A few little things rather than one or two big things - email advertised as private but they won’t let you use anonymous addresses (like anonaddy or duck.com) for recovery addresses, an ever growing portfolio of products that seem unfinished or incomplete or lacking in standard features like they’re trying to corner the whole privacy market rather than making one or two products but making them really good, poor customer service and support as a continual theme throughout their existence.

To be clear, I’m not suggesting they’re doing anything dodgy, I just feel that I don’t really trust them. They just make really odd choices and it all feels like a haphazard rush.

You would think that someone at Proton would’ve had the foresight to realise the reputational damage this (along with the LLM announcement) would do to the company.

Without wanting to sound smart after the fact, I’ve been suspicious about Proton for years. I briefly had an email account with them but I could never quite shake the feeling there is something off about the whole company. This move just confirms to me I was correct to be suspicious.

It is worth noting though, that Proton doesn’t allow you to use certain domains for recovery addresses. Admittedly this was awhile ago and maybe things have changed there but when I first joined Proton they wouldn’t allow me to set a duck.com or simplelogin.com or addy.io address as a recovery email.

Obviously using an apple ID is stupid but Proton could make more of an effort too.

That’s true, there’s always going to have to be some trust, but a provider that takes the time and expense to invest in a privacy audit or defend their clients by not logging and establishing that in court certainly indicates they’re worth having that trust in.

Do ISP’s monitor or sell or pass on your data? Yes.

Do VPN’s? Depends on the VPN. Find one that doesn’t and can back that up with 3rd party audits and legal encounters.

So can a good VPN protect your privacy? No, not by themselves. A VPN is part of an overall toolkit to be as private as you personally would like to be. It can help protect your privacy, that’s all.

It’s really that simple.

That’s an excellent point that I don’t see mentioned very often. Quite aside from the fact that Threads has popular scumbags like Libsoftiktok on it, they have 100 million users.

The existing fediverse is already struggling to moderate effectively. Various communities on Mastodon have already been exposed to vitriolic trolling and tools like fediblock are struggling to deal with it. Over here on the threadiverse, there have been numerous spam and CSAM attacks which, again, the existing tools are struggling to deal with.

If even just 1% of the Threads userbase are bad actors, that’s still one million bad actors all at once. Just the weight of numbers alone is going to swamp most instances.

Sure, but even the most ‘normie’ of my friends have heard of FFox. I think it’s fair to say it’s pretty mainstream even if its not widely adopted. You’re right that they do claim to be privacy respecting and I think they are when compared to the immediate competition. It’s a matter of degree. Are they more private than Chrome? Yes. And that’s a step in the right direction whilst at the same time people like you and I know they could do a lot more.

I don’t disagree with you that Mozilla are not exactly on the ball, all I’m saying is that Brave comparing their privacy hardened fork of Chrome with a non privacy hardened mainline browser is, at best, disingenuous.

Right, but what I said was that those of us who care about privacy know is that FFox is a starting point, not an end point. FFox is a more private browser than Chrome. But Brave is a privacy hardened fork of Chrome, therefore a more valid comparison is between Brave and a privacy hardened fork of FFox.

I think those of us who care enough about privacy issues to even be aware that Brave exists are well aware that out of the box FFox is a starting point, not an end point. FFox vs Chrome is a valid basis for comparison in a way that this simply isn’t. Comparing Brave with LibreWolf or Mullvad is a more valid comparison.

US to UK English and vice-versa.

Nope, no issues :) Debian is (as you know) pretty rock solid and Mint is too. It’s pretty much like having a system as reliable as Ubuntu but with none of the Canonical bullshit.

Depends on what level of privacy you want. I’m using Linux Mint Debian Edition with GNOME installed on it and it hits the sweet spot between privacy respecting and Mint’s ease of use.

I think the thing with open source (re: your free labour point) is that it’s entirely voluntary free labour - I know that wasn’t the thrust of your point but there are pros and cons to it. The lead dev could one day say ‘fuck it’ and walk away, but for a project of any size/popularity there’s a lot of people ready and willing to fork it or ask for ownership to be transferred. It’s not very often a very popular bit of code is totally abandoned.

Open source, to me, offers a sort of peer review system. Most people developing open source stuff already care about code quality and privacy, contributors also do and the myriad of people using it have a core set of people who also do. That’s a lot of eyes. There’s also tools to diff code so its pretty easy to spot changes. And I do do that.

But I take your wider point - it all eventually comes down to trust. But that’s true of legal requirements too. And also organisation behaviour. Brave for example have been caught at least 3 times doing very dodgy stuff and yet as far as I can tell they continue to grow. I don’t necessarily accept that one instance of law breaking or otherwise poor behaviour is instant death for a company. If it was, G and Meta would be long gone.

All I can do is reiterate that all of us have different things that we choose to place some trust in and we all have different ways of assessing what leads us to trust. But at the end of the day, there are no cast iron guarantees.

I self host just about every service I can, including search.

You’re asking for a guarantee, which I’ve repeatedly admitted I can’t offer because absolutely no one can provide that. No provider, no service, no software. All we can do is decide what we each consider to be actions/behaviours indicative of trust and use their offering in a way that maximises privacy for us as individuals. I put more trust in software/services that has code that anyone can read, that has been independently audited, that is trusted by the community and possibly tested in a legal environment. You might put more trust in things like privacy policies and other legally binding documents. Neither of us can guarantee anything however. I’ve lost count of the number of companies who’ve violated privacy laws and users only find out years or even decades after the fact.

But I’ll say it again - whats right for me might not be right for you and that’s fine.

