All Proton Drive apps are now open source | Proton
proton.meProton Drive’s desktop apps are open source, meaning you can review the code of any Proton Drive app for yourself.
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.86K Posts
- 71.9K Comments
- Modlog
I started with their email services many years ago, and today I user their email + free calendar. To be true, they went too much far with all these apps, but as long as it works for them thats fine.
Will they be now on FDroid? I think only one Proton app is there and it’s a little bit sad.
Proton VPN and proton pass
IRRC they even removed all telemetry from pass but not VPN.
They should definitely push drive and calendar there too.
Why the fuck does their VPN have telemetry?
Telemetry is not bad in itself. It can be used for bug/crash reports, or usage statistics, without tracking or personal data collection.
Do you want good products? That happens through telemetry. Simple as that.
I’m curious, any advice on that? How does one do “good” telemetry? I’m the first to complain about Microsoft, Apple, (even worst) Google, Meta and now OpenAI collecting data to sell me stuff… but it’s true that also some data is needed to get some kind of introspection in terms of usage. Developers need to understand what is actually happening with the software they develop.
Now I’m wondering specifically about 2 side :
I’m genuinely glad that the mindset around privacy have changed since the last few years but I’m wondering how, when it’s a genuinely positive good case (to truly make better products), to do it.
Your app has a button on its front page. No one ever presses that button. With good telemetry, you will know this and remove the button. The only thing you need to know is how many times each user opens the app and how many times they tapped that button. Crash reports can include the causes of errors. Without this data the app might have that unused button there forever and crash everytime anyone taps the donate button and you wouldnt know why you arent getting any dontaions.
Telemetry is usually collected on non metered networks. Usually it is opt-out by default, set by the user in the apps settings. Personally, I’d inform the user of this and let them decice on first startup.
It’s a VPN! What did you expected? /hj
It took me going to their GitHub to find out, but it’s GPL 3.
really appreciate you reporting back, thanks for sharing!
What does this mean practically
It means it can’t ever become proprietary closed-source software (not without a major lawsuit).
Any new open source software is always a net positive.
But, there are a few small caveats (depending on how cynical/cautious you are):
They can’t do that actually. They can close the source, yes, but if they do they can’t then release the new closed-source version to the public.
From the GPL FAQ page:
Alternatively:
Does the license prohibit this? Definitely. Could they get away with it? Probably. Though I’m uncertain Proton would go that far. I mean, if they wanted to prevent forks, they wouldn’t have released the source, let alone with the GPL3 license, which requires the right to make modifications (as that’s one of the Four Freedoms).
Technically true, I suppose, though again why they would do that is beyond me. If they didn’t want forks, they likely wouldn’t have allowed forks.
Again, this is all assuming I’m understanding the GPL FAQ page correctly. If I’m wrong, I would welcome someone smarter than me to correct me. :)
IANAL, but AFAIK that’s incorrect. If you’re the only copyright holder, you can issue multiple licenses for your work. GPL doesn’t allow you to rescind previous issues, so anyone in possession of your GPL code can still modify and release it under the GPL freely. But it doesn’t prevent you from issuing your own work under a different license.
There isn’t usually much economic sense for most applications to do that because anyone can fork the project and distribute it for free. For Proton, since they still hold the server as closed source, they could simply introduce a breaking protocol change and all the forks would be useless.
The way I understand it is that they can relicense it and then publish it if they want, but the GPL would still fully apply to the previous versions.
The first question you cited seems to refer to any different organisation/individual making changes to the source code. And the second seems to refer to revoking the GPL for an already released version, which they would of course not be allowed to do.
This would make sense as ownership of the copyright would supersede a license.
“releasing the modified version to the public” would cover them re-closing the source and then subsequently releasing that newly closed source, so they can’t relicense it and then release the built version of the code.
At least not easily, this is where court history would likely need to be visited because the way it’s worded the interpretability of “modified” in this context would need to be examined.
Not a lawyer but in the scenario where proton closed the source but kept offering the build, even if gpl3 still applies since they’re the only copyright holder (no contributions) it’d only give them grounds to sue themselves?
From gnu.org:
I’d expect free software people to not have the funds to sue corporations. Are there any examples of these major lawsuits I can take a look at? I do remember a telecom company in France was fined quite a large sum but that was reported as a rare incident.
Any GPL violations would be reported to the Software Freedom Conservacy, who would go to court on the dev’s behalf.
There was a major lawsuit back in 2022 between the SFC and Vizio, and the SFC won.
deleted by creator
It’s pretty much not reversible and the code is free to use, modify, and distribute forever. And if you do modify it you also must make those changes open source.
