-eeaf14af614a.png) Firefox uses Google's Safe Browsing also https://wiki.mozilla.org/Security/Safe_Browsing Should PrivacyTools remove Firefox?

👍 2

rusty-snake commented

2021-06-01 07:13:18 +00:00

(Migrated from github.com)

Ideally yes, but Firefox is special in that it has no alternatives. ProtonMail has alternatives (Disroot and Tutanota to name the free ones).

waltercool commented

2021-06-01 08:02:58 +00:00

(Migrated from github.com)

But Protonmail is the only one audited for example. For other providers you are just trusting on their good will (and that's neither a reason to cancel them).

https://wiki.privacytools.io/view/Comparison_of_email_providers#Provider_comparison

Not saying Protonmail is perfect, but is not enough bad to be "removed" from the list.

But Protonmail is the only one audited for example. For other providers you are just trusting on their good will (and that's neither a reason to cancel them). https://wiki.privacytools.io/view/Comparison_of_email_providers#Provider_comparison Not saying Protonmail is perfect, but is not enough bad to be "removed" from the list.

👍 3

This repo is archived. You cannot comment on issues.