ProtonVPN a Honeypott?

I trust them more than my ISP so i will keep using their service.
If i had to choose whether proton is a honeypott or not, i’d say they aren’t.

How do you explain,

• false statement on protonwebsite
• onion registration redirect to clearnet
• what else?

I haven’t tried registering on their onion site for a while because when i last did, it redirected me to the clearnet proton site just like many others have said.
And even if this changed now, why was it like that in the first place and proton didn’t do anything about it for years??

I don’t think it’s right to say it’s definitely not a honeypot like some say, but I haven’t necessarily seen anything to make me think they are. I haven’t been super happy with their marketing of their VPN though, idk what exactly but something puts me off and I’d rather just use MullVad or something. Still, it’s better than most options out there imo

I don’t know technical details about p2p or tls, is there a documentation or would you explain why this is important and what are the differences? What’s ciphertext?
Edit: ciphertext - Ciphertext - Wikipedia
Then how “secure” is ciphertext, might a thirdparty/hacker be able to decode the content?

Indeed they are marketing protonvpn to bypass netflix and other streaming providers geolocation-limitations.
This is against TOS of streaming providers, they said they have the right to ban people for using vpns, haven’t done so yet. Personally i dont use netflix or any other streaming service, i wouldn’t pay any money for that degenerated content they provide. I don’t care about proton adversting vpn to bypasss netflix, it’s just against their TOS so it makes proton look a bit shady to be honest.
Somehow all the other vpns do that aswell.

The mobile app of protonvpn and mail however seems very legit.
https://reports.exodus-privacy.eu.org/en/reports/ch.protonvpn.android/latest/
zero trackers and only few permissions, compare this to other big vpn providers… so many have google analytics tracker, if they aren’t a honeypott who is.

Doesn’t mean they are a honeypot. And as others have already stated, it’s merely an exaggaration of the truth.

If you are on tor, you should be behind 3 tor nodes even when you are on clearnet. Again this doesn’t mean they are a “honeypot”

Depneds on the algorithm.

So they should put in a bunch of trackers to convince you they aren’t a honeypot?

Protonmail is opensource. Doesn’t mean they can’t be honeypot yes, there are a lot of obsfucation techniques, but a fbi undercover ops will probably stick to being propietary unless they somehow have their hands next gen code obsfucation tech.

One might also argue that the code hosted on the repos might be different than the ones they serve on the web. To combat that you can use the android apps or proton bridge.

Also if proton were to be a honeypot, they wouldn’t be so normie consumer facing. Remember the Anom phones? Yes, they were marketed to criminals mostly. FBI mostly has no intrest in reading your christmas offers for a Calvin Klein briefs. And lastly, criminals mostly don’t use emails in the first place.

As far as I know it was a mistake/config problem. Once the issue was raised, it was fixed. If you try registering on their .onion now, it should stay on their .onion site.

To make sure you always get the right .onion address, always visit: proton.me/tor

Edit: Just went through the sign-up process and it stayed on the .onion address the whole time.

Today, I created a new Proton Mail account through their .onion site. It appears not to have redirected me to the regular HTTPS site. In addition, I was not required to provide a phone number or “backup” email address.

It should be borne in mind that Proton has been subjected to security audits over the years. See, for example:

I don’t believe this is a thing anymore. Though Proton may still reserve the right to require more info from Tor users (for very valid reasons that have nothing to do with it being a honeypot or not)

Edit: Oops, I realized I responded to this before reading everyone else correct it. Just to chime in, accusing things of being a honeypot without supplying real evidence that are just personal accusations/questions/mistrust doesn’t really do anyone favors in the community - and tends to actively push people towards less-established services that may fail users.

There are services I personally mistrust and would never use, but I still don’t actively tout them to be honeypots, because there’s simply no evidence of it. If you don’t trust something, don’t use it. Simple as that.

@Almost Secure

The 3 tor nodes from the tor browser don’t do anything about the fact that for a long time the reigstration reditrected everyone to the clearnet.

