ProtonMail and Anonymity

Oscar Carlsson oscar at spindel.tax
Mon May 6 07:16:39 CEST 2019


On Sun, 05 May 2019 22:20:58 +0200
Michał Górny <mgorny at gentoo.org> wrote:

> On Sun, 2019-05-05 at 14:32 -0400, Jeff Allen wrote:
> Don't you think that brute-forcing a hash of a phone number would be
> trivial?
>
> --
> Best regards,
> Michał Górny
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hi,

Yes, of course it would be. But then, why would they even bother to
hash it?

This entire conversation is...interesting. If ProtonMail was
interested in selling our data then they chose a very small usergroup
to target, and honestly, that usergroup is too small to prove any real
value of any kind. And they claim they use end to end encryption, so
selling our data would be limited to phone numbers and email
addresses, data which is readily available elsewhere. (given that you
trust their end to end encryption claim)

I'm not a PM user but have been, and I liked their service due to
usability, being able to use sieve filtering and so forth. Had I been
truly paranoid I'd use something else.

--
Oscar



More information about the Gnupg-users mailing list