this post was submitted on 31 Jan 2025
60 points (94.1% liked)
Privacy
1189 readers
356 users here now
Protect your privacy in the digital world
Welcome! This is a community for all those who are interested in protecting their privacy.
Rules
PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!
- Be nice, civil and no bigotry/prejudice.
- No tankies/alt-right fascists. The former can be tolerated but the latter are banned.
- Stay on topic.
- Don't promote proprietary software.
- No crypto, blockchain, etc.
- No Xitter links. (only allowed when can't fact check any other way, use xcancel)
- If in doubt, read rule 1
Related communities:
- !opensource@programming.dev
- !selfhosting@slrpnk.net / !selfhosted@lemmy.world
- !piracy@lemmy.dbzer0.com
founded 3 months ago
MODERATORS
It’s hard to make the full switch towards a more private life, but switching your mail already fixes a big underlying issue: that being, Google or other companies having access to all your emails. So, I’ll cover the basics of making your online mailing more private.
The issue is that the moment you send a mail to someone or receive an email from someone that is using Gmail (or whatever provider that don't care about privacy), your own email is not private anymore: it's read by that other company. So, unless everyone was to start using encrypted emails and I should say compatible encrypted emails, real email privacy will be little more than a wish.
It's a good move to ditch companies like Google, obviously, but one should not let potential switcher believe that it's a magical wand that will make their emails private. It is not.
As a side note, I would also suggest for a much better privacy: use emails aliases so you never share your real email with any company or service provider.
Bitwarden is a good option for password manager.
I would discourage anyone from moving to Proton. I know people are quick dismiss the CEOs political views as fluff but here's a evidenced account of what unfolded:
This is what the CEO posting as u/Proton_Team stated in a response on r/ProtonMail:
Here is our official response, also available on the Mastodon post in the screenshot:
Corporate capture of Dems is real. In 2022, we campaigned extensively in the US for anti-trust legislation.
Two bills were ready, with bipartisan support. Chuck Schumer (who coincidently has two daughters working as big tech lobbyists) refused to bring the bills for a vote.
At a 2024 event covering antitrust remedies, out of all the invited senators, just a single one showed up - JD Vance.
By working on the front lines of many policy issues, we have seen the shift between Dems and Republicans over the past decade first hand.
Dems had a choice between the progressive wing (Bernie Sanders, etc), versus corporate Dems, but in the end money won and constituents lost.
Until corporate Dems are thrown out, the reality is that Republicans remain more likely to tackle Big Tech abuses.
Source: https://archive.ph/quYyb
To call out the important bits:
- He refers to it as the "official response"
- Indicates that JD Vance is on their side just because he attended an event that other invited senators didn't
- Rattles on about "corporate Dems" with incredible bias
- States "Republicans remain more likely to tackle Big Tech abuses" which is immediately refuted by every response
That was posted in ther/ProtonMail sub where the majority of the event took place: https://old.reddit.com/r/ProtonMail/comments/1i1zjgn/so_that_happened/m7ahrlm/
However be aware that the CEO posting as u/Proton_Team kept editing his comments so I wouldn't trust the current state of it. Plus the proton team/subreddit mods deleted a ton of discussion they didn't like. Therefore this archive link captured the day after might show more but not all: https://web.archive.org/web/20250116060727/https://old.reddit.com/r/ProtonMail/comments/1i1zjgn/so_that_happened/m7ahrlm/
Some statements were made on Mastodon but these are subsequently deleted, but they're capture by an archive link: https://web.archive.org/web/20250115165213/https://mastodon.social/@protonprivacy/113833073219145503
I learned about it from an r/privacy thread but true to their reputation the mods there also went on a deletion spree and removed the entire post: https://www.reddit.com/r/privacy/comments/1i210jg/protonmail_supporting_the_party_that_killed/
This archive link might show more but I've not checked: https://web.archive.org/web/20250115193443/https://old.reddit.com/r/privacy/comments/1i210jg/protonmail_supporting_the_party_that_killed/
There's also this lemmy discussion from the day after but by that point the Proton team had fully kicked in their censorship so I don't know how much people were aware of (apologies I don't know how to make a generic lemmy link) https://feddit.uk/post/22741653
i have some very bad news about proton
I'll check and correct my post when I get home
Thanks!
