
Introducing ProtonMail's Tor hidden service - vabmit
https://protonmail.com/blog/tor-encrypted-email/
======
ergot
For those wondering how to create your own custom Tor onion adress, look no
further than: [https://timtaubert.de/blog/2014/11/using-the-webcrypto-
api-t...](https://timtaubert.de/blog/2014/11/using-the-webcrypto-api-to-
generate-onion-names-for-tor-hidden-services/)

And for those who think Protonmail are the only service with a custom address,
think again, because Facebook has one too:
[https://facebookcorewwwi.onion/](https://facebookcorewwwi.onion/)

You can find a tonne more at this list:

[https://github.com/chris-barry/darkweb-
everywhere/tree/maste...](https://github.com/chris-barry/darkweb-
everywhere/tree/master/rules)

And staying on topic, Mailpile has their own .onion

[https://raw.githubusercontent.com/chris-barry/darkweb-
everyw...](https://raw.githubusercontent.com/chris-barry/darkweb-
everywhere/master/rules/onion-mailpile.xml)

~~~
dajohnson89
Why does Facebook have a tor address?

~~~
hundchenkatze
So that you can access Facebook without leaving tor through an exit node.

~~~
dajohnson89
I guess I don't see the point of using Tor with Facebook. So much of your
identity is already tracked. It's like trying to sneak up on somebody while
wearing those squeaky clown shoes.

~~~
DKnoll
To avoid state censorship.

[https://en.wikipedia.org/wiki/Censorship_of_Facebook](https://en.wikipedia.org/wiki/Censorship_of_Facebook)

~~~
kakarot
And to enable state surveillance.

When you have a very small subset of users who will go through the trouble of
trying out Facebook's onion address, it is much easier to be successful with
surveillance tools on that small sample.

~~~
DKnoll
Not for the Egyptian government.

~~~
kakarot
No, mainly for Five Eyes and friends

~~~
marcosdumay
That's the point. It makes you more vulnerable for some threats, less
vulnerable for others.

------
mike-cardwell
This is not quite as good as riseup.net's onion support as it doesn't include
SMTP services. See:

[https://riseup.net/en/security/network-
security/tor#riseups-...](https://riseup.net/en/security/network-
security/tor#riseups-tor-hidden-services)

    
    
      mike@snake:~$ torsocks telnet wy6zk3pmcwiyhiao.onion 25
      Trying 127.42.42.0…
      Connected to wy6zk3pmcwiyhiao.onion.
      Escape character is ‘^]’.
      220 mx1.riseup.net ESMTP (spam is not appreciated)
    

So if your mail service supports onion addresses, then you can just replace
"@riseup.net" in a users email address with "@wy6zk3pmcwiyhiao.onion".

Alternatively, your mail service could have explicit configuration in place to
identify @riseup.net addresses and route them to wy6zk3pmcwiyhiao.onion
instead of the normal MX records. I do this with Exim by utilising Tors
TransPort+DNSPort functionality and then adding the following Exim router:

    
    
      riseup:
        driver = manualroute
        domains = riseup.net
        transport = remote_smtp
        route_data = ${lookup dnsdb{a=wy6zk3pmcwiyhiao.onion}}
    

Obviously this would be better if there was a way to dynamically advertise the
onion address in the DNS instead of having to hardcode it in Exim.

[edit] - If they co-ordinated, Riseup and Protonmail, and potentially other
similar privacy respecting mail services could send all their traffic over
each other via Tor. If you work for either of these companies, please consider
the possibility of looking into this sort of relationship.

~~~
0x0
Shouldn't you also add super enforced SSL certificate validation for such a
setup? Since SMTP is usually merely opportunistic SSL, any Tor exit node could
very easily strip STARTSSL (or just MITM with a fake certificate that doesn't
get validated) and you're worse off than running over the normal internet?

~~~
pfg
Are we talking about using SMTP via the onion service, or just regular SMTP
through an exit node? The onion service comes with its own crypto and would
not need TLS on top of it (though you're free to use TLS anyway, like
Facebook, if it makes sense because of how your infrastructure is set up).
There's no exit node for hidden service connections (or any other node that
sees the plaintext other than the hidden service itself).

~~~
0x0
Ah, of course you are right. I forgot about hidden services not passing
through an exit node.

------
tptacek
If you are so threatened that you feel the need to use a Tor hidden service to
reach your email provider, you should know that email --- "encrypted or not"
\--- provides the worst protection of all possible encryption messaging
options. Don't use email for sensitive communication, and certainly don't rely
on the security features of any email provider for your own safety.

~~~
cloakandswagger
How so? It seems like it would be just as safe as any type of messaging that
uses asymmetric cryptography.

~~~
tptacek
It's not; it's not even close. Every message you send, message by message,
HTTP request by HTTP request, depends entirely on the security of Protonmail's
servers and relies on PGP, which leaks extensive metadata and has no forward
secrecy. Not only that, but because you're using SMTP email, you're always one
mistake away from accidentally sending plaintext.

The good secure messaging services --- particularly Signal --- make these
things impossible to screw up.

Don't use email for secrets.

------
a3n
From ignorance, why would I (a non-interesting person in a nominally free
country, with non-interesting interests that could nevertheless become
interesting depending on political shifts and shit) want to use this hidden
service, rather than plain old ProtonMail?