Very good news
gpl v3 you can do pretty much anything but you have to put it the same license but it has like drm protections and Anti-Tivoization and also has some patent protections people find this license too strict
Its actually more restrictive, in a good way.
You can’t, for example, fork it, make changes, and sell that derivative software without releasing the source code
yeah but drm is too strict for some people and anti tivozation this is why linux did not do gpl 3.0 or later
Why the but? GPL 3 is the correct license to use for open source projects to ensure they stay open and corps don’t freeload on them.
English isn’t my first language. I share your opinion regarding the license. Which connector would you use instead of “but” to indicate that you succeeded in your efforts even though it was harder you thought it would be?
English is my only language, and yours looks fine to me. I thought it was pretty clear from the first comment that the “but” indicated success despite difficulties, and as you clarified that’s exactly what you meant.
Why not having a L2 maybe a L3? People from the US should feel like they’re missing out in our modern world!
Looks like you’ve got the upvotes backing you. I’ll keep on using as is. Thank you!
Ah gotcha, you could just omit but in this case and the sentence would have the intended meaning.
“and”
If you study non violent communication, folks will say to avoid using “I agree with you, but”. Because as soon as you say " but ", people get defensive and stop listening to you.
Whenever possible, replace “but” with “and” if the sentence still has the same meaning
This was not a case of “I agree with you, but…”, though. “But” is perfectly appropriate here to contrast between the first statement and the second.
@delirious_owl @acockworkorange
“I agree with you BUT you are being an a–hole.”
“I agree with you AND you are being an a–hole.”
Hmm. 🤔
Yeah. It also makes it sound way more impactful and true. Thank you! 😁
AGPL would have been a bit better, especially for the server side
This does not apply to the server. Only the client app is open source. The server is proprietary.
agreed
Very nice, I do hope that helps us finally get a Linux version sometime soon lol
Feels like this would be a bigger win for them than a lot of other companies. The people interested in privacy focused alternative to the Google/Microsoft/Apple offerings probably have a lot of overlap with Linux users.
I believe that rclone already has Proton Drive support.
It does, yeah. Still, having access to the official client too would be nice.
sad its on github but am not complaining much
Unfortunately GitHub is still where 99% of devs are
True :(
i think some big project, something really important, needs to migrate for the masses of devs to move too
You people are never satisfied!
can you educate me a bit about what’s wrong with that?
bcs github is owned by microsoft its not that private nor open source(like git)
wow didn’t even know that. they certainly are hiding it well.
https://sfconservancy.org/GiveUpGitHub/
The workflow is also kind of obtuse.
FD: I prefer GitLab between the two.
tbh gitlab is also closed source unless your using the community edition
It is, which is rather annoying.
I should spend some more time with the FOSS forges, but bare git works for me when I’m self-hosting my own repos.
I want to make the jump from Google apps but I can’t because I use GCal heavily and Proton Calendar doesn’t (yet) sync to GCal. I can enter in something in GCal and it’ll appear in Proton Calendar, but I can’t enter in something in Proton Calendar and it shows up in GCal. Hopefully they add that soon.
If you want to move away from Google apps, why keep using Google Calendar? Maybe someone has a suggestion for a way to work with it if you say what your continued use case for it is and what kind of limitations you are working with.
I have shared calendars with family and friends that I need to keep using.
Ok. The way I’m set up with my partner is to have two calendars, one on Nextcloud (me) and one on Google Calendar (my partner). We subscribe to each others calendars, and I’m also formatting it the same so it appears to be one. However, we cannot edit each others entries, but for our use case that is not needed, we just need to share certain events between us. So while this is not Proton, I believe the same is doable there.
I can see how this is not a very practical with multiple people (but potentially doable, it has been set-and-forget in my case), and if you need the ability to edit each others entries, then it is a non-starter.
Oh gotcha, I see what you’re doing. Samsung Calendar (I use the S24 Ultra) has 2-way syncing with GCal. Everyone else is on iOS and they all have Google accounts so GCal was the easiest way to handle it.
Then your plan is kinda flawed from the start, eh?
Awesome! Cant wait for their wallet thing to become ready and i hope they have support for many types of coins… also i wish theyd make it so that proton drive work with joplin 😑
they can only support one coin legally. for details check out the Opt Out podcasts’s episode about this topic
Can you give a summary of why that is?
I was listening to it a few weeks ago, but vaguely there are auditing companies in the Netherlands that need to verify companies above a certain size whether they are handling their money properly. As I understand it includes tax accounting.
These auditing companies don’t like cryptocurrencies. There are several of these that don’t agree to audit Proton even because they are accepting Bitcoin, but none of the remaining would accept it if they were also accepting a second cryptocurrency.
