Does the author know that's just how email works? Any email provider telling you otherwise is full of shit. If you want your emails encrypted, you gotta do it yourself. And have all your senders...
with the asterisk that inbound non-Proton emails are handled in plaintext during receipt before being encrypted to the user's key.
Does the author know that's just how email works? Any email provider telling you otherwise is full of shit.
If you want your emails encrypted, you gotta do it yourself. And have all your senders and recipients do it as well.
I can't speak to the accuracy of the rest of the article, but my suspicions are raised.
Relative to Microsoft and Google, yes that is a fairly accurate pitch. How would you pitch 'We make best-effort security which protects from an awful lot of subponeas' to normal people in one...
Relative to Microsoft and Google, yes that is a fairly accurate pitch. How would you pitch 'We make best-effort security which protects from an awful lot of subponeas' to normal people in one sentence? How about seamless PGP integration?
Can't help that the neighbors can watch everyone coming and going from your house, but you can lock the doors and close the blinds. Which is incidentally the default state of affairs IRL with the proliferation of Google/Amazon doorbell cameras.
Sorry about my comment not being about this article directly but: is it just me, or has there been an increase in negative posts/comments/articles/etc about Proton in the last months? (in the...
Sorry about my comment not being about this article directly but: is it just me, or has there been an increase in negative posts/comments/articles/etc about Proton in the last months? (in the internet in general, not here on Tildes specifically)
It doesn't help that the CEO, Andy Yen, made a number of pro-Republican posts on social media using the official Proton accounts, phrased as the official company stance, which were then removed by...
“Our policy is that official accounts cannot be used to express personal political opinions. If it happens by mistake, we correct it as soon as we notice it.”
Additionally, I understand why a company cannot operate without complying with local laws regarding the ability for Police forces to request client information, but Proton seem to be willing to hand over quite a lot of data which could easily be made inaccessible instead. I'm not a fan of how their marketing material glosses over valid risks to privacy, or valid concessions that they must make to the law. They should be more up-front about the fact that their service does not offer absolute security / privacy.
The link needs my email to continue reading, which I'd rather not give. Do you have an archive link or alternate source? I've seen the past argument about Yen being pro-Trump, but in general it...
The link needs my email to continue reading, which I'd rather not give. Do you have an archive link or alternate source?
I've seen the past argument about Yen being pro-Trump, but in general it doesn't hold up. He supported a specific cabinet pick and occasional good policies (broken clock), but overall both Yen and Proton lean toward progressive policies. It's just a poorly-worded tweet that takes off while the rest of the information is slower to propagate (if it does at all). Between that and the news about the recent data request that they had to comply with, it feels like their negative actions are being amplified in a way to make them look worse.
Could Proton be better? Absolutely. But they are miles better than the common alternatives, and they're trying to provide more coverage than other privacy-focused companies. Don't let perfect be the enemy of good.
I agree that supporting the broken clock when it's right isn't a "cancelable" offense. For me, it was the part about that really bugged me. Like, yes the Democrats are often useless, but claiming...
I agree that supporting the broken clock when it's right isn't a "cancelable" offense. For me, it was the part about
10 years ago, Republicans were the party of big business and Dems stood for the little guys, but today the tables have completely turned... Until corporate Dems are thrown out, the reality is that Republicans remain more likely to tackle Big Tech abuses.
that really bugged me. Like, yes the Democrats are often useless, but claiming that the Republicans stand for the little guys and are more likely to fight big tech abuses is a take that simply has no basis in reality.
A second thing that isn't directly related but makes me mostly agree with @lynxy is that the last time Proton was in the news for acquiescing to law enforcement, it was the payment information that was the weak link... But Signal has this solved. Why doesn't Proton? Maybe I'm missing something that makes it different for them, but as a layperson it sounds like Signal's scheme should be widely applicable.
But... the thing that Yen talks about actually happened. Chuck Schumer refused to bring the anti-trust bipartisan legislation to a floor vote in 2022. This is not a question of opinion, Democratic...
Like, yes the Democrats are often useless, but claiming that the Republicans stand for the little guys and are more likely to fight big tech abuses is a take that simply has no basis in reality.