That’s absolutely your call mate. I’m not here to tell you you’re wrong. I just know what it is that I personally consider to be active steps towards establishing trust and that I base my opinion on them. If yours and mine don’t align, so be it - to each their own.

Again, I’m not considering them to be intentionally malicious or deceptive, I’m saying without the basics in place, we’re being asked to just trust them.

I’m aware of the limitations you describe and you’re right that there’s no way to 100% guarantee anything, there has to be some element of trust. So the services/software I choose to use have done all the things I mention, or I run them locally. Does that mean they’re 100% perfect? No, of course not but the fact they’ve gone to great lengths to establish at least a basis for trust means a lot to me. Some of them have gone on to be tested in some sort of legal encounter where again, they performed well.

Trust is a personal thing, we all have different perceptions of what makes an org trustable - if Kagi match yours, good for you.

I don’t suspect or accuse them of anything. Quite the reverse - what I’m saying is that without things like open source code, privacy audits etc, we’re being asked to take their word for it all. They might well be the most privacy respecting company ever and they equally might not be. If you’re happy to take their word for it, that’s entirely your call. I’m not trying to change anyone’s mind, I’m just answering OP’s question with my own opinion.

That’s a security audit, looking at its vulnerability to attack.

Deciding to trust a provider - any provider - isn’t just any one thing. So, the most basic step to me is all the relevant code being open source. The next step is getting their infrastructure audited. The step after that is seeing what happens if they get court ordered to provide data.

They do none of that and I’m just too cynical to accept ‘trust me bro’ as a convincing sales tactic.

Because claiming they don’t is not the same as being able to verify they don’t by making their code open source.

It’s ridiculously expensive. It’s not private if you have to link your searches to a paid account and none of those payment providers are private. They don’t seem to have open sourced any of their key functionality, meaning you have to trust them to not be collecting your activity data.

I spent a long time getting rid of software and using services that I either no longer trusted or was unable to make an informed choice due to their lack of open source code and I’m not going to take a retrograde step now. And that’s without the issue with their choice (a continued choice I believe) to use Brave results, a company I’m personally not prepared to support.

I have one as a ‘last resort’ option. It’s got backups of BitWarden, Aegis and Standard Notes and is only connected to my machine during backups.

I think they probably did it at first as its quick and easy to set up. And they did strongly recommend anyone mailing them encrypted the emails. I would also assume it was always the plan to self host them but it was the least important part of the whole system so they left it until last to address.

Yep, could well be. I ain’t knocking Mullvad at all .

You’ve got to understand the ‘average’ British psyche at this point in history. The majority simply don’t care that people they see as troublemakers and/or scroungers are having their rights dismantled. They lack the empathy to give a shit for these people and they lack the foresight to see that it’ll be their rights gone one day too. What stirs the average british gammon off their collective arses these days is the rumour there might be an immigrant in a hotel somewhere or that a drag queen exists.

More like fascist-adjacent. And we started the process of underdeveloping ourselves when the fascist-adjacent leaders persuaded the terminally ignorant that Brexit would be great when it was obvious it was going to lead exactly where it is leading right now.

An argument that might carry weight if you weren’t setting up hotlines for people to snitch on anything or anyone vaguely LGBTQIA+, removing books from libraries, allowing huge orgs to buy political favour, enslaving people in for-profit prison systems etc etc etc.

It’s not even that - the people this is directly affecting (for now) are the people who, if they raise their head above the parapet, it’ll get shot off - the people least able to protest. 95% of the country are not lacking resistance, they’re lacking empathy and foresight. They show plenty of resistance to media driven culture war bullshit like immigration and LGBTQIA+ issues.

Climate change is not something any one country can mitigate. It’s going to take all of us - the world.

It’s a comparison of mainline browsers - they haven’t included any forks in it.

I’ve been using them for nearly 3 years now and never used (or even knew they offered) email support.

Not ideal they use GMail of course but they could be using private keys (as most business users do I believe) which means Google couldn’t see a thing anyway.

ISPs pass on your data to various authorities in quite a lot of countries. My own country (UK) has such a terrible privacy reputation I wouldn’t be at all surprised to find ISP’s hand over data for every request.

To me, it’s an issue of personal responsibility.

Lemmy is, like a lot of Fediverse platforms, about as private as it can be. There’s no trackers, you’re not forced to use real names or any other identifying information, no adverts follow you from site to site, no browser fingerprinting and no instance owners are trying to sell your data.

Beyond that, what you choose to say on Lemmy is your responsibility and yours alone.

I thought you people had stayed on Reddit. Y’know, the people who live to say shitty things to people and then sulk when they get edited/removed/banned and blame it all on ‘the hive mind’ or ‘group think’ or some other sneering put down when the reality is simply that most people don’t like shitty people saying shitty things.

I totally applaud your efforts to find a solution to this issue but I don’t think this is practicable, at least in it’s current form. I get the underlying idea that changes to the extension will have to be continually adapted to by the scrapers but that’ll slow them down for a negligible amount of time.

I don’t mean to sound negative and I really do thank you for your efforts but I can’t see how this could be effective.

https://crypton.sh/

Been using it for over a year now. The clients were a bit ropey for awhile but they’re great now.

As for trust, only you can really answer that, but they tick all the right boxes for me - I can pay in a way that preserves my privacy, everythings open source and E2EE, they have good policies.

The only way to live with this level of privacy evasion is to accept the reality of it

OK, Zuck.

Ask them when you can install the bug on their phoneline, open their mail and remove their bathroom door.