Hasu 🎏

Welcher Serveradmin? Der den den lokalen BLE (Bluetooth Low Energy) Server verwaltet? Was ein Schwachsinn.

Haha wow. @HP_Deutschland ist so ein Scam. Man braucht einen ONLINE account um seinen scanner zu nutzen.

Bounty increased to $5,000

@ProtonPrivacy @Stric_Nine 22/August, a Friday. @ProtonPrivacy I get it that you guys are dealing with tons of abuse. Let's learn from this so that this doesnt happen to others. We are here to help. Let's fix the "appeal process" (it's not working) and please share the CERT request. Pinky-promise?

Hey @ProtonPrivacy, why are you cancelling journalists and ghosting us. Need help calibrating your moral compass❓ First therapy session is for free 😘 Regarding #article" target="_blank" rel="nofollow noopener">phrack.org/issues/72/7_md…

New submission. @phrack Congrats @ProtonPrivacy I know @TutaPrivacy will r/t lol. ==Phrack Inc.== Volume 0x11, Issue 0x49, Phile #0x09 of 0x12 |=------------------------------------------------=| |=--=[ PHRACK PROPHILE ON ProtonMail ]=--=| |=------------------------------------------------=| |=---------------=[ Phrack Staff ]=---------------=| |=------------------------------------------------=| |=---=[ Specs Name: Proton AG (formerly ProtonMail) Handle: ProtonMail, Proton Handle origin: "Proton" from CERN proximity marketing AKA: "Swiss Privacy Company" (contested) Country: Switzerland (incorporation) / Global (operations) Website: proton.me GitHub: ProtonMail (selectively open source) Founded: 2013 |=---=[ Background Proton Mail launched in 2013 riding the Snowden wave, marketing themselves as the "secure email" solution based in privacy-friendly Switzerland. Founded by CERN scientists, they leveraged that academic credibility hard. Initial crowdfunding raised $550k from privacy advocates who believed the pitch. The reality check started September 2021 when they logged French climate activist IP addresses for Swiss authorities, contradicting their "no logs" marketing. They retroactively edited their privacy policy after getting caught. Their defense? "We never said we don't log IPs under legal orders" - except they literally did in their marketing materials. |=---=[ Technical Architecture Client-side encryption using OpenPGP.js - except: - Webmail serves JavaScript that could be backdoored per-user - Mobile apps are closed source blobs - Bridge software for desktop clients: partially open - No reproducible builds for verification - Zero-access encryption claim relies on trusting their servers The "Swiss privacy" angle? Switzerland has mutual legal assistance treaties (MLATs) with 70+ countries. They're also not EU, meaning no GDPR protection. Their Zug incorporation is more about taxes than privacy. |=---=[ Compliance Track Record 2021: Logged French activist IPs, led to arrests 2022: Suspended accounts flagged by Europol without user notification 2023: Confirmed providing recovery emails to authorities 2024: Implemented automated scanning for "illegal content" 2025: Mass suspension of Korean journalists/whistleblowers (June) 2025: Account terminations without explanation (August-September) Pattern: Claim technical inability to comply, then comply anyway when pressured. Their transparency reports show thousands of data requests honored annually. |=---=[ The Whistleblower Problem August 15, 2025: Proton disables account used by anonymous source providing documentation about Korean government surveillance programs. August 16, 2025: Multiple journalists report suspended accounts after receiving leaked documents about Ministry of Unification operations. Proton's response: "Terms of Service violation" with zero specifics. Appeals process: Kafka-esque bureaucracy requiring government ID to restore "anonymous" accounts. The KISA (Korea Internet & Security Agency) connection appears in their compliance logs but Proton refuses to confirm or deny specific government requests. Classic transparency theater. |=---=[ Business Model Reality "Free" tier: You're the product being sold as "privacy-conscious users" Paid tiers: $120-360/year for basic functionality VPN bundle: Separate subscription because synergy is expensive Drive/Calendar: Half-baked addons to justify price increases Venture funding: $17M from Charles River Ventures and FONGIT Translation: Your "privacy company" answers to VCs who need ROI. Marketing budget dwarfs security audits 10:1. They spend more on YouTube sponsorships, than on reproducible build infrastructure. |=---=[ Security Theater Examples "End-to-end encrypted": Only between Proton users. External email? Plaintext. "Zero-access encryption": They generate and store your private keys. "Anonymous signup": Requires SMS or payment verification. "Onion site": Serves the same backdoorable JavaScript. "Open source": Core components only, apps remain closed. PGP implementation quirks that break compatibility with standard clients because "enhanced security" sounds better than vendor lock-in. |=---=[ Alternative Reality Check Proton positions itself as the privacy alternative while: - Operating centralized infrastructure (single point of failure/surveillance) - Requiring trust in their good intentions - Actively complying with government requests - Preventing users from verifying security claims - Marketing to dissidents while cooperating with their prosecutors Real alternatives require: - Self-hosted infrastructure - Federated protocols - Client-side encryption with user-controlled keys - No single entity controlling the service |=---=[ The 2025 Incident Analysis The pattern is clear: Proton receives government request, suspends accounts, claims ToS violation, provides no evidence, demands government ID for appeals. The infrastructure knows who you are (payment info, IP logs under "legal compulsion", device fingerprints) while marketing anonymity. When confronted, they pivot to legalese about Swiss law requirements while continuing to market themselves as the privacy solution. The cognitive dissonance is profitable. |=---=[ Bottom Line Proton Mail is security theater for people who want to feel protected without doing the work. They're a centralized email provider with good marketing and selective compliance with government requests. Using Proton for sensitive communications is like using a "privacy VPN" that logs everything - technically encrypted, practically surveilled, definitely not what was advertised. Want actual security? Run your own infrastructure. Can't? Then understand you're trusting someone else's promise, and Proton has repeatedly shown their promises are marketing copy, not operational reality. The Swiss privacy paradise is a myth. Proton is just Gmail with better marketing and higher prices. At least Google is honest about reading your email. |=---=[ References - Swiss Federal Act on International Mutual Assistance in Criminal Matters - Proton Transparency Reports (note the careful wording) - Case No. 2021/7689 (Paris Court of Appeal) - MLAT agreements database - Their own blog posts contradicting their marketing - Warrant canary: Conspicuously absent Kill the mythology. Email is fundamentally broken for privacy. Proton is just monetizing the cope. |=-------------------------------------------------=|