But... the thing that Yen talks about actually happened. Chuck Schumer refused to bring the anti-trust bipartisan legislation to a floor vote in 2022. This is not a question of opinion, Democratic party leadership clearly protected big tech at that point in time. And it is true that Chuck Schumer's daughters worked in conflict-of-interest positions at the time: Jessica Schumer at Amazon, Alison Schumer at Meta.
It does have a basis in reality.
Of course at the same time he was absolutely wrong in vaguely suggesting that Trump republicans would be a sensible choice.
Right, that's all I'm saying. I'm not saying that the Democrats haven't thrown "the little guy" under the bus plenty, simply that vaguely suggesting that Republicans would be a sensible choice is...
Right, that's all I'm saying. I'm not saying that the Democrats haven't thrown "the little guy" under the bus plenty, simply that vaguely suggesting that Republicans would be a sensible choice is absolutely wrong.
Signal also doesn't tie features of your account to payment. You don't even get a badge if you don't use the Signal app. How do you identify that a given proton account is current without tying it...
Signal also doesn't tie features of your account to payment. You don't even get a badge if you don't use the Signal app.
They also accept payments in cash via mail. But that latest controversy was a bit of a mixed bag for me. Because - in my mind - if I wanted to use a service where privacy is paramount, I would...
They also accept payments in cash via mail.
But that latest controversy was a bit of a mixed bag for me.
Because - in my mind - if I wanted to use a service where privacy is paramount, I would never pay with a debit card. That for me is just common sense, it’s the first thing that anyone looking to track you would check.
On the other, I do agree that Proton isn’t as transparent on these nuances as they probably should be. If your marketing material says that everything you offer gives the customer privacy, it can create a false sense of privacy and you end up using their tools “the wrong way”, which makes you trackable.
Sure, crypto is an option too. Signal accepts it as well. I'm sure plenty of people who care enough to want to keep their payment info separate from their Signal/Proton account are also wary of...
Sure, crypto is an option too. Signal accepts it as well. I'm sure plenty of people who care enough to want to keep their payment info separate from their Signal/Proton account are also wary of anything to do with crypto, though. But as for "how do they know if an account is current?", it sounds like that's possible with Signal's method?
Using the anonymous credential scheme that we introduced for Signal private groups, clients make payments and then associate a badge to their profile such that the server can authenticate the client is in the set of people who made a payment, but doesn’t know specifically which payment it corresponds to.
Like, it doesn't specifically mention attesting currency, but couldn't it? The "badge" in the above statement could be a digital stamp on your account that says "yep, this one's paid for until YYMMDD". It basically already is; the visible badges you get on your Signal profile only last for a certain amount of time. Doesn't that require the same functionality as "tying features of your account to payment" would? And it sounds like the server never knows which payment corresponds to which account. I don't see another way to read that statement, but it's totally possible I'm wrong. Am I just missing something?
If anything, it's on those who can to feed our dollars to software companies that aren't the oligopoly. It may not be perfect, but there more I can enable competition and fund the alternative, the...
If anything, it's on those who can to feed our dollars to software companies that aren't the oligopoly. It may not be perfect, but there more I can enable competition and fund the alternative, the better.
So it's end to end encrypted but they're complaining about the jurisdictions some of the services are located in because they process the data. I don't get the tone of the article considering...
So it's end to end encrypted but they're complaining about the jurisdictions some of the services are located in because they process the data.
I don't get the tone of the article considering screenshots of the privacy policy state quite clearly that's exactly what's happening.
I think it's fair to point out, if their marketing material may lead someone to believe otherwise. Though it doesn't seem like they're trying to deceive anyone tbh
So you’re meeting at a loud, public coffee shop where anyone could know you met but not know what you talked about? If I’m reading this article too lazily please let me know, but all the “gotchas”...
From what I found, Proton Meet's encryption is technically real. The MLS protocol is legitimate, the WASM core runs client-side, and the meeting password travels in the URL fragment, which the browser never sends to the server, so Proton's own servers never see it. Those design choices hold up.
So you’re meeting at a loud, public coffee shop where anyone could know you met but not know what you talked about?