While the original comment has validity, I think it's important to know that a lot of the proton news you'll find is very "drop it immediately" biased.
I definitely think the news left a bad taste that's worth keeping an eye on, but I don't think it should eliminate them completely as an option. Especially for newer privacy advocates.
Edit: full disclosure for future readers, I may be biased as well since I do continue to use proton services and I love it. But I still try to look at both sides on things like this.
I think you're spot on. I find it vexing when people point to what happened with ProtonMail as proof that their entire software stack is compromised, when what happened is simply a limitation of email clients in general (and maybe always will be) and laws that every business is subject to. How email works is not how VPNs work.
I think it was a wakeup call for a lot of people, though, that thought they could just use their email to remain anonymous.
What I was referencing was the political news recently with their CEO. Lotta people up in arms about that one. However I haven't heard of the email one. Was that the one where the Users IP got leaked/turned over?
Any links you can share?
Yep. I think this is the one I originally read. It goes into some detail about why the mail client functions differently from the VPN (for example) and Proton even suggested a way to prevent what happened for any future users. It's prescient advice for any user or activist that relies on secure email, Proton or not.
Thanks for sharing. I think this is a concern because if they did it for mail, would they do it for the VPN?
I would be more concerned if it turned out the VPN logs were turned over. Because in that seems like a much bigger issue.
It's worth noting that, as far as I'm aware, they're still completely logless on the VPN. The way most VPNs get around the law in that regard is by storing log data in memory. This prevents any LEOs demanding logs, because the second the memory is refreshed or goes through automatic garbage collection, any "logs" that might exist to facilitate the function of the software are already gone. Essentially, there's nothing to collect or turn over.
The reason they could turn over that one user's IP data is because email, by its very nature, has to be stored for long term retrieval. They might still store as little identifying data as they can, but with email, you should always assume they have your IP at a minimum.
Thus, whether you use ProtonMail or Tuta or whatever, you should be using a logless VPN or TOR if you're trying to stay anonymous. That way, even if the email provider is legally compelled to turn over IP data, it can't be traced back to you.
Very well spoken and I fully agree with you. My mistake for the "Logs" on the VPN part as I know, from what's public, that it is no logs, with a previous audit in mid 2024. I think what I was really trying to say was that what if they slowly started to change policies more and more to where they keep some sort of identifiable info, or logs.
Either way, thanks for the very detailed conversation. Just playing devil's advocate here for open conversation. I'm personally very happy with protons services as of now.
I'm not too thrilled with their Officers' public statements as of late, and they make me nervous that they'd make special exceptions to capitulate to demands from government officials and others they revere, but that's just my personal feeling, and subjective feelings should never usurp objective facts.
Again, well spoken. I'm not very political and I absolutely believe that regardless of who you are, you should be able to share your opinion. However, Free speech doesn't mean no consequences, and I think as a CEO, it's important to know when something you say could effect your users views.
With that, they're governed by board of more than just him so I'm not feeling just yet. Regardless of my believes, him sharing his opinions doesn't bother me directly but can definitely leave a bad taste.
Just researched into it, and while I dislike the situation, is not something I see bad enough to delete proton from this post
I'm quite happy with proton and while I don't think they are the silver bullet of privacy, they're still about the best "private suite" of apps you can get with little to no effort
Proton lol. Also the only privacy is achieved with OpenPGP but no one uses it.
Nobody uses PGP because it's annoying, the tooling is not user friendly, it requires a lot of manual efforr for multi-device access and most people simply don't have the ability to manage keys safely. And that is why offloading all this effort to Proton (or similar providers like tuta) who does all the PGP stuff transparently is the only viable solution.