ProtonProton uses a trustless architecture. End-to-end encryption and zero access encryption means we cannot decrypt your messages and hand them over to governments.
Your privacy is mathematically ensured, and no election can change that.
Emelia 👸🏻@protonprivacy yeah, but your CEO has been making statements in support of a right-wing authoritarian government, so…?
D1re_W0lf ⁂🇪🇺🇵🇹@thisismissem @protonprivacy This right here. ☝️
Rodrigo Pio@thisismissem @protonprivacy please Proton, stay neutral... and thanks for being an alternative for those who value privacy
@rrapio @protonprivacy that's the thing, they haven't stayed neutral, and that's the concerning thing.
@thisismissem @protonprivacy yes, I know... I'm concerned too. I'm asking them to review their stance and stay neutral from now on.
@rrapio @protonprivacy yeah, definitely disappointing to see as a business customer, where my business is one that angers the right-wing conservative types.
Has me thinking about if I need to migrate away.
Bruno BEAUFILS@rrapio @thisismissem @protonprivacy
It is too late for me.
I can not financially support anymore a company which CEO have made any statement in favour of a fascist.
Jargoggles@rrapio @thisismissem @protonprivacy
The only way to show they're serious about that is to fire their CEO.
"When someone shows you who they are, believe them the first time," to paraphrase Maya Angelou.
@jargoggles @thisismissem @protonprivacy that's a good point, it's hard to believe him after that. Something to think about...
Dźwiedziu@thisismissem
I'll take this further and say that they didn't stay neutral and they shouldn't, but they left that neutral point and went to the wrong side.
I'm arguing that as being “neutral” is still supporting a status quo, which is bad in itself.
Proton, in theory, should be on the anti-authoritarian side of that “neutral”, by doing what it aims to do, provide privacy and personal security.
@dzwiedziu @thisismissem @protonprivacy it depends on what you expect from a service or a company. I believe neutrality is possible and even desirable for the companies that provide services and that build products for me. What I mean by being neutral is "you're a company, you shouldn't have an opinion". I'd go as far to say that distancing private corporations from public discourse and politics might be the most urgent need of our times.
Joakim Durehed@thisismissem @protonprivacy please, can you share some context. And perhaps some source. Let Mastodon be a better place than X. Thank you.
Proton CEO responds to backlash after his post supporting Trump's selection sparks Reddit firestorm
On Reddit, it’s often a single post that ignites a firestorm of reactions. Andy Yen, founder and CEO of Proton Privacy, recently found himself in the hot seat after a seemingly innocuous commendation of Donald Trump’s nomination of Gail Slater as Assistant Attorney General for the Antitrust Division. What started as a simple pat on […]
@d1re_w0lf @thisismissem @protonprivacy thanks for the link to the article. Once again internet is behaving as it usually does.
Both Proton & our CEO stand against authoritarianism; check out this article for more info: https://www.compiler.news/proton-vpn-venezuela-russia/
Proton is not controlled by any individual, but by the non-profit Proton Foundation, which is based in Switzerland and politically neutral.
kainisenni
Chris Gioran 💔Both Proton and its CEO has licked Trump's boot. Check out these posts for more info
https://archive.ph/quYyb
https://archive.ph/2yWGz
So the only way out for your non response to make sense is to claim that Trump isn't an authoritarian.
Good luck with that.
joene 🏴@protonprivacy Do you agree with me and other critical people here that the Trump regime is authoritarian? And is a direct threat to the online safety of many people, in and outside the US. Can you make sure that you will keep them completely safe? Can your CEO make his apologies for his unprofessional behaviour that alienated many Proton customers? If not, do you have the power to fire him?
Scandinavian ⁂ Architect@protonprivacy @thisismissem You can't be politically neutral when facing an actual nazi.
Also fighting for the right to privacy IS political.
Get your shit together
(I'm talking to the company not the CM behind this account, unless they share the company's opinion)
Also fighting for the right to privacy IS political.
