Privacy

32120 readers

299 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

145

Do you trust Proton? (lemmy.ml)

submitted 1 year ago by eddie_of_ny@lemmy.ml to c/privacy@lemmy.ml

121 comments fedilink hide all child comments

I've been using Proton Mail and VPN for a while now, and I'm just wondering how everyone else feels about them. I have this kind of inherent alight distrust of them just because they seem like they offer a lot for free and kind of have a Big Tech vibe about them, but there's nothing for me to really substantiate that distrust with, its mostly just a feeling. That being said, I do use their services as mentioned and they work pretty well, even on the free teir. So aside from that one instance where they gave that guy's info to the feds, is there any reason not to trust them with my data?

you are viewing a single comment's thread
view the rest of the comments

[–] hperrin@lemmy.world 10 points 1 year ago* (last edited 1 year ago)

For that one instance, not doing so would have been illegal and probably gotten them hit with a major penalty.

Any email sent to Proton in clear text is 100% accessible to them at the point of entry. They basically promise you that they won’t look at it before encrypting it for storage. So if you trust their promise, it’s all good.

Any email that comes in already end to end encrypted with OpenPGP is not accessible to them ever, kind of. If their client gets hacked and starts sending unencrypted messages to them or someone else, then they have access.

The only way to have a zero trust environment is always having people (or businesses) send you messages encrypted with OpenPGP, and never using Proton’s clients (webmail, mobile app, and desktop bridge). That’s fairly unreasonable, and you might as well use any other email service at that point.

So, you can trust them as much as any other company, because unless you write and run your own email server (which, trust me, is a huge pain in the ass*), that’s your only option.

* I wrote and run an email service called Port87, which launched recently, and there are so many obstacles to doing this, even if you’re only running one user on one domain on one server.