Am 05.08.23 um 06:00 schrieb Proton Manager:
Proton Pass is now available for everyone.
As the name suggests, Proton Pass is an encrypted password manager, one
of the most highly demanded services from the Proton community in our annual surveys. <https://proton.me/pass/download>
X-posting over four groups with a fake identity?
Even worse: Using one of the worst Troll-servers.
Not really helping your case ...
Path: news.solani.org!!weretis.net!reader5.news.weretis.net!feeder8.news.weretis.net!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
Organization: Aioe.org NNTP Server
Jörg Lorenz <hugybear@gmx.ch> wrote:
Am 05.08.23 um 06:00 schrieb Proton Manager:
Proton Pass is now available for everyone.
As the name suggests, Proton Pass is an encrypted password manager, one
of the most highly demanded services from the Proton community in our
annual surveys. <https://proton.me/pass/download>
X-posting over four groups with a fake identity?
Even worse: Using one of the worst Troll-servers.
Not really helping your case ...
Well, he's not actually *using* "one of the worst Troll-servers", but *faking* that he's using it:
Path: news.solani.org!!weretis.net!reader5.news.weretis.net!feeder8.news.weretis.net!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
Organization: Aioe.org NNTP Server
I.e. using news.eternal-september.org, but faking Aioe.org (which is
no longer online).
Frank Slootweg <this@ddress.is.invalid> wrote:
Jörg Lorenz <hugybear@gmx.ch> wrote:
Am 05.08.23 um 06:00 schrieb Proton Manager:
Proton Pass is now available for everyone.
As the name suggests, Proton Pass is an encrypted password manager, one >>> of the most highly demanded services from the Proton community in our
annual surveys. <https://proton.me/pass/download>
X-posting over four groups with a fake identity?
Even worse: Using one of the worst Troll-servers.
Not really helping your case ...
Well, he's not actually *using* "one of the worst Troll-servers", but *faking* that he's using it:
Path: news.solani.org!!weretis.net!reader5.news.weretis.net!feeder8.news.weretis.net!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
Organization: Aioe.org NNTP Server
I.e. using news.eternal-september.org, but faking Aioe.org (which is
no longer online).
Where in the PATH header is an AIOE node? The injection node is the
first node after which each subsequent peering host gets prepended as a
node in PATH, so the route is read right to left. You mention him
faking using AIOE, but you also show the PATH header in your claim. The
PATH header is not involved in him faking his injection node.
"he's not actually *using* "one of the worst Troll-servers"
Proton Pass is now available for everyone.
As the name suggests, Proton Pass is an encrypted password manager, one
of the most highly demanded services from the Proton community in our
annual surveys. <https://proton.me/pass/download>
On 8/5/2023 11:31 AM, Frank Slootweg wrote:
"he's not actually *using* "one of the worst Troll-servers"
If you are trying to promote a piece of software that
relies on "trust", this is not a particularly good way to do it.
I presume the individual is a "de-moter" rather than a "pro-moter".
I guess my PostIt notes with the passwords written on it, is
safe for another year :-/
Paul
Frank Slootweg <this@ddress.is.invalid> wrote:
Jörg Lorenz <hugybear@gmx.ch> wrote:
Am 05.08.23 um 06:00 schrieb Proton Manager:
Proton Pass is now available for everyone.
As the name suggests, Proton Pass is an encrypted password manager, one >>> of the most highly demanded services from the Proton community in our
annual surveys. <https://proton.me/pass/download>
X-posting over four groups with a fake identity?
Even worse: Using one of the worst Troll-servers.
Not really helping your case ...
Well, he's not actually *using* "one of the worst Troll-servers", but *faking* that he's using it:
Path: news.solani.org!!weretis.net!reader5.news.weretis.net!feeder8.news.weretis.net!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
Organization: Aioe.org NNTP Server
I.e. using news.eternal-september.org, but faking Aioe.org (which is
no longer online).
Where in the PATH header is an AIOE node? The injection node is the
first node after which each subsequent peering host gets prepended as a
node in PATH, so the route is read right to left. You mention him
faking using AIOE, but you also show the PATH header in your claim. The
PATH header is not involved in him faking his injection node.
What he did do is use a non-blank Organization header that misleads to
him using AIOE. If the Organization header is absent (the client did
not include it) then the server may optionally add its own. If the
client did specify a non-blank Orgranization header, the server is to
step aside and keep the one the client specified. Why he uses a value
for the Organization header that has anything to do with his choice of
Usenet provider, real or not, is odd. He should pick a value that
relates to his presence.
