this post was submitted on 11 Oct 2023
145 points (94.5% liked)

Privacy

32120 readers
326 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I've been using Proton Mail and VPN for a while now, and I'm just wondering how everyone else feels about them. I have this kind of inherent alight distrust of them just because they seem like they offer a lot for free and kind of have a Big Tech vibe about them, but there's nothing for me to really substantiate that distrust with, its mostly just a feeling. That being said, I do use their services as mentioned and they work pretty well, even on the free teir. So aside from that one instance where they gave that guy's info to the feds, is there any reason not to trust them with my data?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Espi@lemmy.world 5 points 1 year ago (1 children)

One of the bold claims of proton is that all your data is encrypted and they can't see it (not 100% sure how they do it, probably your key is encrypted with your password as a symmetric key? Then when you log in, the client unlocks your private key and then that key unlocks the emails and stuff).

Now, it also turns out that they write the software that uses your key to decrypt the emails. It would be trivial for them to just send the keys back to themselves and decrypt all your stuff.

I don't think this is a huge point against proton, as AFAIK no one else even offers encrypted email. But nonetheless I would like to see an api and some third party clients.

[โ€“] Scolding7300@lemmy.world 3 points 1 year ago

I see now, so it's more on decrypting my data rather than stealing private keys in the context of httpscommunications. I thought for some reason it was about Proton VPN specifically.

Thank you for explaining!