i have some very bad news about proton
this post was submitted on 31 Jan 2025
24 points (96.2% liked)
Privacy
516 readers
211 users here now
Protect your privacy in the digital world
Welcome! This is a community for all those who are interested in protecting their privacy.
Rules
PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!
- Be nice and no bigotry/prejudice
- No tankies/alt-right fascists
- Stay on topic
- Don't promote proprietary software
- No crypto
- If you post news exclusive to a country please name it. ~(This isn't a bannable rule, just a recommendation!)~
Related communities
founded 2 months ago
MODERATORS
Proton the corporation may suck but the software is still solid. It's valid, just needs a disclaimer, and the user makes their choice.
I'll check and correct my post when I get home
Thanks!
While the original comment has validity, I think it's important to know that a lot of the proton news you'll find is very "drop it immediately" biased.
I definitely think the news left a bad taste that's worth keeping an eye on, but I don't think it should eliminate them completely as an option. Especially for newer privacy advocates.
Edit: full disclosure for future readers, I may be biased as well since I do continue to use proton services and I love it. But I still try to look at both sides on things like this.
I think you're spot on. I find it vexing when people point to what happened with ProtonMail as proof that their entire software stack is compromised, when what happened is simply a limitation of email clients in general (and maybe always will be) and laws that every business is subject to. How email works is not how VPNs work.
I think it was a wakeup call for a lot of people, though, that thought they could just use their email to remain anonymous.
Great guide, thank you :)
PS: You should probably add a disclaimer to proton, many people are against it now, and i'd say for good reason but YSK.
Also, to all who read: Email aliases are amazing. There are two good choices:
- https://simplelogin.io/ (owned by proton fyi)
- https://addy.io/
A couple of tips:
Adding 2FA to any online website, especially email. I use "Authy" for this.
Authy is known to be shady. Some better (open source) alternatives are Ente, aegis (android) and 2fas (apple).
Authy practically traps you in its walled garden, since you can't export. Also it's closed source.
Switching your browser to something like "Librewolf".
I recommend against using forks of firefox. Instead users should use a configured and personalized version of it, with Arkenfox. But that may be extreme (tho librewolf uses arkenfox).
The reason why is because often those forks are outdated or are late by days, when crucial security updates may be available. Most of their features can also be recreated in the user.js or userchrome, so they're often redundant too.
Switching to a password manager like "Proton Pass" or "1Password".
Both of those are closed source; a better, FOSS and trusted alternative is Bitwarden. I've been (and others here) using it for a long time and i can confidently say it's the best password manager on the market.
BTW: While we're all here, should we create the [soon-to be created lol] guide on the community, codeberg or dbzer0's wiki feature? I'm fond of the wiki and i'd like to try it, but reply with your vote.
I somehow tripped writing this, I also use aegis woops, but I did use authy on the past
My browser recommendation was based on how easy it is to just download librewolf compared to messing with user agent
I'm outdated in that proton situation, I'll look into that
I vote positive on the wiki, we can discuss it in DMs
I feel like email is the one option where "total privacy" is either difficult or impossible to get secure, because the relay/service stores a copy and the receiver accesses that copy. If either of them are insecure or otherwise able to be configured to be no longer fully-private (e.g. ProtonMail), your efforts at private email are rendered moot.
Something is certainly better than nothing in this regard, but it seems to me that if you truly need secure communication, you should be using an E2EE chat app with local-only storage.
Edit: Saw your edit. Wiki sounds good to me.
True, you can't make email completely secure. But I'd trust tuta for example any day over gmail.
I send sensitivish content over email sometimes but I always use encrypted chat apps for the real threats. Otherwise email is just for receiving from services.
Yep, I think we're of the same mind. I hadn't heard of Addy, so I'm going to have to look into that one!
It’s hard to make the full switch towards a more private life, but switching your mail already fixes a big underlying issue: that being, Google or other companies having access to all your emails. So, I’ll cover the basics of making your online mailing more private.
The issue is that the moment you send a mail to someone or receive an email from someone that is using Gmail (or whatever provider that don't care about privacy), your own email is not private anymore: it's read by that other company. So, unless everyone was to start using encrypted emails and I should say compatible encrypted emails, real email privacy will be little more than a wish.
It's a good move to ditch companies like Google, obviously, but one should not let potential switcher believe that it's a magical wand that will make their emails private. It is not.
As a side note, I would also suggest for a much better privacy: use emails aliases so you never share your real email with any company or service provider.
Proton lol. Also the only privacy is achieved with OpenPGP but no one uses it.
Nobody uses PGP because it's annoying, the tooling is not user friendly, it requires a lot of manual efforr for multi-device access and most people simply don't have the ability to manage keys safely. And that is why offloading all this effort to Proton (or similar providers like tuta) who does all the PGP stuff transparently is the only viable solution.