The same goes for the Message-ID header: if absent from the client
submission then the server adds it, else if present in the client's submission then the server leaves it. ES uses <token@dont-email-me> for their server-added MID header; however, since he is faking the
Organization header he could be faking his MID header, too. Yet the
PATH header's injection node does show he submitted to the ES server.
There are some NNTP servers that permit pre-loading the PATH header.
The user can inject their own node into the PATH header, but the Usenet provider requires that same user to append "!<providernode>" to PATH, so
it still looks like "...!<usernode>!<providernode>". Yet, although the policy is to append the provider's domain to the user-added node, such
Usenet providers don't actually test submissions to enforce that policy. Providers that allow pre-loading the PATH header will permit their users
to lie about the injection node. Alt.net was one of these untrustworthy Usenet providers.
His Content-Language header also looks to be fake. It is for web
documents (pages), not Usenet posts. swiss is not a valid language tag.
For swiss, "CH" (Confoederatio Helvetica) would be somewhere in the
language tag which happens to also be the ccTLD (country code top-level domain) for Switzerland. The .swiss ccTLD got added in 2014 to
supplement the traditional .ch ccTLD, but .swiss is a TLD, not a
language tag since Switzerland has 4 national languages. For the Content-Language header to be viable, standard tags must be used, not
some user-specified arbitrary string. In addition, Content-Language is
an entity header added by the server but rarely used by clients, in
contrast to the Accept-Language header issued by web clients expresses
their language preference. In an HTML document to specify the language
for the page, use the lang attribute.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Language https://en.wikipedia.org/wiki/Language_code
While he presents a fake Organization header, he also chose to hide
which NNTP client he uses by not including the User-Agent header. Guess
he wants that to be a secret. Or, he used a web-based Usenet client,
like those many web-based (HTTP) forums that leech from Usenet to
pretend they have larger groups, and the HTTP-to-NNTP proxy doesn't
identify itself, and also adds the Content-Language header (with
incorrect value) which is inappropriate to Usenet.
While Proton Pass (https://proton.me/pass) is free, it only comes as a
web browser extension on desktop PCs. Available as Android or iOS app
for smartphones. While this has Proton Pass focused on passwords
entered via web browser, the Web is not the only only place you may use passwords.
Proton Pass is now available for everyone.
As the name suggests, Proton Pass is an encrypted password manager, one
of the most highly demanded services from the Proton community in our
On 8/4/23 23:00, Proton Manager wrote:
Proton Pass is now available for everyone.
As the name suggests, Proton Pass is an encrypted password manager, one
of the most highly demanded services from the Proton community in our
Does it store the decryption keys on the server with your passwords,
like proton's ``secure'' mail does?
Proton Manager wrote:
Proton Pass is now available for everyone.
As the name suggests, Proton Pass is an encrypted password manager, one
of the most highly demanded services from the Proton community in our
Does it store the decryption keys on the server with your passwords,
like proton's ``secure'' mail does?
Jesu Christo!
Who gives a damn 'bout all that crap?
I guess my PostIt notes with the passwords written on it, is
safe for another year :-/
Paul
As is my Rolodex :-)
Why would he bother faking aoie when there's nothing wrong with eternal september (especially given Paolo Amaroso shut down aioe.org long ago)?
Patron Saint wrote:
Why would he bother faking aoie when there's nothing wrong with eternal september (especially given Paolo Amaroso shut down aioe.org long ago)?
Maybe he chose to configure some unknown agent that way back in the past when he was using aioe; and then didn't bother to change it when he went to e-s. A stale config line.
Maybe he is/was an aioe 'supporter'/fan then.
I think that same line content was so stamped by aioe back when msg/s were posted via that server.
I just don't see the rationale for grasping at every shiny
piece of software that comes along. Password managers have
a pretty spotty history at the best of times. The bar is high
for those puppies.
On 8/19/2023 5:52 PM, Mike Easter wrote:
Patron Saint wrote:
Why would he bother faking aoie when there's nothing wrong with eternal
september (especially given Paolo Amaroso shut down aioe.org long ago)?
Maybe he chose to configure some unknown agent that way back in the past
when he was using aioe; and then didn't bother to change it when he went
to e-s. A stale config line.
Maybe he is/was an aioe 'supporter'/fan then.
I think that same line content was so stamped by aioe back when msg/s
were posted via that server.
This particular pattern has been done before, which means
odds are, the author of the post is a <cough> "regular".
I just don't see the rationale for grasping at every shiny
piece of software that comes along. Password managers have
a pretty spotty history at the best of times.
The bar is high
for those puppies.
Paul wrote:
I just don't see the rationale for grasping at every shiny
piece of software that comes along. Password managers have
a pretty spotty history at the best of times. The bar is high
for those puppies.
What makes 'sense' is what Proton is doing in their 'overall' scheme or mission.