If I’m reading this article too lazily please let me know, but all the “gotchas” seem to be related to IPs going “bad” places and ignoring that VPNs exist?
I have to lead with this: I hate this trend of articles using scroll fade. It's horrendous. I couldn't get through this without relying on reader view. I have lost all interest in Proton's email...
I have to lead with this: I hate this trend of articles using scroll fade. It's horrendous. I couldn't get through this without relying on reader view.
I have lost all interest in Proton's email products. Early days, I was a huge fan. It was exciting to see a Google competitor picking up steam. And privacy by default too? Chefs kiss.
But I find the whole thing fundamentally flawed. As pointed out here, if you're not receiving from another Proton user (or someone encrypting before send) then you're no more secure from the provider than with any other service.
And when sending to a non-proton user, you must consider anything you said compromised as soon as it hits a Google server (or insert other big tech provider) in plain text.
That all said, I don't actually think Meet is as flawed a product as the article makes out. My understanding is that a government agency would be able to see that you used the product but not who you interacted with. I think Proton could be far more transparent about the limitations.
It's crazy that you start a super pro-privacy company in the US. To me it feels like the aim must be trying to front privacy to gather the data of privacy conscious people, otherwise you'd start...
It's crazy that you start a super pro-privacy company in the US. To me it feels like the aim must be trying to front privacy to gather the data of privacy conscious people, otherwise you'd start the company in a region without invasive laws, surely?
Does the author know that's just how email works? Any email provider telling you otherwise is full of shit.
If you want your emails encrypted, you gotta do it yourself. And have all your senders and recipients do it as well.
I can't speak to the accuracy of the rest of the article, but my suspicions are raised.
Probably he knows. Maybe Proton doesn't, or doesn't care. From Proton Mail landing page:
Relative to Microsoft and Google, yes that is a fairly accurate pitch. How would you pitch 'We make best-effort security which protects from an awful lot of subponeas' to normal people in one sentence? How about seamless PGP integration?
Can't help that the neighbors can watch everyone coming and going from your house, but you can lock the doors and close the blinds. Which is incidentally the default state of affairs IRL with the proliferation of Google/Amazon doorbell cameras.
Sorry about my comment not being about this article directly but: is it just me, or has there been an increase in negative posts/comments/articles/etc about Proton in the last months? (in the internet in general, not here on Tildes specifically)
It doesn't help that the CEO, Andy Yen, made a number of pro-Republican posts on social media using the official Proton accounts, phrased as the official company stance, which were then removed by the Proton team, as:
Additionally, I understand why a company cannot operate without complying with local laws regarding the ability for Police forces to request client information, but Proton seem to be willing to hand over quite a lot of data which could easily be made inaccessible instead. I'm not a fan of how their marketing material glosses over valid risks to privacy, or valid concessions that they must make to the law. They should be more up-front about the fact that their service does not offer absolute security / privacy.
The link needs my email to continue reading, which I'd rather not give. Do you have an archive link or alternate source?
I've seen the past argument about Yen being pro-Trump, but in general it doesn't hold up. He supported a specific cabinet pick and occasional good policies (broken clock), but overall both Yen and Proton lean toward progressive policies. It's just a poorly-worded tweet that takes off while the rest of the information is slower to propagate (if it does at all). Between that and the news about the recent data request that they had to comply with, it feels like their negative actions are being amplified in a way to make them look worse.
Could Proton be better? Absolutely. But they are miles better than the common alternatives, and they're trying to provide more coverage than other privacy-focused companies. Don't let perfect be the enemy of good.
I agree that supporting the broken clock when it's right isn't a "cancelable" offense. For me, it was the part about
that really bugged me. Like, yes the Democrats are often useless, but claiming that the Republicans stand for the little guys and are more likely to fight big tech abuses is a take that simply has no basis in reality.
A second thing that isn't directly related but makes me mostly agree with @lynxy is that the last time Proton was in the news for acquiescing to law enforcement, it was the payment information that was the weak link... But Signal has this solved. Why doesn't Proton? Maybe I'm missing something that makes it different for them, but as a layperson it sounds like Signal's scheme should be widely applicable.
