this post was submitted on 25 Jul 2024
71 points (100.0% liked)

TechTakes

1385 readers
62 users here now

Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

founded 1 year ago
MODERATORS
all 41 comments
sorted by: hot top controversial new old
[–] massive_bereavement@fedia.io 35 points 3 months ago (1 children)

I see that Proton's very hard at work convincing me to migrate.

[–] dgerard@awful.systems 16 points 3 months ago

look pal do you hate progress

[–] KazuyaDarklight@lemmy.world 23 points 3 months ago (1 children)

I haven't always been actively enthused about some of the things Proton has decided to build out, but this may be the first time I've been legitimately disappointed.

[–] burble@lemmy.dbzer0.com 8 points 3 months ago

At this point I'm kind of glad I accidentally renewed my other VPN service and didn't switch to Proton.

[–] drdiddlybadger@pawb.social 22 points 3 months ago (1 children)

Proton better not go downhill I can't be changing addresses willy nilly.

[–] Banshee@midwest.social 13 points 3 months ago (4 children)

If you're willing, I strongly recommend people get their own domains. That way, you'll always be able to change email providers without changing your address.

[–] QuizzaciousOtter@lemm.ee 9 points 3 months ago

I migrated my email to Proton not long ago, but I also used my own domain when changing emails in all the bazillion accounts I own. My motivation was exactly what you describe. I'm so happy that now I could easily ditch Proton any day if the need arises.

[–] drdiddlybadger@pawb.social 9 points 3 months ago

You're right honestly. I hold my username dot com right now I might as well use it.

[–] weirdwriter@tweesecake.social 7 points 3 months ago (1 children)

@Banshee @drdiddlybadger I'd rather have someone else host my email. Though! I have my own domain name but I'd rather pay someone to manage the email server. Is this possible?

[–] Banshee@midwest.social 10 points 3 months ago

Yes, it's not only possible, but fairly easy to do! Depending on which registrar you purchased your domain through, you may be able to have them host your email. That may be the easiest option, but your registrar could suck so I can't recommend that off-hand.

Third party providers, like mailbox.org, mailfence, proton, tuta, runbox, zoho and others can all host your email. You just need DNS records and proof it's your domain.

Below is a link to mailbox.org's guide on hosting with them.

I read a few different guides and it seemed like the most comprehensive. The steps should be fairly similar for every potential email host.

https://kb.mailbox.org/en/private/e-mail-article/using-e-mail-addresses-of-your-domain/

[–] Evinceo@awful.systems 6 points 3 months ago (2 children)

Setting up email and actually getting into people's mailbox isn't trivial.

[–] dgerard@awful.systems 13 points 3 months ago

most providers have the option to BYO domain name, usually for a fee, it's a good idea

(tho mind you i've used @gmail for 20 years now)

[–] Banshee@midwest.social 13 points 3 months ago* (last edited 3 months ago)

If you self host? Absolutely. That's a nightmare. Paying a provider (like proton, for instance) to manage your custom domain email is easy. I haven't run into any issues having my email accepted, even by hotmail addresses.

You might run into issues with some newer TLDs, but that is slowly being fixed. Also .xyz domains get sent to spam a lot because they're usually used for malware.

[–] LostWanderer@lemmynsfw.com 18 points 3 months ago (1 children)

Screams incoherently I just managed to switch my 2FA, passwords, and important email accounts to Proton. Then they go pull this bullshit over time! This is quite cursed; if it gets any worse, I don't know what I'll do. They were not shitty and the competition is so much worse.

[–] burble@lemmy.dbzer0.com 8 points 3 months ago* (last edited 3 months ago) (1 children)

I was this close to switching to Proton... Dodged a bullet? I'm slowly degoogling, but I guess my new goal is to switch to a bunch of separate individual services to make it easier to switch just photos/email/calendar/drive/etc in the future when a service enshittifies.

[–] LostWanderer@lemmynsfw.com 6 points 3 months ago

Yeah, that would be best. I still keep certain things separate because of enshittification can strike at any time! However, I don't think that Proton will ever get that deep into the becoming shittier train; I could be 1000% wrong about it, as I'm aggressively huffing copium right now. I've pretty much made Google one of my throwaway accounts that stays isolated from anything important. So I can dump that terrible company at a moment's notice without worry.

[–] ColonelThirtyTwo@pawb.social 9 points 3 months ago (2 children)

So as someone who recently switched to proton before this BS, what's good to switch to?

[–] cornflake@awful.systems 6 points 3 months ago (1 children)

IMO you gotta consider the email and calendar functions as inseparable, whereas the rest of the Google bundle can be teased apart. Privacy Guides is perhaps a bit too stingy with their recommendations, but at minimum they give you a lot of food for thought when they lay out their criteria:

https://www.privacyguides.org/en/email/ https://www.privacyguides.org/en/calendar/

[–] null@slrpnk.net 4 points 3 months ago (1 children)

I host my calendar on Nextcloud and email (currently) through Protonmail. What makes them inseparable?

[–] cornflake@awful.systems 5 points 3 months ago (1 children)

Well, you know better than me, because I've never not used them together.

How do you, for example, invite people to things? Does your calendar just send an ICS attachment to Proton on SMTP? How do you RSVP for other people's invites? Do you download the event to your calendar and separately respond in proton? Do you get updates in the calendar app about other people's RSVP status, or just emails?

