❌ Software Removal | ProtonMail #2318
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#2318
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
ProtonMail started to use Google Recaptcha on (better: after) login, see https://github.com/ProtonMail/WebClient/issues/242.
Why I am making the suggestion
My connection with the software
user
There is no technical reason to do that. Unless you can prove Google Recaptcha used on Protonmail is a threat to your information
Well, it forces me to connect to Google, download javascript code from them and execute it.
@rusty-snake And what's the issue about that? Do you see a leak of information or identifier going to Google?
I put the main requests/responses obtained from reCaptcha on the mentioned ticket, but there is no cookie data or e-tag related to identify you as an user.
Seems like protonmail makes a proxy for Google requests, just like Brave and Ungoogled Chromium does.
I did an early analysis about this 13 days ago at https://mastodon.social/@protonmail/106255978912201582, but I did a bad analysis. The cookie IS created, but it's empty
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN
so yes
@rusty-snake ReCaptcha request is initiated by ProtonMail, you only use Google to download assets and confirm ReCaptcha.
For example, under your strict anti-google point of view because Google may track you by IP address, PrivacyTools suggest Firefox as browser, then you go to Firefox.com, they use a Google request on their website.
Firefox uses Google's Safe Browsing also https://wiki.mozilla.org/Security/Safe_Browsing
Should PrivacyTools remove Firefox?
Ideally yes, but Firefox is special in that it has no alternatives. ProtonMail has alternatives (Disroot and Tutanota to name the free ones).
But Protonmail is the only one audited for example. For other providers you are just trusting on their good will (and that's neither a reason to cancel them).
https://wiki.privacytools.io/view/Comparison_of_email_providers#Provider_comparison
Not saying Protonmail is perfect, but is not enough bad to be "removed" from the list.