Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

ProtonMail announced that its Tor Hidden Service is online

The popular encrypted email provider ProtonMail has launched the Tor Hidden Service to provide further protection to its users. ProtonMail is the world’s largest encrypted email provider with over 2 million users worldwide. Its popularity exploded just after the US presidential election, its users include journalists, activists, businesses, and normal people that want to protect their […]

protonmail

The popular encrypted email provider ProtonMail has launched the Tor Hidden Service to provide further protection to its users.

ProtonMail is the world’s largest encrypted email provider with over 2 million users worldwide. Its popularity exploded just after the US presidential election, its users include journalists, activists, businesses, and normal people that want to protect their security and privacy. The service is a free and open source, featuring strong end-to-end encryption and protected by Swiss privacy laws.

Implementing a Tor hidden service for ProtonMail Tor has numerous advantages for end-users, communications are protected by supplementary layers of encryption, user’ IP address is masqueraded by the anonymizing network, and such kind of service is able to bypass government censorship.

“There are several reasons why you might want to use ProtonMail over Tor. First, routing your traffic to ProtonMail through the Tor network makes it difficult for an adversary wiretapping your internet connection to know that you are using ProtonMail. Tor applies extra encryption layers on top of your connection, making it more difficult for an advanced attacker to perform a man-in-the-middle attack on your connection to us. Tor also makes your connections to ProtonMail anonymous as we will not be able to see the true IP address of your connection to ProtonMail.”  a onion site,” ProtonMail explained in a blog post.

“Tor can also help with ProtonMail accessibility. If ProtonMail becomes blocked in your country, it may be possible to reach ProtonMail by going to our onion site. Furthermore, onion sites are “hidden” services in the sense that an adversary cannot easily determine their physical location. Thus, while protonmail.com could be attacked by DDoS attacks, protonirockerxow.onion cannot be attacked in the same way because an attacker will not be able to find a public IP address.”

The onion address for the ProtonMail Tor service:

https://protonirockerxow.onion

Just for curiosity, the above address was generated by the company used spare CPU capacity to generate millions of encryption keys and then hashed them aiming to generate a more human readable hash. The address it can be easily remembered as:

proton i rocker xow

ProtonMail

ProtonMail published detailed instructions on how to setup Tor and how to access the service over Tor. For example, in order to use the ProtonMail hidden service is it necessary to enable Javascript.Tor Browser disables Javascript by default, but you will need it for our onion site. You can do this by clicking the “NoScript” button and selecting “Temporarily allow all this page”:

“Tor Browser disables Javascript by default, but you will need it for our onion site. You can do this by clicking the “NoScript” button and selecting “Temporarily allow all this page”” reads the ProtonMail page.

The ProtonMail hidden service only accepts HTTPS connections, it uses a digital certificate issued by Digicert, the same CA used by Facebook for its Tor hidden service.

The ProtonMail hidden service could be reached via a desktop web browser and both iOS and Android apps.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – ProtonMail, Tor)