I’ve been using Proton Mail and VPN for a while now, and I’m just wondering how everyone else feels about them. I have this kind of inherent alight distrust of them just because they seem like they offer a lot for free and kind of have a Big Tech vibe about them, but there’s nothing for me to really substantiate that distrust with, its mostly just a feeling. That being said, I do use their services as mentioned and they work pretty well, even on the free teir. So aside from that one instance where they gave that guy’s info to the feds, is there any reason not to trust them with my data?
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
more than google
Actually… this is the only internet privacy company that I trust. I just hope that they start to deliver new products and apps faster… especially on Android, so that we can de-Google our lives as much as possible.
deleted by creator
Yeah I would trust them. But I don’t think I would use them because I just find their mail service to have too much friction in a lack of interoperability with clients unless you not only pay money, but also download a whole extra program just to decrypt your email. It’s essentially a walled garden
Let’s say that I trust Swiss laws more than other alternatives.
They apply only to Swiss citizens.
Proton used to have a deal with the Israeli company
Radware
, for DDoS protection. They have written a few disclaimers about how Radware only handled incoming traffic still with two encryption layers intact (SSL & OpenPGPjs), as if that was some sort of real protection if a company has access to raw incoming traffic.Honestly, a company aimed at privacy, boasting of Swiss privacy, should know better than to route anything through Israeli companies.
No.
Their email service is bad. Why do I need a proton software to use thunderbird ? Why don’t you use open standards for email ?
Proton emails are stored in an encrypted form that goes beyond the simple authentication that is part of the POP/IMAP specifications
Proton does have open-source bridges/proxies, so they aren’t hiding these details from us
Perhaps Thunderbird could be enhanced to support the Proton features directly?
The issue I talked about was not privacy-wise. It just suck to have to use a package that is not in debian repository just to receive commercial emails. Updates are a pain. And it is the kind of software that people should keep up-to-date.
Ok, let’s talk about privacy. Email will never be secure because it was not designed to be and there are too many issues.
The subject line and other metadata are not encrypted. (from protonmail website). Most of the people use email to register to accounts and for commercial communications, where all valuables informations are in the object of the email.
There are more private way to communicate with people (like xmpp or matrix for example)
We kill people based on metadata. Well metadata encryption are pretty important.
So giving up convenience for 0 security sucks.
It would be great if there were an add-on for it. If someone knows how to develop it, please do it, it would improve UX a lot.
But it does not solve the issue completely. On mobile, the issue is still there (I know they have an app but I would prefer to have all my email at the same place). Also, if I want to use nextcloud mail, you have to developp an addon for nextcloud now.
Edit: changed the link for the alternative piped link suggested.
Here is an alternative Piped link(s):
We kill people based on metadata
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
For starters, such a question is coming at it from the wrong perspective. One should have trust in the software – if such sowtware is, indeed, trustworthy – and not in the entity that created it. If one seeks privacy, then they should be of the mindset that every entity is malevolent.
Lol no. Are you going to audit all the code you use ? You need to trust some organizations to make the audit. You NEED to trust some entities
While lacking in practicalicy, this is not a new idea. While It is certainly not impossible to have an entity that one can completely trust, I would just argue that such certainty is improbable.
What I’m trying to get at is that one shouldn’t approach this question from an appeal to authority – i.e. Proton is trustworthy, therefore all of their services must be privacy friendly, and secure. The russian proverb “trust but verify” comes to mind.
No, mainly because they’re pumping out too many services. Also free VPNs just sound really sketchy to me.
I do not trust any company, even if it is “privacy-friendly” or “anonymous”. There is no way to proofe this, sure I could view the code but there might just be a slight possibility that the company is saving and stealing your data.Self-Hostinmg is for me the way to go.
Why is anyone using email anymore? (He said with a straight face)
Personally, email exists solely for merchant receipts, and IRS collection notices. I don’t use email with any family or friends. Matrix, signal, session, most any messenger but I prefer e2e.
Maybe I’m internetting wrong.
Just because you don’t? I use e-mail as my main way of messaging people I know and like.
You must not have a white collar job. The corporate world lives for email.
My friend doesnt have a smartphone, so we comnunicate via email ^^
I agree with you. Email is flawed and not appropriate for modern communication.
If you want the messages to be written in letter-like format, then you can write them that way. No need to make it chatty if you don’t want to communicate that way.
Email shares far too much metadata and should be used just for account-updates, account-control (password reset, MFA, and so on), etc.
Otherwise I just push everyone to Signal, since it’s normie-friendly and already using quantum-safe encryption.
–
To the OP’s question: yes, I trust Proton. They can’t access my data if they wanted to. They’re a lot better than competing companies.
Check out some of the steps they’ve been taking to improve OpenPGP and go down to “Upcoming improvements” to see their future plans: https://proton.me/blog/openpgp-crypto-refresh
And, remember, they are more than just an email company: https://proton.me/blog
https://piped.video/watch?v=iH626CXyNtE
Numbers 2 and 3 act like these are things that you can easily just stop
I don’t completely trust any “privacy-focused” company, but I trust proton a lot more than most others.
I would think if someone’s up to some actual shady shit that they don’t want to draw the attention of any authorities, they’d be better off using a combination of several of the most popular web mail accounts, like Gmail, and manually encrypting the message before pasting it in or something I dunno, just bc it seems like surveillance systems become less effective with more collection volume, and Gmail has a lot of users
Or, better yet, one should simply not use email for secure communications.
I stopped using them because their Android app is absolute dog shit. But I would trust them more than Google.
Ill get straight to the question: what should i use? I use proton currently but they are pretty sus.
Are you referring to email?
I thought it was obvious from the context but ues
In that case, the email provider that you use makes little difference at all. Because of the way that email works, it will always be visible in plain text (unless manually encrypted through PGP) by a third party other than the recipient at some point. There is of course the exception of, for example, direct communication happening between two Proton Mail accounts, but this is really hardly worth mentioning in any practical sense.
The long and short of it is that email should never be used for secure communications.
Fastmail looks nice in terms of features/cost - it is also owned by the people who run it, which is a big green flag.
But I am in the same boat, looking for a new service, haven’t made a switch yet
The ownership of a service, ideally, should make no difference to that service’s trustworthiness.
That makes absolutely no sense - at the very least, this is unimplementable for an email provider.
I am trusting someone for my data. Ownership belonging to the people running it, who just want to make a living, has the meaning that our interests are better aligned than a multinational ad agency or a nation state whose subject I not even am. That relationship is more healthy, the contract is clearer and more balanced.
If one ignores the collection of metadata, then this is the very purpose of PGP.
The point that I am trying to make is that one should never have to trust someone with their data – if all data is encrypted, for example, from a privacy perspective, it really doesn’t matter where it is stored. Of course, metadata can still be gathered, but that is, in my opinion, a lesser issue, and the user has some, if not complete control over it.
I should also say that it depends on what you mean by “trust”. My response, and original comment are under the assumption that “trust” is referring only to privacy.
After the WhatsApp scandals, my trust in encryption is limited. I’m not a mathematician (which is a goddamn shame), and if there is a backdoor in the mathematics themselves, I wouldn’t be able to catch it even if I read the source code. And there is always the possibility of decryption by quantum computers…
So where we store our data is very important, even if it is decrypted. Encryption is just a secondary defense, the primary is limiting the accessibility to the data itself. And where you store the data, and to whom you allow access, determines the accessibility
Skiff looks cool
Tutanota is nice and a bit cheaper too. A bit limited in features compared to proton but I still like it.