Olivia
Online
Hasu 🎏
@apertureless
Ronin 👺
Joined March 2009
813 Following
554 Followers
19.9K Posts
Welcher Serveradmin? Der den den lokalen BLE (Bluetooth Low Energy) Server verwaltet? Was ein Schwachsinn.
Für Nicht-ITler: Nutzerzahlen muss man nicht umständlich ermitteln.
Der Serveradmin sieht die Nutzerzahlen live und kann eine Auswertung nach Woche oder Monat in einer Minute erstellen.
Das bedeutet mit 100% Garantie, die hatten kaum Nutzer, sonst hätten sie veröffentlicht.
Haha wow. @HP_Deutschland ist so ein Scam. Man braucht einen ONLINE account um seinen scanner zu nutzen.
Bounty increased to $5,000
@ProtonPrivacy @Stric_Nine 22/August, a Friday. @ProtonPrivacy I get it that you guys are dealing with tons of abuse. Let's learn from this so that this doesnt happen to others. We are here to help. Let's fix the "appeal process" (it's not working) and please share the CERT request. Pinky-promise?
Who to follow
Stormsong - Drednort
@machinium_uk
Indie game developer and Dad.. and maybe machine. Loves pixels, tolerates humanity. Working on games for PC, mobile and consoles.
AccelerateByte | App & Website Development
@acceleratebyte
🚀 AccelerateByte
💻 Websites & Mobile Apps that convert
⚡ Fast • Scalable • High-performance
📩 DM to start your project
Fernando Wobeto
@fernandowobeto
Analista de Sistemas / Desenvolvedor PHP / Terrabolista
Hey @ProtonPrivacy, why are you cancelling journalists and ghosting us. Need help calibrating your moral compass❓
First therapy session is for free 😘
Regarding https://t.co/Toz8DASGAJ
New submission. @phrack Congrats @ProtonPrivacy I know @TutaPrivacy will r/t lol.
==Phrack Inc.==
Volume 0x11, Issue 0x49, Phile #0x09 of 0x12
|=------------------------------------------------=|
|=--=[ PHRACK PROPHILE ON ProtonMail ]=--=|
|=------------------------------------------------=|
|=---------------=[ Phrack Staff ]=---------------=|
|=------------------------------------------------=|
|=---=[ Specs
Name: Proton AG (formerly ProtonMail)
Handle: ProtonMail, Proton
Handle origin: "Proton" from CERN proximity marketing
AKA: "Swiss Privacy Company" (contested)
Country: Switzerland (incorporation) / Global (operations)
Website: https://t.co/DwGgdlR1I0
GitHub: ProtonMail (selectively open source)
Founded: 2013
|=---=[ Background
Proton Mail launched in 2013 riding the Snowden wave, marketing themselves as the "secure email" solution based in privacy-friendly Switzerland. Founded by CERN scientists, they leveraged that academic credibility hard.
Initial crowdfunding raised $550k from privacy advocates who believed the pitch.
The reality check started September 2021 when they logged French climate activist IP addresses for Swiss authorities, contradicting their "no logs"
marketing.
They retroactively edited their privacy policy after getting caught. Their defense?
"We never said we don't log IPs under legal orders" - except they literally did in their marketing materials.
|=---=[ Technical Architecture
Client-side encryption using OpenPGP.js - except:
- Webmail serves JavaScript that could be backdoored per-user
- Mobile apps are closed source blobs
- Bridge software for desktop clients: partially open
- No reproducible builds for verification
- Zero-access encryption claim relies on trusting their servers
The "Swiss privacy" angle? Switzerland has mutual legal assistance treaties
(MLATs) with 70+ countries. They're also not EU, meaning no GDPR protection.
Their Zug incorporation is more about taxes than privacy.
|=---=[ Compliance Track Record
2021: Logged French activist IPs, led to arrests
2022: Suspended accounts flagged by Europol without user notification
2023: Confirmed providing recovery emails to authorities
2024: Implemented automated scanning for "illegal content"
2025: Mass suspension of Korean journalists/whistleblowers (June)
2025: Account terminations without explanation (August-September)
Pattern: Claim technical inability to comply, then comply anyway when
pressured. Their transparency reports show thousands of data requests
honored annually.
|=---=[ The Whistleblower Problem
August 15, 2025: Proton disables account used by anonymous source providing
documentation about Korean government surveillance programs.
August 16, 2025: Multiple journalists report suspended accounts after
receiving leaked documents about Ministry of Unification operations.
Proton's response: "Terms of Service violation" with zero specifics. Appeals
process: Kafka-esque bureaucracy requiring government ID to restore
"anonymous" accounts.
The KISA (Korea Internet & Security Agency) connection appears in their
compliance logs but Proton refuses to confirm or deny specific government
requests. Classic transparency theater.
|=---=[ Business Model Reality
"Free" tier: You're the product being sold as "privacy-conscious users"
Paid tiers: $120-360/year for basic functionality
VPN bundle: Separate subscription because synergy is expensive
Drive/Calendar: Half-baked addons to justify price increases
Venture funding: $17M from Charles River Ventures and FONGIT
Translation: Your "privacy company" answers to VCs who need ROI.
