For context, in my password manager I had tried formatting some of my entrees so that it would contain the usual username and password, but instead of creating whole new entrees for the security questions for the same account, I just added additional fields in the same entree in order to keep things a little more tidy.
I was not expecting that doing so would result in later being shaken down by Proton to pay even more money just to access the same few bytes of fucking text I had trusted them with. This is sleazy as fuck and I am dropping these idiots entirely.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 108 users / day
- 435 users / week
- 1.32K users / month
- 4.54K users / 6 months
- 1 subscriber
- 4.67K Posts
- 118K Comments
- Modlog
Bitwarden offers this feature for free using custom fields, although 2FA is paid unless you self-host IIRC
Vaultwarden is a great self hosted bitwarden clone
I haven’t personally hosted it myself but I’ve heard it’s pretty good, also worth vouching for KeePass based on my time with it
Because a bunch of dementia patients started leaving 1 star review as they kept on forgetting their passwords
Have you considered upgrading to Proton Lux™?
Can you still access the info by hitting edit? It was possible last time I checked. Even so, yeah, I’m thinking a transition to bitwarden is not a bad idea.
According to other comments in this thread, Bitwarden does similar crap. I went back to Keepass.
As for the data, luckily it was for an account I don’t need or use anymore, so I just deleted everything and moved on.
Pretty sure the warning signs were apparent when the CEO submitted to Trump. it just his “personal beliefs” and not representative of the company. Right.
The CEO was lobbying for online privacy by publicly shaming the Democrats. He was doing his job.
Why is it that just doing their job excuse or just following orders tends to be associated with questionable actions as opposed to positive ones? It’s starting to seem like a red flag if those two phrases get used for an action.
He made a mean tweet about the Democrats, it’s not like he loaded bullets into ICE guns.
Wait the Democrats respond to public shaming? At this point I thought they got off on it. He was doing his job but, he was kissing fascist ass just like Google, Microsoft, and Apple have not lobbying for privacy.
Yeah, I tried to be charitable and assume they were just ignorant of how bad Trump is. I should have known better.
??? I use Proton mail and I never saw something like this. Account with nick, other mail, password and go.
It’s in Proton Pass. When you create an account entree, there is an option to create additional fields that you can name and fill out, kind of like multiple notes in one file. Somehow I was able to create those fields on my account just fine, but then to be given access to that data it turned out that I had to upgrade my account. In other words they duped me into entering data at no extra cost, but then charged me to access that same data later on.
That’s scummy as fuck.
I guarantee they do that on purpose just like all other scams that make you invest your time before telling you you need to pay.
I don’t use it. Mail is fine, I don’t need other than this. For all other apps, there are tons of FOSS alternatives out there.
Bitwarden FTW
Bitwarden ! Host it yourself.
Vaultwarden 😎
I know someone that signed up for an account with them, they froze it immediately for suspicious activity. He does nothing with that IP address, reads, social media, that’s it. No way to get off the shit list without giving up personal information like a phone number and or alternate email and no guarentee that would fix it.
Their IP was on a blacklist from some shady company for some strange reason. But other companies let you write the company and plead your case, proton does not.
They further suspended a bunch of accounts based on some half baked unproven accusations by the government(s) if I recall.
They aren’t trustworthy, they will give you up at the first sign of friction it appears.
That happened to me. I wasn’t even on a VPN when I created my first and only Proton account, and within minutes they restricted it so I couldn’t send any mail. They said I would have to upgrade to a paid account if I wanted to send mail.
I would never trust Proton after that. I’m just glad they immediately restricted my account instead of waiting until I’d switched everything over.
Check your ip against the lists of blacklists, there are sites that do it directly from the search page, there are a few dozen blacklists supposedly for spam and the like.
I suspect israel critics get dropped on them. A brazillian firm did the one we found.
OMG I thought I was the only child of Mr and Mrs Upgrade, of Upgrade street, Upgrade! Maybe we’re related?
Download BitWarden and be done with it.
Keepass is tried and true, I’m going back to Keepass.
Welcome back 👍
If you can, just self-host vault warden (compatible with bit warden and supported). Gets your data out of the cloud entirely.
I’m with you, but the hosted subscription is miles more secure than I can make my installation, and at $10 per year probably cheaper than the electricity to self host. Plus it supports the devs.
But I do make regular backups in case I need to migrate.
Your first point is debatable. You still have to trust them to be that secure, and you can’t verify that. If they are ever breached, it’s literally the worst case scenario. You can self-host their solution, but only in the enterprise tier (6$ per user per month). Also BitWarden is a target woth attacking, I am not. BitWarden hosts thousands of instances worthy of being attacked individually. A personal VaultWarden instance of “Mike and Molly Peterson” isn’t exactly an attractive target. I do think they are pretty secure, but a single mistake with these stakes can have immense consequences. LastPass was also breached repeatedly, with a similar buiseness model.
The second point about electricity wouldn’t be true in my particular case, as the server for self-hosting it is running anyway. Running VaultWarden or not doesn’t change the power usage noticably. Obviously this is different for someone who doesn’t just have a server at home running anyway.
Side note: I’m not actually running a personal VaultWarden instance, as my personal requirements are being met just fine with KeePass files. We do run an instance at work, but it isn’t world-accessible (internal access only).
I think their prices have increased, but it’s still a good deal
https://bitwarden.com/pricing/
Whats the price for though? Im cancelling my plan as all I ever used was OTP codes. The rest is free.
Apparently the price increase happened yesterday; I hadn’t heard anything about it until just now. Gave me the push I needed to switch to self-hosted vaultwarden in like 15 minutes. Very pleased with how simple the docker compose and export->import were. I’ll note that I’m running it privately on my local network, which I’m assuming should work fine as my devices enter that network semi-frequently and should keep everything synced up(?).
If you want a nice way to elevate the usability of your setup use Tailscale (or self-host Headscale) and run your devices on a VPN.
My devices are never not on my “LAN”, they maintain a VPN connection and access my local services as if they’re wired in. Remote pihole, multimedia streaming, password management etc are all covered by this one solution without needing to deal with reverse proxies and certificates.
Yeah, it’ll work fine. It syncs occasionally but you can also force a sync. Just make sure you backup somewhere (with an encrypted backup you can do it anywhere, even Google drive without privacy issues) incase of fire or wtv. If you’d like online access you could also setup wireguard with a route to it.
Giving money to yanks though
KeepassXC and syncthing, free and easy
1password if you want to give money to Canucks.
1password is decent nowadays I think, but for a long time it was apple-only nonsense, it’s proprietary and the web interface/app interface used to be confusingly different from one another.
Why are you suggesting self hosting vaultwarden instead of self hosting bitwarden?
Self hosting BitWarden still means it’s accessbile for them and/or from them.
You also have no way to audit their security from what I understand. VaultWarden is FOSS, if you want to, you can go check. And it does get checked by people with the competence to check this do every now and then.[Edit: I forgot that BitWarden is actually souce-available as well, while not being FOSS that’s still better than most solutions]. I just prefer full FOSS whenever possible. I prefer it not be a black bos I just happen to run on my own server.If you self host VaultWarden, the instance can just be not accessible from the internet, and only from behing a VPN. Obviously this is inherently much safer. If that’s possible with the self-host option I don’t know, but even just for licensing the local instance will have to be able to reach their servers (possibly be reachable from their servers, too). I did see they got an “offline deployment” option for air-gapped servers, but haven’t looked into what limitations that entails.
Additionally, you’re still within their licensing model. So for certain features you need to have a not-free account (like even just more than 2 people).
And like others said, VaultWarden is much lighter on resources in general and you aren’t limited in what you can and can’t do (users, collecitons, auth-options, …).
Bitwarden disables some features if you self host, even if you pay the $15/year.
It’s much lighter on the resources while having the exact same functionality.
You can even self host it… And easily export your data from their hosted solution to your own.
Bitwarden doesn’t do any of the stuff that makes proton pass extremely usable. You can’t easily manage logins and create them on the fly with custom emails. That is by far the most valuable feature of proton pass IMO, the seamless integration with simplelogin is just so damn convenient.
Bitwarden has an integration with simplelogin too. Enter an api key and it can generate random aliases on the fly.
Where? I can’t seem to find that option anywhere in my bitwarden app
Edit: NVM found it, it’s just hidden by several clicks before it’s an option.
You can do that in bitwarden
KeepassXC + Syncthing has worked fine for me for a few years. Sure, it’s a bit of a hassle and not exactly perfect, but nothing is. I have control over my data and I don’t have to pay anyone anything, that’s enough for me.
Also, tasty entrees 🤤
This is the route I’m taking. Keepass has always been tried and true. I switched from Keepass to Proton Pass for a while, and in more ways than this one complaint it has been very much a downgrade.
Proton does not know how to make quality software.
If you don’t host your own data, you don’t own it.
🫡
Hassle? What hassle? Adding a new device to the syncthing swarm and adding the folder where your database is stored?
I also have been using KeepassXC and syncthing for years. Best thing I have ever done!
I use a VPN and even if I allow local wifi sharing it messes with syncthing’s connections. It’s not a perfect system.
I tried protonmail not for the privacy purpose but just to have a normal web email client.
After wasting an hour before finding out you can’t disable the “sent from protonmail” footer without manually deleting it in each draft you make, I said screw it and deployed my own email server with stalwart lol.
It’s receive only because outgoing SMTP is a pain to make reliable these days and my ISP blocks outgoing SMTP anyway, but for everything else I now use Thunderbird.
What do you mean? It’s a slider setting you can turn on or off individually for each address (if you want to keep it one one but not others). It’s under identity and addresses.
IIRC free users don’t have that option.
Ah, that makes sense. Always blows my mind when people complain about free tier limitations, especially from companies that don’t make money from selling your data.
Yeah I wanted to complain about it, but when the service is free I don’t have any right to. I will say that I upgraded to paid and still ran into a limitation. On Gmail, I use the Snooze and Schedule Send options a lot. In Gmail I have scheduled financial reminders for literally years in the future. Proton only lets you schedule 90 days into the future, that’s it. I gotta wonder about the logic of that. At the very least, let me schedule messages until the end of my subscription.
Yeah I’m on free tier(evaluating proton as a whole) and I don’t see this option in my mobile app. I’ll have to look at the web to see if it’s there…but I doubt it
*Edit, checked the web client. Found the option, but it’s a mail plus feature, so I can’t disable it as a free user.
I’m not sure what all the limitations are for the free tier. I’m on the Unlimited plan, if you’re wondering if an option is available on the paid plans feel free to ask me and I’ll check for you.
It might have changed but there is a setting for it now.
Pretty annoying that I’m just learning setting no signature did nothing since they added a second signature option for when sending from mobile and enabled it by default.
I have always hated this, the signature settings need to be unified. Why would I ever want a different signature to alert people that I am on my phome. Gmail allows ios to match their web signature but not android.
Sent from my fucking phone.
Dude, jfc calm down. You pay a little money to get premium services, instead of them monetizing user data. This is the way the world works with paid software, except they’re not making money on your data and you, just you.
Maybe some context in what exactly you pay for would help too. I’m assuming you pay for a base tier of mail, bc I use their password manager too but pay for the full suite, and don’t have this issue.
Maybe also a chat with support might find this to be an unexpected bug, but instead you’re coming to Lemmy to the echo chamber of hate on proton which won’t help.
Useful idiot detected.
Vaultwarden is free. Bitwarden is free. Bitwarden Premium is 10€/year.
For what it offers, Proton is pretty expensive. They are also making inter-operation with other services difficult or impossible.
There’s much worse, but they aren’t that great either.
Ok, thank you. A sensible response.
I think their appeal and approach is to target newbies to the whole privacy thing. They can replace much of the “Gooplesoft” ecosystems (just made that up that word lol) with their own version, offer support for those who’re learning/trucks migrating, etc. Maybe they overheard someone talk about it, are curious, or don’t know all the terminology in the FOSS community, or get overwhelmed easily.
I will forever plug Proton (unless they change) to friends and family as it’s a “big name” doing big tech, better… then they have proton support to rely on, not me lol.
I won’t say your wrong, but IMHO it’s unacceptable for a password manager to not warn you that information you give will be inaccessible without paying more money. Imagine if someone gave you 30 free entries before requiring a subscription, but let you add any number of accounts. Unless you want to reset all those passwords, your forced to pay them.
It sounds like this is the free service charging to access data you already gave them with the expectation it would always be available later. And which might not exist elsewhere.
That’s not fremium, that’s ransomware.
Yes, that’s exactly how it worked, and it is ransomware.
Lol at you both! First, I think you need help with your dictionaries because you’re using the complete wing terminology… That or you’re super dramatic calling it ransomware LMAO. You’re probably also those types who jump to comment at anything CG just to post AI slop… Like how back in the day it was cool to post “first” on something.
There are free tiers and paid tiers, and sounds like OP was trying to work around those free tiers to get a few extra benefits. If not, and genuinely trying to use a certain way, why not contact support to try and get access to that data even temporarily, or go to community forum to see if it’s by design? Why not look for a proper resolution vs just complaining about it?
BTW I can completely understand the frustrations, but you gotta also understand not every single company or dev is going to use the same exact method, designs, goals, etc. Proton, starting from scientists not business entrepreneurs. They decided to build a suite of apps as alternatives to the popular big brother versions, the paid tiers help support the free ones so everyone could have access. The money also helps fund staff support, devs, qa, etc. Just saying. There’s a lot more polish on those apps than pretty much any actually free and private so out there. And having the support there to answer questions vs rely solely on wordy documentation or community forums is now speaking to the average Joe.
Wow, you are really full of shit. Stop wasting my time.
It is a shakedown to accept your data for free then charge you to access it later.
What the fuck else would you call that?
It kind of sounds like OP tried to circumvent limitations in the free tier by formatting the available field in a certain way, but this then got caught by proton and then stored “correctly”, which is in a way that requires the paid tier.
Uh no. First off, I’m not on the free tier. I’m not on the most expensive tier, but I do pay for my account $4.99 monthly. Second, I used the built in features exactly as intended. Every login entree in Proton Pass has the option to add additional fields that you can name. That’s what I did, every security question being the name, and every answer being the data filled in. There was nothing to circumvent, because at least according to their pricing plans, even the free tier claims to allow unlimited logins.
It is literally ransomware. They allowed me to enter data in their program as intended, and then held that data ransom in order to pressure me into upgrading into a higher tier.
Their data should have been grandfathered in rather than locked out. Premium is a ransom with the lock out model
You call it an echo chamber, others call it having some standards on how much your software should be taking advantage of you instead of the other way around.
You have to admit, there are plenty of people either on Reddit (especially) or Lemmy, that seem to crack on/bash on certain companies or views on topics as a heard mentality. I’m guilty of it in the past bc I wanted to trust the heard, but after doing my own research have found whatever it was to not be so bad.
I’ve not been here long, but man, the amount of hate I’ve seen towards proton so far is crazy.
Yeah and all of that hate is deserved, because their products suck, and so do the people who run the company.
Hahaha, please, do share why their products suck, especially the people running it! I’d love to hear something fresh other than claiming the CEO is some trumpster because of some ruin fill interpretation of a god damn tweet… Petty
You sound like the kind of person who, in the 90s, would have defended Microsoft against GNU and Linux and the FOSS movement as a whole, “This is the way the world works.” No. I was using Keepass prior to Proton Pass. Proton proved to be a downgrade in every way. As a company they are in the same bracket as Ubuntu - trojan horse style grifters who wave juuust enough open-source around to lull users into dependency on a service that overall does not support user freedoms. They are grifters. It’s the same playbook as Google.
Software needs to be free on every level. It’s fine to sell free software, but if any part of it is proprietary, it’s as the FSF says - it’s a tool of unjust power over you.
And I don’t need that. Better alternatives already exist. Proton was straight up a downgrade.
So then, like many people, make the switch without being so vocally negative? Or post a comparison on how KeePass vs Proton- KP wins, etc.
Even more, Proton and other companies like them are a good popular gateway to introduce “the masses” to privacy and what it feels like to reclaim their personal lives. It also gives them a “big” name they can put some faith into that the apps will work/won’t crash, and aren’t invasive. So much other marketing and money is spent telling everyone the little guys are the hackers and data thieves, etc. So don’t trust them. So, the mentality is hard to shake.
I sound like the kind of person who understands how business models work (to an extent). Not every single person is going to setup full homelab environments to run all these locally hosted services, or spend a while researching and testing various FOSS applications to try and get "the very best"one. You sound like the kind of person who has a very stern opinion and gets upset when others don’t agree or your shouting doesn’t get them to understand why an alternative is better.
I work with a lot of users who don’t understand the basics of privacy or how data is sucked up at every corner of the Internet. I slowly plant the seeds to show them big names aren’t always better. Little by little they’re finding these things (popular little guys) on their own, and in that discovery keeps their interests piqued vs being told what to do.
Answer for all
“yourmom”
What are you paying for currently?
I had to look into it, because their pricing plans seem to have changed now. Evidently I have something called Proton Plus, $4.99 per month. It looks like that plans benefits do not extend to additional Proton Pass features.
I’m going to be transferring accounts away from Proton and then closing my accounts entirely. Already moved all my passwords back to Keepass. My main email address has been on posteo(.de), which has been great. Super reliable service from a company who appears to actually get the ethos of FOSS. I only pay, I think $12 per year for their service.
Yeah I thought so. If ya don’t pay for it, ya don’t get to complain about it, bud.
I’m sorry, but what? Number one, we’re talking about text. Bytes of data, which costs next to nothing to store. If you think that it is in any way fair for a company to allow a person to enter information into an account, and then unexpectedly charge them to access that same data, you are insane. If you paid for a storage rental, moved your belongings into it, and then found that the company changed the lock and decided you had to pay more to get your stuff - would you continue renting that storage?
Go back to reddit, corposhill.