I’ve been using Proton Mail and VPN for a while now, and I’m just wondering how everyone else feels about them. I have this kind of inherent alight distrust of them just because they seem like they offer a lot for free and kind of have a Big Tech vibe about them, but there’s nothing for me to really substantiate that distrust with, its mostly just a feeling. That being said, I do use their services as mentioned and they work pretty well, even on the free teir. So aside from that one instance where they gave that guy’s info to the feds, is there any reason not to trust them with my data?
Ill get straight to the question: what should i use? I use proton currently but they are pretty sus.
Ill get straight to the question: what should i use?
Are you referring to email?
I thought it was obvious from the context but ues
In that case, the email provider that you use makes little difference at all. Because of the way that email works, it will always be visible in plain text (unless manually encrypted through PGP) by a third party other than the recipient at some point. There is of course the exception of, for example, direct communication happening between two Proton Mail accounts, but this is really hardly worth mentioning in any practical sense.
The long and short of it is that email should never be used for secure communications.
Fastmail looks nice in terms of features/cost - it is also owned by the people who run it, which is a big green flag.
But I am in the same boat, looking for a new service, haven’t made a switch yet
it is also owned by the people who run it
The ownership of a service, ideally, should make no difference to that service’s trustworthiness.
That makes absolutely no sense - at the very least, this is unimplementable for an email provider.
I am trusting someone for my data. Ownership belonging to the people running it, who just want to make a living, has the meaning that our interests are better aligned than a multinational ad agency or a nation state whose subject I not even am. That relationship is more healthy, the contract is clearer and more balanced.
at the very least, this is unimplementable for an email provider.
If one ignores the collection of metadata, then this is the very purpose of PGP.
I am trusting someone for my data
The point that I am trying to make is that one should never have to trust someone with their data – if all data is encrypted, for example, from a privacy perspective, it really doesn’t matter where it is stored. Of course, metadata can still be gathered, but that is, in my opinion, a lesser issue, and the user has some, if not complete control over it.
I should also say that it depends on what you mean by “trust”. My response, and original comment are under the assumption that “trust” is referring only to privacy.
After the WhatsApp scandals, my trust in encryption is limited. I’m not a mathematician (which is a goddamn shame), and if there is a backdoor in the mathematics themselves, I wouldn’t be able to catch it even if I read the source code. And there is always the possibility of decryption by quantum computers…
So where we store our data is very important, even if it is decrypted. Encryption is just a secondary defense, the primary is limiting the accessibility to the data itself. And where you store the data, and to whom you allow access, determines the accessibility
Tutanota is nice and a bit cheaper too. A bit limited in features compared to proton but I still like it.
Skiff looks cool
seem like they offer a lot for free
i gladly pay for proton knowing that i’m helping fund a critical tool for activists under oppressive regimes :)
I do not trust any company, even if it is “privacy-friendly” or “anonymous”. There is no way to proofe this, sure I could view the code but there might just be a slight possibility that the company is saving and stealing your data.Self-Hostinmg is for me the way to go.
Yeah I would trust them. But I don’t think I would use them because I just find their mail service to have too much friction in a lack of interoperability with clients unless you not only pay money, but also download a whole extra program just to decrypt your email. It’s essentially a walled garden
Let’s say that I trust Swiss laws more than other alternatives.
They apply only to Swiss citizens.
Why is anyone using email anymore? (He said with a straight face)
Personally, email exists solely for merchant receipts, and IRS collection notices. I don’t use email with any family or friends. Matrix, signal, session, most any messenger but I prefer e2e.
Maybe I’m internetting wrong.
My friend doesnt have a smartphone, so we comnunicate via email ^^
Just because you don’t? I use e-mail as my main way of messaging people I know and like.
You must not have a white collar job. The corporate world lives for email.
I agree with you. Email is flawed and not appropriate for modern communication.
If you want the messages to be written in letter-like format, then you can write them that way. No need to make it chatty if you don’t want to communicate that way.
Email shares far too much metadata and should be used just for account-updates, account-control (password reset, MFA, and so on), etc.
Otherwise I just push everyone to Signal, since it’s normie-friendly and already using quantum-safe encryption.
–
To the OP’s question: yes, I trust Proton. They can’t access my data if they wanted to. They’re a lot better than competing companies.
Check out some of the steps they’ve been taking to improve OpenPGP and go down to “Upcoming improvements” to see their future plans: https://proton.me/blog/openpgp-crypto-refresh
And, remember, they are more than just an email company: https://proton.me/blog
https://piped.video/watch?v=iH626CXyNtE
- Dont use webmail, the purpose of a browser is to execute foreign code of unnown sources -> they can serve you any website they would like
- dont use Email, it’s all plain text on the servers (unless you insist on using pgp, yet still a lot of metadata is plain text)
- dont use centralised communication ie. Signal. You’re creating societal habits that wont be easily changeable if you start to distrust them. Matrix and IRC etc. dont need a phone either
Numbers 2 and 3 act like these are things that you can easily just stop
No.
I trust no single hosted service, but you can use them with caution.
Not at all, mental outlaw has a video why proton is a honeypot
And yeah, you can’t really trust anything not self hosted by you
Link please.
