I know the CEO dug himself a pretty deep hole recently.
I had been meaning to switch all the services I currently use over to proton - but his remarks gave me pause.
Is it still worth considering?
I have to say I found this article insightful: “Does Proton really support Trump? A deeper analysis (and surprising findings)”
It inclines me to give him the benefit of the doubt. He clearly got stuck trying to make his point and at some point just stopped explaining. My feeling was that that was good decision because he stopped digging a deeper hole.
Yes. If you don’t agree with the CEO, keep in mind that he is not the owner, they moved to a nonprofit structure. Proton’s CEO is not the first one saying stupid things, the same happened with Mozilla, Brave, and perhaps many other reputable groups.
Proton products are good, IMHO the layout is OK.
It’s good, but not the only one. If you don’t feel comfortable with Proton, go to Mailbox.org, Posteo, Tuta. They are smaller, with less products on their portfolio, but reputable and as good as Proton.
This is a great site to see recommended products for use like proton and their alternatives.
While Proton does offer a lot of services that are useful, some people dont want to put all their eggs in one basket and use various products together.
At this point I’d take another look for alternatives to avoid throwing money at this particular CEO clown.
Yeah - mostly was the hope of this post to see what others you put up.
I had looked at tuta but I’m looking to be able to move my digital workspace (email, calendar, storage, docs, etc) over.
FWIW, tuta offers email, calendar and contacts. That’s a good part of it sorted out.
For storage, if you’re not up for self hosting Seafile or Nextcloud, look at https://filen.io/
Or, check out https://disroot.org/en which has email, storage, calendar and contacts.
AFAIK none of the above have office suites like you might expect coming from Google or Microsoft, but in my experience installing LibreOffice on your local machine solves that. Not everything needs to run in a browser.
Sorry, missed the Office part but both Cozy Cloud and Nextcloud support OnlyOffice. It’s 12€/month at Cozy Cloud though, and the service is France-centric… For now.
murena
Sure, if at this point you’re still comfortable trusting the same entity with all your cloud services as well as your phone OS (which seems to just be a hardened LineageOS) — go right ahead.
For me personally this is the selling point, as I can fund their (open source) work rather than sending money to some company that does not contribute to open source. And since everything they offer is based on FOSS, migrating to another provider is easier than for closed source competition.
That said, I get your point. It is a corporation, and it is putting several eggs on one basket.
I’m wary of Signal for the same reason that — although both products are at least nominally open source — for all intents and purposes, their strategy is corporate. And this centralisation makes Murena as well as Signal single points of potential failure.
You do you, just consider that the minute somebody from the Murena/e Foundation board has a public meltdown you may have to find a new home for all the cloud things 🤷
Totally fair point there.
I do want to move to a more secure OS for my mobile device, and I’m just in the babysteps of understanding the wide world of the Linux ecosystem.
If that’s where you’re at, go for it. Every decision in this game is a tradeoff between convenience and privacy. We all need to start somewhere!
I’m old enough that I used to casually flash Android KitKat ROMs, and self hosted Nextcloud for a decade or so. I’ve seen platforms rise and fall 🤣 After a while it’s easy to become jaded.
Yeah, long term I do want to self host and I’ve now been doing reading on next cloud.
I used to flash to cyanogenos on a galaxy2 back in the day and I’m looking at different ROMs to try out now (suggestions welcome).
That being said, I’m new to Linux and haven’t done much home server stuff, but am motivated to learn more.
Technically, yes.
IF you’re worried about the CEO, go for Tuta.Politics aside, the OpenPGPjs library would be a viable alternative with a client side checksum program, but sure enough, the builds are reproducible.
Until then, this isn’t even technically true.
For example, you can’t import your emails with the POP3 so when your mailbox gets full you can’t even pay for one month and download them all while deleting them from the server.
It isn’t usable for free accounts and there was pre-4.0 a cult-like trend on the support subreddit to disclose your tier. I’m not aware of any moderation post, or note, asking users to stop this practice (u/ProtonMail was listed as a mod account).
Apart from the CEO, I’ve been a bit concerned with the number of outages recently with quite poor and inconsistent communication or updates - not especially long outages but made much more stressful. There’s something really off about the way they communicate things I’ve found. So that combined with the idiot CEO has made me start the process of moving away from Proton, I don’t trust them any more.
I think the best strategy is to spread thinly, don’t become reliant on any one provider.