Get your shit together
(I'm talking to the company not the CM behind this account, unless they share the company's opinion)
faraiwe@protonprivacy but how is your nazi CEO doing??
Noam writes@protonprivacy @faraiwe Seriously, Nazi? Cos he approved of ONE person Trump appointed?
Do you think it might be better aiming this bile at one of the tech zillionaires who gave trump millions, kissed his ring at the inauguration and are actively harming people?
@faraiwe I see, so now you're calling me a nazi for questioning whether you should call someone else a nazi.
This is why the right wins elections.
guilty indeed@protonprivacy wish you hadn't voluntarily done catastrophic damage to years of goodwill in the last month so that I could take statements like this at face value
Fennel@protonprivacy I'm so relieved that when the people protonmail have chosen to work with have succeeded in ther aims to ensure the end of my functional existence that at least they won't be able to read my email. Gosh, that would be embarrassing.
d@nny disc@ mc²@protonprivacy you do log IPs and pretend you don't though and then bluff about conformance to anti-terrorism statutes, which are widely abused by authoritarian governments to enact their will. which is it? https://circumstances.run/@hipsterelectron/112413632384643655
d@nny disc@ mc² (@[email protected])
@[email protected] from that link: > **2.5 IP logging:** By default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks). The legal basis of this processing is our legitimate interest to protect our service against nefarious activities. If you enable authentication logging for your Account or voluntarily participate in Proton's advanced security program, the record of your login IP addresses is kept for as long as the feature is enabled. This feature is off by default, and all the records are deleted upon deactivation of the feature. The legal basis of this processing is consent, and you are free to opt in or opt out of that processing at any time in the security panel of your Account. The authentication logs feature records login attempts to your Account and does not track product-specific activity, such as VPN activity. it sounds like you or the swiss government can arbitrarily decide to start logging IP addresses without being compelled to notify users? is there a reason you don't make a commitment to notify users whenever their IP address is logged? does swiss law put you under a gag order, or are you just not interested in notifying users when their privacy may be compromised?
d@nny mc² (@[email protected])
@[email protected] i was shocked i just saw [their response to the IP address leak](https://proton.me/blog/climate-activist-arrest) and they literally said: > The Internet is generally not anonymous, and if you are breaking Swiss law, a law-abiding company such as Proton Mail can be legally compelled to log your IP address. the direct statement that they are *legally compelled to log IP addresses* is an absurd fucking thing to bury halfway in the middle of the post!!!
アイアンハンドガンダム@hipsterelectron wtf @protonprivacy, please clarify this
AngelMountaineer@protonprivacy yes, but paying for your service does mean giving money to your CEO, who supports fascism.
magical kitty 
@protonprivacy and i'm Still committed to deleting my account, sry babe <3
René@protonprivacy Have you listen to this video https://youtu.be/yh1pF1zaauc?si=d0tjlZcCSo7h4JIF
If true, #css is enabled through #apple AI and #microsoft #copilot it reads your messages before you send them encrypted. The same as the proposale by the #eu scan before send. The end of #privacy.
If not true, let me know, and why. #proton
End-to-End Encryption Now a Historical Footnote. They Won.
zetabetai don't totally like to promote rob braxman for certain complicated reasons.
at least alternate video site:
https://odysee.com/@RobBraxmanTech:6/e2edead:5
even odysee has little dubious background, but it is not alphabet inc.
End-to-End Encryption Now a Historical Footnote. They Won.
Pat ✨@protonprivacy Damage Control🙂
But true.
Jean-David Bar@protonprivacy governments have some leverage.... How would you react if you were legally forced to stop end-to-end encryption and compromise your users' privacy in one way or another ?
TiTiNoNero 
@protonprivacy yep, and this shitstorm is kindly offered by none other than your CEO.
Is the full executed code completely open and accessible?
If the answer to the previous question is yes, how can you irrefutably prove it?
Do you really think that these kind of assertions can reassure us?
