[Cryptography] ProtonMail accessible via Tor onion site

Henry Baker hbaker1 at pipeline.com
Fri Jan 20 10:44:04 EST 2017 

FYI --

https://techcrunch.com/2017/01/19/protonmail-adds-tor-onion-site-to-fight-risk-of-state-censorship/

https://protonmail.com/support/knowledge-base/tor-setup/

ProtonMail adds Tor onion site to fight risk of state censorship

Posted yesterday by Natasha Lomas (@riptari)

Swiss-based PGP end-to-end encrypted email provider, ProtonMail, ***now has an onion address,*** allowing users to access its service via a direct connection to the Tor anonymizing network ­ in what it describes as an active measure aimed at defending against state-sponsored censorship.

...

Users of the Tor browser can now reach ProtonMail directly using its new onion address:
https://protonirockerxow.onion

...

Users accessing ProtonMail via Tor will have their connections anonymized ­ meaning the email service won’t be able to see (and thus couldn’t be forced to divulge) their true IP address.

...


The onion site also provides ***end-to-end authentication,*** which ProtonMail says helps mitigate some of the weaknesses with the existing Certificate Authority (CA) system that’s used across much of the Internet ­ pointing out that many CAs are trusted by default and some can be under direct government control.  For this reason it's also using an onion site with HTTPS only ­ also as a backup in case Tor itself is ever compromised.

"If someday Tor were to be compromised, enforcing HTTPS adds another layer of security for the end user.  Similarly, Tor also provides security in case HTTPS is compromised.  The notion of HTTPS being compromised is one that we take seriously, considering that there are hundreds of CAs that are trusted by default, with many of them under direct government control in high risk countries," it writes in a blog about the launch.

"Thus, by using our onion site, your emails are protected by three layers of end-to-end encryption, there’s Tor’s encryption on the outer layer, HTTPS in the middle layer, and PGP as the final layer of defense for the emails themselves."

More information about the cryptography mailing list