I’ve been using Proton Mail and VPN for a while now, and I’m just wondering how everyone else feels about them. I have this kind of inherent alight distrust of them just because they seem like they offer a lot for free and kind of have a Big Tech vibe about them, but there’s nothing for me to really substantiate that distrust with, its mostly just a feeling. That being said, I do use their services as mentioned and they work pretty well, even on the free teir. So aside from that one instance where they gave that guy’s info to the feds, is there any reason not to trust them with my data?

more than google

Actually… this is the only internet privacy company that I trust. I just hope that they start to deliver new products and apps faster… especially on Android, so that we can de-Google our lives as much as possible.

deleted by creator

Yeah I would trust them. But I don’t think I would use them because I just find their mail service to have too much friction in a lack of interoperability with clients unless you not only pay money, but also download a whole extra program just to decrypt your email. It’s essentially a walled garden

@java@beehaw.org
banned
link
fedilink
41Y

Let’s say that I trust Swiss laws more than other alternatives.

They apply only to Swiss citizens.

Proton used to have a deal with the Israeli company Radware, for DDoS protection. They have written a few disclaimers about how Radware only handled incoming traffic still with two encryption layers intact (SSL & OpenPGPjs), as if that was some sort of real protection if a company has access to raw incoming traffic.

Honestly, a company aimed at privacy, boasting of Swiss privacy, should know better than to route anything through Israeli companies.

No.

Their email service is bad. Why do I need a proton software to use thunderbird ? Why don’t you use open standards for email ?

Proton emails are stored in an encrypted form that goes beyond the simple authentication that is part of the POP/IMAP specifications

Proton does have open-source bridges/proxies, so they aren’t hiding these details from us

Perhaps Thunderbird could be enhanced to support the Proton features directly?

@hanabatake@lemmy.ml
link
fedilink
2
edit-2
1Y

Proton does have open-source bridges/proxies, so they aren’t hiding these details from us

The issue I talked about was not privacy-wise. It just suck to have to use a package that is not in debian repository just to receive commercial emails. Updates are a pain. And it is the kind of software that people should keep up-to-date.

Proton emails are stored in an encrypted form that goes beyond the simple authentication that is part of the POP/IMAP specifications

Ok, let’s talk about privacy. Email will never be secure because it was not designed to be and there are too many issues.

The subject line and other metadata are not encrypted. (from protonmail website). Most of the people use email to register to accounts and for commercial communications, where all valuables informations are in the object of the email.

There are more private way to communicate with people (like xmpp or matrix for example)

We kill people based on metadata. Well metadata encryption are pretty important.

So giving up convenience for 0 security sucks.

Perhaps Thunderbird could be enhanced to support the Proton features directly?

It would be great if there were an add-on for it. If someone knows how to develop it, please do it, it would improve UX a lot.

But it does not solve the issue completely. On mobile, the issue is still there (I know they have an app but I would prefer to have all my email at the same place). Also, if I want to use nextcloud mail, you have to developp an addon for nextcloud now.

Edit: changed the link for the alternative piped link suggested.

@PipedLinkBot@feddit.rocks
bot account
link
fedilink
31Y

Here is an alternative Piped link(s):

We kill people based on metadata

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I’m open-source; check me out at GitHub.

Do you trust Proton?

For starters, such a question is coming at it from the wrong perspective. One should have trust in the software – if such sowtware is, indeed, trustworthy – and not in the entity that created it. If one seeks privacy, then they should be of the mindset that every entity is malevolent.

Lol no. Are you going to audit all the code you use ? You need to trust some organizations to make the audit. You NEED to trust some entities

Are you going to audit all the code you use ? You need to trust some organizations to make the audit. You NEED to trust some entities

While lacking in practicalicy, this is not a new idea. While It is certainly not impossible to have an entity that one can completely trust, I would just argue that such certainty is improbable.

What I’m trying to get at is that one shouldn’t approach this question from an appeal to authority – i.e. Proton is trustworthy, therefore all of their services must be privacy friendly, and secure. The russian proverb “trust but verify” comes to mind.

No, mainly because they’re pumping out too many services. Also free VPNs just sound really sketchy to me.

I do not trust any company, even if it is “privacy-friendly” or “anonymous”. There is no way to proofe this, sure I could view the code but there might just be a slight possibility that the company is saving and stealing your data.Self-Hostinmg is for me the way to go.

Why is anyone using email anymore? (He said with a straight face)

Personally, email exists solely for merchant receipts, and IRS collection notices. I don’t use email with any family or friends. Matrix, signal, session, most any messenger but I prefer e2e.

Maybe I’m internetting wrong.

