With only a week until its Indiegogo campaign comes to a close, ProtonMail has raised $382,334 from 7,447 backers. This news is somewhat surprising due this week’s rumored XSS issues.
On Wednesday (July 9), the ProtonMail team took to their blog to address a recent report stating that the website is prone to being susceptible to a XSS (cross site scripting) issue. The team wrote, “ProtonMail is constantly making security improvements through our beta process and we appreciate all the assistance we have received from the community in helping us make ProtonMail better. The concept of encrypting on the client side is a relatively new one and comes with its own security challenges which we are working diligently to tackle.”
They continued, “The ProtonMail security team has reviewed the video and confirmed that this particular security issue is not present on the live version of ProtonMail. The video is showing an earlier development version of ProtonMail that was originally released on May 10th, 2014 for limited testing, and is not used in the current production systems.”
The team also shared new release notes.
New Features include:
- The monthly message limit on all accounts ha s ben increased to 1000.
- Changed login password hashing algorithm (backend)
They also shared known issues, which are the following
- Login password issues may appear in some older accounts due to changes in password hashing method.
- Multiple attachments not properly supported.
- Mobile and Tablet not yet fully supported.
- Attachments are not encrypted.
These updates come just a week after the team revealed the drama between ProtonMail and PayPal. As previously reported by Crowdfund Insider, the ProtonMail team wrote, “This morning, we received an email and telephone call from PayPal notifying us that our account has been restricted pending further review. At this time, it is not possible for ProtonMail to receive or send funds through PayPal. No attempt was made by PayPal to contact us before freezing our account, and no notice was given.”
“Like many others, we have all heard the PayPal horror stories, but didn’t actually think it would happen to us on our campaign since PayPal promised, very recently, to improve their policies. Unfortunately, it seems those were hollow promises as ProtonMail is now the latest in a long string of crowdfunding campaigns to be hit with account freezes.”
The team also addressed that they have discussed the issue with the payment website, but didn’t really get any answers. “When we pressed the PayPal representative on the phone for further details, he questioned whether ProtonMail is legal and if we have government approval to encrypt emails. We are not sure which government PayPal is referring to, but even the 4th Amendment of the U.S. constitution guarantees: ‘The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures…'”
There is yet to be a reported responsible about the issue.
Have a crowdfunding offering you'd like to share? Submit an offering for consideration using our Submit a Tip form and we may share it on our site!