Or wait, maybe it’s not mental outlaw
Maybe this one https://www.youtube.com/watch?v=AhdJzjC7Leo
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=AhdJzjC7Leo
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Sorry for YouTube link, i’m using newpipe
https://www.youtube.com/watch?v=IeXaYR4ed9c
Edit: and also this https://www.youtube.com/watch?v=QCx_G_R0UmQ
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=IeXaYR4ed9c
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
This, this, this
Very sorry, I’m not sure which videos it is
Try to watch mental outlaw’s and the hated one’s videos about proton
And you can’t even trust that - good luck finding hardware with open source schematic that is not ancient.
All processors have built-in spyware (Management Engine etc.), and that’s not going to change, since there are only a few highly sophisticated factories in the world that can make them, and the factions controlling those have no interest in producing consumer grade spyware free hardware. Modern processors have become essential for weaponry and warfare, so this is not going to change, only get worse.
One of the biggest tinfoil hat youtubers out there, heh. I think he has some good stuff though, other stuff is just plain speculation and paranoia. Email in general is not secure, not everyone can self host or wants to self host. Proton does it’s job for anyone that needs an alternative to Google and also wants to maintain a set of features like calendar, tasks and so on.
Proton used to have a deal with the Israeli company
Radware, for DDoS protection. They have written a few disclaimers about how Radware only handled incoming traffic still with two encryption layers intact (SSL & OpenPGPjs), as if that was some sort of real protection if a company has access to raw incoming traffic.Honestly, a company aimed at privacy, boasting of Swiss privacy, should know better than to route anything through Israeli companies.
For my threat model and use case, I trust them.
When Proton has a single app available on native F-Droid wirh zero anti-features, not from a different repository,conly then will I use their services. I don’t use anything from them now. No Protonmail, no VPN, I don’t use them.
https://www.f-droid.org/en/packages/ch.protonvpn.android/
Mail’s on Izzy, tho: https://apt.izzysoft.de/fdroid/index/apk/ch.protonmail.android On the other hand, I don’t exactly see a reason to have a mail client on the phone at all. I mean web browsers do exist, and the app doesn’t seem to provide any additional benefits.
Also, wdym by “single app”? If as in “at least one”, then VPN counts, and if as in “one app that incorporates mall + VPN + whatever else they come up with”… Why?
P.S. I’m not agitating for or against using proton, just curious.
I said native F-Droid repsitory. I also said with zero anti-features.
In F-Droid settings, under Include anti-feature apps, unselect all or turn off all options, turn off other repositories like Izzy, then do a regular app search for Proton, there is nothing available in F-Droid
The link I’ve added (VPN) is for native f-droid repo. As for anti-features,
So that’s more about server side being proprietary than the app itself (also, mullvad’s app has the same anti-feature)
Wether it’s due to server or client, Proton is not option.
There are free Telegram clients, there is no way I will ever register with Telegram service.
I am extra harsh of Proton because I reject the concept of proprietary security. They trumpet privacy and security but tell people to trust them for secuity, they can’t release server code, but they want everybody to trust that their servers don’t have a back up of account info like keys or backup access to account.
I don’t use Signal for the same reason, only Molly, and I refuse to install Signal on computer.
There are reasons why email clients are more secure
Genuine question: which ones?
You shouldn’t trust them. Won’t elaborate further because the proton fanboys are extreme even by the lowest of reddit standards and arguing with them is pointless.
But no, don’t trust proton.
In my view it’s either my ISP seeing everything or someone else. I don’t trust my ISP, I route my traffic to a different country where I don’t live in and them viewing my activity is potentially less of a problem, in my view (just in case they do manage to de-anonymize me)
Route them to a country of some number of eyes? 😅
Wdym?
https://en.m.wikipedia.org/wiki/UKUSA_Agreement In most of the cases there’s no point to route traffic to another country because they are all the United States of Eurasia
The only point remaining is preventing your ISP from profiling you
route my traffic to a different country where I don’t live in and them viewing my activity is potentially less of a problem
Depending on where you live, and where your service resides, this could be tricky.
In the US, for instance, if you’ve chosen a provider in Australia, then a FVEY agreement could be in place to share that data. This gets around the technicality that intel gathering is not occurring on US soil and is not being done by the gov.
And again with the US, if you’ve chosen a country that’s not amiable to sharing user data, the US could very well be justifying that country as a target for pilfering data anyway.
So, that would leave choosing a service provider within the US, which should need to go through the FISA courts for any access to citizen data, but who knows after the Snowden revelations.
I guess that’s the state of privacy if you’ve got a nation state that’s targeted you for surveillance. Only way around it I can think of is data to be encrypted in transit and at rest, and only you control the keys. But that’s not something that’s going to happen with something like mainstream email anyway, too inconvenient for most folks (and you also don’t know if your recipients are security conscious either).
Thank you for explaining the gov surveillance part of it, that is a good point you’re making. There’s also the commercial surveillance I’m trying to avoid, in particular having my “psyche” profiled.
Actually… this is the only internet privacy company that I trust. I just hope that they start to deliver new products and apps faster… especially on Android, so that we can de-Google our lives as much as possible.
I feel the same OP. There’s no good reason for it but I just don’t trust them. I have no idea why.