Eh, ACAB: All CEOs Are Bastards. Tim Apple attended Trump’s inauguration.
That’s a good point people here are getting bent out of shape a out proton CEO lapring Maga but will continue to use their iPhone or android, no questions asked 🤡
But the difference is we all have a choice of an email provider, whereas people are socially expected to have a smartphone these days and those are pretty much the two viable choices.
And at least with android devices you have the choice to move to a different OS and opt into more FOSS alternatives
If you are going to spend time and money migrating to another service, choosing one that seems to be headed in the wrong direction seems ill-adviced.
European-alternatives.eu seems like a good resource to find alternative services.
Personally I am waiting to see if Murena.com restores their nextcloud offering, as I am planning to move to /e/OS on my phone again and wouldn’t mind sending a little money their way. I’m not into hypersecurity though, if you have very particular needs others will have better insights. For me having it hosted in the EU is good enough.
They look pretty good; I can’t tell from their site of they offer custom domain support for email.
I think that there are several things to consider here:
- Is is usable software? Yes
- Is the company trustworthy? In my opinion not, a MAGA CEO is a security risk when you take a look at what is happening in the USA right now.
- Does it feel good to support a MAGA CEO? No
It’s worth it for sure. The product suite and convenience is really “the only” option for that price and while many seem to thing that proton is ready to sell out to American big tech, they won’t, simply because you can’t sell a non-profit organisation.
Tuta is decent email, but terrible UI.
OpenAI is a non-profit too…
I’m quite happy with the products. Not as happy with the company after the event you mentioned. I upgraded my plan not long before that happened (they had a pretty good deal going) so I will stay with them for now but I will need to consider what to do once the prepaid time is up.
maybe not important to some, but I was super-unpleasantly surprised a couple months ago because proton deleted my dormant account. my recovery account received a couple of warning emails (didn’t check that one in ages) and when I finally got around to it, gone.
so if you’re thinking of using it for anything long-term, know that you have to log in once in a while or it’s gone.
Pretty sure that’s just for the free tier accounts, but I could be wrong.
Not giving my business to a Trump supporter.
I think Proton still offer a strong UX and great privacy, what are your main worries ?
- Proton recently admitted they were impacted by Cloudflare outages cause they route a lot of their traffic through US servers using Cloudflare.
- Almost no one (like prob 0.1% of users) would ever have the time & knowledge to check for changes in JavaScript that might be different for them vs others, plus some of those would be routine updates, A/B testing, etc. If Proton wants to get your data all they have to do is change the JS sent to you or small portion of users, and it is very likely no one will ever notice.
- Many Proton services will get updates that are not pushed to the open source branch for several weeks.
- Proton disallows free accounts from using things like their Desktop Mail app without a paid account.
- Many Proton services are unnecessarily geared towards ecosystem lock-in, when the security can be achieved in other ways.
Those are to name a few.
- Looks bad, but what about the other mainstream options such as Tuta ?
- True but I do think it will get noticed pretty quickly but probably not fast enough.
- For weeks ? I know new products are always proprietary closed beta but didn’t knew that…
- I think it’s pretty fair as it is a freemium service, paid user needs to get rewarded for paying.
- Yeah I prefer to endorse free and open solution rather than closed garden wall, even if they are published under open source licence, but in the other hand It seens like there is a demand from the market for a privacy-respecting ecosystem that offer a similar experience to Google for exemple.
There is no such thing as a perfect solution or perfect security. Depending on your threat model I do think Proton isn’t a bad option, maybe it’s not the best but as of today all the honeypot claims seems to be simply FUD. Your worries are legit but I’m pretty sure you can have similar worries for other products that you use and feel safe using them.
I’m tired but:
- you’d need to compare the checksums of their web-based cryptography at every login,
- you could use their bridge but you’d need to give your OpenPGP passphrase to change your settings, for no reason
- they have the CIA at their administration council,
- they have an history of unethical behavior toward Twitter survivors,
- they have an history of spreading conspiracy theories,
- they have an history of contacting hosting providers asking them to remove blog posts,
- they didn’t share the Lavabit fundraiser so they could get quietly issued a US National Security Letter (overriding the First Amendment and preventing Ladar from appealing),
- they can access to your entire mailbox anyway, not just to the email contents,
- this has enabled the arrest of Social and Climatic Justice activists, they replied they couldn’t resist a Swiss court order (so that’s not their fault I guess, the tech is just bad)…
Why would you trust them for your opsec, and why would you enable them further?