Just because you don’t? I use e-mail as my main way of messaging people I know and like.

You must not have a white collar job. The corporate world lives for email.

My friend doesnt have a smartphone, so we comnunicate via email ^^

I agree with you. Email is flawed and not appropriate for modern communication.

If you want the messages to be written in letter-like format, then you can write them that way. No need to make it chatty if you don’t want to communicate that way.

Email shares far too much metadata and should be used just for account-updates, account-control (password reset, MFA, and so on), etc.

Otherwise I just push everyone to Signal, since it’s normie-friendly and already using quantum-safe encryption.

To the OP’s question: yes, I trust Proton. They can’t access my data if they wanted to. They’re a lot better than competing companies.

Check out some of the steps they’ve been taking to improve OpenPGP and go down to “Upcoming improvements” to see their future plans: https://proton.me/blog/openpgp-crypto-refresh

And, remember, they are more than just an email company: https://proton.me/blog

josep
link
fedilink
41Y

https://piped.video/watch?v=iH626CXyNtE

  1. Dont use webmail, the purpose of a browser is to execute foreign code of unnown sources -> they can serve you any website they would like
  2. dont use Email, it’s all plain text on the servers (unless you insist on using pgp, yet still a lot of metadata is plain text)
  3. dont use centralised communication ie. Signal. You’re creating societal habits that wont be easily changeable if you start to distrust them. Matrix and IRC etc. dont need a phone either

Numbers 2 and 3 act like these are things that you can easily just stop

I don’t completely trust any “privacy-focused” company, but I trust proton a lot more than most others.

I would think if someone’s up to some actual shady shit that they don’t want to draw the attention of any authorities, they’d be better off using a combination of several of the most popular web mail accounts, like Gmail, and manually encrypting the message before pasting it in or something I dunno, just bc it seems like surveillance systems become less effective with more collection volume, and Gmail has a lot of users

@Kalcifer@lemm.ee
link
fedilink
3
edit-2
1Y

Or, better yet, one should simply not use email for secure communications.

I stopped using them because their Android app is absolute dog shit. But I would trust them more than Google.

AItoothbrush
link
fedilink
01Y

Ill get straight to the question: what should i use? I use proton currently but they are pretty sus.

Ill get straight to the question: what should i use?

Are you referring to email?

AItoothbrush
link
fedilink
11Y

I thought it was obvious from the context but ues

In that case, the email provider that you use makes little difference at all. Because of the way that email works, it will always be visible in plain text (unless manually encrypted through PGP) by a third party other than the recipient at some point. There is of course the exception of, for example, direct communication happening between two Proton Mail accounts, but this is really hardly worth mentioning in any practical sense.

The long and short of it is that email should never be used for secure communications.

Fastmail looks nice in terms of features/cost - it is also owned by the people who run it, which is a big green flag.

But I am in the same boat, looking for a new service, haven’t made a switch yet

@Kalcifer@lemm.ee
link
fedilink
1
edit-2
1Y

it is also owned by the people who run it

The ownership of a service, ideally, should make no difference to that service’s trustworthiness.

That makes absolutely no sense - at the very least, this is unimplementable for an email provider.

I am trusting someone for my data. Ownership belonging to the people running it, who just want to make a living, has the meaning that our interests are better aligned than a multinational ad agency or a nation state whose subject I not even am. That relationship is more healthy, the contract is clearer and more balanced.

at the very least, this is unimplementable for an email provider.

If one ignores the collection of metadata, then this is the very purpose of PGP.

I am trusting someone for my data

The point that I am trying to make is that one should never have to trust someone with their data – if all data is encrypted, for example, from a privacy perspective, it really doesn’t matter where it is stored. Of course, metadata can still be gathered, but that is, in my opinion, a lesser issue, and the user has some, if not complete control over it.

I should also say that it depends on what you mean by “trust”. My response, and original comment are under the assumption that “trust” is referring only to privacy.

@oij2@lemmy.world
link
fedilink
1
edit-2
1Y

After the WhatsApp scandals, my trust in encryption is limited. I’m not a mathematician (which is a goddamn shame), and if there is a backdoor in the mathematics themselves, I wouldn’t be able to catch it even if I read the source code. And there is always the possibility of decryption by quantum computers…

So where we store our data is very important, even if it is decrypted. Encryption is just a secondary defense, the primary is limiting the accessibility to the data itself. And where you store the data, and to whom you allow access, determines the accessibility

Skiff looks cool

Tutanota is nice and a bit cheaper too. A bit limited in features compared to proton but I still like it.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.13K Posts
  • 78.3K Comments
  • Modlog