Do you trust Proton?

I’ve been using Proton Mail and VPN for a while now, and I’m just wondering how everyone else feels about them. I have this kind of inherent alight distrust of them just because they seem like they offer a lot for free and kind of have a Big Tech vibe about them, but there’s nothing for me to really substantiate that distrust with, its mostly just a feeling. That being said, I do use their services as mentioned and they work pretty well, even on the free teir. So aside from that one instance where they gave that guy’s info to the feds, is there any reason not to trust them with my data?

0x2d,

more than google

soulfirethewolf,

Yeah I would trust them. But I don’t think I would use them because I just find their mail service to have too much friction in a lack of interoperability with clients unless you not only pay money, but also download a whole extra program just to decrypt your email. It’s essentially a walled garden

java,

Let’s say that I trust Swiss laws more than other alternatives.

TylerDurdenJunior,

Proton used to have a deal with the Israeli company Radware, for DDoS protection. They have written a few disclaimers about how Radware only handled incoming traffic still with two encryption layers intact (SSL & OpenPGPjs), as if that was some sort of real protection if a company has access to raw incoming traffic.

Honestly, a company aimed at privacy, boasting of Swiss privacy, should know better than to route anything through Israeli companies.

hanabatake,

No.

Their email service is bad. Why do I need a proton software to use thunderbird ? Why don’t you use open standards for email ?

jokeyrhyme,
@jokeyrhyme@lemmy.ml avatar

Proton emails are stored in an encrypted form that goes beyond the simple authentication that is part of the POP/IMAP specifications

Proton does have open-source bridges/proxies, so they aren’t hiding these details from us

Perhaps Thunderbird could be enhanced to support the Proton features directly?

hanabatake, (edited )

Proton does have open-source bridges/proxies, so they aren’t hiding these details from us

The issue I talked about was not privacy-wise. It just suck to have to use a package that is not in debian repository just to receive commercial emails. Updates are a pain. And it is the kind of software that people should keep up-to-date.

Proton emails are stored in an encrypted form that goes beyond the simple authentication that is part of the POP/IMAP specifications

Ok, let’s talk about privacy. Email will never be secure because it was not designed to be and there are too many issues.

The subject line and other metadata are not encrypted. (from protonmail website). Most of the people use email to register to accounts and for commercial communications, where all valuables informations are in the object of the email.

There are more private way to communicate with people (like xmpp or matrix for example)

We kill people based on metadata. Well metadata encryption are pretty important.

So giving up convenience for 0 security sucks.

Perhaps Thunderbird could be enhanced to support the Proton features directly?

It would be great if there were an add-on for it. If someone knows how to develop it, please do it, it would improve UX a lot.

But it does not solve the issue completely. On mobile, the issue is still there (I know they have an app but I would prefer to have all my email at the same place). Also, if I want to use nextcloud mail, you have to developp an addon for nextcloud now.

Edit: changed the link for the alternative piped link suggested.

Kalcifer,

Do you trust Proton?

For starters, such a question is coming at it from the wrong perspective. One should have trust in the software – if such sowtware is, indeed, trustworthy – and not in the entity that created it. If one seeks privacy, then they should be of the mindset that every entity is malevolent.

hanabatake,

Lol no. Are you going to audit all the code you use ? You need to trust some organizations to make the audit. You NEED to trust some entities

mojo,

No, mainly because they’re pumping out too many services. Also free VPNs just sound really sketchy to me.

Lolors17,
@Lolors17@feddit.de avatar

I do not trust any company, even if it is “privacy-friendly” or “anonymous”. There is no way to proofe this, sure I could view the code but there might just be a slight possibility that the company is saving and stealing your data.Self-Hostinmg is for me the way to go.

Cyberflunk,

Why is anyone using email anymore? (He said with a straight face)

Personally, email exists solely for merchant receipts, and IRS collection notices. I don’t use email with any family or friends. Matrix, signal, session, most any messenger but I prefer e2e.

Maybe I’m internetting wrong.

online,

I agree with you. Email is flawed and not appropriate for modern communication.