~~~
bduerst
There's a wide spectrum of personal preference for internet privacy, and if
you're the type that doesn't trust your ISP you _could_ potentially use TOR to
add an additional layer of anonymity. If you trust your ISP there isn't much
point.

~~~
cloakandswagger
There's pretty good evidence that you should _not_ trust your ISP:

[http://www.theverge.com/2013/7/21/4541342/isp-owner-
describe...](http://www.theverge.com/2013/7/21/4541342/isp-owner-describes-
nsa-box-that-spied-on-customers)

While your message contents would still be encrypted when using the regular
old ProtonMail site, it would expose your identity and who you are sending
messages to.

~~~
bduerst
I'm not trying to argue whether you should or should not you should trust your
ISP. It's a personal opinion that differs for every internet user.

------
jron
Last I checked, ProtonMail required SMS verification for account creation.

Edit: When using Tor

~~~
ssully
I made an account this month and can confirm this is false. The only external
info they ask for is a recovery email address, which was optional.

~~~
diggan
Just tried this now. After signup, they seem to have some spam protection.

You can either receive an SMS to your phone number, or donate with your card.

Probably related to me trying to signup via Tor.

<quote>

Too many ProtonMail accounts have been created from your connection.

Thus, we are requesting additional verification to ensure you are human and
not a spam bot.

Because Tor is frequently abused by spammers, this check may be triggered
because of the Tor exit node you are using.

~~~
shrimp_emoji
IIRC, if you've created an account from your IP address or use a VPN (which
virtually guarantees that an account has been created from that VPN's exit
node), they force you to go the SMS route. Apparently, there's also a
requirement for Tor users.

It's unfortunate because it means there's no way that a ProtonMail account
can't be tracked to some static identifier (actual IP or phone number).

~~~
nacs
So just find a public Wifi spot or the million other ways you can access the
internet without your home connection.

~~~
lokedhs
That still provides a way to geolocate you. It's incredibly difficult to
create a usable Email address that cannot be traced in any way (i.e. purely
from a Tor connection without giving any personal information).

------
dogma1138
I wouldn't recommend accessing email over TOR, especially not a paid account.

Infact I would not recommend accessing any public service that requires a
unique account authentication over TOR.

This at least is somewhat more useful than facebook over TOR but unless you
are accessing only free throwaway accounts (and never use those to communicate
with anyone you know) using this somewhat defeats the purpose of TOR.

------
dgiagio
Could someone expand how an email service over Tor helps when the messages you
sent to others still go through SMTP protocol (even with TLS) and is
stored/relayed in/to unprotected severs?

~~~
vabmit
The goal of providing a tor gateway is not to protect the contents of the
messages from being traced back to a specific ProtonMail account. It's also
not to prevent the contents or metadata of those messages from tripping
dragnet surveillance programs (such as PRISM). The goal of providing a tor
gateway is to protect the individual, through their IP address, from being
associated with the ProtonMail account and the metadata and contents of
messages sent to and from that account.

For example, say that an individual would face a death sentence for religious
preaching activity in the country where they live. They are unconcerned about
people discovering the content of their messages or whom is receiving them.
But, if they are discovered to be the person responsible for them they would
likely be killed. Their sending of the messages through ProtonMail would be
protected from observation by ProtonMail's TLS w/ PFS HTTPS encryption. But,
their local ISP or government could observe all of their traffic. They could
then, through traffic correlation, determine that specific individual was
sending encrypted packets to ProtonMail's servers at the exact time various
messages were sent. Using Tor would protect this individual's identity. The
observers could determine tor traffic and attempt to correlate that with
messages if they suspected the individual. But, if he was generating
additional tor traffic by running as a relay or browsing other sites with tor
the correlation would be extremely difficult.

The reason that ProtonMail set up the .onion site is because accessing
ProtonMail over congested exit nodes that may be far from ProtonMail's servers
is very slow. The .onion site has dedicated bandwidth directly to ProtonMail's
webservers and is located close by in Switzerland. It should be expected that
it much faster for users to use the .onion site than exit nodes to access
ProtonMail.

------
_eht
Can anyone speak to their like/dislike of ProtonMail vs Fastmail. I currently
use Fastmail and I'm happy, but always looking for something better.

~~~
pimeys
I finally switched from Gmail to ProtonMail this month as a New Year's
resolution to make my privacy better bit by bit. Haven't tested Fastmail, but
I like ProtonMail's simple webmail and the Android client a lot. Happily
paying them for the service.

What are your experiences with Fastmail? Do they encrypt all your emails and
in which country are their servers located?

