Hacker Newsnew | past | comments | ask | show | jobs | submitlogin



Sad to say, Proton's onion service is for their old version. Proton has recently rolled out a new updated version of their service, and as far as I'm aware they don't offer a Tor onion service for that newer version.

So Proton users who like to connect via Tor onion services have been faced with a choice of either staying on the old version of ProtonMail, or giving up on connecting via a Tor onion service. It definitely leaves the impression that they don't care much about Tor anymore, or that it's at best an afterthought for them.


I tested this, and you're right: Their Tor service runs the (in my opinion nearly as usable) older version.

It's plausible that Proton does not care about their Tor service, but there may be another reason: The new version relies more on Javascript code than their old version, and a Tor user is more likely to browse with scripts disabled than a regular user. Proton may be holding back the rollout of the newer version until they have tested it more without Javascript. This is only a hypothesis, and I came up with it just now; take it for what it is.


Tor + Scripts is not good. You're probably right on why there isn't a newer version on their onion service.


I don't think you can use Proton without JS. You need JS for cryptography; the emails get encrypted/decrypted/signed/verified on client-side.


Of course; should have been obvious.

Perhaps there is a greater reliance on scripts in the new version, but this makes it seem more likely that they've abandoned the Tor version.


I use proton-bridge and a normal email client, although I've never tried to use it with Tor.


I bet they initially configured it when Onion Routing was the new buzzword, and then lost interest when it wasn't the New Thang anymore.


Thanks. I thought they must.

https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7... is the URL that people should be using with Tor if they are concerned with being traced.

Using Tor to access a regular web site, ie: through an exit node, is (nearly) no different than using a proxy. Just assume all exit nodes are "naughty" and do your thing accordingly.


HN: Be careful when visiting Tor links that are suggested anywhere. There are many malicious clones of popular websites


For the record, that comes from GP's link to the ProtonMail website. But you are correct. Verify before clicking anything like that.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: