In a selfish way… I’d like for the UK to do this and for it to go horribly horribly wrong for them. Maybe that would finally get the US reps to get their heads out of their butts so l don’t have to keep signing petitions and writing essays about why weakening encryption is a horrible idea.

I’m curious - does this kind of report make people less likely to go with an AMD cpu?

For me, nah. This is well within the vein of “normal” problems for a CPU these days (neither AMD nor Intel seem to be able to avoid this sort of thing 100%)… and this particular issue seems to be fixed in hardware already for their Zen 3 chips (Nov 2020-Sept 2022) and Zen 4 chips (Sept 2022 - Present).

Yeah, it would be nice if they let people buy storage at a reasonable rate.

I’m using one for myself and one for my grandpa (who gets tons of landline spam calls).

I haven’t noticed a lot that’s different for either of us. I think the real reason to use one of these sites is if you want your contact information to be a bit harder to find.

Just an FYI, looks like you double commented

No, you can set up PGP encryption to send PGP encrypted mail to non-proton customers via Proton. They’ve also been trying to work on standards that would make retrieving public keys/knowing the recipient accepts PGP automatic.

You’re blatantly misinformed, and it’s irritating.

Edit: I’ve blocked this person following their reply, but to their last point, “via Proton” literally means you use their service as a standard PGP mail client no strings attached, that can interact with any other PGP, and with no vendor lockin. That is literally the definition of using an open standard. There’s no insidious plot here.

Jesus, they literally use GPG and integrate with 3rd party GPG. How did you make that leap?

https://github.com/ProtonMail/proton-bridge/issues/320#issuecomment-1350901372

That mentality is part of the problem. More options is not inherently better, it’s more to maintain, more complexity, more feature requests in that direction (“well can I store a PGP key in the browser that isn’t uploaded to your servers so I can read my non-synced PGP mail”, “can I write mail using that”, “oh I changed my mind, can I convert mail to your PGP key from my PGP key”, “oh I changed my mind again, I’d actually like all my emails changed to my PGP key”, “oh could you sync my PGP key for me”, etc).

It happens all the time, bending over backwards as a company for niche customers that want to use your toaster as a waffle iron rarely works out well.

Put another way…

You went to a custom shoe maker and said “make me a custom shoe” then you went back to them and said “I wanted to do it myself! Why won’t you let me change out the insoles in these shoes!”

No… It’s generated on your end, and even if it wasn’t you can replace the private key with your own.

Proton offers a service where they hide all your messages for you, but in a way they can’t even see. This person is complaining that they can’t hide their messages from proton in a different way that they’re likely to screw up.

You are literally trusting them to encrypt all your mail.

If you don’t trust their encryption, respectfully, don’t use them. It’s faux logic to “need” a secondary key that isn’t cloud synced in an end to end encrypted mail vault.

This is an unnecessary product complication, and I agree with proton that you’re more than likely to get it wrong and your “more secure” key will be used in a less secure manor.

It’s the same reason most people shouldn’t self host things like Bitwarden. Doing it yourself is not a security feature anymore than wiring your own home is protecting it.

This is dumb. Proton encrypts your private keys with your password.

Just upload the key to your encrypted proton account like you’re supposed to, and let them take care of the signing/encryption/etc.

That’s not true at all, you just upload your key into the encrypted account storage, and it gets automatically applied.

Fair enough; I admittedly mischaracterized you and perhaps responded with a bit too “harsh” of a tone initially. I apologize.

Others have already touched on the jurisdiction issue.

I’m also going to note, in the last 10 years a lot has changed. E2EE has gone from something that’s fringe, to something integrated integrated into lots of products. Signal, Proton, and others launched in the wake of the Snowden revelations. Lavamail was Snowden’s email provider.

It’s kind of like being the “hipster nerd” playing D&D before D&D was popular vs playing D&D post popularity… It’s pretty obvious to most people in 2023 that D&D isn’t for demon worshiper, as it’s pretty obvious in 2023 that E2EE isn’t just for criminals. In other words, the value proposition of ProtonMail isn’t as “sinister.”

I personally suspect the US Govt (in terms of federal agencies) is adapting to the presence of encryption vs trying to kill or weaken it at every turn (similar to how Microsoft stopped trying to stomp out open source code). 9-11 was a very very very bad thing (and arguably why the US is one of the worst countries to host a privacy service). However, the “big one” when it comes to cyber attacks could be even worse (and I’m pretty sure there are people at NSA that understand how E2EE plays a role in securing the nation – they’re not dumb people after all).

Proton is also a larger company than Lavabit (I suspect), and with that comes lawyers, and money to feed them.

So long as ProtonMail isn’t primarily acting to serve organized crime… I suspect “there are bigger fish to fry.”

Have people noticed how much popretary java code ProtonMail requires when using a web browser for email?

You mean JavaScript; particularly, https://github.com/ProtonMail/WebClients.

Also, why the required login on their free VPN service if they are all about privacy and encryption?

Because they need to limit how many instances of the VPN you’re concurrently accessing somehow.

Why do they want someone’s network traffic in order to use their free VPN?

To use a VPN, you by definition are giving someone your network traffic.

Over the past 6 months my suspicion grows bigger and bigger of who is behind Proton, the agenda behind starting the service, and how it caught on? Why don’t free encrypted anti-government services catch on?

I’m not even touching this…

Until ProtonVPN removes login requirement and release VPN server code under open source license like RiseupVPN or CalyxVPN

That would be meaningless. You login to a protonmail account, which you can create anonymously. The server code can also never be verified to be what’s running on the servers.

I will choose to treat Proton like a spy agency.

Go for it.