• BassTurd@lemmy.world
      link
      fedilink
      English
      arrow-up
      45
      arrow-down
      1
      ·
      4 months ago

      I think yours is the first comment I’ve read that has Proton hesitancy. I’m curious what your reservations are.

      • ElectroLisa@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        13
        arrow-down
        2
        ·
        4 months ago

        Not OP, I’ve heard criticism of their recent Duo subscription and their bitcoin wallet.

        I use Proton services and my biggest gripe is their mediocre Linux VPN app. No binaries to download/Flatpak, advertised port-forwarding isn’t fully implemented and requires playing around in a terminal, and UI feels less polished than it’s Windows counterpart.

        There’s a community made Flatpak of ProtonVPN though, in case it helps anyone

        • sugar_in_your_tea
          link
          fedilink
          English
          arrow-up
          5
          ·
          4 months ago

          Honestly, I just use wg-quick to connect to VPNs, and I tested out ProtonVPN and it worked fine with it. I even set up my router to connect to ProtonVPN, so I could have a wifi network that’s always connected to their VPN.

          But I’d really rather not have the same company host my VPN, email, and other stuff, I’d prefer to separate them a bit so no one company has a lot of my data. And something like a VPN really doesn’t benefit from bundling anyway, unless it’s bundled with a browser or something a la Mozilla VPN.

      • linearchaos@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        2
        ·
        4 months ago

        Not OP

        There’s not a lot of negative press about them.

        They complied with Swiss government requests to out the IP of a French activist.

        It looks like they’re really doing the best they can.

      • Zetta@mander.xyz
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        2
        ·
        4 months ago

        I actually don’t know what people’s hesitancy is, but I’ve seen numerous people say proton is not good, we’ll see if anybody chimes in with a reason.

        • forgotaboutlaye@lemmy.world
          link
          fedilink
          English
          arrow-up
          12
          ·
          4 months ago

          I’ve seen doubt of it’s push to pack products into it’s offering ala Google - however I don’t see that as enough to call it not good.

          It’s also very easy (and suspicious imo) for anyone to call a service not good without any reason to back it up.

          • ElegantBiscuit@lemm.ee
            link
            fedilink
            English
            arrow-up
            4
            ·
            4 months ago

            I see that as offering services that people clearly use and value, and that the bills have to be paid somehow. So as long as proton can deliver the privacy and security features it promises, I personally don’t see anything wrong with providing an alternative when the only other options are built on monetizing your data.

        • Bakersfield@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          4 months ago

          The email service says it was unable to appeal a Swiss court’s demand to log the IP address of a French climate advocate.

          This weekend, news broke that the anonymous email service ProtonMail turned over a French climate activist’s IP address and browser fingerprint to Swiss authorities. The move seemed to contradict the company’s own privacy-focused policies, which as recently as last week stated, “By default, we do not keep any IP logs which can be linked to your anonymous email account.”

          Edit: formatting

        • vulgarcynic
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          4 months ago

          I often figure it’s google bias and / or people trying to impose their threat models on other people.

          Been using proton for quite a while with a few custom domains and am impressed with the service to price of their offerings.

          We can one off use cases with any vendor, but at the end of the day, they offer a more secure out of the box experience than just about any other platform out there. If someone is doing illicit shit and gets popped, it’s not on the service provider to provide air cover for them. Improve your opsec or self host.

          • dubyakay@lemmy.ca
            link
            fedilink
            English
            arrow-up
            11
            ·
            4 months ago

            You set up the forwarding in google, not proton. You mark the forwarded emails in your proton mailbox. You forward the emails to your proton account until you changed all the sources that you care about from your google to your proton mailbox. Then you turn off forwarding.

            Google never gets any more data from you except your protonmail address.

          • sugar_in_your_tea
            link
            fedilink
            English
            arrow-up
            6
            ·
            edit-2
            4 months ago

            It’s really nice for the transition period. I personally forward my email to Tuta, which lets me slowly convert my services to my new address. I have my most important ones switched over now, but I had to switch dozens over (I would do 3-5 at a time, which was a pain).

            I’ll probably leave my gmail forwarding to my Tuta account, just because there’s no way I’m going to go though every single service I have ever used and switch it over, and inevitably some contact will continue using my old email.

            As far as Google goes, all it knows is that it’s getting less and less emails, and that what remains is being forwarded to <email>@tuta.com. But that’s not my main email address though, it’s just the one I set the account up with. I actually use <name>@<custom domain>, and I have a bunch of aliases configured for each type of account (e.g. <name>-banking@<custom domain> for my bank accounts, <name>-bills@<custom domain> for utilities and whatnot, etc). But that’s still not my actual, personal email, which is <name>@<different custom domain>, and I only give that one to my family and friends.

            So in short:

            • gmail -> tuta.com email - all Google knows about
            • random online accounts -> custom domain 1
            • family/friends -> custom domain 2

            If I can convince my SO to switch, I’ll give them an account at custom domain 2 and tell them to only use it for personal contacts, and to have everything else go through their old gmail or a Tuta alias. If I ever decide to switch to Proton, I’d have to transition all of those custom domain 1 emails to some proton aliases (unless I pay for the higher tier), which would be a pain, especially since the main reason I use these custom domains is to make it easier to switch services (e.g. just point my DNS records to the new host).

          • 𝕸𝖔𝖘𝖘@infosec.pub
            link
            fedilink
            English
            arrow-up
            2
            ·
            4 months ago

            That’s not everyone’s privacy posture. Some people use Proton to hide, some people use it to secure, some for both. If your goal is to secure, google’s antiprivacy isn’t against that.

            I’m with you, though.

      • MigratingtoLemmy@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        edit-2
        4 months ago

        Swiss laws aren’t as tight as a lot of people think.

        I’d like for them to lean more heavily into open source

        • sugar_in_your_tea
          link
          fedilink
          English
          arrow-up
          6
          ·
          4 months ago

          It’s probably tight enough for your needs. Unless you live in Switzerland or are breaking Swiss law, they’d need a really good reason to send your data anywhere.

          That said, I use Tuta. They have a similar source model (open client, closed server) and are based in Germany, but since they’re an underdog, they have a bit more value and lower costs. I pay €3 and get 3 custom domains and 15 aliases, whereas w/ Proton I pay $4 and get just 1 custom domain and 10 aliases; I can also add people to my plan for €3, instead of upgrading to a Duo for $15 or family for $24. If Proton matched Tuta’s features, I’d probably pay slightly more for the better UX, but I use those features so I’m very hesitant to give that up. I don’t intend to use their VPN or other products, so I’m very much not interested in their higher tiers.

          I do wish their server code was open source and self-hostable. I’d love to use my own storage, but still use their spam filtering and whatnot.

            • sugar_in_your_tea
              link
              fedilink
              English
              arrow-up
              1
              ·
              4 months ago

              My understanding is that they broke Swiss law. Don’t do that if you’re hosting your evidence in Switzerland…

          • Cryophilia@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            4 months ago

            Unless you live in Switzerland or are breaking Swiss law

            That’s the thing though, governments tend to make everything illegal so they can selectively enforce.

      • Cocodapuf@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        4
        ·
        edit-2
        4 months ago

        Yeah, I don’t trust proton mail.

        First off, email is inherently insecure, trying to secure it is largely a waste of time.

        Secondly, proton has complied with subpoenas in the past, revealing user messages to authorities/governments.

        Finally, it’s just too centralized, with a single point of failure, why would you trust it?