Do you really think that even if this assertion could be proved, we really want to continue to give money to a company which CEO openly support a fascist?
ngrbdx (Antifascist)@protonprivacy trust is earned, supporting fascist is not aligned with my values and I will not renew my proton subscription.
@protonprivacy I recently signed up for proton mail, and it’s nice. It spams me every single day though, which isn’t nice.
@protonprivacy
this is good reminder that i am a customer of proton mail. and start to seek some alternatives ... paying or not.
for that last andy's action. why not "andy11111000100" ?! in four digit year ?!
certain point, i don't believe in coincidences.
@protonprivacy Thank you Proton!
7sleepersmusic@protonprivacy But we'd like to continue having elections and some of the politicians that your CEO supports want to get rid of elections so bye.
M@ Bntn 🗽> Proton is a useless, trustless architecture.
NONE of the replies here on Mastodon are adequate. None yet make me any closer to reinstalling any of your apps.
Hippottery Studio✨@protonprivacy has Proton ever entertained creating a chat platform like WhatsApp?
TheFox@protonprivacy Thank you for the good work! Keep up the discussion and self-reflection.
- non-profit
- e2e encrypted
- open source
- audited
🎉🎪💫💜
Blue Ghost@protonprivacy
Your statements provide incomplete information.
MISSING
Proton has the ability to intercept and copy email content that is not encrypted as it enters and exits the servers.
Source: https://proton.me/mail/privacy-policy
Proton has the ability to provide foreign governments with copies of email content that is not encrypted, this can be done indirectly via Swiss authorities.
Source: https://proton.me/legal/transparency
#Proton #ProtonMail #ProtonPrivacy #Privacy #InfoSec #CyberSecurity #Encryption #E2EE
@blueghost well yea, certain content in proton is not encrypted.
for example, if I remember correctly, the subject is not encrypted. in fact, I think thunderbird is the only email client I know (besides faremail) that can do that
for example, if I remember correctly, the subject is not encrypted. in fact, I think thunderbird is the only email client I know (besides faremail) that can do that
🐈⬛David SommersethThat is correct. E-mails consists of a "header" part and a "body" part. E-mail encryption will basically only cover the "mail body".
Encrypted subject is supported by very few clients, Thunderbird got this support via Enigmail back in the days. But it is not standardized, which is why Proton has not implemented this feature (I've discussed this with them some years ago).
Proton is however capable of /decrypting/ subjects which has been encrypted. But they will not encrypt it, as that will be much harder to tackle if the subject encryption protocol is changed through a standardization process. Then you end up with two "standards" instead - and it's needed to separate them from each other and have some code logic on which "standard" to use per recipient. It gets complicated and chaotic quite quickly. Only doing decryption is easier - "did the standardized approach work? Nope, try the old non-standard way".
I do hope there is progress on encryption of e-mail headers. But standardization takes time. Also, not e-mail headers are possible to encrypt - such as the sender and recipient e-mail addresses.
@dazo thought so. and i'm aware that the header is also not encrypted. the only thing you can really cover is the IP address, which proton seams to do quite well.
also it is only secure when in protons actual network, or if the outsider (Gmail, outlook, even tutanota, etc) is using PGP.
also it is only secure when in protons actual network, or if the outsider (Gmail, outlook, even tutanota, etc) is using PGP.
@dazo forgot to mention that that also might not work if there is a bug in the email that loads a tracker that tracks your IP address
@adisonverlice The Proton webmail blocks a lot of that. Not sure how far the Android and iOS apps have come here.
That leaves the Proton Mail Bridge with third-party IMAP mail clients. In these cases, it depends on the IMAP mail client.
@adisonverlice
Tuta does not support IMAP and/or PGP encryption.
Source: https://tuta.com/support/howto#pgp
Source: https://tuta.com/blog/desktop-clients-tutanota
@blueghost o ok thank you for correcting me on tuta
Oh wow! What an epiphany! Unencrypted e-mails can be intercepted! Hold the press!
Yes, that is how e-mail works. However, those few e-mail services which do encrypted mails at reception will only have that access for content a very short time.