~~~
needz
What other changes have you made or do you intend on making to increase your
privacy?

~~~
pimeys
Small steps. I deleted all my posts and pictures in Facebook and then deleted
my account. After Facebook I also deleted some irrelevant accounts like
LinkedIn. For mobile I just disabled all Google apps and started to use a VPN
connection everywhere.

And I don't feel I'm missing anything.

------
ortekk
I wish ProtonMail would offer more email aliases with its paid plans -
credentials reuse is what often allows to snoop on someone's online identity.
That would really boost its value in terms of privacy.

~~~
anfogoat
I was looking into possibly switching over from Fastmail while I happened upon
the 5 alias limit and couldn't help but chuckle. I'd have to have an acute
need for encrypted email to overlook that.

~~~
mysticmarvel
How about "compartmentalisation" and "single point of failure" as reasons to
use ProtonMail for some contact, a disposable Gmail address for others?

~~~
anfogoat
Sure, those seem like good reasons but for a different use case and different
from using ProtonMail as your main platform for daily email etc.

------
benwilber0
I always get the feeling that these kinds of services are NSA honeypots.
Whether intentionally or unintentionally.

~~~
hackuser
Isn't that true of all of Tor? An extremely attractive target; arguably anyone
with the resources, including most state intelligence agencies, would see high
value in finding exploits (and not revealing them).

------
akerro
FYI Scryptmail also supports it [https://blog.scryptmail.com/complete-tor-
support/](https://blog.scryptmail.com/complete-tor-support/)

~~~
dchest
"In addition, your inbox is encrypted with AES-256 which is superior to RSA."

Ha!

[https://blog.scryptmail.com/q-a/](https://blog.scryptmail.com/q-a/)

------
tghw
If only ProtonMail could import old mail, I would be giving them money.

~~~
dogma1138
If you are using proton for additional "privacy" don't do that, since it would
effectively mean that your adversary can now know your new email identity.

If you don't worry about that, then in all honesty it's somewhat redundant.

I use hushmail because it has PGP integrated into their service, including a
PGP client in the webmail, yes they have a copy of my key (you can do PGP over
JAVA if you want to keep the key on your computer) and yes since they are
HIPAA compliant and a Canadian company they will comply with NSL but those
aren't threat models i worry about.

I want to be able to use PGP easily and from anyplace and not worrying about
having to carry my key with me, having PGP or GPG installed and fussing around
with it if I have to access my mail in an emergency from a device that might
not have a full setup.

Whilst I am aware that the NSA and other agencies with similar capabilities
are technically adversaries I don't fuss about them, I'm more worried about
sending my mail to the wrong person than the NSA reading my mails, if they
want to they'll be able too regardless of where I host them, and I would never
go toe to toe with some one who's likely to use rubber hose cryptography on
me.

------
gjjrfcbugxbhf
Has anyone thought of DNS for onion addresses?

~~~
lucb1e
That's rather impossible or we wouldn't be using weird .onion addresses but
just .com (at least before gTLDs became commonplace). Please read up on how
they work.

~~~
gjjrfcbugxbhf
Cool good to know. I guess next best would be done type of trusted directory
listing - maybe orgs could somehow sign their entries on a directory page? The
directory could put redirects for signed services in their path namespace.
Meaning people would need

Vanityurlfordirservice.onion/facebook

To access the service.

Or is this also impossible?

~~~
lucb1e
Then you might as well use the normal web. DNS is basically a directory
listing with IP addresses to connect to, like a phone book; or a "trusted
directory listing" as you say. Onion addresses are public keys which somehow
find their way to a rendezvous point (I forgot the details).

~~~
gjjrfcbugxbhf
But having accepted that DNS is impossible I'm now suggesting actual redirects
(as in HTTP 301 or 302) rather than DNS.

------
lazyeye
Why the funny domain name? Is there any technical reason why they cant use
protonmail.onion?

~~~
xkxx
> Is there any technical reason why they cant use protonmail.onion?

Sure, there is. You can read about it in the Tor Phishing Resistance section
of the article.

> Onion site addresses are 16-character hashes of encryption keys that
> typically look like this: 3ens52v5u7fei76b.onion. The problem is that there
> is no good way to differentiate between 3ens52v5u7fei76b.onion and
> 3lqpblf7bsm532xz.onion, as to the human eye, both are equally
> unrecognizable. This opens up a phishing risk because a phishing site can
> trivially be created and unless the 16-character random URL is checked
> carefully each time, users cannot be certain they are visiting the correct
> onion site. From a usability standpoint, it is not really realistic to
> expect users to perform this check every single time.

> To bypass this problem, we used ProtonMail’s spare CPU capacity to generate
> millions of encryption keys and then hashed them, using a “brute force”
> approach to find a more human readable hash for our onion address. The end
> result, after expending considerable CPU time, is the following address
> which is much more resistant to phishing: protonirockerxow.onion as it can
> be easily remembered as: proton i rocker xow

~~~
lazyeye
Cheers. Thanks for the detailed explanation.

