Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 15 Sep 2019, 20:56
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Java Script required in advertised Privacy webmail logins.
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [6 Posts]  
Author Message
purple379

Joined: 04 Oct 2014
Posts: 128

PostPosted: Fri 08 Feb 2019, 09:48    Post subject:  Java Script required in advertised Privacy webmail logins.  

I know that to login and use 'Proton Mail,' 'Guerrilla Mail' one must enable Java Script. I am not looking through the Java Script code involved, but is this as insecure as it feels?
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 2036
Location: N.E. USA

PostPosted: Sat 09 Feb 2019, 20:07    Post subject:  

I would opine its not as safe as advertised.

Not because of their doings, but because the US-based ISP records the destination prior to login. The US gov't has allowed the ISP to use that data to monetize the end-user (you, me, anyone else US based) through a third-party. If that ISP data were to be disposed immediately after request, I would have ProtonMail myself. But this is the USA, and $ is more important than privacy.

JavaScript is not the real concern, the internet connection is.

Regards
8Geee

_________________
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
Back to top
View user's profile Send private message 
perdido


Joined: 09 Dec 2013
Posts: 1344
Location: ¿Altair IV , Just north of Eeyore Junction.?

PostPosted: Sat 09 Feb 2019, 20:57    Post subject:  

8Geee wrote:
I would opine its not as safe as advertised.

Not because of their doings, but because the US-based ISP records the destination prior to login. The US gov't has allowed the ISP to use that data to monetize the end-user (you, me, anyone else US based) through a third-party. If that ISP data were to be disposed immediately after request, I would have ProtonMail myself. But this is the USA, and $ is more important than privacy.

JavaScript is not the real concern, the internet connection is.

Regards
8Geee


Protonmail allows you to login using TOR - that should mask your IP

Protonmail now requires you use a real email account to set up your email for validation. They originally allowed daisy-chaining from an
existing protonmail account to setup additional accounts but they deleted all daisychained accounts.

Protonmail has access to your keys as they create them - that is a security risk. If you really require privacy encrypt the correspondence prior to
presenting it to protonmail.

Like 8Geee says, everyone wants your data to monetize you - that means you are the product, the product is not protonmail.

.
Back to top
View user's profile Send private message 
purple379

Joined: 04 Oct 2014
Posts: 128

PostPosted: Sat 09 Feb 2019, 21:07    Post subject: If it is not really private.  

Actually I think Proton Mail says they need to know which country is logging in to determine which language is being used.

I was guessing it was possible for the Java Script to do a switch and determine my login in point, and perhaps other things. Like my Password.

If it is not private, then it can not be secure against national government surveillance.

I was a bit more amazed that Guerrilla Mail would require Java Script, as that seems to be contrary to their purpose. Most folks would not realize that Java Script was being used, as they would not detect it.

I was mostly concerned, in my lack of what is possible with Java Script, what exactly it can be modified to do. Perhaps modified after the initial load of Script from the website.

Using Tor can bring up the annoying Captcha pictures.
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 2036
Location: N.E. USA

PostPosted: Sat 09 Feb 2019, 21:27    Post subject:  

And I would agree with perdido, encrypt the email file before login, then copy/paste.
_________________
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
Back to top
View user's profile Send private message 
purple379

Joined: 04 Oct 2014
Posts: 128

PostPosted: Sun 10 Feb 2019, 10:27    Post subject: What did they really promise. Privacy? or Security?  

I guess the point being that they Guerrilla Mail, ProtonMail do still offer privacy, but maybe not high end security. That using Java Script does make what they do easier.

Insofar as real Security; Might be it does not really exist no matter what the individual tries, as groups like the NSA are going to are more clever than what we are able to do.

Still, I think of dissident journalists, like those in China who are not computer knowledgeable/experienced enough to even recognize the problems inherent in using things like Proton Mail, or Guerrilla Mail. That is scary to offer them hope, and deliver a method for them to be caught.

I have read that China dissident journalists, in the past, used Tor to get on the dark web, and deliver their texts there. Also, I have never read anything attributed to any of these dissident cyber journalists, altho i read their are a lot of such in jail.

I also point out, a lot of folks do not/will not do PGP Encryption. Often PGP Encryption is dependent on the KeyServers not having been corrupted. HMM.

I sometimes wonder at whether the https system could easily be corrupted. That is, the https is really the first door guard for Security on the internet. Then there is the question, who can be the 'middle man' attack on any thing we do on the internet. That is where might the connection be hijacked. We read that hotels have captured the connection of their guests. Just like the DNS might be corrupted.

I also have to wonder if the NSA is actually more clever than the similar agencies of other countries. China, Russia, Iran.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [6 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0347s ][ Queries: 11 (0.0048s) ][ GZIP on ]