Marketing budget dwarfs security audits 10:1.
They spend more on YouTube sponsorships, than on reproducible build infrastructure.
|=---=[ Security Theater Examples
"End-to-end encrypted": Only between Proton users. External email? Plaintext.
"Zero-access encryption": They generate and store your private keys.
"Anonymous signup": Requires SMS or payment verification.
"Onion site": Serves the same backdoorable JavaScript.
"Open source": Core components only, apps remain closed.
PGP implementation quirks that break compatibility with standard clients because "enhanced security" sounds better than vendor lock-in.
|=---=[ Alternative Reality Check
Proton positions itself as the privacy alternative while:
- Operating centralized infrastructure (single point of failure/surveillance)
- Requiring trust in their good intentions
- Actively complying with government requests
- Preventing users from verifying security claims
- Marketing to dissidents while cooperating with their prosecutors
Real alternatives require:
- Self-hosted infrastructure
- Federated protocols
- Client-side encryption with user-controlled keys
- No single entity controlling the service
|=---=[ The 2025 Incident Analysis
The pattern is clear: Proton receives government request, suspends accounts, claims ToS violation, provides no evidence, demands government ID for appeals.
The infrastructure knows who you are (payment info, IP logs under "legal compulsion", device fingerprints) while marketing anonymity.
When confronted, they pivot to legalese about Swiss law requirements while continuing to market themselves as the privacy solution. The cognitive dissonance is profitable.
|=---=[ Bottom Line
Proton Mail is security theater for people who want to feel protected without doing the work. They're a centralized email provider with good marketing and
selective compliance with government requests.
Using Proton for sensitive communications is like using a "privacy VPN" that logs everything - technically encrypted, practically surveilled, definitely
not what was advertised.
Want actual security? Run your own infrastructure. Can't? Then understand you're trusting someone else's promise, and Proton has repeatedly shown their
promises are marketing copy, not operational reality.
The Swiss privacy paradise is a myth.
Proton is just Gmail with better marketing and higher prices.
At least Google is honest about reading your
email.
|=---=[ References
- Swiss Federal Act on International Mutual Assistance in Criminal Matters
- Proton Transparency Reports (note the careful wording)
- Case No. 2021/7689 (Paris Court of Appeal)
- MLAT agreements database
- Their own blog posts contradicting their marketing
- Warrant canary: Conspicuously absent
Kill the mythology. Email is fundamentally broken for privacy.
Proton is just monetizing the cope.
|=-------------------------------------------------=|
@Lucile187 @i_burgerin @pamabu Ja nur als Selbständiger musst du von dem Geld auch vollständig deine Krankenversicherung bezahlen, Rentenversicherung, Gewerbeversicherung, Arbeitslosenversicherung, Betriebshaftpflicht, Arbeitsmaterial (Laptop, Stuff usw) Und auch Steuern. Da bleibt weniger als man denkt übrig.
I just hacked multiple @lovable 'top launched' sites
Wait—what?
In less time than it took me to finish my lunch (47 mins), I extracted from live production apps:
💰Personal debt amounts
🏠Home Addresses
🗝️API keys (admin access)
🔥Spicy Prompts
Screenshots in thread 🧵
Not as a hacker - as a curious dev with 15 lines of Python.
This isn't a breach story (I reported it), this is a wake-up call.
Be cautious which 'vibe coder' you trust with your personal data.
Legendary meme 🤞🏻🥂
This is Thomas Seyfried.
He’s a professor of biology, who’s studied cancer for 30+ years.
His message? Cancer isn’t bad genes or bad luck—it’s damaged mitochondria.
This flips everything you’ve been told about how to treat & prevent cancer: 🧵
How to outsmart 95% of the people around you using 10 AI Tools:
Bookmark or Regret Later👇
@nonsenses1983 @grok @realMaalouf The full story is, that she attacked the man with the knife AFTER the incident. She defended herself and after the attack stopped she pulled out the knife and gone after him. Thats why its not clear self defense under german law.
new paper on a vulnerability discovered in React Router, resulting from a collaboration with @inzo____ that led to CVE-2025-31137;
React Router and the Remix'ed path
https://t.co/LMiqASwZnf
good reading
You know nothing about the Real Vibe Coding if you never watched tokyospliff's gamedev streams
sipping coffee while https://t.co/zPB6ecduf3 overflows a binary
They told Europe "you can't compete with SpaceX."
But a new Munich startup just raised €350M to prove everyone wrong.
Now their Spectrum rocket is set to make history as Europe's FIRST commercial orbital launch.
How Isar Aerospace is rewriting Europe's space future 🧵:
FFmpeg makes extensive use of hand-written assembly code for huge (10-50x) speed increases and so we are providing assembly lessons to teach a new generation of assembly language programmers.
Learn more here:
https://t.co/u6MKBb3Xbk
the research paper is out:
Next.js and the corrupt middleware: the authorizing artifact
result of a collaboration with @inzo____ that led to CVE-2025-29927 (9.1-critical)
https://t.co/GZkbnr6o9H
enjoy the read!
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.2M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers