1.Protonmail Behaves like a CIA/NSA “Honeypot”
Protonmail has an Onion domain that allows users to visit their
site using the TOR browser. Protonmail even has an SSL cert for
that onion address even though it’s completely unnecessary. When
a user makes a new account with Protonmail on TOR they are re-
directed from Protonmail’s “.onion” to “.com” address. This
breaks your secure encrypted connection to their onion address,
enabling your identification. There are absolutely no technical
reasons for this feature. In fact, the only other websites that
operate like this are suspected NSA/CIA Honeypots.
This is a huge security issue that was either created because
Protonmail is managed by Particle physicists who do not
understand computer security OR they have been forced to operate
their website in a similar way as CIA/NSA honeypots. Both
possibilities are serious concerns.
2. Protonmail Does Not Provide “End to End Encryption”
Professor Nadim Kobeissi mathematically proved that Protonmail
does not provide End to End Encryption. Meaning, Protonmail has
the ability to decrypt their own user’s data. When this was
shown to be true, Protonmail users were outraged they had been
lied to. Protonmail was forced to issue a public statement.
Their statement begins like you would expect it would.. by
shitting on the security researcher that revealed their
dishonesty. Then they continued to say: “We lied to our users
because other email companies did”. No apologies. They can
decrypt any of their user’s data be sending them scripts that
allow them to do so. However they advertise that they can not.
Protonmail’s admission proves they offer the same security that
Gmail offers. Both Gmail and Protonmail offer encryption that
they can decrypt whenever they want.
3. Protonmail’s Was Created Under CIA/NSA Oversight
Gmail & Protonmail were both created in CIA/NSA funded
departments with their oversight. Protonmail has tried to hide
this part of their history. We wrote a whole article about it
4.Protonmail is Part Owned by CRV and the Swiss Government
After a successful crowdfunding campaign with promises to
“remain independent” Protonmail sold equity ownership to CRV and
FONGIT. At the time of the equity sale a CRV founder, Mr Ted
Ditersmith, was working for the US State Department closely with
President Obama. His position as a delegate required close
contact with CIA & NSA administration. Mr. Ted Ditersmith had
also witnessed the Edward Snowden revelations and made
statements that he planned to use his corporate knowledge to
“fight terrorism”. FONGIT is a Non Profit organization that is
financed by the Swiss Government. Protonmail staff member,
Antonio Gambardella, also works for the Swiss Government.
5. CRV, In-Q-Tel & the CIA
The CIA openly operates a front company, In-Q-Tel, whose stated
purpose is to invest in tech companies on behalf of the CIA. In-
Q-Tel has stated they have a specific interest in the
information contained in e-mails and encrypted communication. In-
Q-Tel has been shown to be the bridge between the CIA and Gmail.
An analysis of staff members reveals CRV & In-Q-Tel
connections. The US media confirms these connections when they
interview CRV so that they can understand In-Q-Tel.
Additionally, The mastermind, cryptographer & back end developer
that created Protonmail, Wei Sun, now works for Google.
6. Protonmail Follows CIA Email format & Metadata Requirements
Leaked documents at Wikileaks show that the CIA requires emails
to be stored as an EML filetype. There are several ways to
store emails, and Protonmail has selected the format that the
CIA requires. Protonmail offers no protection for users’
metadata and has officially stated that they turn metadata over
to Law Enforcement. Edward Snowden revealed that the US
government cares least about the content of emails. Mr. Snowden
revealed the US Law Enforcement cares most about who a person is
talking to, the dates & times of the emails, and the subject of
the email. Subject and metadata encryption are not difficult to
provide. However, Protonmail refuses to offer any protection on
data that is most valuable to the CIA & FBI and they store it as
plain text (No encryption). Edward Snowden stated the NSA “isn’t
able to compromise the encryption algorithms underlying these
technologies. Instead, it circumvents or undermines them by
forcing companies to cooperate in other ways. Protonmail has
refused to protect the information the NSA wants, this is a
7. Swiss MLAT Law Could Give the NSA Full Access
Protonmail’s Servers Reside In Switzerland, a country with an
MLAT treaty that could allow the NSA to continue it’s the
mission of recording “nearly everything” about a person’s
internet communication. Any doubts the MLAT treaty applies are
removed when you take into account that Protonmail is part-owned
by FONGIT, a Swiss Government-financed company. Protonmail has
requirements from the MLAT treaty. Their actions show they are
capitulating with the MLAT treaty. Revisions include a change
while you use their service in some situations.
8. Protonmail Uses Radware for DNS/DDOS Protection
Privacy companies like Protonmail are required to use a DNS/DDOS
service because of the frequent attacks against their service.
Protonmail uses a company called Radware for this purpose.
Radware is a low-quality service that has failed to provide
adequate protection. Protonmail has been taken offline,
sometimes by teenage kids, because they insist on using a sub-
par service. It’s worth noting that Radware’s international
office is a few miles away from the headquarters of the most
powerful Intelligence agency on earth, The Isreali Mossad.
Radware can gain complete access to all Protonmail user’s
accounts in two ways. They could inject a few lines of code
that would reveal all users log in username and passwords, thus
allowing them to log in as if they are that user. They could
also be given users usernames & passwords by Protonmail.
Remember Protonmail has admitted they can access all user’s
accounts and decrypt their data. Additionally, it has been
reported that Radware has direct connections to the Israeli
9. Protonmail Developers Do Not Use Protonmail
Protonmail’s developers are in a position to know the real
security offered by Protonmail. And Protonmail’s developers do
not use Protonmail. If you were served food by a cook who
refused to eat the food, would that be a cause of concern to
you? This is the same situation. Protonmail developers do not
use Protonmail, there are likely good reasons for this.
10. Protonmail engages in illegal cyberwarfare
In 2017 Protonmail seems to have used illegal cyber warfare
capabilities to unlawfully break into a suspects server. You
can see the tweet they posted and read about it here. They soon
deleted the tweet and said: “We cannot confirm nor deny if
anything happened.” In 2013 the European Union parliament voted
to make hacking a crime that carried a prison sentence of 2
years. “Hacking back” is also illegal under Swiss law. Based
on Protonmail’s admissions only, they conducted an illegal hack.
11. Protonmail has a history of Dishonesty.
From Protonmail’s creation lied to their users. Starting when
they crowdfunded $550k to “remain Independent”, a promise they
broke almost immediately by selling equity ownership to a US
corporation with ties to President Obama and John Podesta.
In our opinion Protonmail is not an email solution you would use
if you want privacy or security. Your emails are probably going
to end up in a US data center right next to your Gmail emails.