108

submitted 11 months ago by zerodawn@leaf.dance to c/privacy@lemmy.ml

53 comments fedilink hide all child comments

I'll start off by saying everyone's economic situations are just as varied as their threat models and how people make decisions on which services can be specific to themself and not one that can apply to anyone else. The services one chooses to use for free or to pay for may be based more on what they can afford vs what's the best broad reaching plan.

That being said i'd like to see what others think about the proton suit of services. I've been eyeing it as an option for a paid service for a while but am hesitant to put all my eggs in one basket. I'm interested in a vpn, mullvad seems to be the other popular choice. I'm also interested in email address anonymizing service like anonaddy. At $5 for mullvad, $3 for anonaddy, and $3 for base proton email it comes out to a dollar more than protons premium tier which gets cheaper if you pay for 1 or 2 years at a time.

As said above would the biggest reason not to use proton for all of these separate services be not putting all your eggs in one basket?

you are viewing a single comment's thread
view the rest of the comments

[-] pound_heap@lemm.ee 4 points 11 months ago

I don't trust Proton enough to use it exclusively. Personally I use their free email tier as a secondary mailbox.

They are not fully open source (I found only web client source code)
Their last independent audit was in 2021 and was done for beta version of their email
The audit itself was for security, nothing related to privacy
They advertise their email service as encrypted: encrypted:

End-to-end encryption Proton Mail is a private email service that uses open source, independently audited end-to-end encryption and zero-access encryption to secure your communications. This protects against data breaches and ensures no one (not even Proton) can access your inbox. Only you can read your messages.

Which I see as deceptive: end-to-end encryption is working without user involvement only for emails between Proton mailboxes. In other cases user needs to establish PGP encryption on their own. Inbox may be not accessible by Proton (we actually have no clue because server side code is closed source), but unencrypted incoming messages can be easily intercepted by Proton relays.

I'm not saying that Proton does all this nefarious stuff, but their marketing is questionable.

[-] nimbus5000@techhub.social 4 points 11 months ago* (last edited 11 months ago)

@pound_heap

When you send an encrypted email to a non-Proton user, you click on the lock icon to encrypt the email and assign it a password, which you need to get to your user. The recipient then receives an email with a link. They click on the link, enter the password and and can then view your email, which to my understanding is decrypted client-side.

https://proton.me/support/password-protected-emails

@zerodawn

this post was submitted on 24 Sep 2023

108 points (99.1% liked)

Privacy

31168 readers

331 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS