[IAmGraydon]

Go try to create a ProtonMail account with Tor. It will ask you to confirm your account with a phone number. It skips this if you’re using a non-proxy IP. They want to know who you are, and it’s been this way for years. I think they’ve long been a honeypot.

[protonmail]

This is not true - most of the time all you need to do is fill out the captcha. In some cases (when our systems detect something suspicious about your network), we would request an additional email address. Even in those cases, the email addresses are not tied to your account - we only save a cryptographic hash of your email. Due to the hash functions being one-way, we cannot derive your data back from the hash: https://proton.me/support/human-verification

While we did use phone verification in the past, this is not the case any longer. Phone numbers were stored in the same way as the email addresses, so, again, we have no way to derive them back from the hash.

[happypumpkin]

> While we did use phone verification in the past, this is not the case any longer. Phone numbers were stored in the same way as the email addresses, so, again, we have no way to derive them back from the hash.

I've no reason to doubt this but brute-force cracking a hash known to be from a phone number would likely be pretty trivial.

Fwiw, I use protonmail and trust it more than most other services. But my threat model doesn't involve technically capable adversaries directly targeting me, certainly not ones that could compel protonmail to divulge phone number hashes.

[Retr0id]

> Due to the hash functions being one-way, we cannot derive your data back from the hash

This isn't true in practice. It's not hard to build a big list of ~every email address (give or take), and have a GPU churn through them all until you get a match.

If you've ever received a spam email, your email address is on such a list.

[alexey-salmin]

argon2id with dynamic salt should effectively prevent this, but it will also not allow to tell if two users have the same e-mail or not -- which I suspect is the main reason for hashing in the first place.

If equality-check is required to prevent e-mail reuse by spammers then argon2id with static salt rotated every few months will be reasonably strong too.

Of course I have no idea if any of this is implemented or it's just sha256(email). Just replying to the question of general feasibility.

[tremarley]

They are a huge target for spam. The reason why they do this is to prevent spam.

Unfortunately, it can and has been abused.

[VelesDude]

Not surprised at all. Even if it did not start with this intention, one has to suspect that with enough time it will become compromised.

About the only way to even vaguely keep your email private is to use a self hosted server with GPG keys. And any lapse on security updates for that thing and you could be compromised almost immediately.

Beyond that I cannot think of anything more one could do.

I have always treated email as something to travels in the clear. My current provider (Fastmail) is compromised by authority. The Australian Privacy Act 1988 by being based in Australia and it gets caught up by PRISM as the servers are run out of New York.

[BobFromEnzyte]

You can create anonymous accounts with Tuta through Tor and they don't ask for a phone number or contact email address. They even made a tutorial video on YouTube a few weeks ago for how to do it: https://youtu.be/oXv3llPIfvo

If you continued using the account only through Tor, there wouldn't be any traceable info.

[sintax]

I'm not a lawyer, but doesn't GDPR and No-Log contradict each other.

[fullspectrumdev]

Nope. What’s funny is it’s actually easier to be GDPR compliant if you keep no logs.

[immibis]

This is different each time you try it. They may use the exit node's country (I doubt they'd be so naive), some other fingerprinting, or just have a limited number of anonymous accounts to give out each day, which is what cockli does. Sometimes you need a phone number, other times an email address, other times just a CAPTCHA.

[crtasm]

Yes, I just tested it and was able to register by giving a (disposable) email.

It did then prompt me to add an email and/or phone number as recovery methods, but that step was skippable.

[mttpgn]

I have never found protonmail's signup step asking for phone number verification or a recovery email to be unskippable.

Protonmail can still be the best choice for a pseudonymous mail service so long as it's combined with diligent, consistent IP address obfuscation. Protonmail will continue to allow logins and new account creations over Tor. All the major free email providers have long since disallowed new signups over Tor, and most have some form of degraded user experience when logging in over Tor, if they allow it at all. Small, niche email providers appear and disappear so often that relying on them still to exist even a few months into the future is a big gamble. Hosting one's own email requires payment of some type to the hosting provider, so it is not anonymous. Other privacy-oriented free email providers, such as riseup, will do exactly what protonmail did, because if they refuse, their only option is to go the way of lavabit.

[arp242]

Try setting up an email service without these protections and report back to me how well that went. Oh no you can't, as you won't be able to email anyone as everyone will mark your emails as spam as you'll be a humongous source of it. Running an email service is like being flypaper for dickheads. Evidence-free accusations of being a "honeypot" is ridiculous.

[dheera]

> It skips this if you’re using a non-proxy IP

Get one from your neighborhood coffee shop Wi-Fi, and pay cash for your coffee.

[netsharc]

Terrible advice, being that "neighborhood" means you live close by. Go to a coffee shop in another city, state or country and do so! (Although flights leave paper trails too)

Also make sure to avoid CCTV...

[moosemess]

No shit. People actually do not apprend intelligence agencies have the capability, desire and resources to operate legitimate "privacy" services. Why not just roll out the red carpet and let all the sus people walk in?