@Lucile187 @i_burgerin @pamabu Ja nur als Selbständiger musst du von dem Geld auch vollständig deine Krankenversicherung bezahlen, Rentenversicherung, Gewerbeversicherung, Arbeitslosenversicherung, Betriebshaftpflicht, Arbeitsmaterial (Laptop, Stuff usw) Und auch Steuern. Da bleibt weniger als man denkt übrig.

@i_burgerin @pamabu Ich weiß nicht machen die ihre Verträge nicht schriftlich? Aber wer fast 4k bekommt für 12 Stunden Arbeit die Woche und es Maul aufreißt, denn schlage ich vor für ein Viertel ja für denn Mindestlohn zu arbeiten 40-50 Stunden die Woche. So ein faules geldgeiles Pack

3.5 K für einen Cutter - Bro! Ist jetzt nicht wenig. #Papaplatte klaut @pamabu seinen Kanal - äh, setzt Prioritäten durch "Umverteilung" und redet sich hier um Kopf und Kragen. Am Ende geht es ihm nur ums Geld. Schei* Kapitalismus!

@0xsero @levelsio I love Poland. But no, healthcare is not extreme high quality.

Poland is the best country to live in Europe right now: - Taxes are very reasonable (12% for self employed IT). - Healthcare is free, extremely high quality, and the private sector is cheap and fast. - Huge tech scene, Google, microsoft, Meta, Amazon, Netflix, and a lot of startups - People are very open and cool, never had an issue with a Polish person. If you're ever around visit linktr.ee/warsawinternat…

It's definitely Poland's century I hope the center and thus the power of Europe shifts east towards Poland Because they seem to be the most sane and well thinking Europeans out there right now Niech żyje Polska!

Die Mathematik-Fakultät schreibt 2025 verbindlich die Nutzung arabischer Zahlen in allen Hausarbeiten und Prüfungen vor. Wie würdet Ihr damit umgehen?

I just hacked multiple @lovable 'top launched' sites Wait—what? In less time than it took me to finish my lunch (47 mins), I extracted from live production apps: 💰Personal debt amounts 🏠Home Addresses 🗝️API keys (admin access) 🔥Spicy Prompts Screenshots in thread 🧵 Not as a hacker - as a curious dev with 15 lines of Python. This isn't a breach story (I reported it), this is a wake-up call. Be cautious which 'vibe coder' you trust with your personal data.

Legendary meme 🤞🏻🥂

This is Thomas Seyfried. He’s a professor of biology, who’s studied cancer for 30+ years. His message? Cancer isn’t bad genes or bad luck—it’s damaged mitochondria. This flips everything you’ve been told about how to treat & prevent cancer: 🧵

How to outsmart 95% of the people around you using 10 AI Tools: Bookmark or Regret Later👇

@nonsenses1983 @grok @realMaalouf The full story is, that she attacked the man with the knife AFTER the incident. She defended herself and after the attack stopped she pulled out the knife and gone after him. Thats why its not clear self defense under german law.

@grok @realMaalouf Thanks so part of it is in level of rumors

GERMANY: A young girl was attacked by an Eritrean man who tried to rob and rape her. She defended herself with a knife and fatally wounded the attacker. Her trial has begun, and she is now facing charges of ‘intentional bodily harm resulting in death’.

new paper on a vulnerability discovered in React Router, resulting from a collaboration with @inzo____ that led to CVE-2025-31137; React Router and the Remix'ed path zhero-web-sec.github.io/research-and-t… good reading

You know nothing about the Real Vibe Coding if you never watched tokyospliff's gamedev streams

sipping coffee while autogdb.io overflows a binary

They told Europe "you can't compete with SpaceX." But a new Munich startup just raised €350M to prove everyone wrong. Now their Spectrum rocket is set to make history as Europe's FIRST commercial orbital launch. How Isar Aerospace is rewriting Europe's space future 🧵:

FFmpeg makes extensive use of hand-written assembly code for huge (10-50x) speed increases and so we are providing assembly lessons to teach a new generation of assembly language programmers. Learn more here: github.com/FFmpeg/asm-les…

the research paper is out: Next.js and the corrupt middleware: the authorizing artifact result of a collaboration with @inzo____ that led to CVE-2025-29927 (9.1-critical) zhero-web-sec.github.io/research-and-t… enjoy the read!