Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
I’m not sure how I feel about this news story.
On the one side, it’s good to make sure people are aware of the limitations of secure email providers. However on the other the article almost reads as of this should be a surprise to people?
I use Proton mail and pay for my account. I don’t pay for anonyminity - I pay for privacy. They are two very different things.
The article talks about Opsec (operational security) and they’re right - if you need anonyminity then don’t use your personal apple email as a recovery address. That is a flaw in the user approach and expectations that unencrypted data held by Proton is also “secure”. Your basic details and your IP address are going to be recorded and available to law enforcement. Use a VPN or Tor to access the service and use another untraceable email for recovery, and pay via crypto if you want true anonymity. And even then there are other methods of anonymous or untraceable secure email that may be better than Proton mail (such as self hosted).
But for most users like myself, if you’re not looking for anonyminity then Proton is fine as is. My email address is my name and I use it to keep my emails secure and not snooped on by Google etc.
Proton advertises itself as private, secure and encrypted. It does not claim to offer anonymity.
All valid points made in an academic setting. I think the general consensus, and the points other users are trying to make, involve more transparency and proper presenting of the facts in their statements. I have parroted the “oh you should try proton, they’re more private and secure” to other people. This is a factual but misleading statement without the nuance of higher OPSEC fundamentals.
Just look at their main landing page for proton mail.
Proton Mail’s end-to-end encryption and zero-access encryption ensure only you can see your emails. Not even Proton can view the content of your emails and attachments.
Proton Mail protects you from these digital spies and prevents companies from monitoring you.
your data is protected by some of the world’s strictest privacy laws.
From newsrooms, activists, and international organizations to academics, Nobel Prize winners, and movie characters, Proton Mail is the trusted choice for secure and private communication. Join over 100 million people worldwide who believe their online privacy is worth protecting.
A common user will look at this and believe that by just having this account, they will be protected. There is no asterisk* beside e-mail recovery explaining the dangers of linking to another e-mail. In fact, a lot of their services promote linking e-mail because you can’t use third party verification if you haven’t setup your recovery e-mail and/or cell phone verification. I ran into this trying to help an older relative who’s paranoid about online accounts, ended up being more hoops and they were dissuaded because it always come down to “enter more information to continue…privately ;)”
The front landing page should have a section explaining everything that’s being said here with vpn’s, alternative e-mails, and how to really protect yourself with anonymity. To a lot of people, Private+Secure=Anonymous. It’s not accurate, but unless you already know the things you have to do to protect your identity, it’s not very clear on what the average person should do.
Proton is the only one I know of who takes mailed cash.
This was all an opsec problem. And not even an “exposed my ip address because a software bug leaked it” it was an “here’s my usual email address in case I get locked out”.
The cops didn’t need to break into proton email. They just asked the backup email address for that stuff.
Proton accepts payments via postal mail you mean ? Posteo and mailbox.org do that.