But... the thing that Yen talks about actually happened. Chuck Schumer refused to bring the anti-trust bipartisan legislation to a floor vote in 2022. This is not a question of opinion, Democratic party leadership clearly protected big tech at that point in time. And it is true that Chuck Schumer's daughters worked in conflict-of-interest positions at the time: Jessica Schumer at Amazon, Alison Schumer at Meta.
It does have a basis in reality.
Of course at the same time he was absolutely wrong in vaguely suggesting that Trump republicans would be a sensible choice.
Right, that's all I'm saying. I'm not saying that the Democrats haven't thrown "the little guy" under the bus plenty, simply that vaguely suggesting that Republicans would be a sensible choice is absolutely wrong.
Signal also doesn't tie features of your account to payment. You don't even get a badge if you don't use the Signal app.
How do you identify that a given proton account is current without tying it to a specific payment?But proton also solved it, if you want.
And you could always just use free tier if security is the most important.
They also accept payments in cash via mail.
But that latest controversy was a bit of a mixed bag for me.
Because - in my mind - if I wanted to use a service where privacy is paramount, I would never pay with a debit card. That for me is just common sense, it’s the first thing that anyone looking to track you would check.
On the other, I do agree that Proton isn’t as transparent on these nuances as they probably should be. If your marketing material says that everything you offer gives the customer privacy, it can create a false sense of privacy and you end up using their tools “the wrong way”, which makes you trackable.
Sure, crypto is an option too. Signal accepts it as well. I'm sure plenty of people who care enough to want to keep their payment info separate from their Signal/Proton account are also wary of anything to do with crypto, though. But as for "how do they know if an account is current?", it sounds like that's possible with Signal's method?
Like, it doesn't specifically mention attesting currency, but couldn't it? The "badge" in the above statement could be a digital stamp on your account that says "yep, this one's paid for until YYMMDD". It basically already is; the visible badges you get on your Signal profile only last for a certain amount of time. Doesn't that require the same functionality as "tying features of your account to payment" would? And it sounds like the server never knows which payment corresponds to which account. I don't see another way to read that statement, but it's totally possible I'm wrong. Am I just missing something?
If anything, it's on those who can to feed our dollars to software companies that aren't the oligopoly. It may not be perfect, but there more I can enable competition and fund the alternative, the better.
It's not just you. I actually had the same thought when I saw this post.
I guess it's a consequence of their slips?
So it's end to end encrypted but they're complaining about the jurisdictions some of the services are located in because they process the data.
I don't get the tone of the article considering screenshots of the privacy policy state quite clearly that's exactly what's happening.
I think it's fair to point out, if their marketing material may lead someone to believe otherwise. Though it doesn't seem like they're trying to deceive anyone tbh
So you’re meeting at a loud, public coffee shop where anyone could know you met but not know what you talked about?
If I’m reading this article too lazily please let me know, but all the “gotchas” seem to be related to IPs going “bad” places and ignoring that VPNs exist?
I have to lead with this: I hate this trend of articles using scroll fade. It's horrendous. I couldn't get through this without relying on reader view.
I have lost all interest in Proton's email products. Early days, I was a huge fan. It was exciting to see a Google competitor picking up steam. And privacy by default too? Chefs kiss.
But I find the whole thing fundamentally flawed. As pointed out here, if you're not receiving from another Proton user (or someone encrypting before send) then you're no more secure from the provider than with any other service.
And when sending to a non-proton user, you must consider anything you said compromised as soon as it hits a Google server (or insert other big tech provider) in plain text.
That all said, I don't actually think Meet is as flawed a product as the article makes out. My understanding is that a government agency would be able to see that you used the product but not who you interacted with. I think Proton could be far more transparent about the limitations.
When Proton are announcing just how pro-privacy they are, this is a nightmare situation for them.
I wonder just how compromised they are...
It's crazy that you start a super pro-privacy company in the US. To me it feels like the aim must be trying to front privacy to gather the data of privacy conscious people, otherwise you'd start the company in a region without invasive laws, surely?
Proton is headquartered in Switzerland.
Oh, my bad, I thought the article had implied it was US owned. I must have misread!