Vissso if you want to subscribe to a vpn, and you were considering proton, maybe dont
Troed Sångberg@Viss I'm more inclined to recommend people not to pay for 404 Media. That headline is not only horribly inflammatory and biased - it's flat out wrong.
Proton followed what's stated in their ToS by complying with Swiss law. All companies, everywhere, do.
If you need anonymity and not just privacy, account holders should use the options provided for that OPSEC. Proton has such as well.
buheratorI think all of this stems from the "Proton helped FBI" headline. They didn't. "Switzerland helped the USA" wouldn't get as many reactions.
There's OPSEC failure here, but trying to pin this on Proton is to look in the wrong place. It would not be any different were it any other privacy focused provider.
@troed @Viss I disagree. Proton convinced US people that their comms will be safe at a foreign provider (them). Were users naive to believe this? Yes, but this is victim blaming.
I agree that Proton is not the only bad provider in the market. Actually, the whole market exists because all the providers communicate dishonestly.
I agree that Proton is not the only bad provider in the market. Actually, the whole market exists because all the providers communicate dishonestly.
They're comms are safe. Proton handed out what little information they have - which in this specific case included payment details which could've been avoided had the payment been done through other available means.
I don't see this as anyone being a bad provider. If you need protection from state actors you need a whole different level of OPSEC than to go sign up with someone who clearly state they will obey any lawful request for data.
@troed @Viss Let's put it this way: the acc owner is in the same situation as if they used Gmail for free (if they were smart authorities would even have a harder time connecting the person to IPs and other metadata). This is speculation, but I'd bet that the relevant comms is already collected from the users or the recipients devices/e-mail accounts too.
So what is exactly the value Proton provided here that the user paid for?
So what is exactly the value Proton provided here that the user paid for?
That a proper legal request had to be made instead of Gmail just handing out everything because someone asked. Additionally, Proton cannot decrypt your email content so the contents of the communication is still secure (unless the account owner made the choice to communicate with less secure providers which, again, would be their choice).
@troed @Viss " Gmail just handing out everything because someone asked" This was a headline exactly because this was likely illegal. Let's assume that providers abide the law.
"unless the account owner made the choice to communicate with less secure providers" - which is exactly why the claimed e-mail privacy claimed by Proton et. al. is an oxymoron.
"unless the account owner made the choice to communicate with less secure providers" - which is exactly why the claimed e-mail privacy claimed by Proton et. al. is an oxymoron.
Gmail does not seem to require that requests are made lawfully: https://newrepublic.com/post/206088/homeland-security-67-year-old-us-citizen-criticized-email
Additionally, Gmail _can_ and will hand out the contents of emails which Proton cannot.
Regarding believing your email contents would be safe because you use Proton and send emails to Gmail I'm sorry - it's not victim blaming to point out bad OPSEC. It's like crashing a car because you didn't take the time to learn how brakes work.
@troed @Viss "hand out the contents of emails which Proton cannot" - OK let's not dive into if G should have obeyed a subponea... In both cases the accounts came under scrutiny because authorities _already knew_ email contents. Gmail would even have the benefit of not having payment info (also, cheaper).
(Btw. Proton can absolutely leak all your e-mails e.g. from the frontend they serve to you.)
"it's not victim blaming to point out bad OPSEC" - by this logic we shouldn't criticize charlatan doctors, because their patients should know medicine better?
(Btw. Proton can absolutely leak all your e-mails e.g. from the frontend they serve to you.)
"it's not victim blaming to point out bad OPSEC" - by this logic we shouldn't criticize charlatan doctors, because their patients should know medicine better?
You can have a free Proton account. You can also pay through other means not directly connected to you. Yeah - if you're getting an email account because you're on a mission to fsck with your government it's on you to learn OPSEC.
I don't get the need to throw shade at Proton. I've been a customer since close to 9 years now - at Visionary level. They've provided above and beyond all my expectations when I first signed up.
They're not promising anything they're not delivering. Charlatan doctors do.
The headlines "Unauthorized backdoor" and "Not recommended" under the threat model documentation is good reading.
@troed @Viss It's not hard to tell you are personally invested in this service, that's OK. As I stated, this is not a Proton problem, but unfortunately the market they are operating in shouldn't exist in the first place, because the whole thing is built on illusions. As we say around here, they don't necessarily _lie_, they just don't elaborate on all aspects of truth...
There may be some users who fully understand the tradeoffs, but they would certainly not be a viable business if they were the majority customers.
Thanks for the Threat Model link, I read that a couple years ago, but I'll do a refresher sometime.
There may be some users who fully understand the tradeoffs, but they would certainly not be a viable business if they were the majority customers.
Thanks for the Threat Model link, I read that a couple years ago, but I'll do a refresher sometime.
I'm invested in the concept that everyone should always prioritize privacy, even if they don't see the need themselves. Otherwise, only those who really need it will stand out and be easy targets.
Thus my family chats using Matrix, our personal accounts are with Proton (even for our business) etc. Telling people that a privacy focused provider (and as you say, this is not Proton specific) would be "no better than Gmail" defeats that whole purpose.