If you want the messages to be written in letter-like format, then you can write them that way. No need to make it chatty if you don’t want to communicate that way.

Email shares far too much metadata and should be used just for account-updates, account-control (password reset, MFA, and so on), etc.

Otherwise I just push everyone to Signal, since it’s normie-friendly and already using quantum-safe encryption.

To the OP’s question: yes, I trust Proton. They can’t access my data if they wanted to. They’re a lot better than competing companies.

Check out some of the steps they’ve been taking to improve OpenPGP and go down to “Upcoming improvements” to see their future plans: proton.me/blog/openpgp-crypto-refresh

And, remember, they are more than just an email company: proton.me/blog

josep,

https://piped.video/watch?v=iH626CXyNtE

  1. Dont use webmail, the purpose of a browser is to execute foreign code of unnown sources -> they can serve you any website they would like
  2. dont use Email, it's all plain text on the servers (unless you insist on using pgp, yet still a lot of metadata is plain text)
  3. dont use centralised communication ie. Signal. You're creating societal habits that wont be easily changeable if you start to distrust them. Matrix and IRC etc. dont need a phone either
soulfirethewolf,

Numbers 2 and 3 act like these are things that you can easily just stop

Eudaimonia,
@Eudaimonia@lemmy.ml avatar

My friend doesnt have a smartphone, so we comnunicate via email ^^

ManosTheHandsOfFate,
@ManosTheHandsOfFate@lemmy.world avatar

You must not have a white collar job. The corporate world lives for email.

DumbAceDragon,
@DumbAceDragon@sh.itjust.works avatar

I don’t completely trust any “privacy-focused” company, but I trust proton a lot more than most others.

artaxthehappyhorse,
@artaxthehappyhorse@lemmy.ml avatar

I would think if someone’s up to some actual shady shit that they don’t want to draw the attention of any authorities, they’d be better off using a combination of several of the most popular web mail accounts, like Gmail, and manually encrypting the message before pasting it in or something I dunno, just bc it seems like surveillance systems become less effective with more collection volume, and Gmail has a lot of users

Kalcifer, (edited )

Or, better yet, one should simply not use email for secure communications.

Father_Redbeard,
@Father_Redbeard@lemmy.ml avatar

I stopped using them because their Android app is absolute dog shit. But I would trust them more than Google.

AI_toothbrush,

Ill get straight to the question: what should i use? I use proton currently but they are pretty sus.

RogueBanana,

Tutanota is nice and a bit cheaper too. A bit limited in features compared to proton but I still like it.

phoneymouse,

Skiff looks cool

oij2,

Fastmail looks nice in terms of features/cost - it is also owned by the people who run it, which is a big green flag.

But I am in the same boat, looking for a new service, haven’t made a switch yet

Kalcifer,

it is also owned by the people who run it

The ownership of a service, ideally, should make no difference that service’s trustworthiness.

oij2,

That makes absolutely no sense - at the very least, this is unimplementable for an email provider.

I am trusting someone for my data. Ownership belonging to the people running it, who just want to make a living, has the meaning that our interests are better aligned than a multinational ad agency or a nation state whose subject I not even am. That relationship is more healthy, the contract is clearer and more balanced.

Kalcifer,

Ill get straight to the question: what should i use?

Are you referring to email?

knfrmity,

No. I don’t trust the Swiss. They’re tied up with US intelligence and they’ll do anything for money (that’s why they’re always neutral). I’ve gotten shit on here before for saying Protonmail might be a honeypot but I’m sticking by it.

Kalcifer,

Such a point is rather moot – one should not be using email for any form of secure communications, as it is inherently insecure.

XTL,

For some use cases, perhaps. I do trust them to keel over as soon as anything looking like an authority sends a request. I don’t trust them to be as good as their marketing.

No news about scams or particularly evil policies yet, which is far better than many providers.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • Food
  • aaaaaaacccccccce
  • [email protected]
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • Socialism
  • KbinCafe
  • TheResearchGuardian
  • oklahoma
  • feritale
  • SuperSentai
  • KamenRider
  • All magazines
    •