For some reason I have it in the back of my mind that they were at one point accused of being a honeypot for US intelligence because of their association with MIT. Probably complete BS, but maybe not. Are they as open source as they claim to be? Looks like they’re on github. F-Droid seems to think they have some Google libraries or whatever that they use.

ProtonMail users, how do you like/dislike it?

    • smeg@feddit.ukEnglish
      3·
      7 months ago

      Doesn’t Proton specifically provide instructions for how to use proton mail via proton vpn (and/or tor, discussed in the article) to provide extra privacy against IP-demanding court orders?

      • Atemu@lemmy.ml
        4·
        7 months ago

        Doesn’t Proton specifically provide instructions for how to use proton mail via proton vpn (and/or tor, discussed in the article) to provide extra privacy against IP-demanding court orders?

        That would be rather short-sighted or disingenuous as they would then simply be forced to log their proxy too.

        • smeg@feddit.ukEnglish
          2·
          7 months ago

          Not according to the article at the top of this thread:

          Proton does also offer a VPN service of its own — and Yen has claimed that Swiss law does not allow it to log its VPN users’ IP addresses. So it’s interesting to speculate whether the activists might have been able to evade the IP logging if they had been using both Proton’s end-to-end encrypted email and its VPN service.

          “If they were using Tor or ProtonVPN, we would have been able to provide an IP, but it would be the IP of the VPN server, or the IP of the Tor exit node,” Yen told TechCrunch when we asked about this.

  • MangoKangaroo@beehaw.org
    38·
    7 months ago

    My experience has been fine. If you go into Proton Mail with the understanding that you’re doing it to stop Google from data mining your email, and not for the sake of truly private/anonymous email, you’ll have a good time. The aliasing feature is super nice as well.

    • hedge@beehaw.orgOPEnglish
      10·
      7 months ago

      What qualifies as being truly private/anonymous email in your book? Or does such a thing even exist?

      • MangoKangaroo@beehaw.org
        18·
        7 months ago

        Based on the reading I’ve done, it doesn’t really seem like one exists - it’s just not what email was designed to do. I’m not an infosec professional, but that’s the impression I’ve been given by others in the field.

    • Zworf@beehaw.org
      8·
      7 months ago

      If you go into Proton Mail with the understanding that you’re doing it to stop Google from data mining your email

      You’re not really stopping anything if most of the people you’re emailing are still using Google or Microsoft :) Because they’ll get a copy of your email then anyway. This is really the problem with email IMO. Well, one of the problems, a lack of sender authentication is another one.

      • MangoKangaroo@beehaw.org
        4·
        7 months ago

        I’m mostly just protecting the mountain of old stuff in my archives that I’m too much of a digital hoarder to delete. ;D

        a lack of sender authentication is another one

        This one is a nightmare. We spend bucketloads on DMARC shit in our department, only to still have loads of issues with email spoofing.

    • hedge@beehaw.orgOPEnglish
      2·
      7 months ago

      I can’t get contact photos to display on PM. Tuta doesn’t have this feature at all, but the fact that PM appears to, but doesn’t work; well, it shouldn’t, but little things like that drive me crazy.

      • MangoKangaroo@beehaw.org
        2·
        7 months ago

        Funnily enough, I don’t know that I’ve ever even paid attention to contact photos (not that 99% of the people I email have would have them anyways.)

    • GravitySpoiled@lemmy.mlEnglish
      12·
      7 months ago
      • the “ads” aren’t shoved up your ass. It’s not bad.
      • their customer service helped me a couple of times. (And a couple of times they didn’t)
      • they have a dedicated site for feature requests. Yet, they still choose what they implement and don’t comunicate it perfectly. They’re still a company. They do it better thab most others.
      • they don’t artificially limit the features on ine os, because it’s not yet implemented on all. That’s actually a good thing, not a bad one.
      • on linux it’s incredibly easy to add a vpn. No idea why we scream for an app.
        • hedge@beehaw.orgOPEnglish
          1·
          7 months ago

          As far as I can tell, the Linux desktop client doesn’t have it yet, but has been promised.

          EDIT: Ok, duh, on Linux Mint under System Settings>Themes>Settings>Miscellaneous Options, Dark Mode I selected “Prefer Dark” and voila: Dark. Proton’s the only app I have that that setting seems to have any effect on . . .

  • RedNight@lemmy.ml
    22·
    7 months ago

    I don’t like that their open-source repositories, like the android mail app, disabled public issues. Normally lots of good information can be found in issues, like known bugs or reasons why a tracker still exists in the app.

  • GravitySpoiled@lemmy.mlEnglish
    22·
    7 months ago

    They are alright. They are no honeypot. You should bring proof if you spread such words.

    They publish now and then the source code to their apps and services. They don’t develop publicly.

    • hedge@beehaw.orgOPEnglish
      13·
      7 months ago

      I don’t have any proof, just a dim almost certainly wrong recollection in my aging brain.

  • Zworf@beehaw.org
    13·
    7 months ago

    Nothing really. They did once put a scan on someone’s IP after the authorities asked them to. But it was a court order. Makes sense.

    I don’t use them because I think Email is beyond saving anyway. 90% of our mail goes to or from Amazon, Google or Microsoft anyway. OpenPGP is not used by anyone, even Phil Zimmermann famously refused to use it. There is so much spam and phishing that most institutions no longer send anything of value by email, it’s just a notification service for “please log in to our portal to view your message”. Email is just so broken and the workarounds so feeble that it’s beyond fixing.