Alternatives include Disroot, Nubo, and Zaclys.
#Proton #ProtonMail
For being tired this outlined a lot of great points and good alternatives. Nubo has my eye and I’m going to look into starting the process with them.
Nubo sounds good. However, I’m closer and closer to buying a mini PC and simply self-gosting Nextcloud. I feel that is the only way to be really sure I own my data and not get disillusioned/disappointed in some way by some of these companies.
Yeah, been strongly considering that recently as well but I have a lot to learn.
I really want to have a custom domain, murena seems to have everything that I’m looking for, if I wanted to have a custom domain still I’d have to self host.
I’ve heard that self hosting can lead to a bunch of email getting snagged in spam filters. In regards to self-hostijg I’m definitly in the unconscious ignorance (I don’t know what I don’t know) phase of it.
I’ve heard that self hosting can lead to a bunch of email getting snagged in spam filters.
Through force of numbers, the big companies have made self.hosting email a pain in the ass. DKIM, DMARC and all that, they say it’s to fight spam but it’s really just to ensure their monopolies. If it was encryption they’d be clamoring won’t someone think of the children.
You can find people un/successfully self-hosting email so invariably YMMV. Just make sure you follow all the steps and guidelines and don’t use that address for anything relevant in the first months.
Some people also use a proxy in Outlook or something so the outgoing email has all the legit veneer.I have a custom domain added to Tuta. Works fine for the last 2 years. If something goes haywire at any point, ⚓ up and I’m gone.
I’m interested in self hosting a couple of services, Immich, Navidrome, Nextcloud, but email ain’t one of them. Personal one I use mostly for registrations and shopping confirmations
Do you have sources for all of this?!
Tired. In auto-pilot mode for the last 3 hours.
Part of it is based on the OpenPGP standard itself, e.g. you only need the passphrase to decrypt your emails, not to encrypt them and certainly not to change your settings.
Part of it is based on experience.
Part of it actually needs a few sources; the Lavabit part is speculative but solid, there are bread crumbs all over the web.
Yeah, get some sleep! I too would love to see sources and read up on this, but maybe some other kind soul will elaborate while you rest 👍
Thank you.
So no sources, noted.
I mean I couldn’t find a lot of the other things but I do know the climate activist one is verifiable.
I found this article that goes more in depth with cooperation with other lawn enforcement agencies.
Make no mistake: any company that wants to operate above board, be it a VPN provider, a privacy-focused mail provider or whatever, always has to comply with the local law. If the “local” happens to be an oppressive regime like the US, tough luck… even in Switzerland if their gov forces a company to comply with something they will comply. Proton’s no exception.
lawn enforcement agencies
Good morning Sir,
XD The HOAs are out to get folx
I was going to add sources anyway, I’ve only had 3 hours of sleep last night, but you need to understand that we don’t owe you resources. I, for one, don’t know you. I wasn’t talking to you when you approached me with a nominal sentence, and you need to acknowledge that you base your tone on the assumption that I didn’t consent to this conversation.
So of course I’m still considering blocking you. Going this route, you would keep the same entitled, passive-offensive tone.
As rude as it is, people will only adapt to this by drawing boundaries in a more cohesive, efficient way. You need to check your attitude, and to embrace the resource-centric nature of the internet. Improve your tooling.
So of course I’m still considering blocking you.
👋 kthxbye
Some issues on Proton are widely known, like their CEO’s shenanigans… If you’re gonna claim other less known issues don’t act shocked and surprised (or offended or whatever) when someone asks for evidence.
You’re not obliged to provide such evidence nor am i obliged to believe your BS.Get some sleep.
You’re missing the point. I will source my post (because I’m a nice and, frankly, jobless person) even tho I was answering to the OP, because this is a public document.
But you’re the one coming out of the wood with baseless claims. Every serious privacy guide claims that you shouldn’t use OpenPGP for opsec, which is well beyond degoogling anyway, so why are you even recommending ProtonMail over cheaper offers like Nubo, Mailo, or any other indie mail provider? Why are you suggesting another data silo in a degoogling community?
why are you even recommending ProtonMail
I’m not. I don’t really like it myself. I’m just allergic to source-less claims, and you’ve got a lot of them.
Shouldn’t you be asleep? Get some rest.
I am genuinely curious about other sources - I tried to do digging on some but couldn’t verify all the claims. No rush, get some rest and whenever you get a chance I’d love to read / learn more.
deleted by creator