"But Proton can do that on all mails and stash them aside!!!". Yes. But so could the ISP delivering the connectivity to Proton's servers. Or the remote side sending the mail - or anyone in between.
Unencrypted e-mails are unencrypted in transit. Yes, you have the SSL/TLS layer, but that's possible to intercept as well by injecting a SMTP gateway in between.
My point is: Both sides MUST do end-to-end encryption for the communication to be protected.
Proton provides that possibility, when both sender and recipient use PGP. And Proton makes that very trivial and simple, with their opportunistic encryption approach.
And as an additional hardening, they do encrypt incoming e-mails before they are stored to disk. That way, if an e-mail was not captured in transit - the only place to get a plain-text copy of the content is on the sending side which didn't encrypt the mail. And if that sender did delete it, it's the last chance of hope is in the backups in the infrastructure on the sending side.
Proton won't be able do extract the content without the help of the account holder.
And just to make this even clearer - all of these aspects isn't restricted to Proton alone. All other encrypting e-mail services will have the exact same "issue".
So if you are concerned about unencrypted e-mailing? Ensure you use the encryption possibilities. Proton will be able to cover this use case ore easily, but the recipient will need to either get PGP running or also use a PGP enabled e-mail service.
@dazo
The reply was regarding the zero-access encryption verbiage.
"zero access encryption means we cannot decrypt your messages and hand them over to governments" is true when at rest on servers but the messages do not need to be decrypted as they enter/exit the server because they are not encrypted at that time, the messages could be handed over to governments directly/indirectly.
"privacy is mathematically ensured" does not apply to these messages as they enter/exit the servers unencrypted.
@dazo
The point of your reply is to use end-to-end encryption but this does not address the issue of Proton stating zero-access encryption prevents them from decrypting your messages and your privacy is mathematically ensured. Their statement is partially true but could be construed as misleading if read verbatim, especially if the reader is not well versed with encryption terminology.
Source: https://proton.me/blog/zero-access-encryption
The issue is not with the technology, it is with the marketing terminology.
@blueghost And that statement regarding zero access from Proton is 100% correct.
Incoming unencrypted mails passing the spamfilter gets encrypted and then stored to disk encrypted. At that point Proton itself can no longer retrieve the main plain text on their end.
When a user wants to read such a mail, the encrypted message is downloaded to browser (when using webmail), the app or the mail bridge and first decrypted on the users device alone. Proton cannot decrypt data without a users involvement.
For unencrypted mails, the time window Proton can access the content is incredibly small (typically less than a few seconds) in normal operations. And if you believe how they explain their setup, incoming mail handling and spam/malware scanning happens entirely in-memory (RAM) alone until encryption has been done, where only the encrypted data is written to disk.
For this to be compromised on Proton's side, a reconfiguration of the system would be needed. And, as I mentioned in previous reply, the SMTP protocol is easy to attack from outside Proton's infrastructure. So in an attack situation, it would be easier to use an attack vector outside of Proton's infrastructure.
I'm not saying it's impossible to compromise Proton. I'm just saying it's more likely an attacket will use more simpler approaches where the risks of being detected is lower.
@dazo
The Proton statement was correct and incomplete.
The additional information could help some people make an educated decision regarding how to use Proton services.
Proton could be ordered by Swiss authorities to capture unencrypted messages for an account.
Source: https://www.reddit.com/r/ProtonMail/comments/hadvdb/can_swiss_authorities_demand_that_you_retain_a/
Knowing the ability and possibility exists for data collection may motivate people to configure their account for end-to-end encryption with non-Proton accounts.
Instructions: https://mastodon.online/@blueghost/112324891660978205
flere-imsaho 🇺🇦@protonprivacy why should we trust you, if you can't even trust yourself to use your own voice (and your communications people to use theirs), mr. yen?
sotolf@protonprivacy What's with your CEO? Did you ask them what the boot tastes like? Because he sure was licking for his life...