    Email as we knew it is just gone and done. I just use O365 because it’s cheaper and offers me a lot more (like 1TB cloud storage which I use with Cryptomator). Proton Drive is too expensive for me and I like doing the encryption on the user-end anyway because that offers real end to end security. I applaud what proton are trying to do but it’s too little too late and I don’t want to use a special email client. If they want to promote privacy they should do it with something where that’s still possible.

    And for VPN I prefer mullvad anyway because I like the way they sell scratch cards on Amazon. And my password manager I self-host.

    But really it’s not a bad service if you can afford it and don’t want to go for Microsoft and Google.

  • Friend of DeSoto@startrek.website
    12·
    7 months ago

    I’ve had good luck. Reliable and fast as any other service.

    I’m a 3rd year subscriber of the Unlimited plan, $158 for 2 years at a time. I utilize the drive, aliases, mail and VPN.

    No real complaints. I still use Google calendar because it integrated more with Android phone. I still consider going back to Gmail occasionally for simplicity. I really hate Gmail though but email is garbage. Does it really matter?

    I basically priced out good vpn’s, and the two year price of proton was pretty similar to most other quality VPN plans. So why not stick with it and get the rest of the ecosystem too.

    I don’t think about it too much, it’s email and it works.

    I do not care about secure email because I don’t communicate with anyone else using it, but I do like how it automatically blocks trackers and cleans email links for me.

  • jarfil@beehaw.org
    12·
    7 months ago

    General rule of thumb:

    1. Web: can change at any moment, can serve a highly secure mail web app… except to those it might decide to target, giving them zero notice, leaving close to zero trace.
    2. Electron based “app”: if it can run random JS from the web, see first point.
    3. Compiled app: to change its way of working, the user needs to update/download a different version. An explicit user action is required, people can notice malicious changes and warn others about them.
    4. Compiled open source app: same as a compiled app, except people can also notice malicious changes before running the code, fork it to remove them, compile it themselves, and warn others.

    ProtoMail, touts itself as a “secure web app”, which is a contradiction.

    If you use an open source app to access ProtonMail’s service, the security lies in whatever app you use. At that point, might as well send E2E encrypted mail via GMail.

    TL;DR: the way most people use it, is just security theatre.

    • Atemu@lemmy.ml
      7·
      7 months ago

      At that point, might as well send E2E encrypted mail via GMail.

      From a security stand-point: Yes. From a privacy standpoint: Absolutely not.

      • jarfil@beehaw.org
        2·
        7 months ago

        Both privacy and security are the same in either case:

        • Both servers know who’s connecting
        • Both servers see the connecting IP
        • Both servers know the source and target mail addresses
        • Neither server knows the message’s content
        • Neither server controls the client’s app

        The moment you go off-VPN, or use a webapp, security goes out the window.

        Privacy, as in social network/contacts, goes out the window the moment you use a fixed email address; more so if it’s associated to your IRL identity.

        • Atemu@lemmy.ml
          3·
          7 months ago

          There’s a large difference between surrendering massive amounts of highly critical metadata aswell as some data* to a known abuser vs. an entity that prides itself in not abusing your data and which even takes specific technological measures to make it as hard for them as possible (zero access encryption at rest, automatic key discovery).

          (* Partial social graph, interaction timestamps, political interests, health, hobby interests and much of that usually even in plain text data form when receiving email; stored in in plain text forever.)

  • IrritableOcelot@beehaw.org
    10·
    7 months ago

    Yeah I remember that conspiracy theory. Iirc, the claim was basically that any company which had any relationship with any US institution must be a honeypot. It was pretty out there, and as far as I’m aware it was very much debunked.

    I’m pretty sure that the Google libraries F-droid are things like the push notification service, which afaik almost anything with notifications uses, even signal.

    I’ve never actually compiled from source, but AFAIK they are open source. Its been convenient to use for me, just make very sure you don’t lose your password!

    • hedge@beehaw.orgOPEnglish
      5·
      7 months ago

      Ok, so I’m not completely senile yet; awesome! Oh, and thanks too 🙂

  • sic_1@feddit.de
    9·
    7 months ago

    Been using them for a while before switching to their paid version. Of course they are closed source and a business, so any hype and over the top praise is misplaced. That said they are indeed one of max a handful companies that never did anything to make me feel that my trust is misplaced. Their service is great, the products are well polished and reliable. Development is slow and they aren’t cheap. Their target audience is very security and privacy aware so any betrayal of trust would be punished incredibly hard. In that light, their own self interest should be a good insurance, should you be uncertain.

  • digital_alchemist@discuss.tchncs.de
    8·
    7 months ago

    Proton AG lost me as a customer the minute they backdoored a binding arbitration clause into their TOS last year.

    The difficulty of proving damages in breach of privacy cases combined with generally weak privacy legislation globally means the threat of a class action often serves as one of the only practical deterrents to abuses of power by corporations controlling sensitive personal information. By changing its terms of service, Proton essentially immunized itself from suffering any significant penalty in the event its negligence leads to a mass breach of privacy of its users.

    Tactics like the use of binding arbitration clauses are hallmarks of inherently untrustworthy corporations.

  • BolexForSoup@kbin.social
    7·
    7 months ago

    I like proton mail a lot. Proton drive not bad either but can be finicky when uploading dozens of larger files at once.

  • CaptObvious@literature.cafe
    7·
    7 months ago

    Proton fell into the black hole when they pitched to replace Gmail on Huawei phones. Being eager to do business with the CCP was a dealbreaker.

    That said, I have a Tuta account. I don’t use it for everything, but I have no complaints.