[–] ColonelThirtyTwo@pawb.social 4 points 3 months ago

I rarely get calendar invites - much less ones that I have to respond to - to my personal Email account. I do on my work email, but I don't plan on self hosting that anytime soon.

[–] Banshee@midwest.social 3 points 3 months ago* (last edited 3 months ago)

Depends a lot on what you're looking for. If you just want email, then you have a lot of options. Mailbox.org, Posteo, tuta, mailfence, fastmail, and runbox all come to mind. If you want a full gsuite replacement, ala proton unlimited, then your options are limited.

[–] fasterandworse@awful.systems 9 points 3 months ago (1 children)

my adhd domain blocker just lifted for the weekend and this was the first thing I saw

I wonder if there is commentary value in the world of fucked brands and researching unfucked brands and potential conflicts with key people in those companies.

If I knew the ceo of proton was a bitcoin maxi it would have been a fun journey to now

[–] froztbyte@awful.systems 6 points 3 months ago (1 children)

fuckedcompany.com used to be a thing, so I imagine so

[–] fasterandworse@awful.systems 6 points 3 months ago

yeah, that was the inspiration. I think it would be fun to call out companies which are existing despite their fucked brand. I guess it would be part of my pet theory that brand has been superseded by ux as the real commodity of tech capitalism

[–] fasterandworse@awful.systems 6 points 3 months ago* (last edited 3 months ago)

endorsed by Proton's llm guy - on his alt with 38 followers but not on his proton-linked account with 660 followers.

[–] UnseriousAcademic@awful.systems 6 points 3 months ago (1 children)

I don't really understand how it's possible to both not store data in plaintext, but also be able to siphon off some of it in plaintext. Like is this technically possible in the way they suggest it? We shoot off the plaintext before it gets to our storage servers?

Like at some point that means the communication is not encrypted right? But if you're using https and all good normal security standards that should never be the case from the moment it departs your terminal?

I have a small amount of knowledge about this but it's the dangerously small type so any illumination would be appreciated.

[–] dgerard@awful.systems 11 points 3 months ago (3 children)

Email is never stored unencrypted at rest on Proton's servers. But AI prompts, which are likely your entire draft email, do exist unencrypted at rest on their servers. That's what has the privacy nerds screaming.

[–] self@awful.systems 10 points 3 months ago

yep! and the important thing to understand about proton is, the end to end encryption (where one end is the sender of a message and the other is the receiver — Proton never handles plaintext at all, beyond a tiny and clearly called out amount of metadata stored as plaintext on their servers for stuff like Calendars) is the whole point of the thing, there’s no reason to use Proton without it. with this LLM garbage, Proton’s threat model has shifted such that you can’t trust that the other end’s plaintext didn’t get transmitted to Proton’s servers (there’s no way for you, the receiver, to tell that the sender didn’t use the cloud LLM features), which makes Proton a lot less useful for some of the most vulnerable people who use it, such as activists and journalists who might be under legal threat. this plaintext leak allows some of the messages you’ve received to be subpoenaed, and it’s very easy for that to be used in a criminal case against you.

also, Proton’s published security model for their LLM feature (which is ultra-thin and resembles a PR puff piece more than any other model they published before this) states that their no-log policy is what makes the cloud version of the LLM secure, but their no-log policy has gigantic holes in it, and Proton’s response to these concerns is utterly unbefitting of a privacy/security software company

[–] BlueMonday1984@awful.systems 6 points 3 months ago

I'd personally consider that sufficient grounds to accuse Proton of stealing its customers' data.

At the (miniscule) risk of sounding unnecessarily harsh on tech, any customer data that gets sent to company servers without the customer's explicit, uncoerced permission should be considered stolen.

[–] UnseriousAcademic@awful.systems 4 points 3 months ago

Ah OK, so it's sending the email draft in process not sending off the content of incoming messages or your final sent messages. Now I understand. Also, that's still bad....

[–] cheers_queers@lemm.ee 5 points 3 months ago* (last edited 3 months ago) (7 children)

i don't understand, what's stopping you from just not using it if you don't want it? am i missing something?

edit: lol i was open to learning but nvm i guess

[–] self@awful.systems 10 points 3 months ago

i don’t understand, what’s stopping you from just not stepping in the broken glass I left on the floor? am i missing something?

[–] dgerard@awful.systems 9 points 3 months ago

i don’t understand, what’s stopping you from just not posting if you don’t have a contribution? am i missing something?

[–] KazuyaDarklight@lemmy.world 8 points 3 months ago

My frustration at least is blended between 2 related thoughts that seem to generally be shared with a large group of people, if not the majority. 1) IMO crypto is BS. 2) Building on that base, they are diverting dev resources away from improving their existing systems or developing a new product with broader appeal to instead service said BS.

[–] self@awful.systems 6 points 3 months ago

edit: lol i was open to learning but nvm i guess

and this is where your bullshit became bannable

[–] V0ldek@awful.systems 5 points 3 months ago

am i missing something?

Yes.

[–] pedz@lemmy.ca 4 points 3 months ago

How often do you switch email address and provider?

[–] recklessengagement@lemmy.world 4 points 3 months ago

I was looking to move to protonmail recently, but held off when I saw the AI thing. Now this... has stopped me entirely.