Now that I think of it, it might have actually been the reason they don’t accept Monero as a payment? In that case, the reason for Proton Wallet being bitcoin only has something to do with another wallet’s developers having been jailed recently for handling multiple cryptocurrencies.
I recommend you to listen to it though, if you understand english speech. There were interesting topics (and Opt Out generally has interesting episodes).
This episode is 54 minutes, audio only. You can find it here: https://www.buzzsprout.com/1790481/15505787-proton-wallet-w-andy-yen.mp3.
Yet i cant use more than one free account on the mobile app?
Oh it’s open source? where are the serverside repositories then
The title specifies that it’s the apps that are open source.
If it is running on the server you have no way of verifying the code or the execution environment.
Theoretically you should now be able to self host proton
TC says otherwise
https://en.m.wikipedia.org/wiki/Trusted_Computing
Literally all TPM’s are proprietary. It’s basically a permanent, unauditable backdoor, that has had numerous issues, like this one (software), or this one (hardware).
We should move away from them, and other proprietary backdoors that deny users control over there own system, rather than towards them, and instead design apps that don’t need to trust the server, like end to end encryption.
Also: if software is APGL then they are legally required to give you the source code, behind the server software. Of course, they could just lie, but the problem of ensuring that a server runs certain software also has a legal solution.
Not all TC is proprietary
https://www.golem.network/
I read through the docs. I’m not sure how this enables trusted computing.
The whole idea is to be able to build a secure, distributed cloud. The whole network depends on secure enclaves.
I cannot find anything related to that in their documentation, their about page, or their whitepaper.
They talk a lot about decentralized computing, but any form of secure enclave or code verification isn’t mentioned.
Compare that to this project, which is similar, but incomplete. However, quilibrium uses it’s own language instead of python or javascript, like golem does. The docs for golem do not explain how I am supposed to verify a remote server is actually running my python/javascript code.
And I call there bluff
Its not a bluff, its cryptography lol
Except you don’t control the hardware. If the execution environment is untrusted everything goes out the window
Thats literally what TC solves
Not really as you still need trust
proton is CIA
How would that work? Proton is swiss and CIA is 'murica?
I mean the “Crypto AG” was a thing. So not that unrealistic.
https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/
But that Proton is CIA is not that realistic imho but not impossible.
Wow, so cool. And Mobile Calendar source code is still unreleased, right?
It would have only taken you two clicks to see if the source code of proton calendar for mobile devices is released or not.
spoiler: Yes the code for iOS and android is on GitHub.Can you give a link, then? Because I can only find a web-ui source code.
GitHub has a “clone” button, if you click on that you can get git links to download the code. The http-URL doesn’t require authentication.
Edit: I misread the comment that it’s about a different app.
Okay? If I can not find an Android Calendar repo, then how can I download the code?
You go here: https://github.com/ProtonMail/android-mail
It is a mail, not a calendar. Proton Calendar is a separate app.
Whoops.
My deepest apologies. I only skimmed it and didn’t realise that what I linked was the mail repository.
So yeah, the calendar has no sources for whatever reason.
More copilot training data.
Yeah I don’t understand why they don’t have a codeberg or similar that they host themselves.
How would that help? If you release something as GPL code, you cannot prevent it from being used to train a model, no matter where it’s hosted.
There’s a difference between handing something to someone and leaving it somewhere they happen to be able to take it from.
Im personally waiting for a massive lawsuit, legally companies cannot train AI on GPL code (at least I don’t believe so)
There’s nothing in GPL that would forbid it. Only distribution without code publication is forbidden.
mhm, and how would the distribution inside an LLM work? Are those code snippets CoPilot et al produce come with dedicated license sections?
And regarding how it would help selfhosting the code: it wouldn’t be on the GITHub servers owned by Microsoft, which owns/operates CoPilot. Its akin to feeding the LLM directly by pushing it to their servers.
If Al warned about that it would be legal, I don’t believe any AI requires GPL
So does it work reliably now?
Did it not before? I’m not seeing any issues
Drive sucks on Android (in my opinion). Severely lacking features.
What features are missing? (Maybe ignorance is bliss)
Atleastforme I’d like to have a directory watcher syncing updated/new files automatically similar to the camera syncing. I’ll look for a custome solution (syncing it first to my raspberry pi and then to proton drive) once I have my new phone.
It’s okay for like the occasional individual file save. I tried a bulk transfer and wound up losing half my iCloud files. Also I frequently get errors when trying to save to there on iOS.
Absolutely no issues on android with bulk transfers, moved around 10gb of files recently and imo worked better than other drives I’ve tested
When was this?
Can’t remember the exact day, but around a week and a half ago
Ok mine was like 4 months ago, so it has probably improved