So they should put in a bunch of trackers to convince you they aren’t a honeypot?
No… i ment: “Many other big vpn providers have google analytics trackers, if those aren’t a honeypott who is.”
The fact that proton has no trackers i obviously good not bad.

@Henry
The onion reigistration redirection to the clearnet might not be a thing anymore but has been for a long time. Don’t get why it took them so long.

Well i agree if you don’t trust something don’t use it, i made this thread just to find out what other peopls opinions are. Didn’t know what to think of the “smal mistakes” proton has made, should i be worried or not - for now proton as far as i can tell does a good job and i will keep their services.

I personally dont trust Proton but I cant tell you why. Its just a gut feeling. Maybe its the „dont put all your eggs in one basket“ mentality or not being able to sign up anonymously / being unable to pay with Monero thingy.

Law in the so called democratic countries can suck a lot. Think on the Patriot Act to serve as an example, or the anti E2EE campaing in the UK…

Obviusly, things get worse in more authoritarian countries.

Yeah, I would really love if they offered monero as a payment option and permited anonymus account creation over tor.

I’m very well aware of the problems that that would bring (spam mainly).

And the ideal scenario for me would be an offshore, fully anonymus provider.

You can sign up anonymously. If you use Tor and visit Proton’s .onion site, you just create your account, and, it’s done. However in some cases you may be asked for a verification method other than a Captcha, this is for security/abuse purposes, you can just reset your Tor circuit and it should allow Captcha verification.

If you want to upgrade your account you can just pay with cash.

This seems to be a very common reason that people say they don’t want to use/trust Proton. It is a very valid reason. Although, as I have said in other threads, Proton is deigned to be a privacy-focused Google suite alternative which is why they have many services in one.

You also have the option to only use the service/services you want. The only exception is you have to have a Mail account as it is the base of your Proton account, but you can just not use it for anything other than managing that Proton account.

At the end of the day, people will trust/not trust different services than others. It is always your choice of what/who you trust or don’t trust

Agree, but its ALL parties, not just one. Two (or more) sides of the same corrupt coin.

Lets keep this discussion non-political.

Life is political, my friend. Life, business, politics & technology are interdependent. We can walk and chew gum at the same time.

That does not mean that personal opinions about sensitive political topics belong in a tech discussion.

… and still, hating on some new sneakers in a thread about watermelon-flavoured chewing gum is out of place.

There are political and social opinions throughout the posts on this board- from beginning until today. @FreeMind didn’t create a thread specifically about a “sensitive personal topic”. And they had 12 other comments that others addressed/debated/discussed. The final comment hasn’t been discussed by anyone else- one comment in a sea of discussion. Easily would have stayed that way had you not chosen to interject into a discussion you weren’t otherwise participating in other than to censor.

“Sensitive political topics” are in the eye of the beholder. And, to me, privacy and security are sensitive political topics themselves anyway. @FreeMind started the thread asking for thoughts on privacy, security, law-enforcement, etc. A forced government mandate certainly follows that. And a surveillance, censored, nanny state is not possible without the technologies discussed in this thread and throughout this forum.

Again:

It all goes hand-in-hand.

Maybe a more appropriate response for you would be to either ignore and move on or explain why you disagree. Whatever happened to the value of airing out differences in healthy debate/discussion? It’s possible and is evident in this very thread on a host of points.

What isn’t possible is to bubble-wrap every corner of the internet so some (the overly sensitive?) don’t get inadvertently triggered. We can stay on point without lengthy off-topic tangents (and this wasn’t one). Enumerating badness, then compounding that failed strategy (Twitter, YouTube, FB, etc) by attempting to censor it is not a strategy Techlore has employed up until this point. I respect and value that.

Good, supported points live on. Weak, unsupported points do not. The only variable is time. Censorship is at the top of my threat model because it fertilizes the lifespan of bad ideas and tragic events that sometimes follow.