They came up w/ a secure mail idea; they offered it free and wove it
into free/pay. They continued to enhance the 'value added' aspect of
that model via Tor and pgp, building their security reputation.
Then they expanded into VPN, free/pay, and did a good job of that. Now
there are more value added services, Calendar and Password mgr as part
of the larger package.
'Another' free pw mgr may not make sense from a 'freeware' perspective,
but as part of a much larger value added pay service it is another
attraction or 'leader' or 'bait' if one looks upon capitalism unkindly.
Proton has open-sourced most of what it does, because what it is really selling is the support and service, not the software.
If you know of a throw-away email domain that the VPN will accept, let me know as a VPN that you're logged into is just about the worse thing to do.
If you know of a throw-away email domain that the VPN will accept, let me
know as a VPN that you're logged into is just about the worse thing to do.
At the time I wanted to get a free Proton VPN, I didn't have any trouble finding a throwaway; but that is a 'dynamic' variable. Now the place I
used requires 'invites' and for all I know, maybe Proton doesn't even
take their email addies anymore. I don't really want to recommend it;
except to say that I didn't find it that hard to do.
(And) Depending on how 'obscure' and anonymous one wants to be, there
are all kinds of problems to overcome, not the least of which is
anonymizing your connectivity, such as 'free' connectivity which can be
hard to find.
On Sun, 20 Aug 2023 08:10:06 -0700, Mike Easter wrote:
Paul wrote:
I just don't see the rationale for grasping at every shiny
piece of software that comes along. Password managers have
a pretty spotty history at the best of times. The bar is high
for those puppies.
What makes 'sense' is what Proton is doing in their 'overall' scheme or
mission.
You seem to understand Proton's mission, but me, not understanding it, I do kind of agree with Paul that a free password manager has "issues" in that
if it is (what he calls) spotty, then you've just lost all your passwords.
You seem to understand Proton's mission, but me, not understanding it, I do >> kind of agree with Paul that a free password manager has "issues" in that
if it is (what he calls) spotty, then you've just lost all your passwords.
Only if you use the worst examples of pw managers. Good ones will cache
your pw database locally or you're in control of where it is. No risk from being "spotty".
Remember, this proton mail thing is a new product so we have to
assume it can be spotty (i.e., perhaps one of the worst examples of
pw managers).
This report describes the results of a security assessment of the
Proton complex, more specifically covering the Proton Pass mobile applications and browser addon, as well as the web application
and backend API endpoints. The project, which included
a penetration test and a wider review of the security posture, was
carried out by Cure53 in May 2023.
On Mon, 21 Aug 2023 07:04:59 -0000 (UTC), Chris wrote:
You seem to understand Proton's mission, but me, not understanding it, I do >>> kind of agree with Paul that a free password manager has "issues" in that >>> if it is (what he calls) spotty, then you've just lost all your passwords. >>Only if you use the worst examples of pw managers. Good ones will cache
your pw database locally or you're in control of where it is. No risk from >> being "spotty".
Remember, this proton mail thing is a new product so we have to assume it
can be spotty (i.e., perhaps one of the worst examples of pw managers).
Also there are two pw manager fundamental models, local and cloud storage. Model 1 = keepassxc => nothing leaves the local device, no account exists Model 2 = lastpass => everything is stored in an account on their servers
On Mon, 21 Aug 2023 07:04:59 -0000 (UTC), Chris <ithinkiam@gmail.com>
wrote:
Patron Saint <patron@saint.com> wrote:
On Sun, 20 Aug 2023 08:10:06 -0700, Mike Easter wrote:Only if you use the worst examples of pw managers. Good ones will cache
Paul wrote:
your pw database locally or you're in control of where it is. No risk from >> being "spotty".
You mean like the MS Word document I use?
On Mon, 21 Aug 2023 07:04:59 -0000 (UTC), Chris <ithinkiam@gmail.com>
wrote:
Patron Saint <patron@saint.com> wrote:
On Sun, 20 Aug 2023 08:10:06 -0700, Mike Easter wrote:Only if you use the worst examples of pw managers. Good ones will cache >your pw database locally or you're in control of where it is. No risk from >being "spotty".
Paul wrote:
You mean like the MS Word document I use?
Patron Saint <patron@saint.com> wrote:
On Sun, 20 Aug 2023 08:10:06 -0700, Mike Easter wrote:Only if you use the worst examples of pw managers. Good ones will cache
Paul wrote:
your pw database locally or you're in control of where it is. No risk from >being "spotty".
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 361 |
Nodes: | 16 (2 / 14) |
Uptime: | 123:23:24 |
Calls: | 7,716 |
Files: | 12,861 |
Messages: | 5,727,955 |